Administering windows xp

Short notes
For exam
70-270

Administering Windows XP
Professional

www.testout.com
Brought to you by Piratez

Administering Windows XP Professional

Table of Contents
1.Installation ................................................................................................................................................ 5
Installing Windows XP Facts
Upgrading to Windows XP Facts
Network Installation Facts
Automated Installation Facts
Troubleshooting Installation Facts
2.Users & Groups.......................................................................................................................................... 9
User Preferences Facts
Built-in and Predefined User Accounts
Local User Account Best Practices
Built-in Local Groups
Implicit Local Groups
Local Group Facts
User Profile Management Tasks
Folder Redirection Facts
Group Policy Facts
3.Installing Hardware ................................................................................................................................. 14
Installing Devices
Drivers
File Verification Programs
Multiple Monitors
Multiple Processors
Power Management
Hardware Profile Considerations
4.Networking .............................................................................................................................................. 19
Network Components
TCP/IP Configuration Settings
Troubleshooting TCP/IP
Name Resolution Facts
Dial-up Connection Facts
Remote Authentication Protocols
VPN Tunneling Protocols
Common Port Numbers
ICS and ICF Facts
Remote Services Facts
5.Disk Management ................................................................................................................................... 25
File System Facts
Basic and Dynamic Disks
Volume Characteristics
Volume Mount Point Facts
2

Designing Disks for Multiple Operating Systems
Page

Boot.ini Facts

Piratez Book


6.Managing Files......................................................................................................................................... 28
File Compression Facts
Encryption Facts
Disk Quota Facts
NTFS Permission Facts
Shared Folder Facts
Offline File Facts
Internet Information Services (IIS)
7.Printing .................................................................................................................................................... 33
Printing Facts
UNIX Printing Facts
Managing Printing
Advanced Print Configuration
Multiple Printers
Printer Pooling
Faxing Facts
8.Internet Explorer URLs ............................................................................................................................ 35
9.System Optimization ............................................................................................................................... 36
Applications and Processes
System Performance
Backup Facts
10.System Security ..................................................................................................................................... 41
Account Policies Facts
Auditing Facts
Security Templates Facts
IE Security Facts
IE Certificates

3
Page

Piratez Book


From Piratez
Thank you for your interest in this release.

This book was written using Testout study guide CDs so the content doesn’t express the idea of Piratez.
So if you find any problem don’t contact us ; but www.testout.com .

This product is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

This is freely distributable and available for use by anyone, without restrictions. With this there is no
need to worry about piracy. We encourage you to make as many copies as you like and to give them to
your friends and colleagues. Everyone is permitted to copy and distribute verbatim copies of this
document, but changing it is not allowed. You are under no moral or legal obligation to pay anyone for
this right to use this.

Wish you all the best for your 70-270 exam !

-Piratez

4
Page

Piratez Book


1.INSTALLATION
Installing Windows XP Facts

Windows XP requires the following for a successful installation:

Pentium 233 MHz or greater (300 MHz recommended)
1.5 GB free disk space
64 MB RAM (128 recommended)
Super VGA
CD-ROM or DVD drive
Keyboard and mouse

To start the installation, use:

Winnt.exe to start installation from a DOS environment.
Winnt32.exe to start installation from within a 32-bit environment.

The following table lists common switches to use with the installation programs.

Switch Purpose
/makelocalsource Copies installation files from the CD-ROM
/dudisable Disables dynamic updates during installation
/duprepare Prepare downloaded update files for use during installation
/dushare Start the installation with downloaded update files
/u Indicates use of an unattended answer file
/udf Indicates the use of a uniqueness database file
/s Specifies a path to source files
/checkupgradeonly Verifies upgrade compatibility with XP
/debug[level]:XPdebug.log Creates a debug log for an XP Professional installation

Keep in mind the following facts about performing an installation:

Before starting the installation, check the Hardware Compatibility List (HCL) to verify your
hardware is compatible with Windows XP.
Before starting the installation, disable virus checking in the BIOS.
Gather all information about the computer and the network (such as the domain name) before
starting the installation.
During installation, press F5 to install a custom HAL.
During installation, press F6 to install a custom SCSI driver.
After installation, you must activate your copy of Windows within 30 days. Activation does not
send personal information to Microsoft (it isn't the same as registration). Activation can be
done through the Internet or over the phone.

Upgrading to Windows XP Facts

Before beginning the installation, run Winnt32.exe /checkupgradeonly to verify the system
compatibility with Windows XP. The results of the check are saved in the %systemroot%upgrade.txt
file.
5

To preserve system settings during a clean install, use:
Page

Piratez Book

Files and Settings Transfer Wizard: A GUI tool for saving and restoring personal settings.
Scanstate and Loadstate utilities: Use Scanstate to save the settings to a network folder. Use
Loadstate to load the saved settings on the new machine.

The following operating systems can be upgraded to Windows XP Professional:

Windows 98 (including SE)
Windows ME
Windows NT 4.0 Workstation (load the latest service pack before upgrading)
Windows 2000 Professional
Windows XP Home Edition

Network Installation Facts

You should know the following facts about Remote Installation Services:

An RIS server must have the following components installed on it:
o DHCP
o DNS
o RIS
o Active Directory
Use the Rbfg.exe (Remote Boot Disk Generator) file to create a boot disk for non-PXE
compliant network adapters. The boot disk simulates the PXE boot process. The file is located
in the RemoteInstalladmini386 folder on the RIS server.
On the workstation, be sure to enable network boot in the BIOS.
Use the Riprep.exe file to create the image of the reference computer.

To perform a network installation without RIS:

1. Copy the source installation files to a shared network drive.
2. If necessary, update the installation files with service packs or hotfixes.
3. Execute Winnt or Winnt32 from the network share.

To use dynamic updates during an installation, download the updates to a network share. Use the
following switches with the Winnt or Winnt32 command to apply dynamic updates during the
installation:

Switch Function
/Duprepare:[path to downloaded updates] Prepares the updates for use during installation.
/Dushare:[path to downloaded updates] Starts the installation with the downloaded update files.
/Dudisable Prevents the dynamic update from occurring.

To apply a service pack to the source installation files, use the Update.exe –s:[network_share]
command and switch. This applies the service pack changes to the installation files in the network
share.

Automated Installation Facts

Windows provides the ability to perform an unattended installation from a CD-ROM. To perform an
unattended installation from a CD-ROM, the following conditions must be met:
6

The computer must support booting from a CD-ROM, and must adhere to the El-Torito non-
Page

emulation specification.

Piratez Book

The unattended answer file must be renamed to Winnt.sif and copied to a floppy disk so Setup
can access it. When Setup displays the message that it is examining the hardware
configuration, insert the floppy disk containing the Winnt.sif file.
The answer file must contain a valid [Data] section with the following entries to the
unattended answer file:
o UnattendedInstall=Yes - Value must be set to "yes".
o MSDosInitiated=No - Value must be set to "no" or Setup will stop during the graphical
portion of Setup.
o AutoPartition=1 - If the value is set to 1, the installation partition is automatically
selected. If the value is set to 0 (zero), you are prompted for the installation partition
during the text portion of Setup.

You can also automate installation by preparing a disk image. You then duplicate the disk image to a
new hard drive and boot the system. Use the following files to prepare an automated installation using
an image:

File Function
Sysprep.exe Prepares a system for duplication
Setupcl.exe Runs a mini-setup wizard when the duplicated drive is booted
Sysprep.inf An optional answer file that automates the mini-setup wizard. Can be copied to a floppy
disk.

Note: These files belong in the Sysprep folder at the root of the system drive.

