Windows XP Professional

Windows XP Professional
A01T621527.fm Page 1 Tuesday, January 11, 2005 8:54 PM
PUBLISHED BY
Microsoft Press
A Division of Microsoft Corporation
One Microsoft Way
Redmond, Washington 98052-6399
Copyright © 2005 by Microsoft Corporation
All rights reserved. No part of the contents of this book may be reproduced or transmitted in any form or
by any means without the written permission of the publisher.
Library of Congress Control Number 2004118216
Printed and bound in the United States of America.
1 2 3 4 5 6 7 8 9
QWT
9 8 7 6 5 4
Distributed in Canada by H.B. Fenn and Company Ltd.
A CIP catalogue record for this book is available from the British Library.
Microsoft Press books are available through booksellers and distributors worldwide. For further
information about international editions, contact your local Microsoft Corporation office or contact
Microsoft Press International directly at fax (425) 936-7329. Visit our Web site at www.microsoft.com/
learning/. Send comments to [email protected]
Microsoft, Active Directory, ActiveSync, ActiveX, DirectSound, DirectX, FrontPage, IntelliMirror,
Microsoft Press, MSDN, MS-DOS, MSN, NetMeeting, Outlook, Visual InterDev, Visual Studio, Win32,
Windows, Windows Media, Windows Mobile, Windows NT, and Windows Server are either registered
trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.
The example companies, organizations, products, domain names, e-mail addresses, logos, people, places,
and events depicted herein are fictitious. No association with any real company, organization, product,
domain name, e-mail address, logo, person, place, or event is intended or should be inferred.
Product Planner: Martine DelRe
Content Development Manager: Marzena Makuta, Elise Morrison
Technical Editor: Karena Lynch
Project Manager: Julie Pickering
Copy Editor: Nancy Sixsmith
Indexer: Julie Hatley
Body Part No. X10-87059
For my wife, Susan
Walter Glenn
For my wife, Erica
Tony Northrup
About the Authors
Walter Glenn, Microsoft Certified System Engineer
(MCSE) and Microsoft Certified Trainer (MCT), has
been a part of the computer industry for more than
17 years. He currently works in Huntsville, Alabama,
as a consultant, trainer, and writer. Walter is the
author or coauthor of more than 20 computer books,
including Microsoft Exchange Server 2003 Administrator’s Companion (Microsoft Press, 2003), MCDST
Self-Paced Training Kit (Exam 70-271): Supporting
Users and Troubleshooting a Microsoft Windows XP
Operating System (Microsoft Press, 2004), MCDST
Self-Paced Training Kit (Exam 70-272): Supporting
Users and Troubleshooting Desktop Applications on a
Microsoft Windows XP Operating System (Microsoft
Press, 2004), and MCSE Self-Paced Training Kit
(Exam 70-297): Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure (Microsoft Press, 2003). He has also written a number of Webbased courses that are geared toward Microsoft certification training.
Tony Northrup, Certified Information Systems Security Professional (CISPP), MCSE, and Microsoft Most
Valuable Professional (MVP), is a networking consultant and author living in the Boston, Massachusetts
area. During his seven years as principal systems
architect at BBN/Genuity, he was ultimately responsible for the reliability and security of hundreds of Windows servers and dozens of Windows domains—all
directly connected to the Internet. Needless to say,
Tony learned the hard way how to keep Windows
systems safe and reliable in a hostile environment. As
a consultant, Tony has provided networking guidance
to a wide variety of businesses, from Fortune 100
enterprises to small businesses. When he is not consulting or writing, Tony enjoys cycling, hiking, and
nature photography.
Table of Contents
ix
Contents at a Glance
Part 1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
Part 2
21
22
23
24
25
26
27
Learn at Your Own Pace
Introduction to Windows XP Professional. . . . . . . . . . . . . . . . . . . . . . . . . 1-3
Installing Windows XP Professional . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1
Deploying Windows XP Professional . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-1
Modifying and Troubleshooting the Startup Process . . . . . . . . . . . . . . . . 4-1
Configuring Windows XP Professional . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-1
Installing, Managing, and Troubleshooting
Hardware Devices and Drivers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-1
Setting Up and Managing User Accounts . . . . . . . . . . . . . . . . . . . . . . . . . 7-1
Securing Resources with NTFS Permissions. . . . . . . . . . . . . . . . . . . . . . . 8-1
Administering Shared Folders. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-1
Managing Data Storage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-1
Setting Up, Configuring, and Troubleshooting Printers. . . . . . . . . . . . . . 11-1
Managing Printers and Documents . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-1
Supporting TCP/IP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-1
Overview of Active Directory Service . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-1
Configuring Network and Internet Connections . . . . . . . . . . . . . . . . . . . 15-1
Configuring Security Settings and Internet Options . . . . . . . . . . . . . . . . 16-1
Monitoring and Managing Shared Folders by
Using Computer Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-1
Using Windows XP Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-1
Monitoring and Optimizing System Performance. . . . . . . . . . . . . . . . . . 19-1
Backing Up and Restoring Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-1
Prepare for the Exam
Installing Windows XP Professional (1.0) . . . . . . . . . . . . . . . . . . . . . . . . 21-3
Implementing and Conducting Administration of Resources. . . . . . . . . 22-1
Implementing, Managing, Monitoring, and
Troubleshooting Hardware Devices and Drivers . . . . . . . . . . . . . . . . . . . 23-1
Monitoring and Optimizing System Performance and Reliability . . . . . . 24-1
Configuring and Troubleshooting the Desktop Environment . . . . . . . . . 25-1
Implementing, Managing, and Troubleshooting
Network Protocols and Services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26-1
Configuring, Managing, and Troubleshooting Security . . . . . . . . . . . . . . 27-1
ix
Contents
Contents
Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxv
About This Book . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxvii
Intended Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxvii
Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxviii
About the CD-ROM. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxviii
Features of This Book . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxviii
Part I: Learn at Your Own Pace . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxix
Part II: Prepare for the Exam . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxix
Informational Notes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xl
Notational Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xl
Keyboard Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .xli
Getting Started . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .xli
Hardware Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .xli
Software Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xlii
Setup Instructions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xlii
The Microsoft Certified Professional Program . . . . . . . . . . . . . . . . . . . . . . . . . . xliii
Certifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xliv
Requirements for Becoming a Microsoft Certified Professional . . . . . . . . . . . xliv
Technical Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xlv
Evaluation Edition Software Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xlvi
Part 1
1
Learn at Your Own Pace
Introduction to Windows XP Professional
1-3
Why This Chapter Matters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-3
Before You Begin. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-3
Lesson 1: Explaining Windows XP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-4
Available Windows XP Editions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-4
Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-6
Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-7
Lesson 2: Identifying Major Features of Windows XP Service Pack 2. . . . . . . . . . 1-8
How to Determine Whether Service Pack 2 Is Installed. . . . . . . . . . . . . . . . . 1-8
Major Enhancements Included in Windows XP Service Pack 2. . . . . . . . . . . . 1-9
Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-14
Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-15
What do you think of this book?
We want to hear from you!
Microsoft is interested in hearing your feedback about this publication so we can
continually improve our books and learning resources for you. To participate in a brief
online survey, please visit: www.microsoft.com/learning/booksurvey/
ix
x
Contents
Lesson 3: Identifying Key Characteristics of Workgroups and Domains . . . . . . . 1-16
How Workgroups Work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-16
How Domains Work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-17
Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-19
Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-20
Lesson 4: Logging On and Off Windows XP Professional . . . . . . . . . . . . . . . . . 1-21
How to Log On Locally to the Computer Running
Windows XP Professional . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-21
Windows XP Professional Authentication Process . . . . . . . . . . . . . . . . . . . 1-24
How to Use a Password Reset Disk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-25
How to Run Programs with Different User Credentials . . . . . . . . . . . . . . . . 1-26
The Purpose of Fast Logon Optimization . . . . . . . . . . . . . . . . . . . . . . . . . . 1-27
How to Log Off Windows XP Professional. . . . . . . . . . . . . . . . . . . . . . . . . . 1-27
Features of the Windows Security Dialog Box. . . . . . . . . . . . . . . . . . . . . . . 1-27
Practice: Creating a Password Reset Disk . . . . . . . . . . . . . . . . . . . . . . . . . 1-29
Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-30
Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-31
Case Scenario Exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-32
Scenario 1.1. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-32
Scenario 1.2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-33
Troubleshooting Lab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-33
Chapter Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-33
Exam Highlights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-34
Key Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-35
Key Terms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-35
Questions and Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-37
2
Installing Windows XP Professional
2-1
Why This Chapter Matters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1
Before You Begin. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1
Lesson 1: Preparing for Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-2
Overview of Preinstallation Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-2
Windows XP Professional Hardware Requirements . . . . . . . . . . . . . . . . . . . . 2-2
How to Verify Hardware Compatibility with the Windows Catalog . . . . . . . . . . 2-3
What Are Disk Partitions? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-3
Guidelines for Choosing a File System . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-4
Guidelines for Choosing Domain or Workgroup Membership . . . . . . . . . . . . . 2-7
How to Ensure You Have the Necessary Information
Before Installing Windows XP Professional . . . . . . . . . . . . . . . . . . . . . . . . . 2-8
How Microsoft Grants Software Licenses . . . . . . . . . . . . . . . . . . . . . . . . . . 2-9
Contents
xi
Practice: Prepare for Installation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-9
Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-10
Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-11
Lesson 2: Installing Windows XP Professional from a CD-ROM . . . . . . . . . . . . . 2-12
Overview of Windows XP Professional Setup . . . . . . . . . . . . . . . . . . . . . . . 2-12
How to Initiate Text Mode Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-12
How to Run the Setup Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-14
How to Install Windows XP Professional Networking Components . . . . . . . . 2-15
How the Installation Is Completed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-16
What Is Dynamic Update? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-17
Practice: Installing Windows XP Professional . . . . . . . . . . . . . . . . . . . . . . . 2-18
Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-23
Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-24
Lesson 3: Installing Windows XP Professional over the Network . . . . . . . . . . . . 2-25
How to Prepare for a Network Installation . . . . . . . . . . . . . . . . . . . . . . . . . 2-25
How to Install over the Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-26
How to Modify the Setup Process Using Winnt.exe. . . . . . . . . . . . . . . . . . . 2-27
How to Modify the Setup Process Using Winnt32.exe. . . . . . . . . . . . . . . . . 2-28
Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-30
Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-31
Lesson 4: Upgrading Earlier Versions of Windows to
Windows XP Professional . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-32
Client Upgrade Paths . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-32
How to Generate a Hardware Compatibility Report . . . . . . . . . . . . . . . . . . . 2-33
How to Upgrade Compatible Computers Running Windows 98 . . . . . . . . . . 2-34
How to Upgrade Compatible Computers Running Windows NT 4.0 . . . . . . . 2-34
Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-35
Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-36
Lesson 5: Troubleshooting Windows XP Professional Setup . . . . . . . . . . . . . . . 2-37
Guidelines for Resolving Common Problems . . . . . . . . . . . . . . . . . . . . . . . 2-37
Guidelines for Troubleshooting Setup Failures
Using the Windows XP Setup Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-39
Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-40
Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-41
Lesson 6: Activating and Updating Windows XP Professional . . . . . . . . . . . . . . 2-42
Guidelines for Activating Windows Following Installation . . . . . . . . . . . . . . . 2-42
How to Scan a System and Display Available Updates
Using the Windows Update Site . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-43
How to Configure Automatic Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-43
What Is Software Update Services? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-44
xii
Contents
What Are Service Packs? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-46
Practice: Configuring Automatic Updates . . . . . . . . . . . . . . . . . . . . . . . . . . 2-49
Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-49
Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-50
Case Scenario Exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-50
Scenario 2.1. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-50
Scenario 2.2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-51
Troubleshooting Lab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-52
Scenario. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-52
Question . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-52
Chapter Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-53
Exam Highlights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-53
Key Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-54
Key Terms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-54
Questions and Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-56
3
Deploying Windows XP Professional
3-1
Why This Chapter Matters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-1
Before You Begin. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-2
Lesson 1: Creating Unattended Installations
by Using Windows Setup Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3
Overview of Unattended Installations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3
How to Find the Windows XP Deployment Tools . . . . . . . . . . . . . . . . . . . . . . 3-4
What Windows Setup Manager Does . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-4
How to Use the Windows Setup Manager to
Create an Answer File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-6
How to Start an Unattended Installation . . . . . . . . . . . . . . . . . . . . . . . . . . 3-12
Practice: Creating Unattended Installations with
Windows Setup Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-13
Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-16
Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-16
Lesson 2: Using Disk Duplication to Deploy Windows XP Professional . . . . . . . 3-18
Overview of Disk Duplication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-18
How to Extract the Windows System Preparation Tool. . . . . . . . . . . . . . . . . 3-19
Preparing a Computer for the Creation of a Master Image
by Using the System Preparation Tool . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-19
How to Install Windows XP Professional from a Master Disk Image . . . . . . . 3-20
Practice: Deploying Windows XP Professional by
Using Disk Duplication. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-21
Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-24
Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-24
Contents
xiii
Lesson 3: Performing Remote Installations. . . . . . . . . . . . . . . . . . . . . . . . . . . 3-25
Overview of RIS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-25
Installing and Configuring RIS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-26
Requirements for RIS Client Computers . . . . . . . . . . . . . . . . . . . . . . . . . . 3-30
Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-32
Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-33
Lesson 4: Using Tools to Simplify Deployment . . . . . . . . . . . . . . . . . . . . . . . . 3-34
How to Use the Files And Settings Transfer Wizard. . . . . . . . . . . . . . . . . . . 3-34
What Is the User State Migration Tool? . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-36
How to Manage Applications by Using Windows Installer . . . . . . . . . . . . . . 3-37
Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-40
Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-40
Case Scenario Exercise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-41
Scenario. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-41
Questions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-41
Troubleshooting Lab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-42
Chapter Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-43
Exam Highlights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-43
Key Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-43
Key Terms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-44
Questions and Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-45
4
Modifying and Troubleshooting the Startup Process
4-1
Why This Chapter Matters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-1
Before You Begin. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-1
Lesson 1: Explaining the Startup Process. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-2
Files Used in the Startup Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-2
What Happens During the Preboot Sequence . . . . . . . . . . . . . . . . . . . . . . . 4-3
What Happens During the Boot Sequence . . . . . . . . . . . . . . . . . . . . . . . . . . 4-4
What Is the BOOT.INI File? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-6
What Happens During the Kernel Load Phase . . . . . . . . . . . . . . . . . . . . . . . 4-9
What Happens During the Kernel Initialization Phase . . . . . . . . . . . . . . . . . 4-10
What Happens During the Logon Phase . . . . . . . . . . . . . . . . . . . . . . . . . . 4-12
Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-12
Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-13
Lesson 2: Editing the Registry . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-15
What Is the Registry? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-15
The Hierarchical Structure of the Registry . . . . . . . . . . . . . . . . . . . . . . . . . 4-16
How to View and Edit the Registry Using the Registry Editor . . . . . . . . . . . . 4-20
Practice: Modifying the Registry . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-21
xiv
Contents
Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-23
Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-24
Lesson 3: Troubleshooting Problems Using Startup and Recovery Tools . . . . . . 4-25
Guidelines for Troubleshooting Startup Using Safe Mode . . . . . . . . . . . . . . 4-25
Guidelines for Troubleshooting Startup Using
the Last Known Good Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-27
Additional Advanced Boot Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-29
How to Perform Troubleshooting and Recovery Tasks
Using the Recovery Console. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-30
Practice: Installing and Accessing the
Windows XP Professional Recovery Console . . . . . . . . . . . . . . . . . . . . . . . 4-34
Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-36
Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-37
Case Scenario Exercise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-37
Scenario. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-37
Questions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-38
Troubleshooting Lab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-38
Chapter Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-40
Exam Highlights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-40
Key Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-40
Key Terms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-41
Questions and Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-42
5
Configuring Windows XP Professional
5-1
Why This Chapter Matters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-1
Before You Begin. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-2
Lesson 1: Configuring and Troubleshooting the Display . . . . . . . . . . . . . . . . . . . 5-3
How to Configure Display and Desktop Properties . . . . . . . . . . . . . . . . . . . . 5-3
How to Configure Multiple Displays. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-8
Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-12
Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-12
Lesson 2: Configuring Power Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-13
How to Select a Power Scheme . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-13
How to Configure Advanced Power Options . . . . . . . . . . . . . . . . . . . . . . . . 5-15
How to Enable Hibernate Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-16
How to Configure Advanced Power Management . . . . . . . . . . . . . . . . . . . . 5-16
How to Configure an Uninterruptible Power Supply . . . . . . . . . . . . . . . . . . . 5-17
Practice: Configuring Power Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-18
Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-19
Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-20
Contents
xv
Lesson 3: Configuring System Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-21
How to Configure System Performance Options . . . . . . . . . . . . . . . . . . . . . 5-21
How to Configure User Profiles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-27
How to Configure Startup and Recovery Settings . . . . . . . . . . . . . . . . . . . . 5-31
How to Configure Environment Variables . . . . . . . . . . . . . . . . . . . . . . . . . . 5-34
How to Configure Error Reporting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-35
Practice: Configuring System Settings by Using Control Panel . . . . . . . . . . 5-36
Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-37
Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-39
Lesson 4: Configuring Languages, Locations,
and Accessibility Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-40
How to Configure and Troubleshoot Regional
and Language Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-40
How to Configure and Troubleshoot Accessibility Options . . . . . . . . . . . . . . 5-43
Practice: Configuring Multiple Languages by Using Control Panel. . . . . . . . . 5-48
Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-49
Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-50
Lesson 5: Managing Windows Components. . . . . . . . . . . . . . . . . . . . . . . . . . . 5-51
How to Add Windows Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-51
How to Remove Windows Components . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-53
How to Manage Internet Information Services . . . . . . . . . . . . . . . . . . . . . . 5-53
Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-55
Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-56
Case Scenario Exercise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-56
Scenario. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-56
Questions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-56
Troubleshooting Lab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-58
Chapter Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-59
Exam Highlights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-59
Key Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-59
Key Terms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-60
Questions and Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-62
6
Installing, Managing, and Troubleshooting
Hardware Devices and Drivers
6-1
Why This Chapter Matters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-1
Before You Begin. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-1
Lesson 1: Installing a Hardware Device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-2
How to Install Hardware Automatically. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-2
How to Install Hardware Manually . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-5
xvi
Contents
Practice: Running the Add Hardware Wizard . . . . . . . . . . . . . . . . . . . . . . . . 6-8
Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-9
Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-9
Lesson 2: Configuring and Troubleshooting Hardware Devices . . . . . . . . . . . . . 6-11
How to Configure and Troubleshoot Devices Using Device Manager. . . . . . . 6-11
How to Install, Configure, Manage, and Troubleshoot Fax Support . . . . . . . . 6-14
How to Manage and Troubleshoot the Most Common I/O Devices. . . . . . . . 6-18
Practice: Disabling and Re-enabling a Hardware Device . . . . . . . . . . . . . . . 6-24
Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-25
Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-26
Lesson 3: Viewing and Configuring Hardware Profiles . . . . . . . . . . . . . . . . . . . 6-27
When to Use Hardware Profiles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-27
How to Create a Hardware Profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-27
How to Manage Hardware Profiles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-29
How to Configure Hardware Settings in a Profile . . . . . . . . . . . . . . . . . . . . 6-29
How to Select a Hardware Profile During Startup . . . . . . . . . . . . . . . . . . . . 6-30
Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-30
Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-31
Lesson 4: Configuring and Troubleshooting Device Drivers . . . . . . . . . . . . . . . . 6-32
What Is the Driver.cab File? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-32
Actions You Can Take to Update Drivers . . . . . . . . . . . . . . . . . . . . . . . . . . 6-32
How to Configure and Monitor Driver Signing . . . . . . . . . . . . . . . . . . . . . . . 6-33
Practice: Configuring Driver Signature Settings
and Scanning for Unsigned Drivers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-35
Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-36
Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-37
Case Scenario Exercise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-37
Scenario. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-38
Questions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-38
Troubleshooting Lab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-39
Chapter Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-40
Exam Highlights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-41
Key Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-41
Key Terms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-41
Questions and Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-43
7
Setting Up and Managing User Accounts
7-1
Why This Chapter Matters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-1
Before You Begin. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-1
Lesson 1: Introduction to User Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-2
Contents
xvii
Local User Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-2
Domain User Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-3
Built-In User Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-4
How to Enable or Disable the Guest Account . . . . . . . . . . . . . . . . . . . . . . . . 7-6
Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-7
Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-8
Lesson 2: Planning New User Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-9
Naming Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-9
Password Guidelines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-10
Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-12
Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-12
Lesson 3: Modifying, Creating, and Deleting User Accounts . . . . . . . . . . . . . . . 7-13
User Accounts Tool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-13
Computer Management Snap-In . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-17
How to Create a Password Reset Disk . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-20
Practice: Modifying, Creating, and Deleting Local User Accounts . . . . . . . . . 7-21
Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-26
Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-27
Lesson 4: Configuring Properties for User Accounts . . . . . . . . . . . . . . . . . . . . 7-28
The General Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-28
The Member Of Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-29
The Profile Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-29
Practice: Modifying User Account Properties . . . . . . . . . . . . . . . . . . . . . . . . . . 7-32
Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-33
Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-35
Lesson 5: Implementing Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-36
What Is a Group? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-36
Guidelines for Using Local Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-37
How to Create Local Groups. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-38
How to Add Members to a Local Group . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-39
How to Delete Local Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-40
Built-In Local Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-40
Built-In System Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-42
Practice: Creating and Managing Local Groups . . . . . . . . . . . . . . . . . . . . . 7-42
Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-44
Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-45
Case Scenario Exercise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-46
Scenario. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-46
Questions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-46
xviii
Contents
Troubleshooting Lab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-47
Chapter Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-49
Exam Highlights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-49
Key Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-49
Key Terms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-50
Questions and Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-51
8
Securing Resources with NTFS Permissions
8-1
Why This Chapter Matters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-1
Before You Begin. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-1
Lesson 1: Introduction to NTFS Permissions. . . . . . . . . . . . . . . . . . . . . . . . . . . 8-2
Standard NTFS Folder Permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-2
Standard NTFS File Permissions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-3
How Windows XP Professional Uses Access Control Lists. . . . . . . . . . . . . . . 8-3
How Effective Permissions Are Calculated When Multiple
Sets of NTFS Permissions Are in Effect . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-3
How NTFS Permissions Inheritance Is Controlled . . . . . . . . . . . . . . . . . . . . . 8-5
Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-6
Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-7
Lesson 2: Assigning NTFS Permissions and Special Permissions . . . . . . . . . . . . 8-8
How to Assign or Modify Permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-8
How to Grant or Deny Special Permissions . . . . . . . . . . . . . . . . . . . . . . . . 8-10
How to Take Ownership of Files and Folders . . . . . . . . . . . . . . . . . . . . . . . 8-13
How to Prevent Permissions Inheritance . . . . . . . . . . . . . . . . . . . . . . . . . . 8-14
Guidelines for Planning NTFS Permissions. . . . . . . . . . . . . . . . . . . . . . . . . 8-14
Practice: Planning and Assigning NTFS Permissions . . . . . . . . . . . . . . . . . . 8-15
Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-21
Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-22
Lesson 3: Supporting NTFS Permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-23
Effect on NTFS File and Folder Permissions
When Files and Folders Are Copied. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-23
Effect on NTFS File and Folder Permissions
When Files and Folders Are Moved . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-24
How to Troubleshoot Common Permissions Problems . . . . . . . . . . . . . . . . 8-25
Practice: Managing NTFS Permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-26
Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-30
Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-31
Case Scenario Exercise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-32
Scenario. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-32
Questions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-32
Contents
xix
Troubleshooting Lab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-33
Scenario. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-33
Questions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-34
Chapter Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-35
Exam Highlights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-36
Key Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-36
Key Terms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-36
Questions and Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-37
9
Administering Shared Folders
9-1
Why This Chapter Matters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-1
Before You Begin. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-1
Lesson 1: Introduction to Shared Folders . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-2
Simple File Sharing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-2
Shared Folder Permissions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-3
Requirements for Sharing a Folder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-3
Characteristics of Shared Folder Permissions . . . . . . . . . . . . . . . . . . . . . . . 9-4
How to Share a Folder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-4
How to Assign Shared Folder Permissions . . . . . . . . . . . . . . . . . . . . . . . . . . 9-5
How to Create Multiple Share Names for a Shared Folder. . . . . . . . . . . . . . . 9-6
How to Modify a Shared Folder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-7
How to Connect to a Shared Folder. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-7
What Are Administrative Shares? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-9
How to Manage Shared Folders by Using Computer Management . . . . . . . . 9-10
Guidelines for Shared Folder Permissions . . . . . . . . . . . . . . . . . . . . . . . . . 9-13
Practice: Managing Shared Folders . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-14
Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-17
Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-18
Lesson 2: Combining Shared Folder Permissions and NTFS Permissions . . . . . 9-20
How to Calculate Effective Permissions for Folders
That Have Shared Folder and NTFS Permissions . . . . . . . . . . . . . . . . . . . . 9-20
Rules When Combining Shared Folder Permissions and
NTFS Permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-20
Practice: Combining Permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-21
Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-23
Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-24
Case Scenario Exercise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-24
Scenario. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-24
Questions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-26
Troubleshooting Lab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-26
xx
Contents
Chapter Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-28
Exam Highlights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-29
Key Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-29
Key Terms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-29
Questions and Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-30
10
Managing Data Storage
10-1
Why This Chapter Matters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-1
Before You Begin. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-2
Lesson 1: Managing and Troubleshooting Disks and Volumes . . . . . . . . . . . . . 10-3
Overview of Basic and Dynamic Disks . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-3
Managing Hard Disks by Using the Disk Management Tool . . . . . . . . . . . . . 10-6
How to Manage Disks Remotely By Using Computer Management . . . . . . 10-21
How to Manage Disks from the Command Line by Using Diskpart . . . . . . . 10-21
How to Troubleshoot Disks and Volumes . . . . . . . . . . . . . . . . . . . . . . . . . 10-22
Removable Media . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-23
Practice: Managing Hard Disks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-26
Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-26
Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-27
Lesson 2: Managing Compression . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-28
What Is the Compressed Folders Feature? . . . . . . . . . . . . . . . . . . . . . . . 10-28
How to Compress Files, Folders, or Volumes
by Using NTFS Compression. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-29
Practice: Managing Compression . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-34
Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-37
Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-38
Lesson 3: Managing Disk Quotas . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-39
Overview of Disk Quotas . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-39
How to Set Disk Quotas. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-40
How to Determine the Status of Disk Quotas . . . . . . . . . . . . . . . . . . . . . 10-43
How to Monitor Disk Quotas. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-43
Guidelines for Using Disk Quotas . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-43
Practice: Managing Disk Quotas . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-44
Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-47
Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-48
Lesson 4: Increasing Security by Using EFS . . . . . . . . . . . . . . . . . . . . . . . . . 10-49
Overview of EFS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-49
How to Encrypt a Folder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-51
How to Decrypt a Folder. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-51
How to Control Encryption From the Command Line
Contents
xxi
by Using the Cipher Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-52
How to Create an EFS Recovery Agent . . . . . . . . . . . . . . . . . . . . . . . . . . 10-52
Practice: Increasing Security by Using EFS. . . . . . . . . . . . . . . . . . . . . . . . 10-53
Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-54
Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-55
Lesson 5: Maintaining Disks with Disk Defragmenter,
Check Disk, and Disk Cleanup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-57
How to Analyze and Defragment Disks with Disk Defragmenter . . . . . . . . . 10-57
How to Scan a Hard Disk for Errors with Check Disk . . . . . . . . . . . . . . . . 10-60
How to Free Up Disk Space with Disk Cleanup. . . . . . . . . . . . . . . . . . . . . 10-62
Practice: Maintaining Disks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-65
Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-67
Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-68
Lesson 6: Configuring Offline Folders and Files. . . . . . . . . . . . . . . . . . . . . . . 10-69
How to Enable the Offline Files Feature On Your Computer . . . . . . . . . . . . 10-69
How to Make Folders and Files Available Offline . . . . . . . . . . . . . . . . . . . 10-70
How to Configure Your Computer to Share Offline Folders and Files. . . . . . 10-71
How to Synchronize Offline Folders and Files . . . . . . . . . . . . . . . . . . . . . . 10-72
Practice: Configuring Offline Folders and Files . . . . . . . . . . . . . . . . . . . . . 10-74
Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-76
Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-76
Case Scenario Exercise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-77
Scenario. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-77
Questions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-77
Troubleshooting Lab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-78
Chapter Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-79
Exam Highlights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-80
Key Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-80
Key Terms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-80
Questions and Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-83
11
Setting Up, Configuring, and Troubleshooting Printers
11-1
Why This Chapter Matters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-1
Before You Begin. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-1
Lesson 1: Introduction to Windows XP Professional Printing. . . . . . . . . . . . . . . 11-2
Important Printing Terms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-2
Requirements for Network Printing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-3
Guidelines for Developing a Network-wide Printing Strategy. . . . . . . . . . . . . 11-4
Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-5
Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-6
xxii
Contents
Lesson 2: Setting Up Network Printers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-7
How to Add and Share a Local Printer . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-7
How to Add and Share a Network Interface Printer . . . . . . . . . . . . . . . . . . 11-10
How to Add an LPR Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-12
How to Configure Client Computers So Users Can Print . . . . . . . . . . . . . . 11-13
Practice: Installing a Network Printer. . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-15
Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-19
Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-20
Lesson 3: Connecting to Network Printers . . . . . . . . . . . . . . . . . . . . . . . . . . 11-21
Add Printer Wizard Options. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-21
How to Connect Directly to a Shared Printer . . . . . . . . . . . . . . . . . . . . . . 11-22
How to Use a Web Browser . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-23
How to Find a Printer Using the Search Assistant. . . . . . . . . . . . . . . . . . . 11-23
Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-24
Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-25
Lesson 4: Configuring Network Printers . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-26
How to Share an Existing Printer. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-26
How to Install Additional Printer Drivers. . . . . . . . . . . . . . . . . . . . . . . . . . 11-27
How to Stop the Sharing of a Printer . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-29
How to Create a Printer Pool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-29
How to Set Priorities Among Printers. . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-30
Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-31
Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-32
Lesson 5: Troubleshooting Setup and Configuration Problems . . . . . . . . . . . . 11-33
How to Use Windows Troubleshooters. . . . . . . . . . . . . . . . . . . . . . . . . . . 11-33
Possible Solutions to Common Troubleshooting Scenarios . . . . . . . . . . . . 11-34
Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-35
Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-35
Case Scenario Exercise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-36
Scenario. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-36
Questions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-36
Troubleshooting Lab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-37
Scenario. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-37
Question . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-37
Chapter Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-37
Exam Highlights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-38
Key Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-38
Key Terms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-39
Questions and Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-40
Contents
12
Managing Printers and Documents
xxiii
12-1
Why This Chapter Matters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-1
Before You Begin. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-1
Lesson 1: Introduction to Printer Administration . . . . . . . . . . . . . . . . . . . . . . . 12-2
Printer Management Tasks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-2
Document Management Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-2
Common Printer Problems that Require Troubleshooting. . . . . . . . . . . . . . . 12-3
How to Access Printers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-3
Windows XP Professional Print Permissions. . . . . . . . . . . . . . . . . . . . . . . . 12-4
Practice: Changing the Default Permissions on a Printer. . . . . . . . . . . . . . . 12-7
Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-8
Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-9
Lesson 2: Managing Printers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-10
How to Assign Forms to Paper Trays . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-10
How to Set Up a Separator Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-11
How to Pause a Printer and Cancel Documents . . . . . . . . . . . . . . . . . . . . 12-13
How to Redirect Documents to a Different Printer . . . . . . . . . . . . . . . . . . 12-13
Formats Supported by the WinPrint Print Processor . . . . . . . . . . . . . . . . . 12-14
How to Configure Spooling Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-15
How to Take Ownership of a Printer. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-16
Practice: Managing Printers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-17
Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-18
Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-19
Lesson 3: Managing Documents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-20
How to Pause, Restart, and Cancel a Document . . . . . . . . . . . . . . . . . . . 12-20
How to Set Notification, Priority, and Printing Time . . . . . . . . . . . . . . . . . . 12-21
Practice: Managing Documents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-22
Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-24
Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-25
Lesson 4: Administering Printers by Using a Web Browser . . . . . . . . . . . . . . . 12-26
The Advantages of Using a Web Browser to Manage Printers . . . . . . . . . . 12-26
How to Access Printers Using a Web Browser . . . . . . . . . . . . . . . . . . . . . 12-26
Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-27
Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-28
Lesson 5: Troubleshooting Common Printing Problems . . . . . . . . . . . . . . . . . 12-29
Guidelines for Examining a Printing Problem . . . . . . . . . . . . . . . . . . . . . . 12-29
Solutions to Common Printing Problems . . . . . . . . . . . . . . . . . . . . . . . . . 12-29
How to Solve Printing Problems Using the
Windows XP Professional Printing Troubleshooter. . . . . . . . . . . . . . . . . . . 12-31
xxiv
Contents
Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-31
Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-31
Case Scenario Exercise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-32
Scenario. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-32
Questions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-32
Troubleshooting Lab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-33
Chapter Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-34
Exam Highlights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-35
Key Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-35
Key Terms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-36
Questions and Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-37
13
Supporting TCP/IP
13-1
Why This Chapter Matters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-1
Before You Begin. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-1
Lesson 1: Configuring and Troubleshooting TCP/IP . . . . . . . . . . . . . . . . . . . . . 13-2
What Is an IP Address? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-2
How to Configure TCP/IP to Use a Static IP Address . . . . . . . . . . . . . . . . . 13-6
How to Configure TCP/IP to Obtain an IP Address Automatically . . . . . . . . . 13-8
What Is Automatic Private IP Addressing? . . . . . . . . . . . . . . . . . . . . . . . . . 13-9
How to Specify an Alternate Configuration for TCP/IP . . . . . . . . . . . . . . . . 13-11
How to Use TCP/IP Tools to Troubleshoot a Connection . . . . . . . . . . . . . . 13-12
Practice: Configuring and Troubleshooting TCP/IP . . . . . . . . . . . . . . . . . . 13-18
Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-23
Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-25
Lesson 2: Understanding the Domain Name System . . . . . . . . . . . . . . . . . . . 13-26
What Is the Domain Namespace?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-26
Domain-Naming Guidelines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-29
What Are Zones?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-29
What Are Name Servers?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-30
Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-31
Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-32
Lesson 3: Overview of Name Resolution. . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-33
How a Forward Lookup Query Works . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-33
What Is Name Server Caching? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-34
How a Reverse Lookup Query Works . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-35
Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-36
Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-37
Lesson 4: Configuring a DNS Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-38
How to Configure DNS Server Addresses . . . . . . . . . . . . . . . . . . . . . . . . 13-38
Contents
xxv
How to Configure DNS Query Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . 13-40
Practice: Configuring a DNS Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-42
Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-43
Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-44
Case Scenario Exercise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-44
Scenario. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-44
Questions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-44
Troubleshooting Lab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-45
Chapter Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-46
Exam Highlights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-47
Key Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-47
Key Terms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-47
Questions and Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-49
14
Overview of Active Directory Service
14-1
Why This Chapter Matters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-1
Before You Begin. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-1
Lesson 1: Overview of Active Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-2
The Advantages of Active Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-2
Logical Structure of Active Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-3
Physical Structure of Active Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-9
Replication Within an Active Directory Site . . . . . . . . . . . . . . . . . . . . . . . 14-11
Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-12
Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-12
Lesson 2: Important Active Directory Concepts . . . . . . . . . . . . . . . . . . . . . . . 14-14
What Is the Active Directory Schema?. . . . . . . . . . . . . . . . . . . . . . . . . . . 14-14
What Is the Global Catalog?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-15
What Is a Namespace? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-17
Naming Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-17
Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-19
Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-20
Case Scenario Exercise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-21
Scenario. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-21
Questions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-22
Troubleshooting Lab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-22
Chapter Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-23
Exam Highlights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-24
Key Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-24
Key Terms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-24
Questions and Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-26
xxvi
15
Contents
Configuring Network and Internet Connections
15-1
Why This Chapter Matters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-1
Before You Begin. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-2
Lesson 1: Configuring Local Area Network (LAN) Connections . . . . . . . . . . . . . 15-3
Viewing LAN Connections. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-3
Configuring a LAN Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-4
The New Connection Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-11
Practice: Configuring a LAN Connection. . . . . . . . . . . . . . . . . . . . . . . . . . 15-15
Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-17
Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-18
Lesson 2: Configuring Dial-Up Connections. . . . . . . . . . . . . . . . . . . . . . . . . . 15-19
Configuring Modems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-19
Configuring a Dial-Up Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-21
Allowing Incoming Dial-Up Connections . . . . . . . . . . . . . . . . . . . . . . . . . . 15-25
Practice: Configuring an Inbound Connection . . . . . . . . . . . . . . . . . . . . . . 15-27
Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-28
Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-29
Lesson 3: Configuring Wireless Connections . . . . . . . . . . . . . . . . . . . . . . . . 15-30
Introduction to Wireless Networking Standards . . . . . . . . . . . . . . . . . . . . 15-30
Introduction to Wireless Networking Architecture . . . . . . . . . . . . . . . . . . . 15-31
Introduction to Wireless Networking Security . . . . . . . . . . . . . . . . . . . . . . 15-33
Configuring Wireless Networking in Windows XP Professional . . . . . . . . . . 15-36
Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-40
Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-41
Lesson 4: Configuring Internet Connection Sharing (ICS) . . . . . . . . . . . . . . . 15-42
Introducing Internet Connection Sharing (ICS) . . . . . . . . . . . . . . . . . . . . . 15-42
ICS Limitations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-43
Troubleshooting ICS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-44
Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-44
Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-45
Lesson 5: Configuring Windows Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-46
Introducing Windows Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-46
How to Enable or Disable Windows Firewall for all Network
Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-47
How to Enable or Disable Windows Firewall for a Specific
Network Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-48
Windows Firewall Advanced Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-49
Troubleshooting Windows Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-56
Practice: Configure Windows Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-57
Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-58
Contents
xxvii
Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-59
Case Scenario Exercise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-60
Scenario. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-60
Questions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-60
Troubleshooting Lab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-62
Chapter Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-63
Exam Highlights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-63
Key Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-64
Key Terms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-64
Questions and Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-65
16
Configuring Security Settings and Internet Options
16-1
Why This Chapter Matters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-1
Before You Begin. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-2
Lesson 1: Overview of Security Policy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-3
How to Configure Local Security Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-3
What Is Group Policy? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-9
How to View Policies That Are in Effect On a
Computer Running Windows XP Professional . . . . . . . . . . . . . . . . . . . . . . 16-12
Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-14
Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-15
Lesson 2: Configuring Account Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-16
How to Configure Password Policy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-16
How to Configure Account Lockout Policy. . . . . . . . . . . . . . . . . . . . . . . . . 16-18
Practice: Configuring Account Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-19
Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-23
Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-23
Lesson 3: Configuring User Rights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-24
How to Configure User Rights. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-24
Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-29
Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-30
Lesson 4: Configuring Security Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-31
How to Configure Security Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-31
Practice: Configuring Security Settings . . . . . . . . . . . . . . . . . . . . . . . . . . 16-33
Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-33
Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-35
Lesson 5: Implementing an Audit Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-36
Overview of Auditing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-36
What Should You Audit?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-37
How to Configure an Audit Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-38
xxviii
Contents
How to Enable Auditing for Files and Folders . . . . . . . . . . . . . . . . . . . . . . 16-40
How to Enable Auditing for Printers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-42
Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-44
Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-44
Lesson 6: Configuring Internet Explorer Options . . . . . . . . . . . . . . . . . . . . . . 16-46
How to Configure Security Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-47
How to Configure Privacy Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-50
How to Configure Content Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-51
How to Configure Connections Options . . . . . . . . . . . . . . . . . . . . . . . . . . 16-52
How to Configure Programs Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-54
How to Configure Advanced Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-55
Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-57
Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-58
Case Scenario Exercise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-58
Scenario. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-59
Questions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-59
Troubleshooting Lab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-60
Scenario. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-61
Questions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-61
Chapter Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-63
Exam Highlights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-64
Key Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-64
Key Terms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-64
Questions and Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-66
17
Monitoring and Managing Shared Folders by
Using Computer Management
17-1
Why This Chapter Matters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-1
Before You Begin. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-1
Lesson 1: Monitoring Access to Shared Folders . . . . . . . . . . . . . . . . . . . . . . . 17-2
Reasons for Monitoring Network Resources . . . . . . . . . . . . . . . . . . . . . . . 17-2
Who Can Monitor Access to Network Resources? . . . . . . . . . . . . . . . . . . . 17-3
How to Use the Shares Folder to View and Monitor Shared Folders . . . . . . . 17-3
How to Use the Open Files Folder to Monitor Files . . . . . . . . . . . . . . . . . . . 17-6
How to Disconnect Users from Open Files. . . . . . . . . . . . . . . . . . . . . . . . . 17-6
Practice: Monitoring Shared Folders . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-7
Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-8
Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-9
Lesson 2: Creating and Sharing Local and Remote Folders . . . . . . . . . . . . . . 17-10
How to Create a New Folder and Share It by Using Shared Folders . . . . . . 17-10
Contents
xxix
How to Share a Folder on a Remote Computer
by Using Shared Folders . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-11
How to Stop Sharing a Folder by Using Shared Folders . . . . . . . . . . . . . . . 17-12
Practice: Creating a Shared Folder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-13
Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-14
Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-14
Lesson 3: Monitoring Network Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-15
How to Monitor User Sessions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-15
How to Disconnect Users. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-16
How to Send Administrative Messages to Users . . . . . . . . . . . . . . . . . . . 17-17
Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-18
Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-18
Case Scenario Exercise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-19
Scenario. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-19
Questions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-19
Troubleshooting Lab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-20
Chapter Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-21
Exam Highlights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-21
Key Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-21
Key Terms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-22
Questions and Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-23
18
Using Windows XP Tools
18-1
Why This Chapter Matters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-1
Before You Begin. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-1
Lesson 1: Working with Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-2
How to Manage Services by Using the Services Console . . . . . . . . . . . . . . 18-2
How to Disable and Enable Services by
Using the System Configuration Utility. . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-8
Practice: Working with Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-9
Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-10
Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-11
Lesson 2: Using Event Viewer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-12
Overview of Windows XP Professional Logs . . . . . . . . . . . . . . . . . . . . . . . 18-12
How to View Event Logs by Using Event Viewer . . . . . . . . . . . . . . . . . . . . 18-12
How to View an Event . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-14
How to Locate Events In a Log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-15
Logging Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-16
How to Save and Open Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-17
Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-17
xxx
Contents
Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-18
Lesson 3: Using Scheduled Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-19
Overview of Scheduled Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-19
How to Schedule a Task. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-20
How to Configure Advanced Options for a Scheduled Task . . . . . . . . . . . . 18-20
How to Troubleshoot Scheduled Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . 18-21
Practice: Using Task Scheduler. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-22
Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-23
Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-24
Lesson 4: Using System Restore . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-25
Overview of System Restore. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-25
How to Enable or Disable System Restore. . . . . . . . . . . . . . . . . . . . . . . . 18-27
How to Create a Restore Point . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-28
How to Restore a Restore Point . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-29
Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-30
Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-31
Lesson 5: Using Remote Desktop and Remote Assistance . . . . . . . . . . . . . . 18-32
How to Configure and Use Remote Desktop . . . . . . . . . . . . . . . . . . . . . . 18-32
How to Configure and Use Remote Assistance . . . . . . . . . . . . . . . . . . . . 18-37
Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-40
Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-41
Case Scenario Exercise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-41
Scenario. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-41
Questions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-42
Troubleshooting Lab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-43
Scenario. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-43
Questions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-44
Chapter Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-45
Exam Highlights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-46
Key Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-46
Key Terms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-47
Questions and Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-48
19
Monitoring and Optimizing System Performance
19-1
Why This Chapter Matters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-1
Before You Begin. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-1
Lesson 1: Using Task Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-2
How to Monitor Programs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-2
How to Monitor Processes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-3
How to Monitor System Performance . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-6
Contents
xxxi
How to Monitor Networking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-8
Practice: Using Task Manager. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-10
Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-11
Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-12
Lesson 2: Using the Performance Console . . . . . . . . . . . . . . . . . . . . . . . . . . 19-13
How to Use System Monitor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-13
How to Add Counters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-15
How to Use Performance Logs And Alerts . . . . . . . . . . . . . . . . . . . . . . . . 19-17
How to Establish a Baseline for Performance Data. . . . . . . . . . . . . . . . . . 19-20
How to Identify and Resolve Bottlenecks. . . . . . . . . . . . . . . . . . . . . . . . . 19-20
Practice: Using System Monitor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-22
Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-23
Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-23
Case Scenario Exercise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-24
Scenario. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-24
Questions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-24
Troubleshooting Lab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-25
Chapter Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-28
Exam Highlights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-28
Key Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-28
Key Terms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-29
Questions and Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-30
20
Backing Up and Restoring Data
20-1
Why This Chapter Matters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-1
Before You Begin. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-1
Lesson 1: Using the Backup Utility. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-2
What Is the Backup Utility? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-2
Who Can Back Up and Restore Data? . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-4
How to Plan a Backup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-5
Types of Backup Operations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-7
How to Change Default Backup Options . . . . . . . . . . . . . . . . . . . . . . . . . 20-10
Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-12
Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-13
Lesson 2: Backing Up Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-14
Preliminary Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-14
How to Select Files and Folders to Back Up. . . . . . . . . . . . . . . . . . . . . . . 20-15
How to Specify Backup Destination, Media Settings,
and Advanced Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-16
How to Schedule Backup Jobs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-18
xxxii
Contents
Practice: Backing Up Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-19
Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-23
Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-25
Lesson 3: Restoring Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-26
How to Prepare to Restore Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-26
How to Select Backup Sets, Files, and Folders to Restore . . . . . . . . . . . . 20-27
How to Specify Advanced Restore Settings . . . . . . . . . . . . . . . . . . . . . . . 20-27
Practice: Restoring Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-29
Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-30
Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-31
Lesson 4: Using the Automated System Recovery Wizard . . . . . . . . . . . . . . . 20-32
Overview of the Automated System Recovery Wizard . . . . . . . . . . . . . . . . 20-32
How to Use the Automated System Recovery Wizard . . . . . . . . . . . . . . . . 20-33
How to Recover Important Registry Keys by
Using Recovery Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-34
Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-35
Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-36
Case Scenario Exercise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-36
Scenario. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-36
Questions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-37
Troubleshooting Lab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-37
Chapter Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-38
Exam Highlights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-38
Key Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-38
Key Terms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-39
Questions and Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-40
Part 2
21
Prepare for the Exam
Installing Windows XP Professional (1.0)
21-3
Tested Skills and Suggested Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21-4
Further Reading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21-7
Objective 1.1: Perform and Troubleshoot an Attended
Installation of Windows XP Professional . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21-10
Objective 1.2: Perform and Troubleshoot an Unattended
Installation of Windows XP Professional . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21-19
Objective 1.3: Upgrade from a Previous Version of Windows to
Windows XP Professional . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21-28
Objective 1.4: Perform Post-Installation Updates
and Product Activation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21-35
Objective 1.5: Troubleshoot Failed Installations . . . . . . . . . . . . . . . . . . . . . . . 21-42
Contents
22
Implementing and Conducting Administration of Resources
xxxiii
22-1
Tested Skills and Suggested Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-1
Further Reading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-3
Objective 2.1: Monitor, Manage, and Troubleshoot
Access to Files and Folders . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-5
Objective 2.2: Manage and Troubleshoot Access to Shared Folders . . . . . . . . 22-11
Objective 2.3: Connect to Local and Network Print Devices. . . . . . . . . . . . . . . 22-17
Objective 2.4: Configure and Manage File Systems . . . . . . . . . . . . . . . . . . . . 22-22
Objective 2.5: Manage and Troubleshoot Access to
and Synchronization of Offline Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-27
23
Implementing, Managing, Monitoring, and
Troubleshooting Hardware Devices and Drivers
23-1
Tested Skills and Suggested Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23-1
Further Reading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23-3
Objective 3.1: Implement, Manage, and Troubleshoot Disk Devices . . . . . . . . . 23-6
Objective 3.2: Implement, Manage, and Troubleshoot Display Devices . . . . . . 23-12
Objective 3.3: Configure Advanced Configuration Power Interface . . . . . . . . . . 23-17
Objective 3.4: Implement, Manage, and Troubleshoot I/O Devices . . . . . . . . . 23-21
Objective 3.5: Manage and Troubleshoot Drivers and Driver Signing . . . . . . . . 23-29
Objective 3.6: Monitor and Configure Multiprocessor Computers . . . . . . . . . . 23-35
24
Monitoring and Optimizing System Performance and Reliability
24-1
Tested Skills and Suggested Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24-1
Further Reading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24-2
Objective 4.1: Monitor, Optimize, and Troubleshoot Performance of the
Windows XP Professional Desktop . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24-4
Objective 4.2: Manage, Monitor, and Optimize
System Performance for Mobile Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24-13
Objective 4.3: Restore and Back Up the Operating System,
System State Data, and User Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24-19
25
Configuring and Troubleshooting the Desktop Environment
25-1
Tested Skills and Suggested Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25-1
Further Reading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25-4
Objective 5.1: Configure and Manage User
Profiles and Desktop Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25-6
Objective 5.2: Configure Support for Multiple
Languages or Multiple Locations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25-14
Objective 5.3: Manage Applications by Using
Windows Installer Packages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25-19
xxxiv
26
Contents
Implementing, Managing, and Troubleshooting
Network Protocols and Services
26-1
Tested Skills and Suggested Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26-1
Further Reading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26-4
Objective 6.1: Configure and Troubleshoot the TCP/IP Protocol . . . . . . . . . . . . . 26-7
Objective 6.2: Connect to Computers by Using Dial-Up Networking . . . . . . . . . 26-13
Objective 6.3: Connect to Resources Using Internet Explorer . . . . . . . . . . . . . 26-17
Objective 6.4: Configure, Manage, and Implement
Internet Information Services (IIS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26-22
Objective 6.5: Configure, Manage, and Troubleshoot Remote Desktop
and Remote Assistance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26-28
Objective 6.6: Configure, Manage, and Troubleshoot
an Internet Connection Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26-34
27
Configuring, Managing, and Troubleshooting Security
27-1
Tested Skills and Suggested Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27-1
Further Reading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27-3
Objective 7.1: Configure, Manage, and Troubleshoot
Encrypting File System (EFS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27-5
Objective 7.2: Configure, Manage, and Troubleshoot
a Security Configuration and Local Security Policy . . . . . . . . . . . . . . . . . . . . . 27-10
Objective 7.3: Configure, Manage, and Troubleshoot
Local User and Group Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27-16
Objective 7.4: Configure, Manage, and Troubleshoot
Internet Explorer Security Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27-22
Glossary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .G-1
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . I-1
What do you think of this book?
We want to hear from you!
Microsoft is interested in hearing your feedback about this publication so we can
continually improve our books and learning resources for you. To participate in a brief
online survey, please visit: www.microsoft.com/learning/booksurvey/
Acknowledgments
A book like this is a big project and it would not get done without the help of a lot of
people. I have worked on many books over the years with a lot of different people.
Without question, the team at Microsoft Learning is the best. Team members are exacting and conscientious, and they take pride in producing the best books they can.
I want to extend my thanks to everyone who worked on this book. Julie Pickering, our
project manager, did a great job of coordinating everyone’s effort—and that can be a
pretty tough assignment when you are working with writers. Our editors—Elise Morrison, Lori Kane, and Marzena Makuta—pored over every detail to make sure that the
book was of the highest quality and that everyone involved turned in their best effort.
And Tony Northrup, our technical editor of part 1, gave a detailed technical review and
helped to make sure that I actually knew what I was talking about. I also want to thank
Randall Galloway at Microsoft for his technical guidance and support along the way.
And as always, I want to thank Neil Salkind and everyone else at StudioB for helping
put this project together.
Walter Glenn
I’d like to thank my friends, especially Chris and Diane Geggis, Bob Hogan, Kurt and
Beatriz Dillard, Eric and Alyssa Faulkner, John and Tara Banks, Kristin Casciato, Samuel
Jackson, and Eric John Parucki. They each helped me enjoy my time away from the
keyboard. I have to thank my wife, Erica, more than anyone, for being so patient during many long days of writing.
Tony Northrup
xxxv
About This Book
Welcome to MCSE Self-Paced Training Kit (Exam 70-270): Installing, Configuring, and
Administering Microsoft Windows XP Professional, Second Edition. This book introduces you to the Microsoft Windows XP Professional operating system and prepares
you to install, configure, and support Windows XP Professional.
You will learn how to work with Windows XP Professional in a networked environment. This book focuses on the following:
■
Installing Windows XP Professional
■
Implementing and managing resources
■
Installing, managing, and troubleshooting hardware devices and drivers
■
Monitoring and optimizing system performance and reliability
■
Configuring and troubleshooting the desktop environment
■
Implementing, managing, and troubleshooting network protocols and services
Note
For more information about becoming a Microsoft Certified Professional, see the section titled “The Microsoft Certified Professional Program” later in this introduction.
Intended Audience
Anyone who wants to learn about Windows XP Professional will find this book useful.
This book was developed for information technology (IT) professionals who need to
design, plan, implement, and support Windows XP Professional or who plan to take
the related Microsoft Certified Professional Exam 70-270, Installing, Configuring, and
Administering Microsoft Windows XP Professional.
Note Exam skills are subject to change without prior notice and at the sole discretion of
Microsoft.
xxxvii
xxxviii
About This Book
Prerequisites
This training kit requires that students meet the following prerequisites:
■
Have a working knowledge of the Windows XP operating system
■
Have a basic understanding of computer hardware
■
Have a basic understanding of networking technologies
About the CD-ROM
For your use, this book includes a Supplemental CD-ROM, which contains a variety of
informational aids to complement the book content:
■
The Microsoft Press Readiness Review Suite Powered by MeasureUp. This suite of
practice tests and objective reviews contains questions of varying degrees of complexity and offers multiple testing modes. You can assess your understanding of
the concepts presented in this book and use the results to develop a learning plan
that meets your needs.
■
An electronic version of this book (eBook). For information about using the
eBook, see the “The eBook” section later in this introduction.
■
Tools recommended in the book.
A second CD-ROM contains a 180-day Evaluation Edition of Microsoft Windows XP
Professional with Service Pack 2.
Caution The 180-day Evaluation Edition provided with this training kit is not the full retail
product and is provided only for the purposes of training and evaluation. Microsoft Technical
Support does not support this evaluation edition.
For additional support information regarding this book and the CD-ROM (including
answers to commonly asked questions about installation and use), visit the Microsoft
Learning Technical Support Web site at http://www.microsoft.com/learning/support/.
You can also e-mail [email protected] or send a letter to Microsoft Learning, Attn:
Microsoft Learning Technical Support, One Microsoft Way, Redmond, WA 98052-6399.
Features of This Book
This book has two parts. Use Part I to learn at your own pace and practice what you
have learned with practical exercises. Part II contains questions and answers you can
use to test yourself on what you have learned.
About This Book
xxxix
Part I: Learn at Your Own Pace
Each chapter identifies the exam objectives that are covered within the chapter, provides an overview of why the topics matter by identifying how the information is
applied in the real world, and lists any prerequisites that must be met to complete the
lessons presented in the chapter.
The chapters are divided into lessons. Most lessons contain practices that include one
or more hands-on exercises. These exercises give you an opportunity to use the skills
being presented or to explore the part of the application being described.
After the lessons, you are given an opportunity to apply what you have learned in a
case scenario exercise. In this exercise, you work through a multistep solution for a
realistic case scenario. You are also given an opportunity to work through a troubleshooting lab that explores difficulties you might encounter when applying what you
have learned on the job.
Each chapter ends with a short summary of key concepts and a short section that lists
key topics and terms you need to know before taking the exam. This section summarizes the key topics you have learned, with a focus on demonstrating that knowledge
on the exam.
Real World Helpful Information
You will find sidebars like this one that contain related information you might
find helpful. “Real World” sidebars contain specific information gained through
the experience of IT professionals just like you.
Part II: Prepare for the Exam
Part II helps to familiarize you with the types of questions you will encounter on the
Microsoft Certified Professional (MCP) exam. By reviewing the objectives and sample
questions, you can focus on the specific skills you need to improve before taking
the exam.
See Also
For a complete list of MCP exams and their related objectives, go to http://
www.microsoft.com/learning/mcp/.
Part II is organized by the exam’s objectives. Each chapter covers one of the primary
groups of objectives, referred to as Objective Domains. Each chapter lists the tested
skills you need to master to answer the exam questions, and it includes a list of further
readings to help you improve your ability to perform the tasks or skills specified by the
objectives.
xl
About This Book
Within each Objective Domain, you will find the related objectives that are covered on
the exam. Each objective provides you with several practice exam questions. The
answers are accompanied by explanations of each correct and incorrect answer.
On the CD
These questions are also available on the companion CD as a practice test.
Informational Notes
Several types of reader aids appear throughout the training kit.
■
Tip contains methods of performing a task more quickly or in a not-so-obvious
way.
■
Important contains information that is essential to completing a task.
■
Note contains supplemental information.
■
Caution contains valuable information about possible loss of data; be sure to read
this information carefully.
■
Warning contains critical information about possible physical injury; be sure to
read this information carefully.
■
See Also contains references to other sources of information.
■
On the CD points you to supplementary information or files you need that are on
the companion CD.
■
Security Alert highlights information you need to know to maximize security in
your work environment.
■
Exam Tip flags information you should know before taking the certification
exam.
■
Off the Record contains practical advice about the real-world implications of
information presented in the lesson.
Notational Conventions
The following conventions are used throughout this book:
■
Characters or commands that you type appear in bold type.
■
Italic in syntax statements indicates placeholders for variable information. Italic is
also used for book and exam titles.
■
Names of files and folders appear in Title caps, except when you are to type them
directly. Unless otherwise indicated, you can use all lowercase letters when you
type a file name in a dialog box or at a command prompt.
About This Book
xli
■
File name extensions appear in all uppercase.
■
Acronyms appear in all uppercase.
■
type represents code samples, examples of screen text, or entries that
you might type at a command prompt or in initialization files.
■
Square brackets [ ] are used in syntax statements to enclose optional items. For
example, [filename] in command syntax indicates that you can choose to type a
file name with the command. Type only the information within the brackets, not
the brackets themselves.