Troubleshooting Installation Facts

Use the /debuglevel:logfile switch to create an installation debug log. The default debug level is 2. The
default log file is C:%systemroot%Winnt32.log. The log levels are as follows:

Level Report
0 Severe Errors
1 Errors
2 Warnings
3 Information
4 Detailed information for debugging

You can use System File Checker (Sfc.exe) to verify the integrity of protected system files if an
installation appears unstable. You can use the following switches with the Sfc command:

Switch Function
/Scannow Perform a scan immediately
/Scanboot Configures the operating system to perform a scan every time the operating
system boots
/Revert Changes the scan behavior back to the default
/Cachesize = Configures how much disk space can be used to store cached versions of protected
size system files

To uninstall a service pack or hotfix from the command line, run Spuninst.exe from the service pack or
hot fix uninstall folder. Use the following switches with Spuninst:

Switch Function
-u Unattended mode
7

-f Force other apps to close at shutdown
Page

-z Do not reboot when complete
-q Quiet mode (no user interaction)

Piratez Book

You can revert to a previous operation system after upgrading to Windows XP. You can also use
Add/Remove Programs wizard to uninstall a Windows XP installation that was performed as an
upgrade on a Windows 98 computer.

To isolate a driver causing an installation to fail, add the /Sos switch to the Boot.ini file. This loads the
drivers individually, allowing you to isolate the bad driver.

8
Page

Piratez Book


2.Users & Groups

Accessibility Options
The following table summarizes the accessibility features you can configure with the Accessibility
Options applet.

Option Description
StickyKeys Use Shift, Ctrl, or Alt in combination with other keys by pressing one key at a time
FilterKeys Ignore repeated keystrokes
ToggleKeys Associate sounds with Caps Lock, Num Lock, and Scroll Lock keys
SoundSentry Associate visual clues with sounds
ShowSounds Display captions for sounds made by programs
High Change background and text colors to improve readability. You can also configure
Contrast visual settings with the Display applet.
MouseKeys Control the mouse pointer with the number keypad
SerialKey Configure alternate mouse or keyboard input device

Regional and Language Options
One way to accommodate different languages in Windows XP is to select the correct version. There are
two general versions available:

Localized Windows--Windows ships localized into a single language. All menus, dialogs, and
buttons have been translated to the target language.
Multilanguage Windows--Windows includes multiple languages, letting users switch between
localized versions of Windows without reinstalling. In other words, users can see menus,
dialogs, and buttons in their language of choice.

The following table summarizes the regional and language support for different Windows versions.

Feature Localized Windows Multilanguage
(Single-language) Windows
Change date, time, measurement display Yes Yes
Create, view, and edit documents in multiple languages Yes Yes
(including East Asian and right-to-left languages)
Display Windows menus and dialogs in multiple No Yes
languages


Windows XP Professional includes two built-in user accounts:

Administrator. Has all system rights and privileges to manage the local computer.
Guest. Has very limited rights and privileges.

Keep in mind the following facts about the built-in user accounts:

You cannot delete built-in user accounts.
As a best practice, you should rename these accounts. This makes it harder for unauthorized
9

users to guess a user account name to use.
Page

By default, the Guest account is disabled (it cannot be used for logon).

Piratez Book

Predefined user accounts are created during the installation of certain software components. These are
normal user accounts with a specific name that are used by the software to perform system or other
functions. Although you can delete or rename these accounts, the software that created them might
not function properly if you do. Following is a list of some of the most common automatically-created
user accounts.

User Account Name Purpose
HelpAssistant Lets another user provide remote assistance.
IUSR_ComputerName Lets network users access the computer anonymously when the computer is
acting as a Web server.
IWAM_ComputerName Used by the computer to run programs when it is acting as a Web server.
SUPPORT_IDNumber A vendor user account used to provide help and support.

Local User Account Best Practices

As you create and manage local user accounts, keep in mind the following recommendations:

When you create a new account, set a password to protect the account. Do not make the
password something easy to guess (for example, do not use the logon name for the
password).
Force the user to change the password at next logon. This forces the user to replace the
assigned password with one they choose.
Disable accounts that won't be used for a while.
If a user leaves and is replaced by someone else with similar access needs, rename the
existing account (rather than deleting the old account and creating a new one).
If you accidentally delete a user account, restore it from backup rather than creating a new
one with the same name. Creating a new account results in a user account with a different
SID.

Built-in Local Groups

When you install Windows XP, the following local groups are created automatically. These groups have
preassigned rights, permissions, and group memberships. You can rename these groups, but cannot
delete them.

Group Name Capabilities
Administrators Members have complete and unrestricted access to the computer, including
every system right.
The Administrator user account and any account designated as a "computer
administrator" is a member of this group.
Backup Operators Members can back up and restore files (regardless of permissions), log on
locally, and shut down the system. Members cannot change security settings.
Power Users Members can:
Create user accounts and modify and delete accounts they create
Create local groups and remove users from local groups they create
Remove users from the Power Users, Users, and Guests groups
Change the system date and time
Install applications
Members cannot:
Change membership of the Administrators or Backup Operators
groups
Take ownership of files
10

Back up or restore files
Load or unload device drivers
Page

Manage security and auditing logs
Users Members can use the computer but cannot perform system administration

Piratez Book

tasks and might not be able to run legacy applications. Members cannot
share directories or install printers if the driver is not yet installed.
Members cannot view or modify system files.
Any user created with Local Users and Groups is automatically a member of
this group.
User accounts designated as "limited use" accounts are members of this
group.
A user account created as a "computer administrator" is made a member of
this group.
Guests Members have limited rights (similar to members of the Users group).
Members can shut down the system.

Windows XP also includes the following local groups. Although these groups exist, you should not
modify their membership.

Network Configuration Operators
Remote Desktop Users
Replicator

Implicit Local Groups

Windows XP has some special groups (sometimes called implicit groups or special identities) that act
as variables to represent either a set of users or a set of programs running on the computer. The
identity and membership of these groups is dynamically configured, so they are not listed in Local
Users and Groups. In many cases, user accounts are dynamically made a member of these groups
when users perform certain actions (such as logging on or creating a file).

Group Name Membership obtained by...
ANONYMOUS LOGON Logging on without a user name and password (anonymous logon is
commonly permitted if the computer is acting as a web server)
AUTHENTICATED USERS Logging on by supplying a user name and password
CREATOR GROUP Creating an object
CREATOR OWNER Creating an object (such as a file)
DIALUP Connecting to the computer through a dial-up connection
Everyone Gaining access to the computer except through anonymous logon
INTERACTIVE Logging on interactively (also called logging on locally) through the
computer console
NETWORK Logging on to the computer through a network connection
REMOTE INTERACTIVE LOGON Logging on to the computer through a remote desktop connection

Except the Everyone group, you can recognize these groups because their names are written in all
caps.

Local Group Facts

As you work with local groups, recommendations:

Whenever possible, use built-in groups to assign rights and permissions. For example, to allow
someone to back up and restore the system, make the user account a member of the Backup
Operators group.
Use caution in modifying the default rights and permissions assigned to built-in groups.
11

When assigning security, make user accounts members of groups, then assign the rights or
permissions to the group rather than the user accounts.
Page

Additional facts about managing local groups:

Piratez Book

Deleting a group does not delete the user accounts that are members of the group.
Removing a user account from a group does not delete the group or the user account.
You can make domain users and groups members of local groups.
You cannot remove the Administrator local user account from the Administrators group.
You cannot remove the Guest user account from the Guests group.
When you join a domain, some domain accounts are automatically made members of local
groups.

User Profile Management Tasks

The following list describes some common profile management tasks and the recommended method
for completing them.