■
Braces { } are used in syntax statements to enclose required items. Type only the
information within the braces, not the braces themselves.
Monospace
Keyboard Conventions
■
A plus sign (+) between two key names means that you must press those keys at
the same time. For example, “Press ALT+TAB” means that you hold down ALT while
you press TAB.
■
A comma (,) between two or more key names means that you must press each of
the keys consecutively, not together. For example, “Press ALT, F, X” means that
you press and release each key in sequence. “Press ALT+W, L” means that you first
press ALT and W at the same time, and then release them and press L.
Getting Started
This training kit contains hands-on exercises to help you learn about supporting
applications in Windows XP. Use this section to prepare your self-paced training
environment.
Hardware Requirements
To follow the practices in this book, it is recommended that you use a computer that
is not your primary workstation because you will be called on to make changes to
the operating system and application configuration. The computer you use must
have the following minimum configuration. All hardware should be listed in the Windows Catalog.
■
Personal computer with an Intel Pentium 233 MHz or faster processor (300 MHz or
faster processor recommended)
■
64 MB of RAM or higher (128 MB or higher recommended)
■
1.5 GB of available hard disk space
■
CD-ROM drive or DVD drive
xlii
About This Book
■
Super VGA (800 x 600) or higher resolution monitor
■
Microsoft Mouse or compatible pointing device
■
Internet connection
Software Requirements
The following software is required to complete the procedures in this training kit. (A
180-day Evaluation Edition of Microsoft Windows XP Professional with Service Pack 2
is included on the CD-ROM.)
■
Windows XP Professional with Service Pack 2
Caution
The 180-day Evaluation Edition provided with this training is not the full retail product and is provided only for the purposes of training and evaluation. Microsoft Technical Support does not support this evaluation edition. For additional support information regarding
this book and the CD-ROMs (including answers to commonly asked questions about installation and use), visit the Microsoft Learning Technical Support Web site at http://
mspress.microsoft.com/learning/support/. You can also e-mail [email protected] or
send a letter to Microsoft Learning, Attn: Microsoft Learning Technical Support, One Microsoft
Way, Redmond, WA 98502-6399.
Setup Instructions
Set up your computer according to the manufacturer’s instructions.
Caution If your computer is part of a larger network, you must verify with your network
administrator that the computer name, domain name, and other information used in configuring Windows XP in several chapters of this book do not conflict with network operations. If
they do conflict, ask your network administrator to provide alternative values and use those
values throughout all the exercises in this book. It is better if you can configure your computer
as a stand-alone computer with Internet access.
The Readiness Review Suite
The CD-ROM includes a practice test made up of 300 sample exam questions and an
objective-by-objective review with an additional 125 questions. Use these tools to reinforce your learning and to identify any areas in which you need to gain more experience before taking the exam.
About This Book
xliii
To install the practice test and objective review
1. Insert the Supplemental CD-ROM into your CD-ROM drive.
Note
If AutoRun is disabled on your machine, refer to the Readme.txt file on the CD-ROM.
2. Click Readiness Review Suite on the user interface menu.
The eBook
The CD-ROM includes an electronic version of the Training Kit. The eBook is in Portable Document Format (PDF) and can be viewed by using Adobe Acrobat Reader.
To use the eBook
1. Insert the Supplemental CD-ROM into your CD-ROM drive.
Note
If AutoRun is disabled on your machine, refer to the Readme.txt file on the CD-ROM.
2. Click Training Kit eBook on the user interface menu. You can also review any of
the other eBooks that are provided for your use.
The Microsoft Certified Professional Program
The Microsoft Certified Professional (MCP) program provides the best method to prove
your command of current Microsoft products and technologies. The exams and corresponding certifications are developed to validate your mastery of critical competencies
as you design and develop, or implement and support, solutions with Microsoft products and technologies. Computer professionals who become Microsoft-certified are recognized as experts and are sought after industry-wide. Certification brings a variety of
benefits to the individual and to employers and organizations.
See Also
default.asp.
For a full list of MCP benefits, go to http://www.microsoft.com/learning/itpro/
xliv
About This Book
Certifications
The Microsoft Certified Professional program offers multiple certifications, based on
specific areas of technical expertise:
■
Microsoft Certified Professional (MCP). Demonstrated in-depth knowledge of at
least one Microsoft Windows operating system or architecturally significant platform. An MCP is qualified to implement a Microsoft product or technology as part
of a business solution for an organization.
■
Microsoft Certified Desktop Support Technician (MCDST). Individuals who support
end users and troubleshoot desktop environments running on the Windows operating system.
■
Microsoft Certified Solution Developer (MCSD). Professional developers qualified
to analyze, design, and develop enterprise business solutions with Microsoft
development tools and technologies including the Microsoft .NET Framework.
■
Microsoft Certified Application Developer (MCAD). Professional developers qualified to develop, test, deploy, and maintain powerful applications using Microsoft
tools and technologies including Microsoft Visual Studio .NET and XML Web services.
■
Microsoft Certified Systems Engineer (MCSE). Qualified to effectively analyze the
business requirements and design and implement the infrastructure for business
solutions based on the Microsoft Windows Server 2003 operating system.
■
Microsoft Certified Systems Administrator (MCSA). Individuals with the skills to
manage and troubleshoot existing network and system environments based on the
Microsoft Windows Server 2003 operating systems.
■
Microsoft Certified Database Administrator (MCDBA). Individuals who design,
implement, and administer Microsoft SQL Server databases.
■
Microsoft Certified Trainer (MCT). Instructionally and technically qualified to
deliver Microsoft Official Curriculum through a Microsoft Certified Technical Education Center (CTEC).
Requirements for Becoming a Microsoft Certified Professional
The certification requirements differ for each certification and are specific to the products and job functions addressed by the certification.
To become a Microsoft Certified Professional, you must pass rigorous certification
exams that provide a valid and reliable measure of technical proficiency and expertise.
These exams are designed to test your expertise and ability to perform a role or task
with a product and are developed with the input of professionals in the industry.
About This Book
xlv
Questions in the exams reflect how Microsoft products are used in actual organizations,
giving them “real-world” relevance.
■
Microsoft Certified Professional (MCP) candidates are required to pass one current
Microsoft certification exam. Candidates can pass additional Microsoft certification
exams to further qualify their skills with other Microsoft products, development
tools, or desktop applications.
■
Microsoft Certified Solution Developers (MCSDs) are required to pass three core
exams and one elective exam. (MCSD for Microsoft .NET candidates are required
to pass four core exams and one elective.)
■
Microsoft Certified Application Developers (MCADs) are required to pass two core
exams and one elective exam in an area of specialization.
■
Microsoft Certified Systems Engineers (MCSEs) are required to pass five core
exams and two elective exams.
■
Microsoft Certified Systems Administrators (MCSAs) are required to pass three core
exams and one elective exam that provide a valid and reliable measure of technical proficiency and expertise.
■
Microsoft Certified Database Administrators (MCDBAs) are required to pass three
core exams and one elective exam that provide a valid and reliable measure of
technical proficiency and expertise.
■
Microsoft Certified Trainers (MCTs) are required to meet instructional and technical requirements specific to each Microsoft Official Curriculum course they are
certified to deliver. The MCT program requires ongoing training to meet the
requirements for the annual renewal of certification. For more information about
becoming a Microsoft Certified Trainer, visit http://www.microsoft.com/learning/
mcp/mct/ or contact a regional service center near you.
Technical Support
Every effort has been made to ensure the accuracy of this book and the contents of the
companion disc. If you have comments, questions, or ideas regarding this book or the
companion disc, please send them to Microsoft Learning using either of the following
methods:
E-mail:
[email protected]
Postal Mail:
Microsoft Learning
Attn: MCSE Self-Paced Training Kit (Exam 70-270): Installing,
Configuring, and Administering Microsoft Windows XP Professional,
Second Edition, Editor
One Microsoft Way
Redmond, WA 98052-6399
xlvi
About This Book
For additional support information regarding this book and the CD-ROM (including
answers to commonly asked questions about installation and use), visit the Microsoft
Learning Technical Support Web site at http://www.microsoft.com/learning/support/. To
connect directly to the Microsoft Press Knowledge Base and enter a query, visit http://
www.microsoft.com/mspress/support/search.asp. For support information regarding
Microsoft software, please connect to http://support.microsoft.com/.
Evaluation Edition Software Support
The 180-day Evaluation Edition provided with this training is not the full retail product
and is provided only for the purposes of training and evaluation. Microsoft and
Microsoft Technical Support do not support this evaluation edition.
Caution
The Evaluation Edition of Windows XP Professional with Service Pack 2 included
with this book should not be used on a primary work computer. The Evaluation Edition is
unsupported. For online support information relating to the full version of Windows XP Professional that might also apply to the Evaluation Edition, you can connect to http://support
.microsoft.com/.
Information about any issues relating to the use of this Evaluation Edition with this
training kit is posted to the Support section of the Microsoft Learning Web site (http://
www.microsoft.com/learning/support/). For information about ordering the full version
of any Microsoft software, please call Microsoft Sales at (800) 426-9400 or visit http://
www.microsoft.com.
Part I
Learn at Your Own Pace
1 Introduction to Windows XP
Professional
Exam Objectives in this Chapter:
■
This first chapter serves as an introduction to Windows XP Professional and does
not specifically cover any exam objective.
Why This Chapter Matters
This book prepares you to install, configure, and support Microsoft Windows XP
Professional. This chapter introduces you to the various editions of Microsoft
Windows that make up the Windows XP family. It also provides a look at some
of the areas in which Microsoft has enhanced Windows XP with Windows XP Service Pack 2. This chapter introduces the concepts of workgroups and domains
and also explains how to log on and off Windows XP Professional. By the time
you are finished reading this chapter, you should have a firm understanding of
where and why Windows XP Professional is used.
Lessons in this Chapter:
■
Lesson 1: Explaining Windows XP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-4
■
Lesson 2: Identifying Major Features of Windows XP Service Pack 2 . . . . . . . .1-8
■
Lesson 3: Joining Workgroups and Domains. . . . . . . . . . . . . . . . . . . . . . . . .1-16
■
Lesson 4: Identifying Key Characteristics of Workgroups and Domains . . . . .1-21
Before You Begin
There are no special requirements to complete this chapter.
1-3
1-4
Chapter 1
Introduction to Windows XP Professional
Lesson 1: Explaining Windows XP
This lesson introduces the various editions of Windows XP, including Windows XP Professional, Windows XP Home Edition, Windows XP Tablet PC Edition, Windows XP
Home Media Edition, and Windows XP 64-Bit Edition.
After this lesson, you will be able to
■ Identify the available editions of Windows XP.
■ Explain the differences between Windows XP editions.
Estimated lesson time: 10 minutes
Available Windows XP Editions
There are a number of different editions of Windows XP, each of which is designed for
different users and computing devices. The following editions are part of the Windows
family:
■
Windows XP Professional Edition
■
Windows XP Home Edition
■
Windows XP Media Center Edition
■
Windows XP Tablet PC Edition
■
Windows XP 64-Bit Edition
Windows XP Professional Edition
Windows XP Professional Edition is intended for computers that are part of a corporate
network, for the majority of computers on small networks, and for home users who
need certain advanced capabilities. Windows XP Professional sets the standard for
desktop performance, security, and reliability.
Windows XP Professional is also the focus of both this book and Exam 70-270: Installing, Configuring, and Administering Microsoft Windows XP Professional.
Windows XP Home Edition
Windows XP Home Edition, which is intended for home users, simplifies many aspects
of networking and file management so that home users have a cleaner experience. In
particular, Windows XP Home Edition has the following limitations compared with
Windows XP Professional:
■
Computers running Windows XP Home Edition cannot join a domain.
Lesson 1
Explaining Windows XP
1-5
■
Windows XP Home Edition does not support the use of NTFS or print permissions.
Instead, Windows XP Home Edition supports only Simple File Sharing. You will
learn more about NTFS permissions in Chapter 8, “Securing Resources with NTFS
Permissions.” You will learn more about print permissions in Chapter 12, “Managing Printers and Documents.”
■
Windows XP Home Edition does not support the use of dynamic disks, which you
will learn about in Chapter 10, “Managing Data Storage.”
■
Windows XP Home Edition does not support the Encrypting File System (EFS),
which you will learn about in Chapter 10.
■
Windows XP Home Edition supports only one processor, whereas Windows XP
Professional supports two processors.
■
Windows XP Home Edition does not include Internet Information Services.
■
Windows XP Home Edition does not include Remote Desktop.
■
Windows XP Home Edition does not provide Remote Installation Services (RIS)
support (which you will learn about in Chapter 3, “Deploying Windows XP Professional”).
See Also
You can learn more about Windows XP Home Edition and find a detailed feature
comparison with Windows XP Professional at http://www.microsoft.com/windowsxp/home/.
Windows XP Media Center Edition
The Windows XP Media Center Edition 2004 operating system is available only on new
Media Center PCs—computers with special hardware features that enable users to connect the computer as an integral part of a home entertainment system. Because of its
special requirements, Media Center PCs running Windows XP Media Center Edition are
available only from Microsoft PC manufacturer partners.
See Also
For more information about Windows XP Media Center Edition, visit http://
www.microsoft.com/windowsxp/mediacenter/.
Windows XP Tablet PC Edition
The Windows XP Tablet PC Edition operating system expands on Windows XP Professional, providing all the features and performance of Windows XP Professional, while
also providing additional capabilities designed to take advantage of a touch-screen
interface: pen input, handwriting recognition, and speech recognition.
1-6
Chapter 1
Introduction to Windows XP Professional
Windows XP Tablet PC Edition offers users the efficiency and dependability of Windows XP Professional. For developers, it offers a rich platform for creating new applications or extending their current applications to take advantage of Tablet PC
handwriting and speech capabilities.
See Also
For more information about Windows XP Tablet PC Edition, visit http://
www.microsoft.com/windowsxp/tabletpc/.
Windows XP 64-Bit Edition
Microsoft Windows XP 64-Bit Edition, which provides support for the 64-bit computing
platforms, is designed to meet the demands of advanced technical workstation users
who require large amounts of memory and floating point performance in areas such as
mechanical design and analysis, 3D animation, video editing and composition, and scientific and high-performance computing applications. One of the key differences
between the 64-bit and 32-bit platforms is that the 64-bit platform supports considerably more system memory—up to 16 GB of physical RAM.
See Also
For more information about Windows XP 64-Bit Edition, visit http://
www.microsoft.com/windowsxp/64bit/.
Lesson Review
Use the following questions to help determine whether you have learned enough to
move on to the next lesson. If you are unable to answer a question, review the lesson
materials and try the question again. You can find answers to the questions in the
“Questions and Answers” section at the end of this chapter.
1. Windows XP _________ Edition and Windows XP __________ Edition are available only on supported hardware devices and are not available as stand-alone
products. Fill in the blanks.
2. Which features supported in Windows XP Professional are not supported in Windows XP Home Edition?
Lesson 1
Explaining Windows XP
1-7
Lesson Summary
■
The Windows XP family includes Windows XP Professional Edition, Windows XP
Home Edition, Windows XP Media Center Edition, Windows XP Tablet PC Edition,
and Windows XP 64-Bit Edition.
■
Features provided in Windows XP Professional that are not provided in Windows
XP Home Edition include dynamic disks, Remote Desktop, NTFS and print permissions, Encrypting File System, domain membership, dual processors, and IIS.
1-8
Chapter 1
Introduction to Windows XP Professional
Lesson 2: Identifying Major Features of Windows XP
Service Pack 2
As part of a major effort to increase the security of desktop computers, in 2004,
Microsoft is releasing an update to Windows XP named Windows XP Service Pack 2.
As with all Windows service packs, Windows XP Service Pack 2 includes all of the critical updates released for Windows XP to date. In addition, Service Pack 2 includes a
large number of new enhancements to Windows XP—enhancements aimed at increasing the default level of security for the operating system.
In addition to a new Security Center that provides at-a-glance security status for a
computer, Service Pack 2 provides enhancements to the built-in software firewall in
Windows XP (now named Microsoft Windows Firewall), to the Automatic Updates feature, and to Microsoft Internet Explorer.
After this lesson, you will be able to
■ Determine whether Service Pack 2 is installed on a computer running Windows XP
Professional.
■ Identify the major enhancements included in Windows XP Service Pack 2.
Estimated lesson time: 20 minutes
How to Determine Whether Service Pack 2 Is Installed
Aside from simply looking for new enhancements to the interface (such as the Security
Center), you can determine whether Service Pack 2 (or any Service Pack, for that matter) is installed in one of two ways:
■
From the Start menu, right-click My Computer and click Properties. The General
tab of the System Properties dialog box (in the System section) allows you to
know which version of Windows and which Service Pack is installed.
■
From the Start menu, click Run. In the Run dialog box, type winver.exe and click
OK. The About Windows dialog box shows you the exact version of Windows
(including Service Pack), down to the build number.
Note
This section presents an overview of the most important and obvious features of Windows XP Service Pack 2. The procedures and discussions in this book assume that you have
Windows XP Service Pack 2 installed. You can learn more about Windows XP Service Pack 2
at http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/winxpsp2.mspx.
You can download and install Service Pack 2 from the Windows Update site at
http://www.windowsupdate.com.
Lesson 2
Identifying Major Features of Windows XP Service Pack 2
1-9
Major Enhancements Included in Windows XP Service Pack 2
The major enhancements in Windows XP Service Pack 2 include Security Center, Automatic Updates, Windows Firewall, and Internet Explorer. This section describes these
enhancements in detail.
Security Center
Security Center is an entirely new feature provided by Windows XP Service Pack 2. The
Security Center service runs as a background process in Windows XP and routinely
checks the status of the following components:
Windows Firewall Security Center detects whether Windows Firewall is enabled
or disabled. Security Center can also detect the presence of some third-party software firewall products.
Automatic Updates Security Center detects the current Automatic Updates setting
in Windows XP. If Automatic Updates is turned off or not set to the recommended
settings, the Security Center provides appropriate recommendations.
Virus Protection Security Center detects the presence of antivirus software from
many third-party organizations. If the information is available, the Security Center
service also determines whether the software is up-to-date and whether real-time
scanning is turned on.
When Security Center is running, its presence is indicated by an icon in the notification
area on the Windows taskbar, as shown in Figure 1-1. When Security Center detects an
important security condition (such as improper settings), it displays a pop-up notice in
the notification area.
F01US01
Figure 1-1 The Security Center icon in the notification area provides access to the Security Center
window and alerts the user to security conditions.
You can also double-click the Security Center icon in the notification area to open the
main Security Center window, shown in Figure 1-2. The Security Center window provides the following information:
■
Resources where you can learn more about security-related issues.
■
An indication of whether Windows Firewall is enabled or disabled, as well as a
shortcut for opening the Windows Firewall dialog box.
1-10
Chapter 1
Introduction to Windows XP Professional
■
The current configuration for Automatic Updates, as well as a link for changing
Automatic Updates settings.
■
The current status of antivirus software installed on the computer. For some antivirus products, Security Center can also determine whether the antivirus software
is up-to-date.
■
Additional shortcuts for opening the Internet Options and System dialog boxes.
F01US02.bmp
Figure 1-2 The Security Center window provides a central interface for managing security on a computer running Windows XP.
Note
If you are running firewall or antivirus software that is not detected by Security Center,
Security Center presents options for bypassing alerts for that component. If you see a Recommendations button, you can use it to open a window that allows you to disable alerts or
research any appropriate third-party products.
Automatic Updates
Software updates help keep computers protected from new vulnerabilities that are discovered (and new threats that are created) after the initial shipping of an operating system. Updates are crucial to keeping computers secure and functioning properly.
Updates provided by Microsoft provide solutions to known issues, including patches
for security vulnerabilities, and updates to the operating system and some applications.
Windows XP features an automatic updating service named Automatic Updates that
can download and apply updates automatically in the background. Automatic Updates
Lesson 2
Identifying Major Features of Windows XP Service Pack 2
1-11
connects periodically to Windows Update on the Internet (or possibly to a Windows
Update Services server on a corporate network). When Automatic Updates discovers
new updates that apply to the computer, it can be configured to install all updates
automatically (the preferred method) or to notify the computer’s administrator (or
other users configured to receive notifications) that an update is available.
Windows XP Service Pack 2 provides several enhancements to the Automatic Updates
feature, including the following:
■
The latest version of Automatic Updates offers expanded support for Microsoft
products, including Microsoft Office.
■
Previous versions of Automatic Updates could download only critical updates.
Now Automatic Updates can download updates in the following categories: security updates, critical updates, update roll-ups, and service packs.
■
Automatic Updates now prioritizes the download of available updates based on
the importance and size of the updates. For example, if a large service pack is
being downloaded, and a smaller security update is released to address an exploit,
that security update will be downloaded more quickly than the service pack.
■
Automatic Updates is now more automated. The need for users to accept EndUser License Agreements (EULAs) has been eliminated. Also, the user now has a
choice of whether to restart the computer following the installation of updates that
might require a restart. Updates that do require a restart can now be consolidated
into a single installation so that only one restart is required.
Real World A New Windows Update Site
A forthcoming update to the online Windows Update Web site will provide many
of the same features that Automatic Updates provides to users of Windows XP
Service Pack 2 who choose not to use Automatic Updates. These features include
the ability to download updates for Microsoft applications in addition to operating
system updates, to perform express installations that require minimal user input,
and to research updates more easily.
The Windows Update site offers a more hands-on approach to updating Windows than
Automatic Updates. If a user resists using the Automatic Updates feature, teach the user
to frequently visit the Windows Update site and perform an Express Install that scans
for, downloads, and then installs critical and security updates.
Windows Firewall
A firewall protects a computer from attacks originating outside the computer (specifically, the Internet) by blocking all incoming network traffic except that which you spe-
1-12
Chapter 1
Introduction to Windows XP Professional
cifically configure the firewall to allow through. Any computer connected directly to
any network—whether it is a stand-alone computer, a computer that provides Internet
Connection Sharing (ICS) services for other computers on a network, or even a computer that is already on a network protected by perimeter firewalls—should have a firewall enabled.
Previous versions of Windows XP include a software-based firewall named Internet
Connection Firewall (ICF). After installing Windows XP Service Pack 2, this firewall is
replaced by Windows Firewall. Windows Firewall is a stateful, host-based firewall that
drops all incoming traffic that does not meet one of the following conditions:
■
Solicited traffic (valid traffic that is sent in response to a request by the computer)
is allowed through the firewall.
■
Excepted traffic (valid traffic that you have specifically configured the firewall to
accept) is allowed through the firewall.
In addition to its new name, Windows Firewall also boasts a number of enhancements,
including the following:
Enabled by default Windows Firewall is now enabled by default on all network
connections. This includes LAN (wired and wireless), dial-up, and virtual private
network (VPN) connections that exist when Windows XP Service Pack 2 is
installed. When a new connection is created, Windows Firewall is also enabled by
default.
Global settings In Windows XP (prior to installing Windows XP Service Pack 2), ICF
settings must be configured individually for each connection. After installing Windows XP Service Pack 2, Windows Firewall provides an interface for configuring
global settings that apply to all the connections of the computer. When you
change a global Windows Firewall setting, the change is applied to all the connections on which Windows Firewall is enabled. Of course, you can still apply configurations to individual connections as well.
New interface In previous versions, ICF is enabled by selecting a single check box
on the Advanced tab of the Properties dialog box for a connection. A Settings button opens a separate dialog box, in which you can configure services, logging,
and Internet Control Message Protocol (ICMP) allowances. In Windows XP Service
Pack 2, the check box on the Advanced tab has been replaced with a Settings button that launches the new Windows Firewall Control Panel applet, which consolidates global and connection-specific settings, service, and ICMP allowances and
log settings in a single updated interface.
Prevent excepted traffic In previous versions, ICF is either enabled or disabled.
When enabled, solicited traffic and excepted traffic are allowed. When disabled,
all traffic is allowed. In Windows XP Service Pack 2, Windows Firewall supports a
Lesson 2
Identifying Major Features of Windows XP Service Pack 2
1-13
new feature that allows you to keep Windows Firewall enabled and also not allow
any exceptions; only solicited traffic is allowed. This new feature is intended to
create an even more secure environment when connecting to the Internet in a
public location or other unsecured location.
Startup security In previous versions, ICF becomes active on connections only
when the ICF/ICS service is started successfully. This means that when a computer
is started, there is a delay between when the computer is active on the network
and when the connections are protected with ICF. In Windows XP Service Pack 2,
a startup Windows Firewall policy performs stateful packet filtering during startup,
so that the computer can perform basic network tasks (such as contacting
Dynamic Host Configuration Protocol [DHCP] and Domain Name System [DNS]
servers) and still be protected.
!
Exam Tip
Remember that the new Windows Firewall policy performs packet filtering during
Windows startup, meaning that connections are protected from the moment they become
active on the network.
Traffic source restrictions In previous versions, you could not apply firewall rules
based on Internet Protocol (IP) addresses. In Windows XP Service Pack 2, you can
configure Windows Firewall so that firewall rules apply to IP addresses (or IP
address ranges), meaning that only traffic from computers with valid IP addresses
is allowed through the firewall.
Create exceptions using application file names In previous versions, you configure permitted traffic by specifying the Transmission Control Protocol (TCP) and
User Datagram Protocol (UDP) ports used by a service or application. In Windows
XP Service Pack 2, you can also configure permitted traffic by specifying the file
name of the application. When the application runs, Windows Firewall monitors
the ports on which the application listens and automatically adds them to the list
of allowed incoming traffic.
Internet Explorer
Windows XP Service Pack 2 introduces a number of new security features to Internet
Explorer 6. As with the rest of the enhancements introduced with Windows XP Service
Pack 2, most of the updates to Internet Explorer are intended to provide better security.
Internet Explorer enhancements provided by Windows XP Service Pack 2 include the
following:
Information bar The Internet Explorer Information bar in Windows XP Service
Pack 2 replaces many of the common dialog boxes that prompt users for information and provides a common area for displaying information. Notifications such as
blocked ActiveX installs, blocked pop-up windows, and downloads all appear in
1-14
Chapter 1
Introduction to Windows XP Professional
the Information bar, which appears below the toolbars and above the main browsing window. Either clicking or right-clicking on the Information bar brings up a
menu that relates to the notification that is presented. A new custom security zone
setting allows users to change the settings of the Information bar for each security
zone, including the ability to disable the Information bar and return to using separate dialog boxes.
Pop-up blocker When Windows XP Service Pack 2 is installed, Internet Explorer
provides a pop-up blocker for blocking pop-up windows. Internet Explorer displays a notification in the Information bar when a pop-up is blocked. Clicking the
information bar allows you to show the blocked pop-up, allow all pop-ups on the
current site, and configure other settings.
File download prompt With Windows XP Service Pack 2 installed, Internet
Explorer presents a new dialog box when a user downloads a file, as shown in
Figure 1-3. The new dialog box displays publisher information for the file (if available) and a section with information on the risks of downloading the file.
F01US03.eps
Figure 1-3 The Internet Explorer File Download dialog box provides more file information.
Add-on management With Windows XP Service Pack 2 installed, Internet Explorer
prompts users when add-on software tries to install itself into Internet Explorer.
Users can also view and control the list of add-ons that can be loaded by Internet
Explorer. Internet Explorer also attempts to detect crashes in Internet Explorer that
are related to add-ons. If an add-on is identified, this information is presented to
the user; the user can then disable the add-ons to prevent future crashes.
Lesson Review
Use the following questions to help determine whether you have learned enough to
move on to the next lesson. If you are unable to answer a question, review the lesson
materials and try the question again. You can find answers to the questions in the
“Questions and Answers” section at the end of this chapter.
Lesson 2
Identifying Major Features of Windows XP Service Pack 2
1-15
1. After Windows XP Service Pack 2 is installed, Internet Explorer combines many of
the common dialog boxes that prompt users for information into a common area
named the _______________. Fill in the blank.
2. Which of the following is true of Windows Firewall? Choose all that apply.
a. Windows Firewall is enabled by default.
b. Windows Firewall is disabled by default.
c. Windows Firewall must be configured individually for each connection.
d. Windows Firewall protects a network connection as soon as the connection is
active on the network.
Lesson Summary
■
You can determine whether Service Pack 2 is installed by viewing the General tab
of the System Properties dialog box or by typing winver.exe in the Run dialog
box to open the About Windows dialog box.
■
Windows XP Service Pack 2 includes four major enhancements:
❑
Security Center, an entirely new feature, provides real-time status and alerts
for Windows Firewall, Automatic Updates, and some antivirus software.
❑
Enhancements to Automatic Updates allow it to download updates for more
Microsoft products, download all types of updates, and prioritize update
importance.
❑
Enhancements to Windows Firewall enable the firewall for each connection
by default, allow the inspection of traffic from the moment the connection
becomes active, and let you make global configuration settings for all connections.
❑
Enhancements to Internet Explorer include a new Information bar that consolidates many user prompts, a pop-up blocker, and better add-on management.