To . . . Do . . .
Create a new Log on as a user without a profile. User profiles are created automatically, using
profile the Default Users profile as a template. (You can also set access permissions on
a copied profile for use as a new profile.)
Edit an existing Log on as the user, then use the Windows interface to modify the desktop, Start
profile Menu, taskbar, and other preferences.
Create Start Menu Copy the desired shortcuts to the appropriate folder within the user profile.
or Desktop
shortcuts
Copy a profile Use the User Profiles tool to copy the profile to a new location. If you simply
copy the subfolders to a new location, registry settings and permissions will not
be properly modified. Note: You cannot copy the profile of a logged on user.
Make a mandatory Use Explorer to rename the Ntuser.dat file to Ntuser.man.
user profile
Make a roaming Copy the profile to a network share. Use the Profile tab in the user account
user profile properties to enter the path to the user's roaming profile.
Assign a specific Edit the properties of the user account (either local or domain user) to identify
profile the specific profile (either to a user roaming or otherwise) to use.
Delete a profile Use the User Profiles tool. Do not simply delete the folder as registry settings
will not be modified appropriately. Note: You cannot delete the profile of a
logged on user.

Folder Redirection Facts

Keep in mind the following facts about redirecting folders:

End users can only redirect the following folders: My Documents, My Music, My Pictures, and
My Videos.
Group Policy can only redirect the following folders: Application Data, Desktop, My Documents,
My Music, My Pictures, My Videos, and Start Menu.
You cannot redirect folders using local Group Policy.
Use the %username% variable to redirect folders to unique parent folders based on user
name.
You can redirect folders to different locations based on group membership.
When you redirect folders, the default is to copy the existing folder contents to the new
location.
Redirecting folders does not delete the existing folder or prevent data from being stored in the
folder. It only redirects the shortcut that points to the target folder.
By default, users are given the necessary permissions to manage their redirected folders.
12

Group Policy Facts
Page

Piratez Book

Group policy is a tool used to implement system configurations that can be deployed from a central
location through GPOs (Group Policy Objects).
Group Policy facts:

GPOs contain hundreds of configuration settings.
GPOs can be linked to Active Directory sites, domain, or organizational units (OUs).
GPOs include computer and user sections. Computer settings are applied at startup. User
settings are applied at logon.
A GPO only affects the users and computers beneath the object to which the GPO is linked.
Group policy settings take precedence over user profile settings.
A local GPO is stored on a local machine. It can be used to define settings even if the
computer is not connected to a network.
GPOs are applied in the following order:
1. Local
2. Site
3. Domain
4. OU
If GPOs conflict, the last GPO to be applied overrides conflicting settings.
The Computers container is not an OU, so it cannot have a GPO applied to it.
Group policy is not available for Windows 98/NT clients or Windows NT 4.0 domains.
You can use a GPO for document redirection, which customizes where user files are saved.
(For example, you can redirect the My Documents folder to point to a network drive where
regular backups occur. Folder redirection requires Active Directory-based group policy.)
Configuring a domain group policy to delete cached copies of roaming user profiles will remove
the cached versions of the profile when a user logs off.

To manually refresh group policy settings, use the Gpupdate command with the following switches:

Switch Function
No switch Refresh user and computer-related group policy.
/target:user Refresh user-related group policy.
/target:computer Refresh computer-related group policy.

13
Page

Piratez Book


3.Installing Hardware
Installing Devices

When installing devices:

Begin by adding the device to the system or plugging the device in. Windows automatically
detects and installs drivers for Plug and Play devices.
For undetected legacy devices, you might need to:
o Run the setup program that came with the device.
o Use the Add New Hardware wizard to install a device driver manually.
o Manually set IRQ, DMA, or I/O addresses
o Manually select and install the driver

IDE Devices
Keep in mind the following facts about configuring IDE devices:

1. Virtually every computer has two IDE host bus adapters integrated onto the motherboard.
2. Each adapter supports a maximum of two devices.
3. When two devices per adapter are configured, use jumpers to identify the master and slave
devices.
4. The CMOS and BIOS typically auto-detects the devices attached to each adapter.
5. Configure the BIOS to identify which devices can be used to boot the computer.

SCSI Devices
Keep in mind the following facts about configuring SCSI devices:

1. Some computers have a built-in SCSI host bus adapter. For other computers, install an
adapter card in the PCI bus.
2. Devices are connected in a chain. Most host bus adapters allow for an internal chain of devices
and an external chain of devices. Most SCSI implementations have a limitation of seven
devices (including the host bus adapter).
3. Each device (including the host bus adapter) in the chain must have a unique ID number.
4. This number might be set with switches or through software.
5. The end of the SCSI chain must be terminated. Some devices are self-terminating. Other
devices require a special termination plug.
6. Modify the system BIOS to boot from a SCSI device (set the device type to 0 or not installed).

Parallel Devices
Keep in mind the following facts about working with parallel devices:

1. Parallel ports originally supported only printers. You can now attach a wide variety of devices
to the parallel port.
2. Windows identifies each parallel port with the designation LPT1, LPT2, etc.
3. Parallel ports operate in three different modes: SPP (standard), EPP (enhanced, to support
non-printer devices), and ECP (extended, for improved printer support). Virtually all
computers support all three modes.
4. In most cases, Windows automatically detects the device connected to a parallel port and sets
the mode accordingly.
14

5. To configure the port mode manually (such as to disable EPP for a port), edit BIOS settings.
Page

Piratez Book

Serial Devices
Keep in mind the following facts about configuring serial devices:

1. Most computers have one or two serial ports.
2. Modems and direct computer-to-computer connections typically use serial ports.
3. Windows allocates resources to serial devices using COM1, COM2, etc. designations.
4. Windows XP supports up to 256 COM ports.
5. For each serial port, configure the data speed, data/stop bits, parity, and flow control settings.
6. Conflicts might occur if two devices share the same COM port number.

USB Devices
Following are some facts to keep in mind while configuring USB devices:

1. USB devices connect through hubs to form a tree bus structure.
2. Hubs are either self-powered or bus-powered (receiving their power from another hub).
3. Bus-powered hubs have a maximum of four ports, and supply a maximum of 100 mA of power
per port.
4. Self-powered hubs supply up to 500 mA per port and can have many ports.
5. USB devices can be self-powered or hub-powered (receiving their power from the hub).
6. Connect low powered devices (such as a mouse or keyboard) to either self-powered or bus-
powered hubs.
7. Connect high-powered devices (such as video cameras or scanners) to either a self-powered
hub or plug the device in to its own power supply.
8. The USB bus is self-terminating and automatically assigns IDs to each device.

FireWire Devices
FireWire (also called IEEE 1394) is similar to USB, but is targeted mainly towards audio/video data
transfer. Keep in mind the following facts about FireWire devices:

1. FireWire is typically used for video cameras and devices requiring high-speed, guaranteed
bandwidth.
2. FireWire devices are connected in a chain.
3. The controller automatically assigns device IDs. No termination is needed.
4. Windows detects and configures FireWire devices automatically as they are plugged in.

Wireless Devices
Keep in mind the following facts regarding configuring wireless devices:

1. Two common wireless interfaces include IrDA (infrared) and BlueTooth (radio frequency).
2. Common IrDA devices include the mouse, keyboard, and PDAs. BlueTooth devices are typically
used for networking (such as to allow a laptop to connect to a network without wires).
3. Both the host computer and communicating devices require a transmitter/receiver.
4. With IrDA, devices must be close and have a direct line of sight path. With BlueTooth, devices
can be farther away (up to 10 meters) and separated by walls or other objects in the path.

Drivers

To update drivers:

1. Use Windows Update to automatically check for new drivers.
15

2. Download the new driver and run the program to install it.
3. Download the new driver and use Device Manager to update and install the new driver.
Page

Piratez Book

To control how unsigned drivers are installed on the system, use the following settings:

Block (prevents unsigned driver installation)
Warn (allows installation, but with an error message)
Ignore/Silently Succeed (install)

To protect against unsigned drivers,

1. Enforce driver signing on the system through the System applet or Group Policy.
2. Use group membership and user rights to prevent normal users from installing drivers (Power
Users or Administrators only can install drivers).
3. The Hardware Compatibility List (HCL) includes all devices for which a signed driver is
available.
4. Driver Rollback allows you to restore an original driver when a new driver causes system
problems.

File Verification Programs

The following table summarizes the file verification tools you can do to verify driver signatures and file
integrity.

Program Features
Sigverif.exe GUI-based tool that searches for unsigned files. By default, it searches only the
Windows directory (click the Advanced button to search other locations).
The program returns a list of files without digital signatures.
Driverquery.exe Command-line tool that checks the digital signatures of drivers that are in use. Use
/si the /si switch to request the signature status of the drivers. The report lists each
device, the .inf file for the device, and the signed status of the driver.
Msinfo32.exe GUI-based tool that displays the list of devices and information about each device
(including the driver, driver date, and signature status). The report shows every
installed device and the signed status of the drivers.
Sfc.exe Tool that scans system files to ensure that they have not been replaced or
/scannow corrupted.
Use the /scannow switch to force an immediate check of the system.
Use the tool to automatically replace bad files.

Multiple Monitors

Hardware requirements for using multiple monitors:

1. Video card with dual monitor support OR multiple video cards
2. One card designated as the primary card
3. Cards must be AGP or PCI (ISA will not work)

Special considerations for using multiple monitors:

1. Make sure the video card driver supports multiple monitors (upgrade the driver or replace the
device)
2. Not all applications support multiple monitors (they might display only on the primary
monitor)
3. Use the Settings tab in the Display properties to configure multiple monitors
16
Page

Multiple Processors

Piratez Book

Keep in mind the following facts about multiple processors:

The Hardware Abstraction Layer (HAL) controls communication between the kernel (operating
system) and the hardware.
Multiple processor support depends on whether the HAL is designed for uniprocessor or
multiprocessor support.
Use the multiprocessor HAL to utilize both processors.
If you want to run multiple processors, you can use Device Manager to upgrade the HAL driver
to support multiple processors.

Power Management

Windows XP supports two types of power management:

Advanced Power Management (APM): Power management controlled by the BIOS
Advanced Configuration Power Interface (ACPI): Windows controls the power management

ACPI offers a number of advantages over APM, including:

Control of power management for individual devices though Device Manager
Support for hibernation and stand-by modes
Support for power schemes to customize power options
Support for laptop power management

ACPI support is enabled by the hardware abstraction layer (HAL).

The ACPI HAL can be installed only if the BIOS supports ACPI.
If the non-ACPI HAL is installed (for example if you forced an install of the non-ACPI HAL), you
must reinstall Windows to replace the HAL.
If necessary, enable ACPI support in the BIOS.

Hardware Profile Considerations

To create a new profile,

1. Copy an existing profile.
2. Reboot, selecting the new profile.
3. Use Device Manager to enable or disable devices for the current profile.

Use the Hardware Profile tool to manage profiles:

Move profiles up or down in the list. The top profile is the default.
Set the profile menu timer. Set the timer to 0 to hide the menu (if the menu is hidden, press
the Spacebar during boot to show the menu).
You can customize the profile menu by removing profiles from the menu.

The following table lists some cases when hardware profiles are or are not needed.

When not to use a hardware profile When to use a hardware profile
17

If you are adding or removing hot-swap If you need to conserve laptop power under
components specific conditions
If you want to disable a device under all If you need to force a specific device to be used
Page

Piratez Book

conditions at a specific time
If you need to permanently uninstall a specific If you want reduce the time delay the system
device needs to select the correct device in a specific
If a laptop uses only a docked and an undocked situation
state

18
Page

Piratez Book


4.Networking
Network Components

The following tables list the protocols, clients, and services provided by Microsoft. Other vendors (such
as Novell) might provide additional networking components.

Protocols

Protocol Use
Internet Protocol Routable protocol used on the Internet and the default protocol for
(TCP/IP) Windows XP
NWLink IPX/SPX/NetBIOS Microsoft's implementation of IPX/SPX for connecting to NetWare servers
Compatible Transport
Protocol
Network Monitor Driver Enables the computer to capture network communication statistics

Clients

Client Use
Client for Microsoft Client software to access resources on Microsoft networks
Networks
Client Service for Client software to access resources on NetWare networks running
NetWare IPX/SPX

Services

Service Use
File and Printer Sharing for Enables a computer to share its resources with other network clients
Microsoft Networks
QoS Packet Scheduler Service that prioritizes TCP/IP traffic, enabling a higher priority for
time-sensitive communications
Service Advertising Protocol Protocol used with NetWare to locate services on an IPX/SPX network

TCP/IP Configuration Settings

The following table summarizes many of the configuration settings for a TCP/IP network.

Parameter Purpose
IP address Identifies both the logical host and logical network addresses.
Subnet mask Identifies which portion of the IP address is the network address.
Default Identifies the router to which packets for remote networks are sent.
gateway
Host name Identifies the logical name of the local system.
DNS server Identifies the DNS server that is used to resolve host names to IP addresses.
WINS server Identifies the WINS server that is used to resolve host names to IP addresses.
MAC address Identifies the physical address. On an Ethernet network, this address is burned in to
the network adapter hardware.
19

Keep in mind the following regarding TCP/IP configuration:
Page

All computers must be assigned a unique IP address.

Piratez Book

Hosts on the same physical network should have IP addresses in the same address range.
The subnet mask value for all computers on the same physical network must be the same.
Configure the default gateway value to enable internetwork communication.
The default gateway address must be on the same subnet as the host's IP address.
By default, all Windows computers try to use DHCP for TCP/IP configuration information.
APIPA is used to automatically generate an IP address if the DHCP server is unavailable and if
no alternate address is configured.
The APIPA range is 169.254.0.1 to 169.254.255.254 with a mask of 255.255.0.0.
If the computer assigned itself an IP address (using APIPA), this means the computer could
not contact a DHCP server.
Use an alternate IP address to use DHCP on one network and static addressing on another
without reconfiguring the connection.
When you configure a static IP address, you disable DHCP and APIPA.
When you configure an alternate IP address, APIPA is no longer used.
APIPA does not set the default gateway or name server address values. Rely on APIPA only on
a small non-routed network.
Private IP addresses do not need to be registered, and fall within the following ranges:
o 10.0.0.0 to 10.255.255.255
o 172.16.0.0 to 172.31.255.255
o 192.168.0.0 to 192.168.255.255

Troubleshooting TCP/IP

Use the following tips to troubleshoot TCP/IP:

Use Ipconfig /all to verify your IP address, subnet mask, default gateway, and other IP
configuration values.
If the IP address is in the APIPA range (169.254.0.0 to 169.254.255.254), the computer could
not contact a DHCP server. Use Ipconfig /renew to try contacting the DHCP server again.
Use Ping (Packet Internet Groper) to send small packets to a computer to see if the computer
responds. Microsoft recommends the following use of Ping:
1. Ping the loopback address (127.0.0.1). This verifies that the TCP/IP protocol stack has
been properly installed.
2. Ping the local IP address assigned to the machine. This verifies communication to the
NIC.
3. Ping the default gateway. This verifies connectivity to the default gateway or to
another machine on the local network. This verifies that the local network is
accessible.
4. Ping a remote host. This checks the connectivity between the default gateway and the
remote host.
Use Tracert to see the route packets take through an internetwork between two devices.
Use Pathping to view the route of the connection and the connectivity response time. This can
help identify where communication latency occurs.
Use the Arp -d * command to remove all dynamic ARP entries from the ARP list. (Arp -d clears
the ARP cache.)
Use the Windows system logs to track DHCP service startup and shutdown as well as critical
errors.