1-16
Chapter 1
Introduction to Windows XP Professional
Lesson 3: Identifying Key Characteristics of Workgroups
and Domains
Windows XP Professional supports two types of network environments in which users
can share common resources, regardless of network size. A workgroup consists of a
number of peer-based computers, with each maintaining its own security. A domain
consists of servers that maintain centralized security and directory structures and workstations that participate in those structures.
After this lesson, you will be able to
■ Identify the key characteristics of workgroups and explain how they work.
■ Identify the key characteristics of domains and explain how they work.
Estimated lesson time: 15 minutes
How Workgroups Work
A Windows XP Professional workgroup is a logical grouping of networked computers
that share resources, such as files and printers. A workgroup is also called a peer-topeer network because all computers in the workgroup can share resources as equals
(peers) without requiring a dedicated server.
Each computer in the workgroup maintains a local security database, which is a list of user
accounts and resource security information for the computer on which it resides. Using a
local security database on each workstation decentralizes the administration of user
accounts and resource security in a workgroup. Figure 1-4 shows a local security database.
Windows Server
2003
Windows XP
Professional
Local security
database
Local security
database
Windows XP
Professional
Windows Server
2003
Local security
database
Local security
database
F01US04.eps
Figure 1-4 A Windows XP Professional workgroup is also called a peer-to-peer network.
Lesson 3
Identifying Characteristics of Workgroups and Domains
1-17
Note
A workgroup can contain computers running a server operating system, such as Windows Server 2003, as long as the server is not configured as a domain controller (in other
words, as long as no domain is present). In a workgroup, a computer running Windows Server
2003 is called a stand-alone server.
Because workgroups have decentralized administration and security, the following are
true:
■
A user must have a user account on a local computer if that user wants to log on
to that computer locally (that is, by sitting down at that computer).
■
Any changes to user accounts, such as changing a user’s password or adding a
new user account, must be made on each computer in the workgroup. If you forget to add a new user account to one of the computers in your workgroup, the
new user cannot log on to that computer and cannot access resources on it.
Workgroups provide the following advantages:
■
Workgroups do not require a domain controller to hold centralized security information, making workgroups much simpler to configure and manage.
■
Workgroups are simple to design and implement. Workgroups do not require the
extensive planning and administration that a domain requires.
■
Workgroups provide a convenient networking environment for a limited number
of computers in close proximity. However, a workgroup becomes impractical in
environments with more than 10 computers.
How Domains Work
A domain is a logical grouping of network computers that share a central directory
database. (See Figure 1-5.) A directory database contains user accounts and security
information for the domain. This database, which is known as the directory, is the database portion of Active Directory service—the Windows 2003 directory service.
In a domain, the directory resides on computers that are configured as domain controllers. A domain controller is a server that manages all security-related aspects of user
and domain interactions, centralizing security and administration.
!
Exam Tip
You can designate only a computer running Microsoft Windows 2000 Server or
Windows Server 2003 as a domain controller. If all computers on the network are running
Windows XP Professional, the only type of network available is a workgroup.
1-18
Chapter 1
Introduction to Windows XP Professional
Domain
controller
Replication
Active
Directory
Domain
controller
Active
Directory
Member
server
Client
computer
Client
computer
F01US05.eps
Figure 1-5 A Windows 2003 domain relies on Active Directory to provide user authentication.
A domain does not refer to a single location or specific type of network configuration.
The computers in a domain can share physical proximity on a small LAN or they can
be located in different corners of the world. They can communicate over any number
of physical connections, including dial-up connections, Integrated Services Digital Network (ISDN) circuits, Ethernet networks, token ring connections, frame relay networks,
satellite links, and leased lines.
The benefits of a domain include the following:
■
Centralized administration because all user information is stored in the Active
Directory database. This centralization allows users to manage only a single user
name and password, and enables domain administrators to control which users
can access resources on any computer that is a member of the domain.
■
A single logon process for users to gain access to network resources (such as file,
print, and application resources) for which they have permissions. In other words,
you can log on to one computer and use resources on another computer in the
network as long as you have appropriate permissions to access the resource.
■
Scalability, so that you can create very large networks with hundreds or thousands
of computers.
A typical Windows 2003 domain includes the following types of computers:
Domain controllers running Windows Server 2003 Each domain controller
stores and maintains a copy of Active Directory. In a domain, you create a user
account in Active Directory only once. When a user logs on to a computer in the
domain, a domain controller authenticates the user by checking the directory for
the user name, password, and logon restrictions. When there are multiple domain
controllers in a domain, they periodically replicate their directory information so
Lesson 3
Identifying Characteristics of Workgroups and Domains
1-19
that each domain controller has a copy of Active Directory. Domain controllers do
not maintain a local user database.
Member servers running Windows Server 2003 A member server is a server
that is a member of a domain, but is not configured as a domain controller. A
member server does not store directory information and cannot authenticate users.
Member servers provide shared resources such as shared folders or printers.
Client computers running Windows XP Professional or Windows 2000
Professional Client computers run a user’s desktop environment and allow the
user to gain access to resources in the domain.
Lesson Review
Use the following questions to help determine whether you have learned enough to
move on to the next lesson. If you are unable to answer a question, review the lesson
materials and try the question again. You can find answers to the questions in the
“Questions and Answers” section at the end of this chapter.
1. Which of the following statements about a Windows XP Professional workgroup
are correct? Choose all that apply.
a. A workgroup is also called a peer-to-peer network.
b. A workgroup is a logical grouping of network computers that share a central
directory database.
c. A workgroup is practical in environments with up to 100 computers.
d. A workgroup can contain computers running Windows Server 2003 as long as
the server is not configured as a domain controller.
2. What is a domain controller?
3. A directory database contains user accounts and security information for the
domain and is known as the __________________. This directory database is the
database portion of ______________________________, which is the Windows
2000 directory service. Fill in the blanks.
4. A(n) ____________ provides a single logon for users to gain access to network
resources that they have permission to access—such as file, print, and application
resources. Fill in the blank.
1-20
Chapter 1
Introduction to Windows XP Professional
Lesson Summary
■
■
To explain how workgroups work, you must know the following things:
❑
A Windows XP Professional workgroup is a logical grouping of networked
computers that share resources such as files and printers.
❑
A workgroup is referred to as a peer-to-peer network because all computers
in the workgroup can share resources as equals (peers) without a dedicated
server.
❑
Each computer in the workgroup maintains a local security database, which is
a list of user accounts and resource security information for the computer on
which it resides.
To explain how domains work, you must know the following things:
❑
A domain is a logical grouping of network computers that share a central
directory database containing user accounts and security information for the
domain.
❑
This central directory database, known as the directory, is the database portion of Active Directory service, which is the Windows 2003 directory service.
❑
The computers in a domain can share physical proximity on a small LAN or
can be distributed worldwide, communicating over any number of physical
connections.
❑
You can designate a computer running Windows Server 2003 as a domain
controller. If all computers on the network are running Windows XP Professional, the only type of network available is a workgroup.
Lesson 4
Logging On and Off Windows XP Professional
1-21
Lesson 4: Logging On and Off Windows XP Professional
This lesson explains the Welcome screen and the Enter Password dialog box, which are
the two options that you use to log on to Windows XP Professional. It also explains
how Windows XP Professional authenticates a user during the logon process. This
mandatory authentication process ensures that only valid users can gain access to
resources and data on a computer or the network.
After this lesson, you will be able to
■ Log on locally to the computer running Windows XP Professional.
■ Identify how Windows XP Professional authenticates a user when the user logs on to a
local computer or to a domain.
■ Create and use a password reset disk to recover a forgotten password.
■ Run programs using different credentials than the currently logged-on user.
■ Use Fast Logon Optimization.
■ Log off or turn off a computer that is running Windows XP Professional.
■ Identify the features of the Windows Security dialog box.
Estimated lesson time: 15 minutes
How to Log On Locally to the Computer Running Windows XP
Professional
Windows XP Professional offers two options for logging on locally: the Welcome
screen and the Log On To Windows dialog box.
The Welcome Screen
By default, if a computer is a member of a workgroup, Windows XP Professional uses
the Welcome screen to allow users to log on locally, as shown in Figure 1-6. To log on,
click the icon for the user account you want to use. If the account requires a password,
you are prompted to enter it. If the account is not password-protected, you are logged
on to the computer. You can also use CTRL+ALT+DELETE at the Welcome screen to get
the Log On To Windows dialog box. This dialog box enables you to log on to the
Administrator account, which is not displayed on the Welcome screen when other user
accounts have been created. To use CTRL+ALT+DELETE, you must enter the sequence
twice to get the logon prompt.
1-22
Chapter 1
Introduction to Windows XP Professional
F01US06.eps
Figure 1-6 The Welcome screen is used by default on computers in workgroups.
See Also
For more information about creating user accounts during installation, see Chapter 2, “Installing Windows XP Professional.” For more information about setting up user
accounts (including turning on and off the Welcome screen), see Chapter 7, “Setting Up and
Managing User Accounts.”
A user can log on locally to either of the following:
■
A computer that is a member of a workgroup
■
A computer that is a member of a domain but is not a domain controller
Note
Because domain controllers do not maintain a local security database, local user
accounts are not available on domain controllers. Therefore, a user cannot log on locally to a
domain controller.
The User Accounts program in the Control Panel includes a Change The Way Users Log
On Or Off task, which allows you to configure Windows XP Professional to use the Log
On To Windows dialog box instead of the Welcome screen.
The Log On To Windows Dialog Box
To use the Log On To Windows dialog box (shown in Figure 1-7) to log on locally to
a computer running Windows XP Professional, you must supply a valid user name; if
the user name is password-protected, you must also supply the password. Windows
Lesson 4
Logging On and Off Windows XP Professional
1-23
XP Professional authenticates the user’s identity during the logon process. Only valid
users can access resources and data on a computer or a network. Windows XP Professional authenticates users who log on locally to the computer at which they are seated;
a domain controller authenticates users who log on to a domain.
F01US07.eps
Figure 1-7
screen.
Use the Log On To Windows dialog box in domains or as an alternative to the Welcome
When a user starts a computer running Windows XP Professional that is configured to
use the Log On To Windows dialog box, an Options button also appears. Table 1-1
describes the options in the Log On To Windows dialog box for a computer that is part
of a domain.
Table 1-1
Log On To Windows Dialog Box Options
Option
Description
User Name
A unique user logon name that is assigned by an administrator. To log on
to a domain with the user name, the user must have an account that
resides in the directory.
Password
The password that is assigned to the user account. Users must enter a
password to prove their identity. Passwords are case sensitive. For security purposes, the password appears on the screen as asterisks (*). To prevent unauthorized access to resources and data, users must keep
passwords secret.
Log On To
Allows the user to choose to log on to the local computer or to log on to
the domain.
Log On Using
Permits a user to connect to a domain server by using dial-up networking.
Dial-Up Connection Dial-up networking allows a user to log on and perform work from a
remote location.
Shutdown
Closes all files, saves all operating system data, and prepares the computer so that a user can safely turn it off.
Options
Toggles on and off between the Log On To option and the Log On Using
Dial-Up Connection option. The Options button appears only if the computer is a member of a domain.
1-24
Chapter 1
Note
Introduction to Windows XP Professional
If your computer is not part of a domain, the Log On To option is not available.
Windows XP Professional Authentication Process
To gain access to a computer running Windows XP Professional or to any resource on
that computer (whether the computer is configured to use the Welcome screen or the
Log On To Windows dialog box), you must provide a user name and possibly a password. (You will learn more about using passwords effectively in Chapter 7.)
The way Windows XP Professional authenticates a user depends on whether the user
is logging on to a domain or logging on locally to a computer (see Figure 1-8).
1
Logs on
Local
security
database
2
3
Access
token
Logging on
locally
F01US08.eps
Figure 1-8 Windows XP Professional grants an access token based on user credentials during the
authentication process.
The steps in the authentication process are as follows:
1. The user logs on by providing logon credentials—typically user name and password—and Windows XP Professional forwards this information to the security
subsystem of that local computer.
2. Windows XP Professional compares the logon credentials with the user information in the local security database, which resides in the security subsystem of the
local computer.
3. If the credentials are valid, Windows XP Professional creates an access token for
the user, which is the user’s identification for that local computer. The access
token contains the user’s security settings, which allow the user to gain access to
the appropriate resources on that computer and to perform specific system tasks.
Note In addition to the logon process, any time a user makes a connection to a computer,
that computer authenticates the user and returns an access token. This authentication process is invisible to the user.
Lesson 4
Logging On and Off Windows XP Professional
1-25
If a user logs on to a domain, Windows XP Professional contacts a domain controller
in the domain. The domain controller compares the logon credentials with the user
information that is stored in Active Directory. If the credentials are valid, the domain
controller creates an access token for the user. The security settings contained in the
access token allow the user to gain access to the appropriate resources in the domain.
How to Use a Password Reset Disk
A password reset disk allows a user to recover a user account when the user forgets
his or her password. You create a password reset disk using the Forgotten Password
Wizard, which you can start in the following ways:
■
If your computer is a member of a domain, press CTRL+ALT+DELETE to open the
Windows Security dialog box. Click Change Password, and then click Backup to
start the wizard.
■
If your computer is in a workgroup, and you are using a computer administrator
account, open the User Accounts tool in Control Panel, click your account name,
and then click Prevent A Forgotten Password.
■
If your computer is in a workgroup, and you are using a limited account, open the
User Accounts tool in Control Panel, and in the Relate Tasks section on the left
side of the window, click Prevent A Forgotten Password.
No matter which way you start the Forgotten Password Wizard, the wizard walks you
through the steps necessary to create a password reset disk. You can store your password reset key on any removable disk, including floppy (in which case you will need
one, blank, formatted 1.44 MB floppy disk) and universal serial bus (USB) flash drives.
Warning You can have only one password reset disk at a time. If you create a new disk,
any previous disk becomes invalid.
If you forget your logon password, you can use a password reset disk in one of the following ways:
■
If your computer is a member of a domain, simply try to log on to Windows by
using an invalid password. In the Logon Failed dialog box that appears, click
Reset to start the Password Reset Wizard, which will walk you through the
recovery process.
■
If your computer is a member of a workgroup, on the Windows XP logon
screen, click the user name that you want to use to make the Type Your Password box appear. Press ENTER or click the right arrow button. In the pop-up
error message that appears, click Use Your Password Reset Disk to start the
Password Reset Wizard.
1-26
Chapter 1
Introduction to Windows XP Professional
How to Run Programs with Different User Credentials
Windows XP Professional allows you to run programs using user credentials that are
different from the currently logged-on user. Using different credentials is useful if you
are troubleshooting a user’s computer and do not want to log off and log back on
using administrative permissions just to perform a troubleshooting task or run a particular program. Using this method is also more secure than logging on to a user’s computer with administrative credentials.
Running a program with different credentials in Windows XP Professional relies on a
built-in service named the Secondary Logon service. This service must be running
(and it is by default on computers running Windows XP) to run a program with alternate credentials.
To determine whether the Secondary Logon service is running (and enable the service
if it is not running), follow these steps:
1. Log on to the computer as Administrator or as a user with administrative permissions.
2. From the Start menu, click Control Panel.
3. In the Control Panel window, click Performance and Maintenance.
4. In the Performance and Maintenance window, click Administrative Tools.
5. In the Administrative Tools window, double-click Services.
6. In the Services window, locate the Secondary Logon service on the list of Services.
7. If the status for the Secondary Logon service is listed as Started, the service is
enabled, and you can close the Services window. If the status is listed as Manual
or Disabled, right-click the Secondary Logon service and click Properties.
8. On the General tab of the Secondary Logon Properties dialog box, on the Startup
type drop-down list, click Automatic.
9. In the Service Status section, click Start.
10. Click OK to close the Secondary Logon Properties dialog box, and then close the
Services window.
If the Secondary Logon service is running, you can run a program using different user
credentials than the currently logged-on user. On the Start menu, right-click the shortcut for the program you want to run. On the shortcut menu, click Run As. In the Run
As dialog box that opens, you can run the program as the current user, or you can
enter an alternative user name and password. Microsoft recommends logging on with
a limited user account and using this technique to run applications that require administrative privileges.
Lesson 4
Logging On and Off Windows XP Professional
1-27
The Purpose of Fast Logon Optimization
Windows XP Professional includes a feature named Fast Logon Optimization. Enabled
by default, this feature allows existing users to log on by using cached credentials
instead of waiting for the network to become fully initialized before allowing logon.
This features enables faster logons from the user perspective. Group Policy and other
settings are applied in the background after logon and after the network is initialized.
Fast Logon Optimization is always turned off in the following situations:
■
The first time a user logs on to a computer
■
When a user logs on using a roaming profile, a home directory, or a user logon
script (you will learn more in Chapter 7)
How to Log Off Windows XP Professional
To log off a computer running Windows XP Professional, click Start and then click Log
Off. Notice that the Start menu, shown in Figure 1-9, also allows you to turn off the
computer.
F01US09.eps
Figure 1-9
The Start menu provides a way to log off Windows XP Professional.
Features of the Windows Security Dialog Box
The Windows Security dialog box provides information such as the user account currently logged on, and the domain or computer to which the user is logged on. This
1-28
Chapter 1
Introduction to Windows XP Professional
information is important for users with multiple user accounts, such as a user who has
a regular user account as well as a user account with administrative privileges.
If a computer running Windows XP Professional is joined to a domain (or if the Welcome screen is disabled even when the computer is a member of a workgroup), you
can access the Windows Security dialog box by pressing CTRL+ALT+DELETE at any time
while Windows is running. If the Welcome screen is enabled, pressing
CTRL+ALT+DELETE activates Task Manager instead. Figure 1-10 shows the Windows
Security dialog box, and Table 1-2 describes the Windows Security dialog box options.
F01US10.eps
Figure 1-10
Table 1-2
Use the Windows Security dialog box for many security activities.
The Windows Security Dialog Box Options
Option
Description
Lock Computer
Allows users to secure the computer without logging off. All programs
remain running. Users should lock their computers when they leave for a
short time. The user who locks the computer can unlock it by pressing
CTRL+ALT+DELETE and entering the valid password. An administrator can
also unlock a locked computer. This process logs off the current user.
Whether the Windows Security dialog box is available or not, you can also
press WINDOWS KEY+L to immediately lock the computer.
Log Off
Allows a user to log off as the current user and close all running programs, but leaves Windows XP Professional running. You can also log off
Windows by choosing Log Off from the Start menu.
Shut Down
Allows a user to close all files, save all operating system data, and prepare
the computer so that it can be safely turned off. You can also log off Windows by choosing Turn Off Computer from the Start menu.
Change Password
Allows a user to change his or her user account password. The user must
know the current password to create a new one. This is the only way
users can change their own passwords. Administrators can also change
the password.
Lesson 4
Table 1-2
Logging On and Off Windows XP Professional
1-29
The Windows Security Dialog Box Options
Option
Description
Task Manager
Provides a list of the programs that are running and a summary of overall
central processing unit (CPU) and memory usage, as well as a quick view
of how each program, program component, or system process is using the
CPU and memory resources. Users can also use Task Manager to switch
between programs and to stop a program that is not responding. You can
also access Task Manager by right-clicking any open space on the taskbar
and clicking Task Manager.
Cancel
Closes the Windows Security dialog box.
Practice: Creating a Password Reset Disk
In this practice, you will create a password reset disk. Complete either Exercise 1 or
Exercise 2. If you are working on a computer that is a member of a domain, use the
steps in Exercise 1 to create the disk. If you are working on a computer that is a member of a workgroup, use the steps in Exercise 2 to create the disk. For either exercise,
you will need a blank, formatted, 1.44-MB floppy disk.
Exercise 1: Creating a Password Reset Disk on a Computer That Is a Member of a
Domain
1. Log on as the user for whom you are creating a password reset disk.
2. Press CTRL+ALT+DELETE.
3. In the Windows Security dialog box, click Change Password.
4. In the Change Password dialog box, click Backup.
5. On the Welcome page of the Forgotten Password Wizard, click Next.
6. On the Create A Password Reset Disk page, make sure that the correct floppy
drive is selected; ensure that a blank, formatted, 1.44-MB floppy disk is inserted in
the drive; and then click Next.
7. On the Current User Account Password page, type the current password for the
account, and then click Next.
8. After Windows writes the key information to the disk, click Next.
9. Click Finish. Remove the disk, label it, and store it in a secure location. If an
attacker gains access to this disk, he can log on to your computer without a password.
1-30
Chapter 1
Introduction to Windows XP Professional
Exercise 2: Creating a Password Reset Disk on a Computer That Is a Member of a
Workgroup
1. Log on as the user for whom you are creating a password reset disk.
2. From the Start menu, click Control Panel.
3. In the Control Panel window, click User Accounts.
4. In the User Accounts window, click the account you want to use if you are logged
on as an Administrator. Otherwise, continue to the next step.
5. In the Related Tasks section, click Prevent A Forgotten Password.
6. On the Welcome page of the Forgotten Password Wizard, click Next.
7. On the Create A Password Reset Disk page, make sure that the correct floppy
drive is selected; ensure that a blank, formatted, 1.44 MB floppy disk is inserted in
the drive; and then click Next.
8. On the Current User Account Password page, type the current password for the
account, and then click Next.
9. After Windows writes the key information to the disk, click Next.
10. Click Finish. Remove the disk and label it.
Lesson Review
Use the following questions to help determine whether you have learned enough to
move on to the next lesson. If you are unable to answer a question, review the lesson
materials and try the question again. You can find answers to the questions in the
“Questions and Answers” section at the end of this chapter.
1. What can you do when you log on locally to a computer, and what determines
what you can do when you log on locally to a computer?
Lesson 4
Logging On and Off Windows XP Professional
1-31
2. What is the main difference in the authentication process for logging on locally to
a computer and logging on to a domain?
3. Which of the following computers can a user log on to locally? Choose all that
apply.
a. A computer running Windows XP Professional that is in a workgroup
b. A computer running Windows XP Professional that is in a domain
c. A computer running Windows Server 2003 that is configured as a domain
controller
d. A computer running Windows Server 2003 that is a member server in a
domain
4. Which of the following statements about the Windows Security dialog box are correct? Choose all that apply.
a. You can access it by pressing CTRL+ALT+DELETE.
b. The dialog box tells you how long the current user has been logged on.
c. The dialog box allows you to log off the computer or domain.
d. The dialog box allows a user with administrative permissions to change other
users’ passwords.
Lesson Summary
■
By default, Windows XP Professional uses the Welcome screen to allow users to
log on locally to the computer. You can configure Windows XP Professional to use
the Log On To Windows dialog box instead of the Welcome screen. When a user
logs on, she can log on to the local computer; if the computer is a member of a
domain, the user can log on to the domain.
■
When a user logs on locally, the local computer does the authentication. When a
user logs on to a domain, a domain controller must do the authentication. In a
workgroup environment, an access token is the user’s identification for that local
computer, and it contains the user’s security settings. These security settings allow
the user to gain access to the appropriate resources on that computer and to perform specific system tasks.
1-32
Chapter 1
Introduction to Windows XP Professional
■
An administrator or a user can create a password reset disk for a user that allows
the user to recover a forgotten password and log on to Windows XP Professional.
■
Instead of logging on as Administrator, you can specify administrative credentials
when you run a program no matter what user account you are logged on with.
This provides a way to run programs that requires administrative rights without
the risks associated with logging on using an Administrator account.
■
Fast Logon Optimization allows existing users to log on by using cached credentials instead of waiting for the network to become fully initialized before allowing
logon. This features enables faster logons from the user perspective.
■
You can log off Windows XP (and should whenever you leave your computer for
an extended period) by using the Log Off command on the Start menu.
■
The Windows Security dialog box allows you to lock your computer, change your
password, log off your computer, shut down your computer, and access Task
Manager.
Case Scenario Exercises
Read the following two scenarios and answer the associated questions. You can use
the scenarios to help determine whether you have learned enough to move on to the
next chapter. If you have difficulty completing this work, review the material in this
chapter before beginning the next chapter. You can find answers to these questions in
the “Questions and Answers” section at the end of this chapter.
Scenario 1.1
You are working as an administrator who supports users by telephone. One of your
users says that she has recently installed Windows XP Professional on her home computer, which she uses to connect to her company’s corporate network. She is used to
having to press CTRL+ALT+DELETE to log on to Windows, but instead her new computer
shows a Welcome screen with her user name listed. She would feel more comfortable
using the Log On To Windows dialog box instead of the Welcome screen. How should
you configure the computer?
Troubleshooting Lab
1-33
Scenario 1.2
You are an administrator for a corporate network that runs a Windows Server 2003–
based domain. All client workstations run Windows XP Professional. A user complains
to you that when he logs on to his computer, his desktop does not look right and he
cannot access any network resources. What do you suspect might be the problem?
Troubleshooting Lab
Using what you have learned in this chapter, provide the following information about
your own computer:
■
What edition of Windows XP are you running?
■
Which Service Pack, if any, is applied to your installation of Windows XP? What
tools can you use to determine which one you have?
■
Is your computer a member of a workgroup or a domain? What is the name of the
workgroup or domain?
■
If your computer is a member of a domain, can you also log on to your computer
locally?
Chapter Summary
■
The Windows XP family includes Windows XP Professional Edition, Windows XP
Home Edition, Windows XP Media Center Edition, Windows XP Tablet PC Edition,
and Windows XP 64-Bit Edition. Features provided in Windows XP Professional
that are not provided in Windows XP Home Edition include dynamic disks,
Remote Desktop, NTFS and print permissions, EFS, domain membership, dual
processors, and IIS.
■
You can determine whether Service Pack 2 is installed by viewing the General tab
of the System Properties dialog box or by typing winver.exe in the Run dialog
box to open the About Windows dialog box. Enhancements provided by Service
Pack 2 include:
❑
Security Center provides real-time status and alerts for Windows Firewall,
Automatic Updates, and some antivirus software.
❑
Enhancements to Automatic Updates allow it to download updates for more
Microsoft products, download all types of updates, and prioritize update
importance.
1-34
Chapter 1
■
■
Introduction to Windows XP Professional
❑
Enhancements to Windows Firewall enable the firewall for each connection
by default, allow the inspection of traffic from the moment the connection
becomes active, and let you make global configuration settings for all connections.
❑
Enhancements to Internet Explorer include a new Information bar that consolidates many user prompts, a pop-up blocker, and better add-on management.
A computer running Windows XP Professional can be a member of two types of
networks: a workgroup or a domain. You can designate a computer running Windows Server 2003 as a domain controller. If all computers on the network are running Windows XP Professional, the only type of network available is a workgroup.
Features of workgroups and domains include:
❑
A Windows XP Professional workgroup is a logical grouping of networked
computers that share resources such as files and printers. A workgroup is
referred to as a peer-to-peer network because all computers in the workgroup can share resources as equals (peers) without a dedicated server. Each
computer in the workgroup maintains a local security database, which is a list
of user accounts and resource security information for the computer on
which it resides.
❑
A domain is a logical grouping of network computers that share a central
directory database containing user accounts and security information for the
domain. This central directory database is known as the directory; it is the
database portion of Active Directory service, which is the Windows 2003
directory service. The computers in a domain can share physical proximity on
a small LAN or can be distributed worldwide, communicating over any number of physical connections.
By default, Windows XP Professional uses the Welcome screen to allow users to
log on locally to the computer. You can configure Windows XP Professional to use
the Log On To Windows dialog box instead of the Welcome screen. When a user
logs on, he can log on to the local computer; if the computer is a member of a
domain, the user can log on to the domain.
❑
When a user logs on locally, the local computer does the authentication.
❑
When a user logs on to a domain, a domain controller must do the authentication.
Exam Highlights
Before taking the exam, review the key points and terms that are presented in this
chapter. You need to know this information.
Exam Highlights
1-35
Key Points
■
The new Windows Firewall policy performs packet filtering during Windows
startup, meaning that connections are protected from the moment they become
active on the network.
■
You can designate only a computer running Microsoft Windows 2000 Server or
Windows Server 2003 as a domain controller. If all computers on the network are
running Windows XP Professional, the only type of network available is a workgroup.
Key Terms
access token An object that describes the security context for a user. When a user
logs on, Windows verifies the user’s credentials. After the user is authenticated,
Windows assigns an access token that defines the user’s rights and permissions.
Active Directory A directory structure that allows any object on a network to be
tracked and located. Active Directory is the directory service used in Windows
2000 Server and Windows Server 2003. Active Directory provides the foundation
for Windows-based distributed networks.
Automatic Updates A Windows service that scans for, downloads, and installs available updates for Windows XP and other Microsoft programs.
domain A group of computers that consists of servers that maintain centralized security and directory structures, and workstations that participate in those structures.
domain controller A server in an Active Directory domain that stores a copy of the
Active Directory database and runs the Active Directory service.
member server A server that is a member of an Active Directory domain but is not
a domain controller.
password reset disk A disk that allows a user to recover a user account when the
user forgets her password.
Secondary Logon service A service that allows a user to run a program (by using
the Run As command) with credentials different from the currently logged-on
user.
Security Center A software interface that provides at-a-glance security status for a
computer, including information on Windows Firewall, Automatic Updates, and
antivirus software.
stand-alone server A computer running Windows Server 2003 or Windows 2000
Server that is a member of a workgroup.