Name Resolution Facts

Microsoft uses one or both of the following methods for performing name resolution:
20

Windows Internet Name Service (WINS) is Microsoft's service to resolve names dynamically to
IP addresses using NetBIOS. WINS is still used by legacy machines.
Page

Piratez Book

Domain Name Service (DNS) dynamically registers clients and uses client information to
register IP addresses.

If your network is running only Windows 2000/XP/2003 systems, you can disable NetBIOS name
resolution.

To troubleshoot name resolution problems:

Confirm that it is not a TCP/IP problem by pinging the IP address. If pinging the address
succeeds but pinging the name fails, the problem is with the name resolution system.
Run Ipconfig /all to verify DNS server addresses.
Run Nslookup to see if you get an IP address from the DNS server.
Verify the DNS and WINS server configurations.
Check the services on the DNS and WINS servers to see that they are running.
Check DNS registration. If you need to renew the DNS registration, do the following:
o Run Ipconfig /registerdns to renew a DNS name.
o Run Nbtstat -RR to renew a NetBIOS name.
Flush the local host name resolution cache using:
o Ipconfig /flushdns for DNS.
o Nbtstat -c or Nbtstat -R for NetBIOS.

Dial-up Connection Facts

There are two types of dial-up modems:

Standard analog modem (up to 56 Kbps)
ISDN modem

ISDN modems use the following channels over normal analog lines:

Two B channels of 64 Kbps each. The two channels operate independently, and they are
associated with separate phone numbers. Each channel must be configured separately.
The third channel is a 16 Kbps D channel which is used to control the two B channels.

When configuring dial-up, you can configure the following additional options:

Callback security--The server disconnects the user after authentication then immediately calls
the user back. The server can use a preset phone number for each user, or the user can enter
a callback phone number after authentication.
Multi-link--The ability to integrate multiple connections into a single logical connection in order
to increase the overall bandwidth. Both the client and the server need to be configured to
accept multi-link connections. You cannot use multi-link with callback.

Remote Authentication Protocols

Windows XP supports the following remote authentication protocols.

Method Description
Password Authentication is done by comparing a user name and password to a table with paired
Authentication user names and passwords on the network. PAP does not support secure passwords.
21

Protocol (PAP)
Challenge A server sends a challenge message to a peer. Based on the challenge message, the
Page

Handshake peer calculates a value using a hash, a number generated algorithmically from a

Piratez Book

Authentication string of text, and returns the value to the server. The server checks the value
Protocol against its own calculation. If the values match, the peer is authenticated. Microsoft
(CHAP) has two versions of CHAP: MS-CHAP and MS-CHAP v2. CHAP, MS-CHAP, and MS-
CHAP v2 require secure passwords, but only MS-CHAP and MS-CHAP v2 support data
encryption.
Extensible EAP supports several authentication methods, including smart cards, certificates, one-
Authentication time passwords, and public key authentication. EAP supports secure passwords and
Protocol (EAP) data encryption.

VPN Tunneling Protocols

Windows XP Professional supports two different VPN tunneling protocols: PPTP and L2TP. By default,
VPN connections for Windows XP Professional are configured to use both PPTP and L2TP. The client will
negotiate with the VPN server to select the tunneling protocol to use for the connection.

Protocol Description
Point-to-Point Tunneling Uses standard authentication protocols Uses MPPE for encryption Is
Protocol (PPTP) supported by most operating systems and servers
Layer Two Tunneling Can use certificates for authentication Uses IPSec for encryption (requires
Protocol (L2TP) certificates) Only supported by Windows 2000/XP/2003

Common Port Numbers

This table lists the services and port numbers included with ICF. Custom entries can be created to
allow other types of traffic.

Service Port Number Protocol
File Transfer Protocol (FTP) 21 TCP
Incoming L2TP VPN 1701 UDP
Incoming PPTP VPN 1723 TCP
Internet Mail Access Protocol version 3 (IMAP3) 220 TCP
Internet Mail Access Protocol version 4 (IMAP4) 143 TCP
IP Security (IKE) 500 UDP
Post Office Protocol (POP3) 110 TCP
Remote Desktop 3389 TCP
Secure Web (HTTPS) 443 TCP
Telnet 23 TCP
Web Server (HTTP) 80 TCP

ICS and ICF Facts

With Internet Connection Sharing (ICS), most configuration tasks are completed automatically. When
using ICS:

The ICS system is configured as a NAT router, a limited DHCP server, and a DNS proxy (name
resolution requests from the private network are forwarded to DNS servers on the Internet).
The IP address for the private interface is automatically changed to 192.168.0.1 with a mask
of 255.255.255.0.
The default gateway of the ICS system is set to point to the Internet connection.
Hosts on the private network should use DHCP for address and DNS server information.
The ICS system uses DHCP to deliver the following information to hosts on the private
22

network:
o IP address in the range of 192.168.0.0 with a mask of 255.255.255.0.
Page

o DNS server address of 192.168.0.1 (the private interface of the ICS system).
o Default gateway address of 192.168.0.1.

Piratez Book

Do not use DHCP servers, DNS servers, or Active Directory on your private network.

Keep in mind the following details when working with ICF:

Enable ICF on the Internet connection, not on the private connection. Doing so can disable
communication with hosts on the private network.
By default, the firewall allows all outgoing Web traffic and responses but blocks all incoming
traffic.
To allow incoming Web traffic, open ports in the firewall based on the services you want to
allow in.
If the incoming service is hosted by a computer on the private network, redirect the incoming
port to the private host.

Remote Services Facts

Keep in mind the following details regarding Remote Assistance.

Both the novice (person requesting assistance) and the expert (person giving assistance)
computers must be running Windows XP (either Home or Professional).
Generally, the novice must initiate the invitation. If Active Directory is used, the expert can
initiate the Remote Assistance connection.
Invitations require a password (unless Instant Messaging is used) and have an expiration
time. Expired invitations cannot be answered.
When sending an invitation, do not include the password in the invitation text. Communicate it
in some other way.
To allow inbound Remote Assistance invitations to cross through a firewall, open port 3389.
Disable Standby and Hibernation modes to prevent session termination.
The helper cannot copy files from a user's computer. The user must explicitly send any files
the helper may need.
The user can take control the computer at any time by pressing the Esc key, Ctrl+C, or
clicking Stop Control.

Keep in mind the following details when working with Remote Desktop.

Host computers must be running Windows XP Professional.
Client computers require client software to make the connection. This software is included with
Windows XP, but must be installed separately on other Windows versions.
For Web access, client software is downloaded and installed automatically through an Active X
control (if required).
The user account that is used for the Remote Desktop connection must have a password.
If one is not set, the connection cannot be established.
If a user is logged on to the host computer (or if the computer is locked), the remote client
must log on using the current user account or the Administrator account.
The user account for the remote connection must be a member of the Remote Desktop Users
group or the Administrators group (or user rights must be modified in Group Policy).
To allow incoming Remote Desktop sessions through a firewall, open port 3389.

If you are using the Web connection for Remote Desktop, keep in mind the following:

The host computer must be running IIS.
23

The client computer must be running a Windows operating system (Windows 9x or higher)
with Internet Explorer 4.0 or higher.
Use a URL formatted as http://computername/tsweb to make the connection.
Page

Piratez Book

After the connection is made, you can use the browser to access any other Remote Desktop-
or Terminal Services-enabled computers on the private network.
You can use authentication and Web permissions in IIS to control access to the Remote
Desktop Web connection.

24
Page

Piratez Book


5.Disk Management
File System Facts

The following table indicates which file systems support which capabilities.

Feature FAT FAT32 NTFS
Long file names X X X
Larger than 2 GB/4 GB partitions X X
Smaller clusters X X
Enhances file security through permissions X
Folder and file level encryption X
Folder and file level compression X
Disk quotas X

Use the Convert.exe utility to modify the file system without reformatting and losing data. To convert
the C: drive to NTFS, use the following command:

convert C: /fs:ntfs

Basic and Dynamic Disks

Keep in mind the following when using basic disks.