Windows Firewall A software-based firewall built in to Windows XP Service Pack
2 that replaces the ICF built into Windows XP prior to Service Pack 2.
1-36
Chapter 1
Introduction to Windows XP Professional
Windows XP Service Pack 2 An update that includes all the critical updates
released for Windows XP to date. In addition, Service Pack 2 includes a large number of new enhancements to Windows XP—enhancements aimed at increasing
the default level of security for the operating system.
workgroup A group of computers that consists of a number of peer-based computers, each of which maintains its own security.
Questions and Answers
1-37
Questions and Answers
Lesson 1 Review
Page
1-6
1. Windows XP _________ Edition and Windows XP __________ Edition are available only on supported hardware devices and are not available as stand-alone
products. Fill in the blanks.
Tablet PC and Media Center
2. Which features supported in Windows XP Professional are not supported in Windows XP Home Edition?
Features provided in Windows XP Professional that are not provided in Windows XP Home Edition include dynamic disks, Remote Desktop, NTFS and print permissions, EFS, domain membership, dual processors, and IIS.
Lesson 2 Review
Page
1-14
1. After Windows XP Service Pack 2 is installed, Internet Explorer combines many of
the common dialog boxes that prompt users for information into a common area
named the _______________. Fill in the blanks.
Information bar
2. Which of the following is true of Windows Firewall? Choose all that apply.
a. Windows Firewall is enabled by default.
b. Windows Firewall is disabled by default.
c. Windows Firewall must be configured individually for each connection.
d. Windows Firewall protects a network connection as soon as the connection is
active on the network.
A and D are correct. Windows Firewall is enabled by default and begins protecting a network
connection as soon as the connection is active on the network. B is not correct because Windows Firewall is enabled by default. C is not correct because you can configure global settings
for Windows Firewall that affect all connections (although you can configure connections individually if you want to).
Lesson 3 Review
Page
1-19
1. Which of the following statements about a Windows XP Professional workgroup
are correct? Choose all that apply.
a. A workgroup is also called a peer-to-peer network.
b. A workgroup is a logical grouping of network computers that share a central
directory database.
1-38
Chapter 1
Introduction to Windows XP Professional
c. A workgroup is practical in environments with up to 100 computers.
d. A workgroup can contain computers running Windows Server 2003 as long as
the server is not configured as a domain controller.
A and D are correct. A is correct because in a workgroup, computers act as equals (or peers),
and the arrangement is also called a peer-to-peer network. D is correct because computers running a server product might be part of a workgroup (such computers are called stand-alone
servers) as long as no server is acting as a domain controller. B is not correct because each
computer in a workgroup maintains its own security database instead of relying on a centralized security database. C is not correct because a workgroup begins to become impractical
with more than 10 workstations—not 100 workstations.
2. What is a domain controller?
A domain controller is a computer running Windows 2000 Server that is configured as a domain
controller so that it can manage all security-related aspects of user and domain interactions.
3. A directory database contains user accounts and security information for the
domain and is known as the __________________. This directory database is the
database portion of ______________________________, which is the Windows
2000 directory service. Fill in the blanks.
directory, Active Directory service
4. A(n) ____________ provides a single logon for users to gain access to network
resources that they have permission to access—such as file, print, and application
resources. Fill in the blanks.
domain
Lesson 4 Review
Page
1-30
1. What can you do when you log on locally to a computer, and what determines
what you can do when you log on locally to a computer?
When you log on locally to a computer, you can access the appropriate resources on that computer and you can perform specific system tasks. What you can do when logged on locally to a
computer is determined by the access token assigned to the user account you used to log on.
The access token is your identification for that local computer; it contains your security settings. These security settings allow you to access specific resources on that computer and to
perform specific system tasks.
2. What is the main difference in the authentication process for logging on locally to
a computer and logging on to a domain?
When you log on locally to a computer, its security subsystem uses the local security database
to authenticate the user name and password you entered. When you log on to a domain, a
domain controller uses the directory to authenticate the user name and password you entered.
Questions and Answers
1-39
3. Which of the following computers can a user log on to locally? Choose all that
apply.
a. A computer running Windows XP Professional that is in a workgroup
b. A computer running Windows XP Professional that is in a domain
c. A computer running Windows Server 2003 that is configured as a domain
controller
d. A computer running Windows Server 2003 that is a member server in a
domain
A, B, and D are correct. C is not correct because domain controllers do not maintain a local
security database, so you cannot log on locally to a domain controller.
4. Which of the following statements about the Windows Security dialog box are correct? Choose all that apply.
a. You can access it by pressing CTRL+ALT+DELETE.
b. The dialog box tells you how long the current user has been logged on.
c. The dialog box allows you to log off the computer or domain.
d. The dialog box allows a user with administrative permissions to change other
users’ passwords.
A and C are correct. B is not correct because the Windows Security dialog box does not tell you
how long you have been logged on. D is not correct because the Windows Security dialog box
does not allow you to change other users’ passwords.
Case Scenario Exercises: Scenario 1.1
Page
1-32
You are working as an administrator who supports users by telephone. One of your
users says that she has recently installed Windows XP Professional on her home computer, which she uses to connect to her company’s corporate network. She is used to
having to press CTRL+ALT+DELETE to log on to Windows, but instead her new computer
shows a Welcome screen with her user name listed. She would feel more comfortable
using the Log On To Windows dialog box instead of the Welcome screen. How should
you configure the computer?
In the Windows Control Panel, you should open the User Accounts tool. In the User
Accounts window, you should click Change The Way Users Log On Or Off, and then
clear the Use The Welcome Screen check box.
1-40
Chapter 1
Introduction to Windows XP Professional
Case Scenario Exercises: Scenario 1.2
Page
1-33
You are an administrator for a corporate network that runs a Windows Server 2003–
based domain. All client workstations run Windows XP Professional. A user complains
to you that when he logs on to his computer, his desktop does not look right and he
cannot access any network resources. What do you suspect might be the problem?
Most likely, the user is logging on to the workstation locally instead of logging on to
the domain.
2 Installing Windows XP
Professional
Exam Objectives in this Chapter:
■
Perform and troubleshoot an attended installation of Windows XP.
■
Upgrade from a previous version of Windows to Windows XP Professional.
■
❑
Prepare a computer to meet upgrade requirements.
❑
Migrate existing user environments to a new installation.
Troubleshoot failed installations.
Why This Chapter Matters
This chapter prepares you to install Windows XP Professional. You will learn some
preinstallation tasks that help ensure that your installation of Windows XP Professional will go smoothly. These tasks include verifying that your hardware and any
software installed on the computer are compatible with Windows XP Professional,
determining which file system to use, and deciding whether your computer will
join a workgroup or a domain. You will learn about installing Windows XP Professional from a CD-ROM and over the network, and about upgrading from a previous
version of Windows. You will learn how to modify an installation using switches
and how to troubleshoot failed installations. Finally, you will learn how to perform
post-installation tasks such as activating and updating Windows XP.
Lessons in this Chapter:
■
Lesson 1: Preparing for Installation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-2
■
Lesson 2: Installing Windows XP Professional from a CD-ROM . . . . . . . . . . .2-12
■
Lesson 3: Installing Windows XP Professional over the Network . . . . . . . . . . 2-25
■
Lesson 4: Upgrading Earlier Versions of Windows to
Windows XP Professional . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-32
■
Lesson 5: Troubleshooting Windows XP Professional Setup. . . . . . . . . . . . . .2-37
■
Lesson 6: Activating and Updating Windows XP Professional . . . . . . . . . . . .2-42
Before You Begin
To complete this chapter, you must have a computer that meets or exceeds the minimum hardware requirements listed in the preface, “About This Book.” You must also
have a Windows XP Professional installation CD-ROM.
2-1
2-2
Chapter 2
Installing Windows XP Professional
Lesson 1: Preparing for Installation
When you install Windows XP Professional, the Windows XP Professional Setup program allows you to specify how to install and configure the operating system. Preparing in advance helps you avoid problems during and after installation.
After this lesson, you will be able to
■ Verify that your computer meets the minimum hardware requirements for installing
Windows XP Professional.
■ Verify that hardware is compatible with Windows XP Professional.
■ Create a partitioning scheme appropriate for an installation.
■ Choose a file system appropriate for an installation.
■ Join a domain or workgroup during installation.
■ Update installation files using Dynamic Updates.
■ Explain how Microsoft grants software licenses.
Estimated lesson time: 70 minutes
Overview of Preinstallation Tasks
Before you start the installation, you should complete the following tasks:
■
Ensure that your hardware meets the requirements for installing Windows XP Professional.
■
Determine whether your hardware is in the Windows Catalog.
■
Decide how you will partition the hard disk on which you will install Windows XP
Professional.
■
Choose a file system for the installation partition.
■
Determine whether your computer will join a domain or a workgroup.
■
Complete a preinstallation checklist.
Windows XP Professional Hardware Requirements
Before installing Windows XP Professional, you must determine whether your hardware meets or exceeds the minimum requirements for installing and operating Windows XP Professional, as shown in Table 2-1.
Lesson 1
Table 2-1
Preparing for Installation
2-3
Windows XP Professional Hardware Requirements
Component
Requirements
Central process- Pentium 233 megahertz (MHz) or equivalent.
ing unit (CPU)
!
Memory
64 megabytes (MB) minimum; 128 MB recommended; 4 gigabytes (GB) of
random access memory (RAM) maximum.
Hard disk
space
1.5 GB of free disk space for installing Windows XP Professional. You should
also have several additional gigabytes of hard disk space to allow for updates,
additional Windows components, applications, and user data.
Networking
Network adapter card and a network cable, if necessary.
Display
Video display adapter and monitor with Video Graphics Adapter (VGA) resolution or higher.
Other drives
CD-ROM drive, 12X or faster recommended (not required for installing Windows XP Professional over a network), or DVD drive.
High-density 3.5-inch disk drive as drive A, unless the computer supports
starting the Setup program from a CD-ROM or DVD drive.
Accessories
Keyboard and Microsoft-compatible mouse or other pointing device.
Exam Tip You should memorize the basic hardware requirements for running Windows XP. A
233 MHz processor, 64 MB RAM, and a 2 GB hard disk with 1.5 GB free space are required.
How to Verify Hardware Compatibility with the Windows Catalog
Although the Windows XP Professional Setup Wizard automatically checks your hardware and software for potential conflicts, before you install Windows XP Professional,
you should verify that your hardware is listed in the Windows Catalog. Microsoft provides tested drivers for the listed devices only. Using hardware not listed in the Windows Catalog could cause problems during or after installation. To find the Windows
Catalog, go to the Windows Catolog page of the Microsoft Web site at http://
www.microsoft.com/windows/catalog/.
Note
If your hardware is not in the Windows Catalog, the hardware manufacturer might be
able to provide you with a Windows XP Professional driver for the component.
What Are Disk Partitions?
The Windows XP Professional Setup program examines the hard disk to determine its
existing configuration. Setup then allows you to install Windows XP Professional on an
existing partition or to create a new partition on which to install it.
2-4
Chapter 2
Installing Windows XP Professional
A disk partition is a logical section of a hard disk on which the computer can write
data. Partitions offer a way to divide the space on a single physical hard disk into multiple areas, each of which is treated as a different disk within Windows. Some people
create separate partitions to help organize their files. For example, you might store the
Windows system files and application files on one partition, user-created documents
on another partition, and backup files on another partition.
Another reason to use multiple partitions is to isolate operating systems from one
another when you install more than one operating system on a computer. Although it
is technically possible to install some operating systems on the same partition,
Microsoft does not recommend or support this practice. You should always create a
separate partition for each operating system.
Depending on the hard disk configuration, do one of the following procedures during
installation:
■
If the hard disk is not partitioned, create and size the Windows XP Professional
partition. Unless you have a specific reason to create multiple partitions (such as
for multiple operating systems or to have a separate partition for document storage), you should create one partition that uses all available drive space.
■
If an existing partition is large enough, install Windows XP Professional on that
partition. Installing on an existing partition might overwrite any existing operating
system files.
■
If the existing partition is not large enough, delete it and combine it with other
partitions on the same physical disk to provide more unpartitioned disk space for
creating the Windows XP Professional partition.
Although you can use Setup to create other partitions, you should create and size only
the partition on which you will install Windows XP Professional. After you install Windows XP Professional, use the Disk Management snap-in of the Computer Management
console to partition any remaining unpartitioned space on the hard disk. Disk Management is much easier to use for disk partitioning than Setup. You will learn more about
partitions and the Disk Management tool in Chapter 10, “Managing Data Storage.”
Guidelines for Choosing a File System
After you create the installation partition, Setup prompts you to select the file system
with which to format the partition. Windows XP Professional can be installed on two
file systems:
File allocation table (FAT) Although Windows Setup references only file allocation table (FAT), there are actually two versions of FAT: FAT and FAT32. FAT is a
16-bit file system used in older versions of Windows. FAT32 is a 32-bit file system
supported by Windows 95 original equipment manufacturer (OEM) Service
Release 2, Windows 98, Windows Me, Windows 2000, and Windows XP.
Lesson 1
Preparing for Installation
2-5
NTFS The preferred file system for Windows XP, NTFS provides more security and
flexibility than FAT32. Microsoft recommends that you always use NTFS unless
there is a specific reason to use another file system (such as when you are installing more than one operating system on a computer and one of those operating
systems does not recognize NTFS partitions). NTFS is supported by Windows NT
4.0, Windows 2000, Windows XP, and Windows 2003 Server.
Figure 2-1 summarizes some of the features of these file systems.
NTFS
· File-level and folder-level security
· Disk compression
· File encryption
FAT or
FAT32
· Dual boot configuration support
· No file-level security
F02us01
Figure 2-1
!
NTFS offers more features than FAT.
Exam Tip
Unless you are installing Windows XP Professional on a multiple-boot computer
that also has an operating system that cannot access NTFS partitions (such as Windows 98),
you should always use NTFS.
Using NTFS
Use NTFS when the partition on which Windows XP Professional will reside requires
any of the following features:
File- and folder-level security NTFS allows you to control access to files and folders. For additional information, see Chapter 8, “Securing Resources with NTFS
Permissions.”
Disk compression NTFS can compress files to store more data on the partition. For
additional information, see Chapter 10.
Disk quota NTFS allows you to control disk usage on a per-user basis. For additional
information, see Chapter 10.
Encryption NTFS allows you to encrypt file data on the physical hard disk by using the
Microsoft Encrypting File System (EFS). For additional information, see Chapter 10.
The version of NTFS in Windows XP Professional supports remote storage, dynamic
volumes, and mounting volumes to folders. Windows XP Professional, Windows 2000,
and Windows NT are the only operating systems that can access data on a local hard
disk formatted with NTFS.
2-6
Chapter 2
Installing Windows XP Professional
FAT and FAT32
FAT and FAT32 offer compatibility with other operating systems. You must format the
system partition with either FAT or FAT32 if you will dual boot Windows XP Professional and another operating system that requires FAT or FAT32.
FAT and FAT32 do not offer many of the features (for example, file-level security) that
NTFS supports. Therefore, in most situations, you should format the hard disk with
NTFS. The only reason to use FAT or FAT32 is for dual booting with an older operating
system that does not support NTFS. If you are setting up a computer for dual booting,
you need to format the system partition that contains the older version of Windows
with FAT or FAT32. For example, if drive C is the system partition that holds Windows
98, you could format drive C as FAT or FAT32. You should then format the system partition that will hold Windows XP as NTFS. Finally, for multiple booting to be successful,
the boot partition must be formatted using a file system that all installed operating systems can access. For example, if you are dual-booting between Windows XP and Windows 95, the boot partition (as well as the system partition on which Windows 95 is
installed) would have to be formatted with FAT.
Converting a FAT or FAT32 Volume to NTFS
Windows XP Professional provides the Convert command for converting a partition to
NTFS without reformatting the partition and losing all the information on the partition.
To use the Convert command, click Start, click Run, type cmd in the Open text box,
and then click OK. This opens a command prompt, which you use to request the Convert command. The following example shows how you might use switches with the
Convert command.
Convert volume /FS:NTFS [/V] [/CvtArea:filename] [/NoSecurity] [/X]
Table 2-2 lists the switches available in the Convert command and describes their functions.
Table 2-2
Convert Command Switches
Switch
Function
Required
Volume
Specifies the drive letter (followed by a colon), volume
mount point, or volume name that you want to convert
Yes
/FS:NTFS
Specifies converting the volume to NTFS
Yes
/V
Runs the Convert command in verbose mode
No
/CvtArea:filename
Specifies a contiguous file in the root directory to be the
placeholder for NTFS system files
No
/NoSecurity
Sets the security settings to make converted files and
directories accessible by everyone
No
/X
Forces the volume to dismount first, if necessary, and all
open handles to the volume are then not valid
No
Lesson 1
Preparing for Installation
2-7
If you convert a system volume (or any volume that has files that are currently in use),
the Convert command might not be able to convert the drive right away. Instead, Windows schedules the conversion to happen the next time Windows is restarted.
Note
For help with any command-line program, at the command prompt, type the command
followed by /? and then press ENTER. For example, to receive help on the Convert command,
type Convert /? and then press ENTER.
Guidelines for Choosing Domain or Workgroup Membership
During installation, you must choose the type of network security group that the computer will join: a domain or a workgroup. Figure 2-2 shows the requirements for joining a domain or workgroup.
tailspintoys.com
Domain
Joining a domain requires:
· A domain name
· A computer account
· An available domain controller
and a DNS server
Workgroup
Joining a workgroup requires:
· A new or an existing workgroup
name
F02US02 (FYI, this was Figure 2.2 from page 42 of previous edition)
Figure 2-2
Joining a domain requires more planning than joining a workgroup.
Joining a Domain
When you install Windows XP Professional on a computer, you can add that computer
to an existing domain. Adding a computer to a domain is referred to as joining a
domain. You can join a computer to a domain during or following installation. Joining
a domain during installation requires the following:
Domain name Ask the domain administrator for the Domain Name System (DNS)
name for the domain that the computer will join. An example of a DNS-compatible
domain name is microsoft.com, in which microsoft is the name of the organization’s DNS identity.
Computer account Before a computer can join a domain, you must create a computer
account in the domain. You can ask a domain administrator to create the computer
2-8
Chapter 2
Installing Windows XP Professional
account before installation or, if you have been assigned the Add Workstations To
Domain right, you can create the computer account during installation. If you create
the computer account during installation, Setup prompts you for the name and password of a user account with authority to add domain computer accounts.
Available domain controller and a server running the DNS service (called the
DNS server) At least one domain controller in the domain that you are joining and
one DNS server must be online when you install a computer in the domain.
Joining a Workgroup
When you install Windows XP Professional on a computer, you can add that computer
to an existing workgroup. This process is referred to as joining a workgroup.
You can join a computer to a workgroup during installation simply by assigning a
workgroup name to the computer. The workgroup name you assign can be the name
of an existing workgroup or the name of a new workgroup that you create during
installation.
How to Ensure You Have the Necessary Information Before Installing
Windows XP Professional
Complete the following preinstallation checklist to ensure that you have all the necessary information available before you begin installing Windows XP Professional.
Task
Done
Verify that your components meet the minimum hardware requirements.
❑
Verify that all your hardware is listed in the Windows Catalog.
❑
Verify that the hard disk on which you will install Windows XP Professional has a
minimum of 1.5 GB of free disk space.
❑
Select the file system for the Windows XP Professional partition. Format this partition
with NTFS unless you need to dual boot operating systems with an operating system
that requires a FAT partition.
❑
Determine the name of the domain or workgroup that each computer will join. If the
computer joins a domain, write down the domain name in the DNS format:
server.subdomain.domain. If the computer joins a workgroup, use the
15-character NetBIOS naming convention: Server_name.
❑
Determine the name of the computer before installation.
❑
If the computer will join a domain, create a computer account in that domain. You can
create a computer account during installation if you have been granted the Add Workstations To Domain right.
❑
Determine a password for the Administrator account.
❑
Lesson 1
Preparing for Installation
2-9
How Microsoft Grants Software Licenses
A software license grants a user the right to run an application. Microsoft grants software licenses in one of three ways:
Full Packaged Product A Full Packaged Product is boxed software like you would
buy in a retail store. Full Packaged Products are intended for consumers who need
to purchase a small quantity of software licenses. When you install the Full Packaged Product version of Windows XP Professional, Setup asks you to enter a product ID (a 25-digit code found on the product packaging) during installation. You
must also activate Windows XP Professional after installation.
Original Equipment Manufacturer or System Builder Original Equipment Manufacturer (OEM) and System Builder licenses are acquired when you buy a computer that already has software installed. Typically, you do not have to activate this
type of license.
Volume Licensing Microsoft Volume Licensing programs are intended for consumers who need to purchase large quantities of software licenses, such as in a small
business or corporate environment. When a company has a volume license for
Windows XP Professional, the installation files are typically made available for
installation over the network. Product IDs and product activation are not required.
Practice: Prepare for Installation
In this practice, you will determine whether your computer meets the minimum
requirements specified by Microsoft to run Windows XP Professional and whether the
hardware in your computer is in the Windows Catalog. Complete the two exercises that
follow.
Exercise 1: Gather Information About Your Computer
1. From the Start menu, click Run.
2. In the Run dialog box, type msinfo32 and click OK.
3. The System Information utility opens to show a summary of your system. Use this
information to fill out the following table and determine whether your computer
meets the minimum hardware requirements.
2-10
Chapter 2
Installing Windows XP Professional
Component
Minimum Required
CPU
233 MHz Pentium- or AMD-compatible
Memory
64 MB RAM
Hard disk space
2GB hard disk with 1.5 GB free
disk space
Display
Super Video Graphics Array
(SVGA)–compatible (800 x 600)
Input devices
Keyboard and Microsoft mouse
(or other pointing device)
Other
CD-ROM or DVD-ROM
Your Computer
Exercise 2: Verify Your Hardware in the Windows Catalog
1. Locate the documentation that came with your computer, including any information about the motherboard, expansion cards, network adapters, video display
adapters, and sound cards.
2. Compare your findings with those in the Windows Catalog.
3. If any of your current hardware is not on the list, contact the manufacturer to
determine whether Windows XP supports the product.
Lesson Review
Use the following questions to help determine whether you have learned enough to
move on to the next lesson. If you have difficulty answering these questions, review
the material in this lesson before beginning the next lesson. You can find answers to
these questions in the “Questions and Answers” section at the end of this chapter.
1. What are the minimum and recommended memory requirements for installing
Windows XP Professional?
2. What is the minimum hard disk space required for installing Windows XP Professional? Choose the correct answer.
a. 500 MB
b. 1 GB
c. 1.5 GB
d. 2 GB
Lesson 1
Preparing for Installation
2-11
3. What information is required when joining a domain during the Windows XP Professional installation? Choose all that apply.
a. You must know the DNS name for the domain the computer will join.
b. You must have a user account in the domain.
c. At least one domain controller in the domain must be online when you install
a computer in the domain.
d. At least one DNS server must be online when you install a computer in the
domain.
4. Which of the following statements about file systems are correct? Choose all that
apply.
a. File- and folder-level security is available only with NTFS.
b. Disk compression is available with FAT, FAT32, and NTFS.
c. Dual booting between Windows 98 and Windows XP Professional is available
only with NTFS.
d. Encryption is available only with NTFS.
Lesson Summary
■
The first preinstallation task is to ensure that your hardware meets the hardware
requirements for installing Windows XP Professional.
■
The next preinstallation task is to ensure that your hardware is in the Windows
Catalog. Additional preinstallation tasks include determining how to partition the
hard disk on which you will install Windows XP Professional and deciding
whether to format the partition as NTFS, FAT, or FAT32.
■
Your computer can join a domain or a workgroup during or after installation.
2-12
Chapter 2
Installing Windows XP Professional
Lesson 2: Installing Windows XP Professional from a CD-ROM
This lesson covers the four-stage process of installing Windows XP Professional from a
CD-ROM. After you learn about these four stages, you will install Windows XP Professional on your computer.
After this lesson, you will be able to
■ Describe the Windows XP Professional setup process
■ Initiate text mode setup
■ Run the setup wizard
■ Install Windows XP Professional networking components
■ Explain how the installation process is completed
■ Describe the purpose of the Dynamic Update feature
Estimated lesson time: 70 minutes
Overview of Windows XP Professional Setup
The installation process for Windows XP Professional combines the Setup program
with wizards and informational screens. Installing Windows XP Professional from a
CD-ROM to a clean hard disk consists of these four stages:
Text mode setup During the text mode phase of installation, Setup prepares the
hard disk for the later installation stages and copies the files necessary to run the
Setup Wizard.
Setup Wizard The Setup Wizard requests setup information about the computer,
such as names, and passwords.
Network setup After gathering information about the computer, the Setup Wizard
prompts you for networking information and then installs the networking components that allow the computer to communicate with other computers on the network.
Completing the installation Setup copies files to the hard disk and configures the
computer. The system restarts after installation is complete.
The following sections cover the four stages in more detail.
How to Initiate Text Mode Setup
If a computer’s basic input/output system (BIOS) supports booting directly from CDROM, you can initiate text mode setup by inserting the Windows XP Professional installation CD-ROM in your CD-ROM drive and starting your computer. If a computer does
Lesson 2
Installing Windows XP Professional from a CD-ROM
2-13
not support booting from CD, you can create a set of floppy disks that will start the
computer and then initiate setup from the CD. After the installation has started, this
method proceeds just like booting from CD.
See Also
Microsoft makes the tools for creating boot floppy disks for Windows XP
Professional Edition and Windows XP Home Edition available for download. Visit http://
www.microsoft.com/downloads and search by using the keywords Windows XP boot floppy to
locate these utilities.
If a computer is already running a previous version of Windows, you can simply insert
the Windows XP installation CD and use a setup wizard to begin the installation. Setup
gives you the choice of upgrading the existing operating system or performing a clean
installation.
Figure 2-3 shows the six steps involved in the text mode stage of Setup.
Boot
1
Load Setup program into memory
2
Start text-based Setup program
3
Create the Windows XP Professional partition
4
Format the Windows XP Professional partition
5
Copy setup files to the hard disk
6
Restart the computer
Setup Wizard
F02us03
Figure 2-3
There are six steps in the text mode stage of Setup.
Running the Setup program involves the following steps:
1. After the computer starts, a minimal version of Windows XP Professional is copied
into memory. This version of Windows XP Professional starts the Setup program.
2. Setup then starts the text mode portion of Setup, which loads storage device drivers and then prompts you to read and accept a licensing agreement. If you have
a storage device for which Windows XP does not provide drivers, you can press
F6 during the initial setup and supply drivers for your device.
3. Setup prompts you to select the partition on which to install Windows XP Professional, as shown in Figure 2-4. You can select an existing partition or create a new
partition by using unpartitioned space on the hard disk.
2-14
Chapter 2
Installing Windows XP Professional
F02US04
Figure 2-4 Select the partition on which to install Windows XP Professional.
4. Setup prompts you to select a file system for the new partition. Next, Setup formats the partition with the selected file system.
5. Setup copies files to the hard disk and saves configuration information.
6. Setup restarts the computer and then starts the Windows XP Professional Setup
Wizard, the graphical user interface (GUI) portion of Setup. By default, the Setup
Wizard installs the Windows XP Professional operating system files in the C:\Windows folder.
How to Run the Setup Wizard
The graphical Windows XP Professional Setup Wizard leads you through the next stage
of the installation process. It gathers information about you, your organization, and
your computer, including the following information:
Regional settings Customize language, locale, and keyboard settings. You can configure Windows XP Professional to use multiple languages and regional settings.
See Also
You can add another language or change the locale and keyboard settings after
installation is complete. For more information, see Chapter 5, “Configuring Windows XP Professional.”
Name and organization Enter the name of the person and the organization to
which this copy of Windows XP Professional is licensed.
Computer name Enter a computer name of up to 15 characters. The computer name
must be different from other computer, workgroup, or domain names on the network. The Setup Wizard displays a default name (the organization name you
entered earlier in the process).
Lesson 2
Installing Windows XP Professional from a CD-ROM
2-15
Note
To change the computer name after installation is complete, click Start, click My Computer, and then click View System Information. In the System Properties dialog box, click the
Computer Name tab, and then click Change.
Password for Administrator account Specify a password for the Administrator
user account, which the Setup Wizard creates during installation. The Administrator account provides the administrative privileges required to manage the computer. Securely store this password in case you or another administrator at your
organization needs to use it later to access the computer.
Time and date Select the time zone, adjust the date and time settings if necessary,
and determine whether you want Windows XP Professional to automatically
adjust for daylight-savings time.
After you complete this step, the Setup Wizard starts to install the Windows networking
components.
How to Install Windows XP Professional Networking Components
After gathering information about your computer, the Setup Wizard guides you through
installing the Windows XP Professional networking components, as shown in Figure 2-5.
Networking
1
Detect network adapter cards
2
Select networking components
3
Join a workgroup or domain
4
Install components
Complete setup
F02us05
Figure 2-5
The Setup Wizard installs Windows networking components.
Installing Windows XP Professional networking components involves the following
steps:
1. Detect network adapter cards.
The Windows XP Professional Setup Wizard detects and configures any network
adapter cards installed on the computer. After configuring network adapters, it
attempts to locate a server running the Dynamic Host Configuration Protocol
(DHCP) service (called the DHCP server) on the network.
2. Select networking components.
The Setup Wizard prompts you to choose typical or customized settings for the
networking components it installs. The typical installation includes the following
options:
2-16
Chapter 2
Installing Windows XP Professional
❑
Client For Microsoft Networks
resources.
❑
File And Printer Sharing For Microsoft Networks Allows other computers to access file and print resources on your computer.
❑
QoS Packet Scheduler Helps provide a guaranteed delivery system for network traffic, such as Transmission Control Protocol/Internet Protocol (TCP/
IP) packets.
❑
Internet Protocol (TCP/IP) Allows your computer to communicate over
local area networks (LANs) and wide area networks (WANs). TCP/IP is the
default networking protocol.
Allows your computer to access network
Note
You can install other clients, services, and network protocols during the Windows XP
Professional installation; or you can wait until after the installation has completed. You will
learn more about networking with TCP/IP in Chapter 13, “Supporting TCP/IP.”
3. Join a workgroup or domain.
If you choose to join a domain for which you have sufficient privileges, you can
create the computer account during installation. The Setup Wizard prompts you
for the name and password of a user account with authority to add domain computer accounts.
Note
To change the domain or workgroup for your computer after you have installed Windows XP Professional, click Start, click My Computer, click View System Information, click the
Computer Name tab, and then click Change.
4. Install components.
The Setup Wizard installs and configures the Windows networking components
you selected.
How the Installation Is Completed
After installing the networking components, the Setup Wizard automatically starts the
final step in the installation process. (See Figure 2-6.)
Lesson 2
Complete setup
1
Installing Windows XP Professional from a CD-ROM
2-17
Copy files
2
Configure the computer
3
Save the configuration
4
Remove temporary files
5
Restart the computer
Setup
complete
F02us06
Figure 2-6
Windows completes the installation with these steps.
To complete the installation, the Setup Wizard performs the following tasks:
Installs Start menu items
the Start menu.
Registers components
specified earlier.
The Setup Wizard sets up shortcuts that will appear on
The Setup Wizard applies the configuration settings that you
Saves the configuration The Setup Wizard saves your configuration settings to the
local hard disk. The next time you start Windows XP Professional, the computer
uses this configuration automatically.
Removes temporary files To save hard disk space, the Setup Wizard deletes any
files used for installation only.
Restarts the computer
installation.
The Setup Wizard restarts the computer. This finishes the
What Is Dynamic Update?
Dynamic Update is a feature of the Windows XP Professional Setup program that
allows you to download updated files that are used during the installation of Windows
XP. Setup uses Dynamic Update to query the Windows Update site prior to installing
Windows XP to obtain the following files:
Critical Updates Setup downloads any available replacements for files on the Windows XP Professional installation CD.
Device Drivers Setup also downloads any available hardware driver replacement
files for drivers found on the Windows XP Professional installation CD.
To use Dynamic Update during Setup, your computer must have a working Internet
connection. For this reason, Dynamic Update is available only when you start a clean
installation or upgrade from within an existing installation of Windows. When Setup
asks whether it should look for updates, click Yes to have Setup search for and install
available updates.
2-18
Chapter 2
Installing Windows XP Professional
Dynamic Update is also enabled by default during unattended installations. You will
learn more about unattended installations in Chapter 3, “Deploying Windows XP Professional.”
Important
Setup does not use Dynamic Update to download any updates that are not
already included on the installation CD, so even if you use Dynamic Update, you should still
use the Windows Update site or the Windows Automatic Updates feature to obtain critical
updates following installation. You will learn more about updating Windows in Lesson 6,
“Activating and Updating Windows XP Professional.”
Practice: Installing Windows XP Professional
In this practice, you install Windows XP Professional. In Exercise 1, you will install
Windows XP Professional from a CD-ROM onto a computer that contains no partitions
or operating systems by booting the computer using the CD-ROM. If your computer
does not boot from a CD-ROM or if there is already an operating system loaded on
your computer, go to Exercise 2 to install Windows XP Professional from a CD-ROM
without having to boot from the Windows XP Professional installation CD-ROM.
Exercise 1: Installing Windows XP Professional from a CD-ROM
1. Make sure that your computer is set up to start from the CD-ROM drive. If you are
not sure how to do this, consult your computer documentation for information
about accessing the BIOS settings.
2. Insert the Windows XP Professional installation CD into your CD-ROM drive and
restart the computer. When the computer restarts, the text mode portion of the
installation begins.
During this time, you will be asked if you need to install any third-party drivers.
You only have a few seconds to press the F6 key and install the drivers before the
installation continues.
Note
Some computers will require you to press a key to boot from the CD-ROM drive. If you
are prompted to press any key to boot from the CD, press the spacebar.
3. Windows loads a number of files needed for setup, and the Welcome To Setup
screen appears after a few minutes. You can use this screen to set up Windows XP
or to repair an existing installation. Press ENTER to continue with the installation.
4. The Windows XP Licensing Agreement appears. After reading the terms of the
license, press F8 to accept the terms and continue the installation. If you do not
accept the agreement, Setup does not continue.
Lesson 2
Installing Windows XP Professional from a CD-ROM
2-19
5. After you accept the Licensing Agreement, Setup proceeds to the Disk Partitioning
portion. If you have multiple partitions, Setup will list them and allow you to you
choose which one to install XP Professional to. If you have no partitions configured, you can create one at this point.
6. After you have determined which partition to install to, press ENTER to continue.
7. The Format screen appears, which is where you decide how the drive should be
formatted (FAT or NTFS). Select Format The Partition Using The NTFS File System
and press ENTER.
Caution
If you are planning on dual booting your computer with an operating system that
does not support NTFS, your C drive cannot be formatted with NTFS. You might want to install
Windows XP Professional in a different drive and format that drive with NTFS.
8. Setup displays a screen warning that formatting the disk will delete all files from
it. Press F to format the drive and continue.
9. After the format process is complete, Setup copies the files needed to complete
the next phase of the install process and then restarts the computer.
10. After the computer restarts, Setup enters the GUI mode portion of the installation.
11. Setup continues the installation for several minutes, and then displays the
Regional And Language Options page. Make sure that the settings are correct for
your area, and then click Next.
12. The Personalize Your Software page appears. Fill in the appropriate information
and click Next.
13. The Product Key entry page appears. Enter the 25-digit product ID and click Next.
14. The Computer Name And Administrator Password page appears. Enter a name for
your computer, choose a password for the Administrator account, and click Next.
15. The Date And Time Settings page appears. Make sure that the information is correct for your area and click Next.
If Setup detects an installed network adapter, Setup will install network components next.
16. The Network Settings page appears. You should select the Typical Settings option
if you want Setup to automatically configure networking components. Typical
components include Client For Microsoft Networks, File And Print Sharing For
Microsoft Networks, and TCP/IP. Click Next.
17. After you choose the network settings, Setup displays the Workgroup Or Computer Domain name page. Enter the appropriate information and click Next.
2-20
Chapter 2
Installing Windows XP Professional
18. After you click Next in the Workgroup Or Computer Domain page, Setup continues with the final portion of the installation. It might take from 15 to 60 minutes
for the process to finish. When the installation is complete, the computer restarts
and you are prompted to log on for the first time.
Exercise 2: Installing Windows XP Professional from an Existing Operating System
If your computer does not boot from a CD-ROM, or if there is already an operating system loaded on your computer, you can install Windows XP Professional from a CDROM without having to boot from the Windows XP Professional installation CD-ROM.
Important
If you have completed Exercise 1, do not do this practice.
1. If there is an operating system currently installed on your computer, start the computer, log on as an administrator, and insert the Windows XP Professional CDROM into the CD-ROM drive.
2. When the Welcome To Microsoft Windows XP page appears, click Install Windows XP.
3. If you see a Windows Setup message box indicating that the version of the operating system cannot be upgraded and that option to upgrade will not be available,
click OK.
4. On the Welcome To Setup page in the Installation Type box, click New Installation
(Advanced), and then click Next.
5. On the License Agreement page, read the license agreement, select I Accept This
Agreement, and then click Next.
6. On the Your Product Key page, type in your 25-character product key, and then
click Next.
7. The Setup Options page allows you to configure the following three options:
❑
Advanced Options Allows you to control where the installation files are
obtained, where the installation files are copied to, whether or not to copy all
installation files to the hard disk, and whether or not you want to specify the
drive letter and partition during Setup.
❑
Accessibility Options Gives you the option of using the Microsoft Magnifier during Setup to display an enlarged portion of the screen in a separate
window for users with limited vision and the option of using the Microsoft
Narrator to read the contents of the screen for users who are blind.
❑
Select The Primary Language And Region You Want To Use
to specify the primary language and region you use.
Allows you
Lesson 2
Installing Windows XP Professional from a CD-ROM
2-21
8. After you have configured any required Setup options, click Next.
9. Setup displays the Get Updated Setup Files dialog box. If your computer has
access to the Internet, you might want to ensure that the Yes, Download The
Updated Setup Files (Recommended) check box is selected, and then click Next.
Otherwise, select No, Skip This Step And Continue Installing Windows, and then
click Next.
10. If your partition is not currently formatted with Windows XP Professional NTFS,
the Setup Wizard displays the Upgrade To The Windows NTFS File System page.
If you get the Upgrade To The Windows NTFS File System page, ensure that Yes,
Upgrade My Drive is selected, and then click Next.
Caution If you plan to dual boot your computer with an operating system that does not support NTFS, your C drive cannot be formatted with NTFS. You might want to install Windows XP
Professional in a different drive, and then format that drive with NTFS. If you install Windows
XP Professional on a drive other than the C drive, you must be sure you are using the correct
drive for the rest of the practices in the training kit.
11. If you are installing an Evaluation Edition of Windows XP Professional, the Setup
Wizard displays the Setup Notification page, informing you that this is an evaluation version. If Setup displays the Setup Notification screen, press ENTER to continue.
12. On the Welcome To Setup page, press ENTER to install Windows XP Professional.
Note
You can also delete partitions at this time. If you have a C partition, you might not be
able to delete it because Setup has already loaded some files onto it. The partition you choose
to use must be at least 2000 MB in size. If you cannot use the C partition to install Windows XP
Professional, you must replace the C partition in all following practices in this training kit with
the appropriate partition, the one on which you install Windows XP Professional.
13. The Setup Wizard prompts you to select an area of free space on an existing partition to install Windows XP Professional. Select the C partition.
The Setup Wizard displays the following message: You Chose To Install Windows
XP On A Partition That Contains Another Operating System. Installing Windows
XP Professional On This Partition Might Cause The Other Operating System To
Function Improperly.
14. Press C to have Setup continue and use this partition.
2-22
Chapter 2
Installing Windows XP Professional
Caution
Depending on the operating system currently installed on the C partition, Setup
might display the following message: A Windows Folder Already Exists That May Contain A
Windows Installation. If You Continue, The Existing Windows Installation Will Be Overwritten. If
You Want To Keep Both Operating Systems, Press Esc And Specify A Different Folder To Use.
15. If you get a warning about a Windows folder already existing, press L to use the
folder and delete the installation in it.
If your partition was not formatted with NTFS and you choose to have the partition formatted as NTFS, Setup formats it as NTFS, and then copies files. Otherwise,
Setup examines the partition and then copies files.
16. The Setup Wizard reboots the computer and continues to copy files in GUI mode,
after which it displays the Regional And Language Options page. Select the appropriate system locale, user locale, and keyboard layout (or ensure that they are correct for your language and location), and then click Next.
17. Setup displays the Personalize Your Software page, prompting you for your name
and your organization name. The Setup Wizard uses your organization name to
generate the default computer name.
Many applications that you install later will use this information for product registration and document identification. In the Name text box, type your name. In the
Organization text box, type the name of your organization, and then click Next.
18. The Setup Wizard displays the Computer Name And Administrator Password page.
Type a name for the computer in the Computer Name text box.
Caution
If your computer is on a network, check with the network administrator before
assigning a name to your computer.
19. In the Administrator Password text box and in the Confirm Password text box,
type a password, and then click Next.
20. Depending on your computer configuration, the Setup Wizard might display the
Modem Dialing Information page. Configure the following information:
❑
Ensure that the correct country or region is selected.
❑
Type the correct area code or city code.
❑
If you dial a number to get an outside line, type the number.
❑
Ensure that the correct dialing tone is selected, and then click Next.
21. The Setup Wizard displays the Date And Time Settings page. If necessary, select
the time zone for your location from the Time Zone drop-down list, and adjust the
date and the time. Ensure that the Automatically Adjust Clock For Daylight Saving
Lesson 2
Installing Windows XP Professional from a CD-ROM
2-23
Changes check box is selected if you want Windows XP Professional to automatically adjust the time on your computer for daylight savings time, and then click
Next.
22. Ensure that Typical Settings is selected, and then click Next.
23. On the Workgroup Or Computer Domain page, ensure that the No, This Computer
Is Not On A Network, Or Is On A Network Without A Domain option is selected,
make sure that the workgroup name is Workgroup, and then click Next.
24. The Setup Wizard configures the networking components and then copies files,
installs Start menu items, registers components, saves settings, and removes temporary files. This process takes several minutes.
25. The computer restarts, and Windows XP Professional starts for the first time.
Lesson Review
Use the following questions to help determine whether you have learned enough to
move on to the next lesson. If you have difficulty answering these questions, review
the material in this lesson before beginning the next lesson. You can find answers to
these questions in the “Questions and Answers” section at the end of this chapter.
1. If TCP/IP is installed on your computer, what is the maximum length for the computer name you specify during installation?
2. Can you change the computer name after installation without having to reinstall
Windows XP Professional? If you can change the name, how do you do it? If you
cannot change the name, why not?
3. Which of the following statements about joining a workgroup or a domain are correct? Choose all that apply.
a. You can add your computer to a workgroup or a domain only during installation.
b. If you add your computer to a workgroup during installation, you can join the
computer to a domain later.
c. If you add your computer to a domain during installation, you can join the
computer to a workgroup later.
d. You cannot add your computer to a workgroup or a domain during installation.
2-24
Chapter 2
Installing Windows XP Professional
4. When you install networking components with typical settings, what components
are installed? What does each component do?
Lesson Summary
■
If your computer does not support booting from a CD-ROM, you can install Windows XP Professional by booting another operating system first and then accessing the Windows XP Professional installation CD-ROM.
■
The Setup Wizard asks you to provide regional settings, your name and your organization’s name, a computer name, and a password for the Administrator account. It
also asks you to specify the time zone, time, and date; and to decide whether you
want Windows XP Professional to automatically adjust for daylight savings time.
■
Choosing to install networking components using typical settings installs the Client For Microsoft Networks, File And Printer Sharing For Microsoft Networks, and
TCP/IP.
■
You can customize the networking components during installation or any time
after installation.
Lesson 3
Installing Windows XP Professional over the Network
2-25
Lesson 3: Installing Windows XP Professional over the
Network
You can install Windows XP Professional over the network. This lesson discusses the
similarities and differences between installing from a CD-ROM and installing over the
network. The major difference is the location of the source files needed for installation.
This lesson also lists the requirements for an over-the-network installation.
After this lesson, you will be able to
■ Prepare for a network installation
■ Install Windows XP Professional over a network
■ Modify the setup process using Winnt.exe
■ Modify the setup process using Winnt32.exe
Estimated lesson time: 10 minutes
How to Prepare for a Network Installation
In a network installation, the Windows XP Professional installation files are located in
a shared location on a network file server, which is called a distribution server. From
the computer on which you want to install Windows XP Professional (the target computer), you connect to the distribution server, and then run the Setup program.
Figure 2-7 shows the requirements for a network installation.
Installation
files
Distribution
server
Target computer
Requirements for a network installation:
· Distribution server
· FAT partition on the target computer
· Network client
F02us07
Figure 2-7
A network client contacts a distribution server for installation files.
Installing Windows XP Professional requires you to do the following:
1. Locate a distribution server. The distribution server contains the installation files
from the I386 folder on the Windows XP Professional CD-ROM. These files reside in
a common network location in a shared folder that allows computers on the network to access the installation files. Contact a network administrator to obtain the
path to the installation files on the distribution server.
2-26
Chapter 2
Installing Windows XP Professional
Note After you have created or located a distribution server, you can use the over-the-network
installation method to concurrently install Windows XP Professional on multiple computers.
2. Create a FAT partition on the target computer. The target computer requires a formatted partition to copy the installation files to. Create a partition containing at
least 1.5 GB of disk space or more, and format it with the FAT file system.
3. Install a network client. A network client is software that allows the target computer to connect to the distribution server. On a computer without an operating
system, you must boot from a client disk that includes a network client that
enables the target computer to connect to the distribution server.
How to Install over the Network
The Setup program copies the installation files to the target computer and creates the
Setup boot disks. After Setup copies the installation files, you start the installation on
the target computer by booting from the Setup boot disks. From this point, you install
Windows XP Professional as you would from a CD-ROM.
Figure 2-8 shows the process for installing Windows XP Professional over the network.
Boot
1
Boot the network client
2
Connect to the distribution server
3
Run WINNT.EXE or WINNT32.EXE
4
Install Windows XP Professional
Setup
F02us08
Figure 2-8 Install Windows XP Professional over the network.
Installing Windows XP Professional over the network involves the following steps:
1. Boot the network client.
On the target computer, boot from a floppy disk that includes a network client or
start another operating system that can be used to connect to the distribution server.
2. Connect to the distribution server.
After you start the network client on the target computer, connect to the shared folder
on the distribution server that contains the Windows XP Professional installation files.
3. Run Winnt.exe or Winnt32.exe to start the Setup program.
Winnt.exe and Winnt32.exe reside in the shared folder on the distribution server.
❑
Use Winnt.exe for an installation using MS-DOS or Windows 3.0 or later versions on the source system.
❑
Use Winnt32.exe for an installation using Windows 95, Windows 98, Windows Me, Windows NT 4.0, or Windows 2000 Professional.
Lesson 3
!
Installing Windows XP Professional over the Network
2-27
Exam Tip
You can use Winnt.exe and Winnt32.exe to install Windows XP Professional from
the command line, using optional parameters to modify the installation. Winnt.exe runs under
MS-DOS and Windows 3.0/3.1. Winnt32.exe runs under the 32-bit Windows operating systems such as Windows 95, Windows 98, Windows Me, Windows NT 4.0, and Windows 2000.
Running Winnt.exe or Winnt32.exe from the shared folder does the following:
❑
Creates the $Win_nt$.~ls temporary folder on the target computer
❑
Copies the Windows XP Professional installation files from the shared folder
on the distribution server to the $Win_nt$.~ls folder on the target computer
4. Install Windows XP Professional.
Setup restarts the local computer and begins installing Windows XP Professional.
How to Modify the Setup Process Using Winnt.exe
You can modify an over-the-network installation by changing how Winnt.exe runs
Setup. Table 2-3 lists the parameters you can use with Winnt.exe and describes their
functions.
Table 2-3
Winnt.exe Parameters
Switch
Function
/a
Enables accessibility options.
/r[:folder]
Specifies an optional folder to be copied and saved. The folder remains
after Setup finishes.
/rx[:folder]
Specifies the optional folder to be copied. The folder is deleted after Setup
finishes.
/s[:sourcepath]
Specifies the source location of Windows XP Professional files. This must be
a full path of the form x:\[path] or \\server\share\[path]. The default is the
current folder location.
/t[:tempdrive]
Specifies a drive to contain temporary setup files and directs Setup to install
Windows XP Professional on that drive. If you do not specify a drive, Setup
attempts to locate the drive with the most available space.
/u[:script_file]
Performs an unattended installation by using an optional script file. Unattended installations also require using the /s switch. The answer file provides answers to some or all of the prompts that the end user normally
responds to during Setup.
/udf:id[,UDF_ file]
Indicates an identifier (id) that Setup uses to specify how a uniqueness
database file (UDF) modifies an answer file. The /udf parameter overrides
values in the answer file, and the identifier determines which values in the
UDF file are used. If you do not specify a UDF_ file, Setup prompts you to
insert a disk that contains the $UNIQUE$.UDB file.
2-28
Chapter 2
Installing Windows XP Professional
How to Modify the Setup Process Using Winnt32.exe
You can modify an over-the-network installation by changing how Winnt32.exe runs
Setup. Table 2-4 lists the parameters you can use with Winnt32.exe and describes their
functions.
Table 2-4
Winnt32.exe Parameters
Switch
Function
/checkupgradeonly
Checks your computer for upgrade compatibility for Windows XP
Professional. If you use this option with /unattend, no user input is
required. Otherwise, the results are displayed onscreen and you can
save them under the file name you specify.
For Windows 98 or Windows Me upgrades, the default filename is
Upgrade.txt in the %systemroot% folder (the folder that contains the
Windows XP Professional system files).
For Windows NT 4.0 or Windows 2000 upgrades, the default file
name is Ntcompat.txt in the %systemroot% folder.
/cmd:command_line
Specifies a specific command that Setup is to run. This command is
run after the computer restarts and after Setup collects the necessary
configuration information.
/cmdcons
Copies to the hard disk the additional files necessary to load a command-line interface, the Recovery Console, which is used for repair
and recovery. The Recovery Console is installed as a Startup option.
You can use the Recovery Console to stop and start services and to
access the local drive, including drives formatted with NTFS. You can
use this option only after you install Windows XP Professional.
/copydir:foldername
Creates an additional folder within the %systemroot% folder, which
contains the Windows XP Professional system files. For example, if
your source folder contains a folder called My_drivers, type /copydir:My_drivers to copy the My_drivers folder to your system folder.
You can use the /copydir switch to create as many additional folders
as you want. /copysource:foldername creates an additional folder
within the %systemroot% folder. Setup deletes folders created with
/copysource after installation is complete.
/debug[level] [:file_name] Creates a debug log at the specified level. By default, the debug log
file is C:\Winnt32.log, and the default level is 2. Includes the following levels:
■ 0 (severe errors)
■ 1 (errors)
■ 2 (warnings)
■ 3 (information)
■ 4 (detailed information for debugging)
Each level includes the level below it.
Lesson 3
Table 2-4
Installing Windows XP Professional over the Network
2-29
Winnt32.exe Parameters
Switch
Function
/dudisable
Prevents Dynamic Update from running. Without Dynamic Update,
Setup runs only with the original Setup files. This option disables
Dynamic Update even if you use an answer file and specify Dynamic
Update options in that file.
/dushare:pathname
Specifies a share on which you previously downloaded Dynamic
Update files (updated files for use with Setup) from the Microsoft
Download Center. When run from your installation share and used
with /duprepare, it prepares the updated files for use in networkbased client installations. When used without /duprepare and run on
a client, it specifies that the client installation will use the updated
files on the share specified in the path.
/duprepare:pathname
Prepares an installation share for use with Dynamic Update files that
you downloaded from the Microsoft Download Center. You can use
this share for installing Windows XP Professional for multiple clients
(used only with /dushare).
/m:foldername
Instructs Setup to copy replacement files from an alternate location.
Directs Setup to look in the alternate location first and, if files are
present, to use them instead of the files from the default location.
/makelocalsource
Instructs Setup to copy all installation source files to the local hard
disk. Use this switch when installing from a CD-ROM to provide
installation files when the CD-ROM is not available later in the installation.
/noreboot
Prevents Setup from restarting the computer after completing the filecopy phase. This allows you to execute another command.
/s:sourcepath
Specifies the source location of Windows XP Professional installation
files. To simultaneously copy files from multiple paths, use a separate
/s switch for each source path. If you type multiple /s switches, the
first location specified must be available or the installation will fail.
You can use a maximum of eight /s switches.
/syspart:[drive_letter]
Copies Setup startup files to a hard disk and marks the drive as active.
You can then install the drive in another computer. When you start
that computer, Setup starts at the next phase. Using /syspart requires
the /tempdrive switch. You can use /syspart on computers running
Windows NT 4.0, Windows 2000, Windows XP Professional, or Windows 2000 Server. You cannot use it on computers running Windows
95, Windows 98, or Windows Me.
/tempdrive:drive_letter
Places temporary files on the specified drive and installs Windows XP
Professional on that drive.
2-30
Chapter 2
Table 2-4
Installing Windows XP Professional
Winnt32.exe Parameters
Switch
Function
/udf:id[,udb_file]
Indicates an identifier (id) that Setup uses to specify how a UDF modifies an answer file. The UDF file overrides values in the answer file,
and the identifier determines which values in the UDF file are used.
For example, /udf:RAS_user, Our_company.udf overrides settings that
are specified for the RAS_user identifier in the Our_company.udf file.
If you do not specify a UDF file, Setup prompts you to insert a disk
that contains the $Unique$.udf file.
/unattend
Upgrades your previous version of Windows 98, Windows Me, Windows NT 4.0, or Windows 2000 in unattended mode (without user
input). Setup downloads the Dynamic Update files from Windows
Update and includes these files in the installation. All user settings are
taken from the previous installation, so no user intervention is
required during Setup.
/unatPerforms a fresh installation of Windows in unattended mode using
tend[num]:[answer_file] the specified answer file. Setup downloads the Dynamic Update files
from the Windows Update website and includes these files in the
installation. The specified num value indicates the number of seconds
between the time that Setup finishes copying the files and when Setup
restarts. You can use num on any computer running Windows 98,
Windows Me, Windows NT Workstation 4.0, Windows 2000, or Windows XP. The specified answer_file provides Setup with your custom
specifications.
Lesson Review
Use the following questions to help determine whether you have learned enough to
move on to the next lesson. If you have difficulty answering these questions, review
the material in this lesson before beginning the next lesson. You can find answers to
these questions in the “Questions and Answers” section at the end of this chapter.
1. On which of the following operating systems running on the client computer do
you use Winnt32.exe to install Windows XP Professional? Choose all that apply.
a. Windows 3.0
b. Windows 95
c. Windows 98
d. Windows NT 4.0
Lesson 3
Installing Windows XP Professional over the Network
2-31
2. Which Windows XP Professional command allows you to verify that your computer is compatible with Windows XP Professional before you begin installing it?
3. You use the ______ switch with Winnt32.exe to prevent Setup from restarting the
computer after completing the file-copy phase.
4. You use the ___________ switch with Winnt32.exe to tell Setup to copy all installation source files to your local hard disk.
Lesson Summary
■
When you install Windows XP Professional, the main difference between an overthe-network installation and an installation from CD-ROM is the location of the
source files.
■
After you connect to the shared folder containing the source files and start
Winnt.exe or Winnt32.exe, the installation proceeds as an installation from CDROM.
■
Several switches for Winnt.exe and Winnt32.exe allow you to modify the installation process.
■
The /checkupgradeonly switch specifies that Winnt32.exe should check your
computer only for upgrade compatibility with Windows XP Professional.
2-32
Chapter 2
Installing Windows XP Professional
Lesson 4: Upgrading Earlier Versions of Windows to
Windows XP Professional
You can upgrade many earlier versions of Windows operating systems directly to Windows XP Professional. Before upgrading, however, you must do the following:
■
Ensure that the computer hardware meets the minimum Windows XP Professional
hardware requirements.
■
Check the Windows Catalog or test the computer for hardware compatibility using
the Windows XP Professional Compatibility tool. Using compatible hardware prevents problems when you start the upgrade on a large number of client computers.
After this lesson, you will be able to
■ Identify client upgrade paths to Windows XP Professional.
■ Generate a hardware compatibility report.
■ Upgrade earlier Windows client operating systems to Windows XP Professional.
Estimated lesson time: 10 minutes
Client Upgrade Paths
You can upgrade most client computers running earlier versions of Windows directly to
Windows XP Professional. However, computers running some earlier versions of Windows (including Windows 95, Windows NT 3.1, and Windows NT 3.5) require an additional step. Table 2-5 lists the Windows XP Professional upgrade paths for various
client operating systems.
Table 2-5
Windows XP Professional Upgrade Paths for Client Operating Systems
Upgrade From
Upgrade To
Windows NT 3.1, 3.5, or 3.51
Windows NT 4.0 Workstation first, and then upgrade to
Windows XP Professional
Windows 95
Windows 98 first, and then upgrade to
Windows XP Professional
Windows 98
Windows XP Professional
Windows Me
Windows XP Professional
Windows NT Workstation 4.0
with Service Pack 6 or later
Windows XP Professional
Windows 2000 Professional
Windows XP Professional
Windows XP Home Edition
Windows XP Professional
Lesson 4
Upgrading Earlier Versions of Windows to Windows XP Professional
2-33
Real World Upgrading Older Computers
Microsoft provides a number of upgrade paths to Windows XP Professional—
even from operating systems as old as Windows 95. However, although upgrades
from these operating systems are supported, it is unlikely that the computer hardware running the older operating systems will support Windows XP Professional.
Even if the hardware and applications on the computers prove compatible with
Windows XP Professional, it is not likely that the computers will run Windows XP
Professional or any modern applications with acceptable performance.