A basic disk has a limit of four partitions, only one of which can be an extended partition.
One primary partition must be marked active.
Most operating systems can recognize only one primary partition. All other primary partitions
are invisible. (Windows NT/2000/XP/Server 2003 can recognize multiple primary partitions.)
The active primary partition is represented with one drive letter (C:). The extended partition
can be divided into multiple logical drives (up to 26).

Keep in mind the following when using dynamic disks.

Windows 2000/XP/Server 2003 recognize dynamic disks.
Volumes on dynamic disks are like partitions and logical drives on basic disks.
A volume can be made of non-contiguous space on a single drive or space taken from more
than one drive.
You cannot install the operating system on a dynamic disk. You can, however, upgrade a basic
disk containing the operating system to dynamic after installation.

Keep in mind the following points as you plan whether to implement basic or dynamic disks.

A hard disk must be either basic or dynamic; it cannot be both at once.
Windows 2000/XP/Server 2003 use basic storage by default.
MS-DOS and all versions of Microsoft Windows support basic storage.
Dynamic storage was new to Windows 2000 and previous Windows operating systems cannot
use it (this is especially important if you plan to multi-boot to other operating systems).
Dynamic storage is not supported on portable computers because they normally have only one
25

internal hard drive and cannot take advantage of advanced dynamic storage features.
Page

To convert a basic disk to a dynamic disk, right click the volume in Computer Management and choose
Convert to dynamic disk. Or, use the Diskpart command at the command line.

Piratez Book


The following table summarizes the volume types supported on Windows XP Professional and their
characteristics.

Type
Simple Contains a single, contiguous block of space from a single hard disk.
volume
Extended Contains space from multiple areas on the disk. An extended volume that spans two
volume disks is a spanned volume.
Spanned Combines areas from two or more disks into one storage unit. Fills the first area, then
volume the second, and so on. Does not provide fault tolerance. If one hard disk fails, you lose
all data.
Cannot contain system or boot files.
Striped Uses storage areas on several different disks. Improves performance by writing to
volume multiple disks simultaneously. Uses disk areas similar in size. The amount of space used
on each disk is equal to the smallest area. Saves data from a single file on multiple
disks. Is not fault-tolerant. If one hard disk in the set fails, you lose all data on all disks.
Cannot contain system or boot files.

Note: Only dynamic disks support extended, spanned, or striped volumes.

Mirrored and RAID volumes are supported only on server versions of Windows. These volume types
provide fault tolerance and improve performance.

Volume Mount Point Facts

Be aware of the following conditions for using volume mount points.

Empty folder must be in NTFS partition.
Volume to be mounted can be in Xp accessible file format.(FAT,FAT32,NTFS)
You can use either partitions on basic disks or volumes on dynamic disks.
The folder on the source partition must be empty.
The target partition must not have a drive letter.
Multiple folders can reference the same target partition.

Designing Disks for Multiple Operating Systems

For a system that boots to multiple different operating systems (for example to both Windows 98 and
Windows XP), you will need to plan your storage space so that the drives are accessible to the
appropriate operating system. In general, be sure to select the disk type (basic or dynamic) and file
system that is common to both operating systems. Keep in mind the following:

Only Windows 2000/XP supports dynamic disks and volumes. Use basic disks and partitions
for operating systems other than Windows 2000/XP.
Only Windows 2000/XP supports its version of NTFS. Select FAT or FAT32 for other operating
systems.
Select FAT32 over FAT if possible.

The following table indicates which file systems are compatible with which operating systems.
26

Operating System FAT FAT32 Windows 2000/XP NTFS
Page

MS-DOS X

Piratez Book

Windows 3.1 X
Windows 95a X
Windows 95b/98/Me X X
Windows NT X Limited support on NT 4 with SP4
Windows 2000/XP X X X

When installing Windows 2000/XP and other operating systems on the same computer, as a rule you
should install the other operating systems first, then install Windows 2000/XP last. Doing so prevents
Windows 2000/XP startup files from being corrupted. Microsoft recommends the following installation
order:

1. MS-DOS
2. Windows 95/98/Me
3. Windows NT
4. Windows 2000/XP

Boot.ini Facts

The Boot.ini file is responsible for the following operations:

Launching the menu for operating system selection during startup
Pointing to the system files for the selected operating system
Identifying the controller, hard disk, and partition where the system files are located

The ARC path locates the system file and contains the following elements:

Entry Meaning and Use
MULTI(x) Identifies the controller location. Use multi(x) if the disk controller is a SCSI device
or with its BIOS enabled or is a non-SCSI device. Use scsi(x) only if the disk controller
SCSI(x) is a SCSI device with BIOS disabled. The value for x begins at 0.
DISK(x) Identifies the disk location. If the first component of the ARC name is scsi, disk(x)
indicates which SCSI disk the operating system is located on. The x value begins with
0. If the first component of the ARC name is multi, this component is always disk(0),
and the disk containing the operating system is indicated by the rdisk(x) component.
The value for x begins at 0.
RDISK(x) Identifies the disk location. If the first component of the ARC name is multi, rdisk(x)
indicates which physical disk the operating system is located on. The x value begins at
0.
If the first component of the ARC name is scsi, the rdisk component is always rdisk(0)
and the disk containing the operating system is indicated by the disk(x) component.
The value for x begins at 0.
PARTITION(y) Identifies which partition holds the boot files. The value for y begins at 1.

27
Page

Piratez Book


6.Managing Files
File Compression Facts

Keep the following information in mind when working with folder and file compression.

When you compress a file, Windows makes a copy of the file, compresses it, then replaces the
original file with the compressed one.
When you open a compressed file, Windows decompresses the file. The decompressed file is
used by the application.
You cannot save or copy a compressed folder or file to a disk containing less free space than
the folder or file would be uncompressed.
Compression and encryption cannot be used on folders or files at the same time.
Apply data compression to files that change size dramatically. For example, bitmap and
spreadsheet files compress by a much larger percentage than application or word-processing
files.
Do not compress files that are already compressed using another compression utility.
Use zipped folders to share compressed files with other computers.
NTFS compression on volumes with cluster sizes larger than 4 KB is not supported.

Copying and moving files and folders can affect their compressed state. To determine the final state of
a file or folder, remember the following rules.

If you copy or move a compressed file or folder to a non-NTFS partition, the file or folder is
uncompressed (other file systems do not support NTFS compression).
If you copy a compressed file or folder, it inherits the compressed state of the destination
folder.
If you move a compressed file or folder to the same NTFS partition, it retains its compressed
state.
If you move a compressed file or folder to another NTFS partition, it inherits the compressed
state of the destination folder.
If you copy or move a zipped folder, it always remains zipped (regardless of the destination
file system).

Compact.exe is a command prompt tool that you can use to set and manage compression. The
following table summarizes some options for the Compact.exe command.

Option Action
/C Compresses the specified files. Folders are marked with the compressed attribute.
/S Compresses all subfolders of the specified folder.
/U Uncompresses the specified files. Folders are marked with the uncompressed attribute.

For example, the following command will compress all files in the C:DocumentsTransfer folder,
including all subfolders:

Compact /C C:DocumentsTransfer*.* /S

Encryption Facts
28

Keep the following information in mind as you work with EFS.
Page

You must have Write permission to a folder or file to encrypt it.