How to Generate a Hardware Compatibility Report
Before you upgrade a client computer to Windows XP Professional, ensure that it
meets the minimum hardware requirements by using the Windows XP Compatibility
tool to generate a hardware and software compatibility report. This tool runs automatically during the actual upgrade process, but running it before beginning the upgrade
should identify any hardware and software problems and allow you to fix compatibility
problems ahead of time.
Generating the Compatibility Report
To run the Windows XP Compatibility tool and generate a compatibility report, perform the following steps:
1. Insert the Windows XP Professional CD-ROM into the CD-ROM drive.
2. From the Start menu, select Run.
3. In the Run dialog box, type d:\i386\winnt32 /checkupgradeonly (where d is
the drive letter of your CD-ROM drive) and click OK.
Note
Generating the upgrade report can take several minutes. The tool checks only for
compatible hardware and software, and generates a report that you can analyze to determine
the system components that are compatible with Windows XP Professional.
Reviewing the Report
The winnt32 /checkupgradeonly command generates a report that appears as a text
document, which you can view from within the Compatibility tool or save as a text file
and view with any text editor. The report documents the system hardware and software that are incompatible with Windows XP Professional. It also specifies whether
you need to obtain an upgrade pack for software installed on the system and recommends additional system changes or modifications to maintain functionality in Windows XP Professional.
2-34
Chapter 2
Installing Windows XP Professional
How to Upgrade Compatible Computers Running Windows 98
For client computers running Windows 98 that test as compatible with Windows XP
Professional, you can upgrade using a setup wizard or by running Winnt32.exe to complete the upgrade.
To upgrade a computer running Windows 98 to Windows XP Professional using
Winnt32.exe, complete the following steps:
1. Insert the Windows XP Professional CD-ROM in the CD-ROM drive.
2. The Autorun program on the Windows XP Professional CD-ROM displays the Welcome To Microsoft Windows XP screen.
Note If you do not want to use any switches with Winnt32.exe, click Install Windows XP and
follow the prompts on your screen. These steps are the same as Exercise 1 in Lesson 2,
“Installing Windows XP Professional from a CD-ROM.”
3. Open the Command Prompt window, type d:\i386\winnt32.exe with any
appropriate switches, and press ENTER.
4. Accept the license agreement.
5. If the computer is already a member of a domain, create a computer account in
that domain. Windows 98 clients do not require a computer account, but Windows
XP Professional clients do.
6. Provide upgrade packs for applications that need them. Upgrade packs update the
software to work with Windows XP Professional. These packs are available from
the software vendor.
7. Upgrade to NTFS when prompted. Select the upgrade if you do not plan to set up
the client computer to dual boot.
8. Continue with the upgrade if the Windows XP Professional Compatibility tool generates a report showing that the computer is compatible with Windows XP Professional. The upgrade finishes without further intervention, and adds your computer
to a domain or workgroup.
If the report shows that the computer is incompatible with Windows XP Professional,
terminate the upgrade process, and then upgrade your hardware or software.
How to Upgrade Compatible Computers Running Windows NT 4.0
The upgrade process for computers running Windows NT 4.0 is similar to the upgrade
process for computers running Windows 98. Before you perform the upgrade, use the
Windows XP Professional Compatibility tool to verify that the systems are compatible
with Windows XP Professional and to identify any potential problems.
Lesson 4
Upgrading Earlier Versions of Windows to Windows XP Professional
2-35
Windows NT 4.0 computers that meet the hardware compatibility requirements can
upgrade directly to Windows XP Professional. To upgrade a computer running Windows NT 4.0 to Windows XP Professional using Winnt32.exe, complete the following
steps:
1. Insert the Windows XP Professional CD-ROM in the CD-ROM drive. The Autorun
program on the Windows XP Professional CD-ROM displays the Welcome To
Microsoft Windows XP screen.
Note
If you do not want to use any switches with Winnt32.exe, click Install Windows XP and
follow the prompts on your screen. These steps are the same as those in Practice 2 in Lesson 2.
2. Open the Command Prompt window, type d:\i386\winnt32.exe with any
appropriate switches, and press ENTER.
3. On the Welcome To Windows page, in the Installation Type drop-down list, select
Upgrade, and then click Next.
4. On the License Agreement page, read the license agreement, click I Accept This
Agreement, and then click Next.
5. On the Product Key page, enter your 25-character product key, which is located
on the back of the Windows XP Professional CD-ROM case.
6. On the Windows XP Professional NTFS File System page, click Yes, Upgrade My
Drive, and then click Next.
7. After Setup copies installation files, the computer restarts and the upgrade finishes
without further user intervention necessary.
Lesson Review
Use the following questions to help determine whether you have learned enough to
move on to the next lesson. If you have difficulty answering these questions, review
the material in this lesson before beginning the next lesson. You can find answers to
these questions in the “Questions and Answers” section at the end of this chapter.
1. Which of the following operating systems can be upgraded directly to Windows
XP Professional? Choose all that apply.
a. Windows NT Workstation 4.0
b. Windows NT 3.51
c. Windows 2000 Professional
d. Windows NT Server 4.0
2-36
Chapter 2
Installing Windows XP Professional
2. How can you upgrade a computer running Windows 95 to Windows XP Professional?
3. Before you upgrade a computer running Windows NT 4.0 Workstation, which of
the following actions should you perform? Choose all that apply.
a. Create a 2 GB partition on which to install Windows XP Professional.
b. Verify that the computer meets the minimum hardware requirements.
c. Generate a hardware and software compatibility report.
d. Format the partition containing Windows NT 4.0 so that you can install Windows XP Professional.
4. How can you verify that your computer is compatible with Windows XP Professional and therefore can be upgraded?
Lesson Summary
■
Before you upgrade a client computer to Windows XP Professional, ensure that it
meets the minimum hardware requirements.
■
Use the Windows XP Professional Compatibility tool to generate a hardware and
software compatibility report.
■
For client systems that test as compatible with Windows XP Professional, run the
Windows XP Professional Setup program (Winnt32.exe) to complete the upgrade.
Lesson 5
Troubleshooting Windows XP Professional Setup
2-37
Lesson 5: Troubleshooting Windows XP Professional Setup
The best way to avoid problems when installing Windows XP Professional is to fully
prepare a computer for installation, choose the right kind of installation for your needs,
and make sure that the hardware in the computer is compatible with Windows XP Professional prior to beginning the installation. Although installations of Windows XP Professional complete without any problems most of the time, this lesson introduces you
to some common reasons why an installation might fail and what you can to do solve
the problem.
After this lesson, you will be able to
■ Identify common setup failures and their solutions.
■ Troubleshoot setup failures by using setup logs.
Estimated lesson time: 15 minutes
Guidelines for Resolving Common Problems
Fortunately, most installation problems are relatively minor issues that are simple to
correct. Table 2-6 lists some common installation problems and offers solutions to
those problems.
Table 2-6
Troubleshooting Tips
Problem
Solution
Media errors occur.
If you are installing from a CD-ROM, use a different CD-ROM. To
request a replacement CD-ROM, contact Microsoft or your vendor.
Try using a different computer and CD-ROM drive. If you can read
the CD-ROM on a different computer, you can perform an over-thenetwork installation. If one of your Setup disks is not working, try
using a different set of Setup disks.
CD-ROM drive is not
supported.
Replace the CD-ROM drive with a supported drive. If replacement is
impossible, try another installation method such as installing over
the network. After you complete the installation, install the driver
for the adapter card driver for the CD-ROM drive if it is available.
Computer cannot copy
files from the CD-ROM.
Test the CD-ROM on another computer. If you can copy the files
using a different CD-ROM drive on a different computer, use the CDROM to copy the files to a network share or to the hard drive of the
computer on which you want to install Windows XP Professional.
Sometimes, when you get an error stating that Setup cannot copy a
particular file, the problem can actually be a failed RAM module. If
you test the CD and CD-ROM drive successfully, testing your memory should be the next step.
2-38
Chapter 2
Table 2-6
Installing Windows XP Professional
Troubleshooting Tips
Problem
Insufficient disk space.
Solution
Do one of the following:
Use the Setup program to create a partition by using existing free space on the hard disk.
■ Delete and create partitions as needed to create a partition
that is large enough for installation.
■ Reformat an existing partition to create more space.
■
Setup failure during
Verify that Windows XP supports the mass storage devices on the
early text mode portion of computer. If not, press F6 when prompted and supply the necessary
Setup.
drivers for these devices from floppy disk.
Dependency service fails
to start.
In the Windows XP Professional Setup Wizard, return to the Network Settings page and verify that you installed the correct protocol
and network adapter. Verify that the network adapter has the proper
configuration settings, such as transceiver type, and that the local
computer name is unique on the network.
During Setup, the comWhen Setup attempts to write to the boot sector to make the hard
puter’s BIOS-based virus disk Windows XP-bootable, BIOS-based virus scanners might interscanner gives an error
pret the action as an attempt by a virus to infect the system. Disable
message indicating that a the virus protection in the BIOS and enable it again after Windows
virus is attempting to infect XP is fully installed.
the boot sector. Setup fails.
Setup cannot connect to
the domain controller.
Verify the following:
The domain name is correct.
■ The server running the DNS service and the domain controller are both running and online. If you cannot locate a
domain controller, install Windows XP Professional into a
workgroup and then join the domain after installation.
■ The network adapter card and protocol settings are set correctly. If you are reinstalling Windows XP Professional and
are using the same computer name, delete the computer
account and re-create it.
■
Windows XP Professional Verify the following:
■ Windows XP Professional is detecting all the hardware.
fails to install or start.
■ All the hardware is in the Windows Catalog. Try running
Winnt32 /checkupgradeonly to verify that the hardware is
compatible with Windows XP Professional.
Remove unsupported devices in an attempt to get past the error. If
you are unsure about which devices are unsupported, consider
removing all devices during the installation (except those necessary
to run the system, such as the motherboard, display adapter, memory, and so on) and then reconnecting them after Windows is
installed.
Lesson 5
Troubleshooting Windows XP Professional Setup
2-39
Guidelines for Troubleshooting Setup Failures Using the Windows XP
Setup Logs
During Setup, Windows XP Professional generates a number of log files containing
installation information that can help you resolve any problems that occur after Setup
is completed. The action log and the error log are especially useful for troubleshooting.
Both are located in the installation folder (C:\Windows by default).
Tip
The logs are text documents that you can view in Notepad, WordPad, or Word. Some of
the documents are very large. Consider searching the document for the word fail, which can
help you locate instances in the log files that contain information on failed operations.
Action Log
The action log records the actions that the Setup program performs in chronological
order. It includes actions such as copying files and creating Registry entries. It also contains entries that are written to the Setup error log. The action log is named Setupact.log. If an installation fails, you can often pinpoint what was going on (for
example, what file was being copied) when the installation failed. Searching the
Microsoft Knowledge Base using the description of the action as a keyword often
yields solutions to the problem at hand.
Error Log
The error log describes errors (and their severity) that occur during Setup. Because the
contents of this log are also included in the action log, you can think of the error log
as a subset of the action log. The error log is named Setuperr.log. If errors occur, the
log viewer displays the error log at the end of Setup. If no errors occurred during installation, this file is empty.
See Also
For additional information about troubleshooting installations, see Lesson 3,
“Using Startup and Recovery Tools,” in Chapter 4, "Modifying and Troubleshooting the Startup
Process."
Troubleshooting Stop Errors
Stop errors, also referred to as blue screen errors, occur when the system detects a
condition from which it cannot recover. The system stops responding and displays a
screen of information on a blue background. The most likely time during installation
that you might experience stop errors is when the text mode stage of setup has finished, your computer restarts, and the Setup Wizard stage begins. During this transi-
2-40
Chapter 2
Installing Windows XP Professional
tion, Windows XP loads the newly installed operating system kernel for the first time
and initializes new hardware drivers.
Stop errors are identified by a 10-digit hexadecimal number. The two most common
stop errors you will encounter during Windows XP installation are described as follows:
Stop: 0x0000000A Error This error usually indicates that Windows attempted to
access a particular memory address at too high an internal request level (IRQL).
This error usually occurs when a hardware driver uses an incorrect memory
address, but can also indicate an incompatible device driver or a general hardware
problem. To troubleshoot this error, confirm that your hardware is listed in the
Windows Catalog, make sure that your BIOS is compatible with Windows XP Professional, and perform general hardware troubleshooting. You can learn more
about troubleshooting this stop error by reading Microsoft Knowledge Base article
314063, “Troubleshooting a Stop 0x0000000A Error in Windows XP.”
Stop: 0x0000007B Error This error normally indicates that you have an inaccessible
boot device, meaning that Windows cannot access your hard disk. The common
causes for this type of error are a boot sector virus, bad or incompatible hardware,
or missing hardware drivers. You can learn more about troubleshooting this stop
error by reading Microsoft Knowledge Base article 324103, “How to Troubleshoot
‘Stop 0x0000007B’ Errors in Windows XP.”
Tip
Although these are the two most common Stop errors you will see during Windows XP
installation, you might encounter other Stop errors. If you get a Stop error, write down the
Stop error number. Search the Microsoft Knowledge Base using the number as your keyword,
and you can find information on how to resolve the error. You can learn more about troubleshooting Stop errors by reading the article “Windows Server 2003 Troubleshooting Stop
Errors,” which is available at http://www.microsoft.com/technet/prodtechnol/
windowsserver2003/operations/system/sptcestp.mspx. Although the article is written for
Windows Server 2003, it also applies to Windows XP.
Lesson Review
Use the following questions to help determine whether you have learned enough to
move on to the next lesson. If you have difficulty answering these questions, review
the material in this lesson before beginning the next lesson. You can find answers to
these questions in the “Questions and Answers” section at the end of this chapter.
Lesson 5
Troubleshooting Windows XP Professional Setup
2-41
1. If you encounter an error during setup, which of the following log files should you
check? Choose all that apply.
a. Setuperr.log
b. Netsetup.log
c. Setup.log
d. Setupact.log
2. If your computer cannot connect to the domain controller during installation, what
should you do?
3. If your computer cannot connect to read the CD-ROM during installation, what
should you do?
Lesson Summary
■
The action log, Setupact.log, records and describes in chronological order the
actions that Setup performs.
■
The error log, Setuperr.log, describes errors that occur during Setup and indicates
the severity of each error.
■
If a failed installation results in a stop error, you can search the Microsoft Knowledge Base for information on troubleshooting the problem.
2-42
Chapter 2
Installing Windows XP Professional
Lesson 6: Activating and Updating Windows XP
Professional
After installing Windows XP for a home or small business user, you will need to activate Windows. Unless activated, Windows can only be used only for 30 days. Corporate installations typically do not need to be activated because most corporations use a
volume licensing system. You will also need to install any available updates and preferably configure Windows to download and install critical updates automatically.
After this lesson, you will be able to
■ Activate Windows XP following installation.
■ Scan a system and display available updates by using the Windows Update site.
■ Configure Automatic Updates to download and install updates automatically.
■ Explain the purpose of Software Update Services.
■ Explain the purpose of service packs.
Estimated lesson time: 30 minutes
Guidelines for Activating Windows Following Installation
Unless you are working with an installation that is part of a volume licensing plan,
Windows XP Professional requires that the operating system be activated with
Microsoft within 30 days of installation. Typically, if you install Windows XP Professional using an original installation CD, you need to activate it. If the operating system
is not activated within this time, Windows ceases to function until it is activated. You
are not allowed to log on to the system until you contact one of Microsoft’s product
activation centers.
The first time you log on to Windows following installation, Windows prompts you to
activate the product if activation is necessary. If you do not perform the activation,
Windows continues to prompt you at regular intervals until you activate the product.
Windows Product Activation (WPA) requires each installation to have a unique
product key. When you enter the 25-character product key during Windows installation, the Setup program generates a 20-character product ID (PID). During activation,
Windows combines the PID and a hardware ID to form an installation ID. Windows
sends this installation ID to a Microsoft license clearinghouse, where the PID is verified
to ensure that it is valid and that it has not already been used to activate another installation. If this check passes, the license clearinghouse sends a confirmation ID to your
computer, and Windows XP Professional is activated. If the check fails, activation fails.
Lesson 6
Activating and Updating Windows XP Professional
2-43
How to Scan a System and Display Available Updates Using the
Windows Update Site
Windows Update is an online service that provides enhancements to the Windows
family of operating systems. Product updates such as critical and security updates, general Windows updates, and device driver updates are all easily accessible. When you
connect to the Windows Update website, the site scans your system (a process that
happens locally without sending any information to Microsoft) to determine what is
already installed, and then presents you with a list of available updates for your system.
You can access Windows Update in the following ways:
■
Through Internet Explorer by clicking Windows Update from the Tools menu
■
Through any Web browser by using the URL http://www.microsoft.com/windowsupdate
■
Through the Help And Support Center by clicking Windows Update
■
Through the Start menu by clicking All Programs and then Windows Update
■
Through Device Manager by clicking Update Driver in the Properties dialog box
of any device
Using the Windows Update Site
To perform an Express Install from the Windows Update site, follow these steps:
1. From the Start menu, click All Programs, and then click Windows Update.
2. On the Microsoft Windows Update website, click Express Install.
3. After the scan is complete (a process that is performed locally—no information is
sent to Microsoft’s servers), click Install.
4. If you are prompted with an End User License Agreement (EULA), read the agreement and click I Accept.
5. Wait while the updates are downloaded and installed. If you are prompted to
restart your computer, click Restart Now. If you are not prompted to restart, click
Close.
How to Configure Automatic Updates
Windows XP also supports Automatic Updates, a feature that automatically downloads and installs new updates when they become available. You should configure the
Automatic Updates feature in Windows XP to automatically download and install new
updates according to a regular schedule.
To configure Automatic Updates, follow these steps:
2-44
Chapter 2
Installing Windows XP Professional
1. From the Start menu, click Control Panel.
2. In the Control Panel window, click Performance And Maintenance.
3. In the Performance And Maintenance window, click System.
4. On the Automatic Updates tab, click the Automatic option, as shown in Figure 2-9.
5. Select how often and at what time of day updates should be downloaded and
installed. For users with dedicated connections (such as a cable modem), you
should configure Windows to check for updates daily at a time when the user is
not using the computer. Users with dial-up connections might want to check less
frequently if they are concerned about allowing their computers to connect to the
Internet automatically.
F02US09
Figure 2-9 You should schedule Automatic Updates to download and install
updates automatically.
6. Click OK.
!
Exam Tip
Enabling Automatic Update and configuring it to download and install updates
automatically according to a preset schedule is the recommended way for handling critical
updates for Windows XP.
What Is Software Update Services?
By default, Automatic Updates locates and downloads updates from Microsoft’s public
update servers. As an alternative, you can configure an update service to run on the
local network and supply updates to clients. This procedure provides better control
over the specific updates made available to client computers.
Lesson 6
Activating and Updating Windows XP Professional
2-45
Software Update Services (SUS) is a server component installed on a Windows 2000 or
Windows 2003 server inside the corporate firewall. SUS allows for the distribution of critical updates and security updates; it does not allow the distribution of Service Packs or
driver updates, and it does not have a mechanism to deploy software packages outright.
SUS synchronizes with the public Windows Update site at Microsoft on behalf of your
clients. SUS, which is designed to support up to 15,000 clients, serves as a distribution
point of updates to the clients in your organization in two ways:
Automatically You can create an automatic content distribution point on the SUS
server that will synchronize its content with the content from the Windows Update
website. This option offers clients the same updates as the public server, but cuts
down on Internet traffic by providing the updates locally.
Manually You can also create a content distribution point on a server running
Microsoft Internet Information Services (IIS) version 5.0 or later. This option lets
you specify which updates are available.
You can also control which server each Windows client connects to for updates (if you
are running more than one SUS server across multiple sites), as well as schedule when
the client should perform the installations of critical updates.
Installing SUS
You can install the Software Update Services server component on a server running
either Windows 2000 Server or Windows Server 2003. The computer should meet the
following system requirements:
■
Pentium III 700 MHz or better processor
■
512 MB of RAM
■
6 GB of available hard disk space formatted with NTFS
■
Windows 2000 Server (with Service Pack 2 or later) or Windows Server 2003
■
IIS 5.0 or later
■
Internet Explorer 6.0 or later
The SUS component is available for download from (http://www.microsoft.com/
windows2000/windowsupdate/sus/default.asp). After the download is complete, double-click the setup file to begin the installation process and simply follow the menu
prompts for a Typical installation (a Custom installation lets you choose the folder
where the service is installed and the location where updates are stored).
To Use Group Policy to Configure Clients to Access SUS
After SUS is installed in your environment, you need to configure the client systems to
use it—otherwise, they will just keep using the Windows Update public server instead.
2-46
Chapter 2
Installing Windows XP Professional
You must use Group Policy to configure clients to use the SUS server. You can set the
policy at either the domain or organizational unit level. Group Policy is explained in
more detail in Chapter 16, “Configuring Security Settings and Internet Options.”
To set the Group Policy, follow these steps:
1. Log on as a domain administrator or open the Active Directory Users And Computers tool using the Run As command to enter the appropriate credentials.
2. Right-click the domain or organizational unit and choose Properties from the
shortcut menu.
3. Switch to the Group Policy tab.
4. You could edit the default domain policy, but it is normally recommended that
you create another one for these types of secondary settings. To do this, choose
the New button and name the new policy that appears in the window.
5. After you have named the policy, click the Edit button to open the Group Policy
Object Editor window.
6. Expand the Computer Configuration node, then the Administrative Templates
node, then the Windows Components node, and then the Windows Update node.
7. Double-click the Configure Automatic Updates setting to specify any of the following:
❑
Notify The User Before Download And Before Installation
❑
Automatically Download And Notify The User Before Installation
❑
Automatically Download And Schedule An Automatic Installation
8. Double-click the Specify Intranet Microsoft Update Service Location setting.
Change the setting to Enabled and enter the name of the internal SUS server that
the clients in the domain should use into both fields. This information can be
entered by name or by IP address.
9. Double-click the Reschedule Automatic Updates scheduled installations setting to
change the schedule for automatic installation on clients.
10. Double-click the No Auto-Restart For Scheduled Automatic Updates installations
to prevent clients from restarting after an automatic installation.
Note
After Automatic Updates is configured by Group Policy, the Automatic Updates settings become unavailable to the user of the client computer.
What Are Service Packs?
Microsoft periodically releases service packs for Windows XP. A service pack is a collection of all updates released to that point, and often includes new features, as well.
Lesson 6
Activating and Updating Windows XP Professional
2-47
You should be familiar with the deployment of service packs to ensure that all operating systems on the network are up-to-date and to avoid issues that you might encounter in the future.
Windows XP ships with a utility called Winver.exe, which you can use to determine
what version of Windows you are running and what level of service pack (if any) is
installed. Figure 2-10 displays the output of Winver.exe prior to any service pack being
installed. If a service pack has been installed, the version will be noted after the build
number.
F02US10
Figure 2-10
Use Winver.exe to determine the current Windows version and service pack.
To Obtain a Service Pack
Service packs are free, and you can get them in the following ways:
■
Use Windows Update to update a single computer with a service pack.
■
Download the service pack from Windows Update to deploy to many computers.
The download is a single large self-extracting executable, which will have a different name depending on the service pack version that you are installing. The file is
quite large (85 MB or more), so be sure that you have sufficient bandwidth available to support the download.
■
Order the service pack CD. You can order the service pack CD from Microsoft for
a nominal fee that covers the cost of manufacture and shipping. In addition to
containing the service pack, the CD contains operating system enhancements and
other advanced utilities.
■
Use Microsoft subscription services. Microsoft has several subscription services,
such as Microsoft TechNet, which automatically provide you with service packs
with the next issue after the release of the service pack.
2-48
Chapter 2
Installing Windows XP Professional
To Install a Service Pack
Service pack setup programs can have various names, though most Windows Service
Packs use a program named Update.exe. Regardless of the file name, though, most
Windows updates support the same command-line parameters, which control how the
service pack deploys. Table 2-7 lists these parameters.
Table 2-7
Common Command-Line Parameters for Windows Updates
Switch
Function
/f
Forces all applications to close prior to restarting the system.
/n
Does not back up uninstall files. You cannot uninstall the service
pack if this switch is used.
/o
Overwrites OEM-provided files without prompting the user.
/q
Installation runs in quiet mode with no user interaction required
(requires /o to update OEM-supplied files).
/s:[path to
distribution folder]
Creates an integration installation point.
/u
Unattended installation (requires /o to update OEM-supplied files).
/x
Extracts files without starting Setup. This is useful if you want to
move installation files to another location.
/z
Disables automatic restart when installation is finished.
Service pack installations require a significant amount of disk space (hundreds of
megabytes). The uninstall folder consumes the majority of this disk space. You can
install a service pack without saving uninstall files by using the /n switch when installing the service pack.
You must choose an installation method from the following options:
Update installation The service pack executable is started locally, across the network, or through Windows Update. The service pack is installed on the existing
operating system.
Integrated installation Also called slipstreaming, an integrated installation is one in
which the service pack is applied to the installation files on a distribution server
using the /s switch, integrating the installation files and the service pack into a single set of updated installation files. New installations that included the service
pack can then be performed from the integrated distribution point. This eliminates
the need to apply the service pack after the installation. However, the service pack
cannot be uninstalled if it is applied in this fashion.
Combination installation This involves installation using a combination of an integrated installation, an answer file to control the installation process, and a Cmdlines.txt file to launch additional application setup programs after the operating
system setup has completed.
Lesson 6
Activating and Updating Windows XP Professional
2-49
When you install new operating system components after a service pack has been
installed, Setup requires both the operating system and service pack installation files.
This allows Setup to install the updated version of the component.
To Uninstal a Service Pack
By default, the service pack setup program automatically creates a backup of the files and
settings that are changed during the service pack installation and places them in an uninstall folder named \$NTServicepackUninstall$\ in %systemroot%. You can uninstall the
service pack through Add/Remove Programs on Control Panel or from a command line by
running Spuninst.exe from the %systemroot%\$NTServicepackUninstall\Spuninst\ folder.
Note
If you installed a service pack without creating a backup, you cannot uninstall the service pack.
Practice: Configuring Automatic Updates
In this practice, you will configure Automatic Updates to download and install critical
updates automatically.
1. From the Start menu, click Control Panel.
2. In the Control Panel window, click Performance And Maintenance.
3. In the Performance And Maintenance window, click System.
4. On the Automatic Updates tab, click the Automatic option.
5. Click OK.
Lesson Review
Use the following questions to help determine whether you have learned enough to
move on to the next lesson. If you have difficulty answering these questions, review
the material in this lesson before beginning the next lesson. You can find answers to
these questions in the “Questions and Answers” section at the end of this chapter.
1. A(n) _______________ is a collection of all updates released to a particular point,
and often includes new features.
2. What is the recommended way to configure the Automatic Updates feature in
Windows XP?
2-50
Chapter 2
Installing Windows XP Professional
3. For how many days does Windows XP function if you do not activate Windows or
are not part of a volume licensing agreement? Choose the correct answer.
a. 10 days
b. 14 days
c. 30 days
d. 60 days
e. 120 days
Lesson Summary
■
You can use the Windows Update site to scan a computer and display available
critical, Windows, and driver updates.
■
Automatic Updates is a Windows XP feature that downloads and installs critical
updates automatically. Although you can specify that Automatic Updates prompt
users before downloading or installing, Microsoft recommends that you configure
it to download and install automatically according to a preset schedule.
■
Service packs are collections of updates (and sometimes new features) that have
been tested to ensure that they work together correctly. Microsoft occasionally
issues new service packs for its products.
Case Scenario Exercises
Read the following two scenarios and answer the associated questions. You can use
the scenarios to help determine whether you have learned enough to move on to the
next chapter. If you have difficulty completing this work, review the material in this
chapter before beginning the next chapter. You can find answers to these questions in
the “Questions and Answers” section at the end of this chapter.
Scenario 2.1
You have been given a computer running Windows 98 Second Edition with the following hardware installed:
■
200 MHz Pentium II processor
■
32 MB of RAM
■
4 GB hard disk, 500 MB free
■
24x CD-ROM drive
Case Scenario Exercises
■
Floppy drive, mouse, keyboard
■
SVGA monitor and video card
■
10 Mbps Ethernet network card
2-51
You will reformat the hard disk, create one partition that uses the entire hard disk, and
install Windows XP Professional.
Question
What additional hardware do you need to install onto the computer prior to installing
Windows XP?
Scenario 2.2
One of your users wants you to install Windows XP Professional on his workstation.
Currently, the workstation is running Windows 98. The user wants to continue having Windows 98 running on the computer because he often must test the software
he develops on that system. The user’s computer is configured with the following
hardware:
■
2.4 GHz Pentium 4 processor
■
512 MB of RAM
■
60 GB hard disk
There are currently 2 partitions on the hard disk: a 20 GB partition on which Windows 98 and the user’s current applications are installed and a 15 GB partition on
which the user stores his documents. Both partitions are formatted using the
FAT32 file system. There is 25 GB of unpartitioned space.