Piratez Book

Windows transparently unencrypts and encrypts folders and files as users use them.
You cannot encrypt System or Read-only files.
Encryption and compression cannot be used on folders or files at the same time.
If you are having trouble opening encrypted folders or files, make sure you are logged in to
the user account that encrypted the folder or file and that you still have permissions for the
file.
In a workgroup, the local Administrator user account is the default recovery agent.
In a domain, the domain Administrator account is the default recovery agent.
To recover encrypted files, the files and recovery key need to be on the same computer.
Without the private key or recovery key, you cannot copy or move an encrypted file. You can
however, back up the files and restore them to the computer where a recovery key is located.
You can also export the recovery key and import it onto the computer storing the files you
want to recover.
You can add additional authorized users to files (not folders) who will be able to open
encrypted files.
Implement encryption through the file or folder properties. Or, use the Cipher command to
encrypt files and folders.

Copying and moving files might change the encrypted state of the file. To determine the final state of
a file, remember the following rules.

If you copy or move an encrypted file or folder to a non-NTFS partition, the file or folder is
unencrypted (other file systems do not support encryption).
If you copy or move an encrypted file to an NTFS partition (either to the same one or to a
different one), the file remains encrypted.
If you copy an unencrypted file to an encrypted folder, the file is encrypted.
If you move an unencrypted file into an encrypted folder, the file remains unencrypted.
Encryption is preserved when the file is backed up.

Normally, encrypted files are meant to be stored and read on the local computer only. When saving
encrypted files on a remote computer, be aware of the following:

You can only encrypt files stored on remote computers if the computer is trusted for
delegation in Active Directory (how to do this is beyond the scope of the course).
When moving files encrypted on your local system to another computer (for use on that
computer), make sure your certificate and private key are available on the other computer.
Otherwise, you might be unable to open the file.
When moving encrypted files to another computer over the network, files are not encrypted
while they are in transit. Files might be intercepted as they are transferred. Use IPSec to
secure network communications.

Disk Quota Facts

Keep the following in mind as you work with disk quotas.

Quotas can only be set on NTFS volumes. The Quota tab will not be shown for FAT volumes.
Every file and folder that users create, copy, save, or take ownership of on a volume or
partition counts toward their disk quota.
The space available for applications to save files to is equal to the amount of space left in a
user's quota.
Each NTFS volume or partition on a hard disk has its own set of disk quotas, even if they are
29

on the same hard disk.
System and application files count toward disk quotas, so the user account which installs
Page

software needs a higher limit.

Piratez Book

You cannot set a quota limit on the built-in Administrator account.
You cannot delete a user's account quota until you remove or take ownership of all of that
user's files on the volume.
You can use the Fsutil.exe command to manage quotas from the command prompt.

Quota configurations:

Configuration State
Disabled File usage data is not collected and storage space is not limited.
Tracked File usage data is collected, but storage space is not limited. Users can exceed their
quota limit.
Enforced Warning levels and restrictions are enforced to prevent users from exceeding disk
space limitations.

If a user exceeds the quota limit, take one of the following actions:

Delete files owned by the user.
Change ownership of files (quota limits are enforced based on owned files).
Move files to other volumes (quota limits are enforced on a volume or partition basis).
Increase the quota limit.

You cannot reduce the amount of space used by files by compressing them. Quotas count the
uncompressed size of a file toward the quota limit.

NTFS Permission Facts

The following table summarizes the permissions for folders and files.

Permission Allowed Actions
Read View folder details and attributes. View file attributes; open a file.
Write Change folder or file data and attributes.
List Folder Includes all Read actions and adds the ability to view a folder's contents.
Contents
Read & Execute Includes all Read actions and adds the ability to run programs.
Modify Includes all Read & Execute and Write actions and adds the ability to add or delete
files.
Full Control Includes all other actions and adds the ability to take ownership of and change
permissions on the folder.

Use these suggestions to help you plan NTFS permissions.

Identify the users and their access needs (i.e., the actions they need to be able to perform).
Based on the types of users you identify, create groups for multiple users with similar needs,
and then make users members of groups.
Assign each group (not user) the permissions appropriate to the group's data access needs.
(Grant only the permissions that are necessary.)
As you assign permissions, take inheritance into account. Set permissions as high as possible
on the parent container and allow each child container to inherit the permissions.
When necessary, you can override inheritance on a case by case basis.
Deny always overrides Allow, so be careful when you use it.
30

Shared Folder Facts
Page

Piratez Book

To access a shared folder:

In Network Neighborhood, browse to the computer
Use the UNC path to connect to the share: computernamesharename

The following table lists the share permissions and the level of access the permission allows.

Permission Actions
Read Browse the shared folder and its files Open files in the shared folder and its subfolders
Copy files from the shared folder Run programs
Change All Read actions (browse, open files, copy files from the folder, run programs)
Write to files and change file attributes Create new files and subfolders
Copy files to the shared folder Delete files or subfolders
Full Control All Read and Change actions Configure share permissions

Use both share and NTFS permissions to secure network resources. Here is a common strategy for
administering resources with share and NTFS permissions:

1. Secure the folder with NTFS permissions.
2. Share the folder using the default share permission of Full Control for Everyone.

An administrative share is a special share hidden from browsing. Keep in mind the following facts
about Administrative shares.

Administrative shares are hidden by following the sharename with a $.
Default Administrative shares are accessible to only members of the Administrators group.
Any share can be hidden by appending the $ to the sharename.
A hidden share can only be accessed through the UNC path (they do not appear when you
browse).

Offline File Facts
Offline file caching options:
Setting Description
Manual Caching When you share a folder, this is the default configuration. This option allows the
for Documents caching of documents that a user manually selects. To make the share available
offline, choose the shared folder or file then select Make available offline from the
File menu in Explorer.
Automatic This option allows the caching of files that a user opens on the local machine.
Caching for
Documents
Automatic This option allows the caching of programs run from the network; however, only
Caching for those components of the program that the user executes will be available offline.
Programs

Internet Information Services (IIS)

Use IIS to enable:

Active Desktop
Internet Printing
31

Remote Desktop
Share folders (Web folders) for access through IE
Page

Piratez Book

You should know the following facts about IIS:

When you install IIS, a default Web site is automatically created.
By default, all Web content is stored in the %systempartition%inetpubwwwroot directory.
A virtual directory is used to make content outside of the default directory path available
through the Web site.

To make content available on your Web site:

Place content in the inetpubwwwroot directory.
Web share a folder. This creates a virtual directory in the Web site.

32
Page

Piratez Book


7.Printing
Printing Facts

The following table lists some key definitions with which you should be familiar.

Term Definition
Print The computer where printing is established.
Server
Printer A virtual device inside the print server that can be configured to send output to a printing
device.
Print The physical device connected to the print server where print output occurs.
Device
Print The software that allows the printer to communicate with the print device.
Driver
Print The portion of the hard drive where print drives are stored before going to the print
Queue device.
Printer The means by which a print device connects to a print server (parallel port, serial port, or
Port to the printer's NIC).

When you configure printing, you create a logical printer object that references a print device or points
to another logical printer on the network. The following table lists the configuration choices to make to
configure each type of printer.

Print Device Location Printer Port Type
Type
Connected to the LPT, USB, or COM port of Local LPT, USB, or COM
the local computer
Connected directly to the network through a Local TCP/IP (identify the IP address of the
NIC connected to the printer print device NIC)
Connected to the LPT, USB, or COM port of a Network UNC path (computernamesharename)
remote computer (with a shared printer)

UNIX Printing Facts

The following table lists some key terms for working with UNIX printing.

Term Definition
LPD Line Print Daemon Service that hosts printer. The Print Server runs the LPD service.
LPR Line Print Request client requests print services. The Print Client runs LPR and LPQ.
LPQ Represents the printer queue. The LPQ works with the LPR to request services. The Print Client
runs LPQ and LPR.

Windows XP can function as either the server or the client in a UNIX printing environment.

To configure Windows XP as the server:
1. Install UNIX Print services with LPD.
2. Configure a local printer.
3. Share the printer.
To configure Windows XP as the client:
33

1. Install UNIX Print services
2. Configure a network printer. Select LPR as the port type.
Page

Piratez Book

Managing Printing

The following table summarizes the permissions that can be assigned to printers. Printer permissions
apply to both local and shared printers.

Permission Allowed Actions
Print Send print jobs and manage your own documents
Manage Documents Manage all documents in the queue
Manage Printer Change configuration settings and permissions

The following table summarizes the printing component you would use to complete each configuration
task.

To Configure . . . Edit . . .
Additional drivers for a printer Printer object properties
Print server properties
Job priority Print Queue, job properties
Notification Print server properties
Permissions Printer object properties
Ports Printer object properties
Print server properties
Sharing Printer object properties
Spool file location Print server properties

Advanced Print Configuration

Printer Pooling
Printer pooling uses a single printer object to represent multiple print devices. With printer pooling,

Users send print jobs to a single printer
The print server decides which print device to send the job to

When creating a printer pool, all print devices in the pool:

Must be the same model (using the same printer driver)
Should be in the same physical location (because users won't know which physical device their
print job prints on)

Printer pools:

Speed printing by reducing the time that documents spend waiting for a free print device
Simplify printer administration because you manage multiple devices through a single printer
object

Multiple Printers
Configure multiple printer objects for a single print device to control access to the printer based on job
roles. To configure multiple printers:

1. Create multiple printer objects, one per group or user with distinct access.
2. For each printer, configure permissions to restrict access.
34

3. Fine-tune access by editing the Advanced properties for the printer to modify priority (99 is
the highest) and restricting printer availability.
Page

Piratez Book

Faxing Facts

To configure the fax service, complete the following steps:

1. Install the fax hardware. This might be a fax modem or a dedicated fax device. Use Device
Manager to verify that the device is recognized by the system and configured.
2. Use Add or Remove Programs to install the fax services Windows component.
3. Open the Fax Console and follow the wizard to set initial fax properties.

When you open the Fax Console for the first time, the Fax Configuration wizard will run. During the
wizard, supply the following information.

Information Description
Sender information This information identifies you or your company.
Information you enter is used on the default fax cover pages.
Fax device If more than one device is installed, select the device that will be used to
send or receive faxes.
Enable send and/or Specify whether the device will automatically send and/or receive faxes.
receive If receive is enabled, configure the number of rings before the device
answers a call.
Transmitting Subscriber This identifies your device to other devices when you send a fax. The TSID
Identification (TSID) is usually a combination of the phone number and business name.
You can only configure this option if the device is enabled to send faxes.
Called Subscriber This identifies your device to other devices when it answers (CSID) a fax.
Identification (CSID) The CSID is usually a combination of the phone number and business
name.
You can only configure this option if the device is enabled to receive faxes.
Routing options Identify what to do with faxes when they are received. By default, they are
stored in the Inbox in the Fax Console. In addition, you can print them
automatically or save them in a folder.
You can only configure this option if the device is enabled to receive faxes.

Sending a fax is only slightly more complicated than printing a document. To send a fax:

1. Create the document.
2. From within the document, print the device. Select the fax device as the printer to use.
3. Use the Send Fax wizard to specify parameters (such as the phone number to dial) and send
the fax.

8.Internet Explorer URLs
Using a customized URL in the Active Directory Web browser allows you to access various types of
resources. The following table shows the syntax for common URLs.

To access... Use... Example
A custom port on a http://sitename:port http://www.mysite.com:8080
Web server
A secure Web site https://sitename https://www.mysite.com
using SSL
Internet printing http://servername/printers http://mysite.local/printers
35

Files on an intranet http://servername/sharename/filename http://mysite.local/docs/report.htm
An FTP site ftp://sitename ftp://ftp.mysite.com
Page

An FTP site that ftp://username:password@sitename ftp://maryg:4rt5l@ftp.mysite.local
requires a username

Piratez Book

and password

9.System Optimization
Applications and Processes

Applications Facts

You should know the following information about applications:

All 16-bit applications run in the same NTVDM process by default.
One malfunctioning 16-bit application can cause all other 16-bit apps running in the same
memory space to hang.
Stop the NTVDM process to stop the virtual DOS machine and all programs running in it.
Each 16-bit application can be configured to run in a separate memory space in its own
NTVDM.
Windows XP allows local programs running in XP to be configured to run in compatibility mode.
Compatibility mode applies a predefined set of modifications that changes the operating
system’s behavior to more closely emulate a previous version of Windows.

Applications that consume excessive resources can be assigned a lower priority level. This is a list of
the program priority levels (from highest to lowest):

Realtime
High
AboveNormal
Normal
BelowNormal
Low

Processes and Services Facts

You should know the following information about managing processes:

End processes using Task Manager or the Tskill command.
View processes running on a system with Task Manager or the Tasklist command.

You should know the following information about scheduled tasks:

Task Scheduler is a service that can be stopped and started in the Services applet.
Scheduled tasks can run daily, weekly, monthly, or any other specified time.
Use the Scheduled Task wizard to schedule new tasks.
Scheduled tasks run under the security context of a particular user. Open the properties for
the task and enter the account information in the Run as box.
The Pause Task Scheduler command prevents scheduled tasks from running.
The Continue Task Scheduler command allows paused tasks to begin running.
Disable tasks individually by editing their properties to prevent a task from running at an
undesired time.
36

Installer Package Facts
Page

Piratez Book

The following table describes the file extensions that are used with installer packages.

File Extension Description
.msi A Windows Installer package file. Use the Msiexec command to deploy .msi files.
Use the /i switch to specify the package file.
.msp A patch file. An .msp file can be applied to an .msi, but the .msi must be
redeployed after the patch is applied.
.mst A transform file. Transform files are applied when a software package is assigned
or published. Transform files change .msi files. To apply a .mst to a .msi during
deployment, append TRANSFORMS= followed by a list of .mst files to the Msiexec
command.
.zap A file to reference a Setup.exe file on a network, for example. Using Group
Policy, you can either assign or publish software. You can also associate software
packages with either users or computers.A .zap file can be used to provide
installation instructions to the OS for older, legacy applications that do not
directly support scripted installations. Since the application that you are planning
to deploy supports scripted installations

Applications may be published to users, but not to computers. You can assign applications to
either users or computers.
When you publish an application, it does not appear in the user's Start menu. Instead, the
user goes to Add/Remove Programs to install the program.
Assigning software to a computer installs the software when the computer starts up. Users
cannot use Add/Remove Programs to remove computer assigned software.
Assigning software to a user puts a shortcut on the user’s Start menu. The software is
automatically installed when the shortcut is clicked.

System Performance

System Monitor

To optimize the system, you need to identify system bottlenecks. A bottleneck is any component or
device that slows down your system. You can examine how each component of the system is
behaving. Each component is broken down into objects, and each object has multiple counters that
measure the object's performance.

The following table outlines the major objects and critical counter values:

Object Purpose Counters Optimum
Processor Measures the CPU performance % Processor time < 80% sustained
Interrupts/sec < 3500/sec
Memory Measures RAM performance Pages/sec < 20 pages/sec
Available space > 4 MB available
Pagefile Measures the performance of the portion of % Usage < 90% used
the hard disk dedicated to functioning as
memory
Logicaldisk Measures the performance of the volumes % Disk time < 90%
and partitions on the hard disk Disk queue < 2
Physicaldisk Measures how the individual, physical disks % Disk time < 90%
are performing (the read/writes and Disk queue < 2
percentage to be written to the disk)
Network Measures the performance of the system on Bytes total/sec < Network
37

the network capacity
Page

You can also view the Performance tab in Task Manager to monitor system performance.

Piratez Book

Administering windows xp

Recomendados

Recomendados

Más contenido relacionado

La actualidad más candente

La actualidad más candente (14)

Destacado

Destacado (18)

Similar a Administering windows xp

Similar a Administering windows xp (20)

Último

Último (20)

Administering windows xp