■
24x CD-ROM drive
■
Floppy drive, mouse, keyboard
■
SVGA monitor and video card
■
10 Mbps Ethernet network card
2-52
Chapter 2
Installing Windows XP Professional
Question
How should you configure this computer to run both Windows 98 and Windows XP
Professional?
Troubleshooting Lab
Read the following troubleshooting scenario and then answer the question that follows. You can use this lab to help determine whether you have learned enough to
move on to the next chapter. If you have difficulty completing this work, review the
material in this chapter before beginning the next chapter. You can find the answer to
this question in the “Questions and Answers” section at the end of this chapter.
Scenario
One of your users is attempting to upgrade to Windows XP Professional on a computer
that has been running Windows 98. Her computer has one hard disk that is configured
with a single partition. She has already backed up her computer and plans to reformat
the partition, and then perform a clean installation of Windows XP Professional. She
has configured her BIOS to start the computer from CD-ROM. When she starts the computer, the text mode stage of Windows XP Professional Setup begins as expected.
However, when the user tries to reformat the partition, her computer presents an error
message stating that a virus is attempting to infect the boot sector of her hard disk. She
is certain that she is using a genuine Windows XP Professional installation CD.
Question
What do you suspect is the problem?
Exam Highlights
2-53
Chapter Summary
■
Before installing Windows XP Professional, you should first ensure that your hardware meets the minimum hardware requirements and that your hardware is in the
Windows Catalog. Additional preinstallation tasks include determining how to
partition the hard disk on which you will install Windows XP Professional and
deciding whether to format the partition as NTFS, FAT, or FAT32.
■
Your computer can join a domain or a workgroup during or after installation.
■
When you install Windows XP Professional, the main difference between an overthe-network installation and an installation from CD-ROM is the location of the
source files.
■
After you connect to the shared folder containing the source files and start
Winnt.exe or Winnt32.exe, the installation proceeds as an installation from CDROM. Several switches for Winnt.exe and Winnt32.exe allow you to modify the
installation process. The /checkupgradeonly switch specifies that Winnt32.exe
should check your computer only for upgrade compatibility with Windows XP
Professional.
■
Before you upgrade a client computer to Windows XP Professional, use the Windows XP Professional Compatibility tool to generate a hardware and software
compatibility report. For client systems that test as compatible with Windows XP
Professional, run the Windows XP Professional Setup program (Winnt32.exe) to
complete the upgrade.
■
The Setupact.log action log records and describes in chronological order the
actions that Setup performs. The Setuperr.log error log describes errors that occur
during Setup and indicates the severity of each error.
■
You can use the Windows Update site to scan a computer and display available
critical, Windows, and driver updates. Automatic Updates is a Windows XP feature
that downloads and installs critical updates automatically. Although you can specify that Automatic Updates prompt users before downloading or installing,
Microsoft recommends that you configure it to download and install automatically
according to a preset schedule. Service packs are collections of updates (and
sometimes new features) that have been tested to ensure that they work together
correctly. Microsoft issues new service packs for its products occasionally.
Exam Highlights
Before taking the exam, review the key points and terms that are presented in this
chapter. You need to know this information.
2-54
Chapter 2
Installing Windows XP Professional
Key Points
■
You should memorize the basic hardware requirements for running Windows XP.
A 233MHz processor, 64MB RAM, and a 2GB hard disk with 1.5GB of free space
are required.
■
Unless you are installing Windows XP Professional on a multiple-boot computer
that also has an operating system that cannot access NTFS partitions (such as Windows 98), you should always use NTFS.
■
You can use Winnt.exe and Winnt32.exe to install Windows XP Professional from
the command line by using optional parameters to modify the installation.
Winnt.exe runs under MS-DOS and Windows 3.0/3.1. Winnt32.exe runs under the
32-bit Windows operating systems such as Windows 95, Windows 98, Windows
Me, Windows NT 4.0, and Windows 2000.
Key Terms
Automatic Update A feature that automatically downloads and installs new updates
when they become available.
boot partition The disk partition that possesses the system files required to load the
operating system into memory.
disk partition A logical section of a hard disk on which the computer might write
data.
File Allocation Table (FAT) A file system used in older versions of Windows and
still supported in Windows XP Professional. The 16-bit FAT system for older versions of Windows is called FAT16, and the 32-bit system for newer versions of
Windows is called FAT32.
Files And Settings Transfer Wizard One of two methods used by administrators to
transfer user configuration settings and files from systems running Windows 95 or
later to a clean Windows XP installation.
NTFS The native file management system for Windows XP. However, Windows XP is
also capable of working with FAT and FAT32 file systems so that it can remain
compatible with older Microsoft operating systems.
service pack A collection of all updates for a Microsoft product released to a certain
point. Service packs sometimes include new features, as well.
stop errors Occur when the system detects a condition from which it cannot
recover. (Also referred to as blue screen errors.)
Exam Highlights
2-55
system partition Normally the same partition as the boot partition, this partition
contains the hardware-specific files required to load and start Windows XP.
User State Migration Tools (USMT) Tools that let administrators transfer user configuration settings and files from systems running Windows 95 or later to a clean
Windows XP installation.
Windows Catalog A site that lists all hardware and software tested for compatibility
with Windows XP by Microsoft.
Windows Product Activation (WPA) The process of activating a copy of Windows
with Microsoft after installation. Windows XP Professional requires that the operating system be activated with Microsoft within 30 days of installation.
Windows Update An online service that provides enhancements to the Windows
family of operating systems.
Winnt.exe The command used for starting Windows XP Professional installation in
MS-DOS and Windows 3.0/3.1.
Winnt32.exe The command used for starting Windows XP Professional installation
in Windows 95, Windows 98, Windows Me, Windows NT 4.0, or Windows 2000
Professional.
2-56
Chapter 2
Installing Windows XP Professional
Questions and Answers
Lesson 1 Review
Page
2-10
1. What are the minimum and recommended memory requirements for installing
Windows XP Professional?
The minimum amount of memory required to install Windows XP Professional is 64 MB, and the
recommended amount of memory is 128 MB.
2. What is the minimum hard disk space required for installing Windows XP Professional? Choose the correct answer.
a. 500 MB
b. 1 GB
c. 1.5 GB
d. 2 GB
C is the correct answer. Windows XP Professional requires 1.5 GB of free disk space.
3. What information is required when joining a domain during the Windows XP Professional installation? Choose all that apply.
a. You must know the DNS name for the domain the computer will join.
b. You must have a user account in the domain.
c. At least one domain controller in the domain must be online when you install
a computer in the domain.
d. At least one DNS server must be online when you install a computer in the
domain.
A, C, and D are correct. To join a domain during the installation of Windows XP Professional, you
must know the DNS name for the domain the computer will join. To add an account for the computer to the domain, a domain controller must be available. Also, a DNS server must be available so that the computer on which you are installing Windows XP can locate the domain
controller for the domain. B is not correct because you do not need to have a user account to
join a computer to a domain. However, the computer must already have an account in the
domain, or you must have sufficient privileges in the domain so that you can create a computer
account during the installation.
4. Which of the following statements about file systems are correct? Choose all that
apply.
a. File- and folder-level security is available only with NTFS.
b. Disk compression is available with FAT, FAT32, and NTFS.
Questions and Answers
2-57
c. Dual booting between Windows 98 and Windows XP Professional is available
only with NTFS.
d. Encryption is available only with NTFS.
A and D are correct. NTFS provides file-level security and encryption. B is not correct because
only NTFS offers disk compression; FAT and FAT32 do not. C is not correct because Windows 98
cannot access a drive formatted with NTFS.
Lesson 2 Review
Page
2-22
1. If TCP/IP is installed on your computer, what is the maximum length for the computer name you specify during installation?
63 characters
2. Can you change the computer name after installation without having to reinstall
Windows XP Professional? If you can change the name, how do you do it? If you
cannot change the name, why not?
Yes. To change the computer name after installation is complete, click Start, click My Computer, click View System Information, click the Computer Name tab, and then click Change.
3. Which of the following statements about joining a workgroup or a domain are correct? Choose all that apply.
a. You can add your computer to a workgroup or a domain only during installation.
b. If you add your computer to a workgroup during installation, you can join the
computer to a domain later.
c. If you add your computer to a domain during installation, you can join the
computer to a workgroup later.
d. You cannot add your computer to a workgroup or a domain during installation.
B and C are correct. You can join a domain or a workgroup during installation or at any time following installation. A and D are not correct because you can join a domain or workgroup during
or after installation.
4. When you install networking components with typical settings, what components
are installed? What does each component do?
There are four components. Client For Microsoft Networks allows your computer to access network resources. File And Printer Sharing For Microsoft Networks allows other computers to
access file and print resources on your computer. The QoS Packet Scheduler helps provide a
guaranteed delivery system for network traffic, such as TCP/IP packets. TCP/IP is the default
networking protocol that allows your computer to communicate over LANs and WANs.
2-58
Chapter 2
Installing Windows XP Professional
Lesson 3 Review
Page
2-30
1. On which of the following operating systems running on the client computer do
you use Winnt32.exe to install Windows XP Professional? Choose all that apply.
a. Windows 3.0
b. Windows 95
c. Windows 98
d. Windows NT 4.0
B, C, and D are correct. A is not correct because you use the Winnt.exe command with MS-DOS
and Windows 3.0.
2. Which Windows XP Professional command allows you to verify that your computer is compatible with Windows XP Professional before you begin installing it?
Winnt32.exe with the /checkupgradeonly switch
3. You use the ______ switch with Winnt32.exe to prevent Setup from restarting the
computer after completing the file-copy phase.
/noreboot
4. You use the ___________ switch with Winnt32.exe to tell Setup to copy all installation source files to your local hard disk.
/makelocalsource
Lesson 4 Review
Page
2-35
1. Which of the following operating systems can be upgraded directly to Windows
XP Professional? Choose all that apply.
a. Windows NT Workstation 4.0
b. Windows NT 3.51
c. Windows 2000 Professional
d. Windows NT Server 4.0
A and C are correct. B is not correct because you must first upgrade Windows NT 3.51 to Windows NT 4.0 Workstation, and then upgrade to Windows XP Professional. D is not correct
because you cannot upgrade to Windows XP Professional from a server product.
2. How can you upgrade a computer running Windows 95 to Windows XP Professional?
Upgrade the computer to Windows 98 first, and then upgrade to Windows XP Professional.
3. Before you upgrade a computer running Windows NT 4.0 Workstation, which of
the following actions should you perform? Choose all that apply.
a. Create a 2 GB partition on which to install Windows XP Professional.
Questions and Answers
2-59
b. Verify that the computer meets the minimum hardware requirements.
c. Generate a hardware and software compatibility report.
d. Format the partition containing Windows NT 4.0 so that you can install Windows XP Professional.
B and C are correct. A is not correct because you do not need to create a new partition to
upgrade the operating system. D is not correct because you should not reformat the partition
containing Windows NT 4.0 in order to perform an upgrade. If you did reformat, you would lose
all data, including current configuration information and installed applications.
4. How can you verify that your computer is compatible with Windows XP Professional and therefore can be upgraded?
Use the Windows XP Professional Compatibility tool. You can start this tool by typing winnt32
/checkupgradeonly at the command prompt.
Lesson 5 Review
Page
2-40
1. If you encounter an error during setup, which of the following log files should you
check? Choose all that apply.
a. Setuperr.log
b. Netsetup.log
c. Setup.log
d. Setupact.log
A and D are correct. During installation, Windows XP Professional Setup creates an action log
(Setupact.log) and an error log (Setuperr.log). B and C are not correct because they are not
valid installation log files.
2. If your computer cannot connect to the domain controller during installation, what
should you do?
First, verify that a domain controller is running and online, and then verify that the server running the DNS service is running and online. If both servers are online, verify that the network
adapter card and protocol settings are correctly set and that the network cable is plugged into
the network adapter card.
3. If your computer cannot connect to read the CD-ROM during installation, what
should you do?
Use a different CD-ROM. (To request a replacement CD-ROM, contact Microsoft or your vendor.)
You can also try using a different computer and CD-ROM drive. If you can read the CD-ROM on
a different computer, you can do an over-the-network installation.
Lesson 6 Review
Page
2-49
1. A(n) _______________ is a collection of all updates released to a particular point,
and often includes new features.
service pack
2-60
Chapter 2
Installing Windows XP Professional
2. What is the recommended way to configure the Automatic Updates feature in
Windows XP?
Microsoft recommends that you configure Automatic Updates to download and install updates
automatically according to a preset schedule.
3. For how many days does Windows XP function if you do not activate Windows or
are not part of a volume licensing agreement? Choose the correct answer.
a. 10 days
b. 14 days
c. 30 days
d. 60 days
e. 120 days
C is correct. Windows functions normally for 30 days following installation. If you do not activate Windows within 30 days of installation, you cannot start Windows until you activate it.
Case Scenario Exercises: Scenario 2.1
Page
2-50
What additional hardware do you need to install onto the computer prior to installing
Windows XP?
According to the minimum requirements for installing Windows XP Professional, you would
need to upgrade the processor to at least a 233 MHz processor. Ideally, though, if you want to
upgrade this processor, you should consider upgrading to something significantly faster.
Although Windows XP Professional also requires a minimum of 64 MB RAM, 128 MB of RAM is
recommended for adequate performance.
Case Scenario Exercises: Scenario 2.2
Page
2-51
How should you configure this computer to run both Windows 98 and Windows XP
Professional?
You can install Windows XP Professional either by starting the installation from within Windows
98 or by starting the system using the Windows XP installation CD. You should create a new
partition from the unpartitioned space on which to install Windows XP Professional. You should
probably format the new partition using the FAT 32 file system. If you format the partition using
NTFS, Windows 98 cannot access any data on that partition.
Troubleshooting Lab
Page
2-52
What do you suspect is the problem?
Because Setup is failing when trying to write to the boot sector of the disk (which happens
when Setup tries to reformat the disk), it is likely that the user’s computer has virus detection
enabled in her computer’s BIOS. She must disable the BIOS-based protection while installing
Windows XP Professional. She should re-enable the BIOS-based virus protection after the
installation of Windows XP Professional is complete.
3 Deploying Windows XP
Professional
Exam Objectives in this Chapter:
■
■
Perform and troubleshoot an unattended installation of Microsoft Windows XP
Professional
❑
Install Windows XP Professional by using Remote Installation Services
(RIS).
❑
Install Windows XP Professional by using the System Preparation Tool.
❑
Create unattended answer files by using Windows Setup Manager to
automate the installation of Windows XP Professional.
Manage applications by using Windows Installer packages
Why This Chapter Matters
This chapter prepares you to automate the process of installing Microsoft Windows XP Professional. Automated deployments can be done in three ways. The
decision to use a specific method instead of another is usually determined by the
resources, infrastructure, and deployment time required. The three automated
deployment methods include the following:
■
Small deployments or situations involving many different hardware configurations often use an unattended installation, in which the Winnt32 and
Winnt commands are used along with an unattended answer file to script the
installation. This file is created with Windows Setup Manager.
■
Many larger enterprise deployments use disk duplication to deploy systems, a process in which you use the System Preparation Tool to create an
image from a computer running Windows XP Professional, and then clone
that image on other computers. Using disk duplication usually requires thirdparty software.
■
Microsoft provides Remote Installation Services (RIS) for use in environments in which Active Directory service is available. The RIS server software
(which resides on a server computer running Windows 2000 Server or Windows Server 2003) stores images of Windows XP installations and makes
those images available over the network. A client computer boots from the
network (or by using a special RIS boot disk), contacts the RIS server, and
then installs an image from that server.
3-1
3-2
Chapter 3
Deploying Windows XP Professional
This chapter will also look at some tools in Windows XP Professional that help
make your deployment of Windows XP Professional easier. These tools include
the File and Transfer Wizard, the User State Migration Tool (USMT), and Windows
Installer.
Lessons in this Chapter:
■
Lesson 1: Creating Unattended Installations by Using Windows
Setup Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-3
■
Lesson 2: Deploying Windows XP Professional by Using Disk
Duplication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-18
■
Lesson 3: Performing Remote Installations . . . . . . . . . . . . . . . . . . . . . . . . . . 3-25
■
Lesson 4: Using Tools to Simplify Deployment . . . . . . . . . . . . . . . . . . . . . . . 3-34
Before You Begin
To complete this chapter, you must have a computer that meets or exceeds the minimum hardware requirements listed in the preface, “About This Book.” You must also
have Windows XP Professional installed on a computer on which you can make
changes.
Lesson 1
Creating Unattended Installations by Using Windows Setup Manager
3-3
Lesson 1: Creating Unattended Installations
by Using Windows Setup Manager
This lesson presents methods that will help you create unattended Windows XP Professional installations. When you must install Windows XP Professional on computers
with varying configurations, scripting provides automation with increased flexibility.
You will learn how Windows Setup Manager makes it easy to create the answer files
that are necessary for scripted installations.
After this lesson, you will be able to
■ Describe unattended installations.
■ Find the Windows XP deployment tools.
■ Explain what Windows Setup Manager is used for.
■ Use Windows Setup Manager to create an answer file.
■ Explain how to start an unattended installation.
Estimated lesson time: 45 minutes
Overview of Unattended Installations
At several points during a standard installation, Setup requires that the user provide
information, such as the time zone, network settings, and so on. One way to automate
an installation is to create an answer file that supplies the required information.
Answer files are really just text files that contain responses to some, or all, of the questions that Setup asks during the installation process. After creating an answer file, you
can apply it to as many computers as necessary.
However, there also are certain settings that must be unique to each computer, such as
the computer name. To answer this need, Windows Setup Manager also allows the creation of a file called a uniqueness database file (UDF), which is used in conjunction
with the standard answer file. The UDF contains the settings that are unique to each
computer.
!
Exam Tip Remember that a standard answer file is used to provide the common configuration settings for all computers that are affected during an unattended installation. A UDF
provides the unique settings that each computer needs to distinguish it from other computers.
3-4
Chapter 3
Deploying Windows XP Professional
How to Find the Windows XP Deployment Tools
Windows Setup Manager is one of the Windows XP deployment tools included on the
Windows XP Professional installation CD-ROM. The tools that concern this chapter are
as follows:
■
Deploy.chm A compiled Hypertext Markup Language (HTML) help named
“Microsoft Windows Corporate Deployment Tools User’s Guide” that provides
detailed information on using all the deployment tools
■
Setupmgr.chm
■
Setupmgr.exe
■
Sysprep.exe The System Preparation Tool (covered in Lesson 2, “Deploying
Windows XP Professional by Using Disk Duplication”)
Compiled HTML help file for using Windows Setup Manager
The Windows Setup Manager Wizard tool
To extract the Windows XP deployment tools to your hard disk, use these steps:
1. Insert the Windows XP Professional CD-ROM in the CD-ROM drive.
2. If the Welcome To Microsoft Windows XP screen is displayed automatically, click
Exit to close that screen.
3. In Windows Explorer, create a folder to hold the deployment tools.
4. In Windows Explorer, locate the \Support\Tools folder on the Windows XP
Professional CD-ROM.
5. In the \Support\Tools folder, double-click the Deploy.cab file to open it.
Windows XP Professional displays the contents of Deploy.cab.
6. Select all the files listed in Deploy.cab, and then copy them to the folder you
created on your hard disk.
Tip
To select all the files in any folder quickly, press CTRL+A.
7. Open the folder you created on your hard disk to view the contents and access the
deployment tools.
What Windows Setup Manager Does
Windows Setup Manager provides a wizard-based interface that allows you to
quickly create an answer file for an unattended installation of Windows XP Professional. Windows Setup Manager (see Figure 3-1) enables you to create scripts to perform customized installations on workstations and servers that meet the specific
hardware and network requirements of your organization.
Lesson 1
Creating Unattended Installations by Using Windows Setup Manager
3-5
F03us01.bmp
Figure 3-1
Use Windows Setup Manager to create unattended answer files.
You can create or modify an answer file, typically named unattend.txt, by using Windows
Setup Manager. You can also create answer files with a simple text editor, such as Notepad, but using the Windows Setup Manager reduces errors in syntax.
Windows Setup Manager does the following:
■
Provides a wizard with an easy-to-use graphical interface with which you can create and modify answer files
■
Makes it easy to create UDFs (typically named unattend.udb)
Note
A uniqueness database file (UDF) provides the ability to specify per-computer parameters. The UDF modifies an installation by overriding values in the answer file. When you run
Setup with Winnt32.exe, you use the /udf:id[,UDF_filename] switch. The UDF overrides values
in the answer file, and the identifier (id) determines which values in the .udb file are used.
■
Makes it easy to specify computer-specific or user-specific information
■
Simplifies the inclusion of application setup scripts in the answer file
■
Creates the distribution folder that you use for the installation files
Note
If you are upgrading systems to Windows XP Professional, you can add any application upgrades or update packs to the distribution folder and enter the appropriate commands
in the Additional Commands page of the Windows Setup Manager Wizard so that these
upgrades or update packs are applied to the application as part of the upgrade.
3-6
Chapter 3
Deploying Windows XP Professional
How to Use the Windows Setup Manager to Create an Answer File
Windows Setup Manager provides a straightforward wizard interface. To create an
answer file for a fully automated installation by using Windows Setup Manager, use
these steps:
1. In Windows Explorer, locate the folder where you extracted Windows Setup
Manager (setupmgr.exe). Double-click setupmgr.exe.
Windows XP Professional starts the Windows Setup Manager Wizard.
2. Click Next.
The New Or Existing Answer File page appears.
3. Ensure that the Create A New Answer File is selected, and then click Next.
The Windows Setup Manager Wizard displays the Product To Install page, which
provides the following three options:
❑
Windows Unattended Installation
❑
Sysprep Install
❑
Remote Installation Services
4. Ensure that Windows Unattended Installation is selected, and then click Next.
The Windows Setup Manager Wizard displays the Platform page.
5. Ensure that Windows XP Professional is selected, and then click Next.
The Windows Setup Manager Wizard displays the User Interaction Level page,
shown in Figure 3-2, which has the following five options:
❑
Provide Defaults. The answers you provide in the answer file are the default
answers that the user sees. The user can accept the default answers or change
any of the answers supplied by the script.
❑
Fully Automated. The installation is fully automated. The user does not have
the chance to review or change the answers supplied by the script.
❑
Hide Pages. The answers provided by the script are supplied during the installation. Any page for which the script supplies all answers is hidden from the
user, so the user cannot review or change the answers supplied by the script.
❑
Read Only. The script provides the answers, and the user can view the
answers on any page that is not hidden, but the user cannot change the
answers.
❑
GUI Attended. The text-mode portion of the installation is automated, but
the user must supply the answers for the graphical user interface (GUI) mode
portion of the installation.
Lesson 1
Creating Unattended Installations by Using Windows Setup Manager
3-7
F03us02.bmp
Figure 3-2 Select the level of user interaction you want.
6. Select Fully Automated, and then click Next.
The Windows Setup Manager Wizard displays the Distribution Folder page. The
Setup Manager Wizard can create a distribution folder on your computer or network containing the required source files. You can add files to this distribution
folder to further customize your installation.
7. Select No, This Answer File Will Be Used To Install From A CD, and then click Next.
The Windows Setup Manager Wizard displays the License Agreement page.
8. Select I Accept The Terms Of The License Agreement, and then click Next.
The Windows Setup Manager Wizard displays the Customize The Software page,
shown in Figure 3-3.
F03us03.bmp
Figure 3-3 Use the Customize The Software Page to provide details for the answer file that will
be used during installation.
3-8
Chapter 3
Deploying Windows XP Professional
9. Type your name in the Name box and your organization in the Organization box,
and then click Next.
The Windows Setup Manager Wizard displays the Display Settings page.
10. Leave the default settings on the Display Settings page, and then click Next.
The Windows Setup Manager displays the Time Zone page.
11. Select the appropriate time zone, and then click Next.
The Windows Setup Manager Wizard displays the Providing The Product Key page.
12. Type in the appropriate product key.
Note
The product key identifies your copy of Windows XP Professional, so you need a separate license for each copy that you install. Note, however, that in many corporate environments a volume licensing system is in place, so you might need a special key for that. Also,
Setup Manager does not validate the product key when you enter it, so you won’t actually find
out until installing Windows XP Professional with the answer file whether the key is valid.
Make sure that you use a valid key.
13. Click Next.
The Windows Setup Manager Wizard displays the Computer Names page, shown
in Figure 3-4. Notice that you have three choices:
❑
Enter a series of names to be used during the various iterations of the script.
❑
Click Import and provide the name of a text file that has one computer name
per line listed. Setup imports and uses these names as the computer names in
the various iterations of the script.
❑
Select Automatically Generate Computer Names Based On Organization Name
to allow the system to automatically generate the computer names to be used.
F03us04.bmp
Figure 3-4 Add the names of the computers that will use the installation.
Lesson 1
Creating Unattended Installations by Using Windows Setup Manager
3-9
14. In the Computer Name text box, type a name for the computer, and then click
Add. Repeat this step to add additional computers to the installation.
15. Click Next.
The Windows Setup Manager Wizard displays the Administrator Password page,
which appears with the following two options:
❑
Prompt The User For An Administrative Password
❑
Use The Following Administrative Password (127 Characters Maximum)
Note
You selected the User Interaction level of Fully Automated, so the Prompt The User
For An Administrative Password option is unavailable.
Notice that you have the option to encrypt the Administrator’s password in the
answer file. You also have the option to have the Administrator log on automatically, and you can set the number of times you want the Administrator to log on
automatically when the computer is restarted.
16. Ensure that Use The Following Administrative Password (127 Characters Maximum) is selected, and then type a password in the Password text box and the
Confirm Password box.
17. Select Encrypt Administrator Password In Answer File, and then click Next.
The Windows Setup Manager Wizard displays the Networking Components page,
shown in Figure 3-5, with the following two options:
❑
Typical Settings. Installs Transmission Control Protocol/Internet Protocol
(TCP/IP), enables Dynamic Host Configuration Protocol (DHCP), installs the
Client For Microsoft Networks protocol, and installs File And Printer Sharing
For Microsoft Networks for each destination computer
❑
Customize Settings. Allows you to select and configure the networking
components to be installed
F03us05.bmp
Figure 3-5 Choose network settings for the installation.
3-10
Chapter 3
Deploying Windows XP Professional
18. Configure network settings as appropriate for your network, and then click Next.
The Windows Setup Manager Wizard displays the Workgroup Or Domain page.
19. If the computer will join a workgroup, type the workgroup name. If the computer
will join a domain, click Windows Server Domain, and then type the name of the
domain. If a computer that will join a domain does not already have a computer
account in that domain, you can have Windows Setup create such an account during installation. Click Create A Computer Account In The Domain, and then enter
the credentials for an account that has permission to create new computer
accounts in the domain. Click Next to continue.
The Windows Setup Manager Wizard displays the Telephony page.
20. Select the appropriate setting for What Country/Region Are You In.
21. Type the appropriate setting for What Area (Or City) Code Are You In.
22. If necessary, type the appropriate setting for If You Dial A Number To Access An
Outside Line, What Is It.
23. Select the appropriate setting for The Phone System At This Location Uses, and
then click Next.
The Windows Setup Manager Wizard displays the Regional Settings page. The
default selection is Use The Default Regional Settings For The Windows Version
You Are Installing, but you can also specify different regional settings.
24. Configure the regional settings, and then click Next.
The Windows Setup Manager Wizard displays the Languages page, which allows
you to add support for additional languages.
25. Select additional languages if they are required for the computers on which you
will install Windows XP Professional, and then click Next.
The Windows Setup Manager Wizard displays the Browser And Shell Settings page
with the following three options:
❑
Use Default Internet Explorer Settings
❑
Use An Autoconfiguration Script Created By The Internet Explorer Administration Kit To Configure Your Browser
❑
Individually Specify Proxy And Default Home Page Settings
26. Make your selection, and then click Next.
The Windows Setup Manager Wizard displays the Installation Folder page with the
following three options:
❑
A Folder Named Windows. This is the default selection.
❑
A Uniquely Named Folder Generated By Setup. Setup generates a unique
folder name so that the installation folder will be less obvious. This folder
Lesson 1
Creating Unattended Installations by Using Windows Setup Manager
3-11
name is recorded in the Registry, so programs and program installations can
easily access the Windows XP Professional system files and folders.
❑
This Folder. If you select this option, you must specify a path and folder name.
27. Make your selection, and then click Next.
The Windows Setup Manager Wizard displays the Install Printers page, shown in
Figure 3-6, which allows you to specify a network printer to be installed the first
time a user logs on after Setup.
F03us06.bmp
Figure 3-6 Specify printers to be installed during setup.
28. Add any printers that you want to configure during installation, and then click
Next.
The Windows Setup Manager Wizard displays the Run Once page. This page
allows you to configure Windows to run one or more commands the first time a
user logs on.
29. To add a command, type the command in the Command To Run text box, and
then click Add. Click Next when you are finished adding commands.
The Windows Setup Manager Wizard displays the Additional Commands page.
This page allows you to specify additional commands to be run at the end of the
unattended setup before any user logs on to the computer.
30. To add a command, type the command in the Command To Run text box, and
then click Add. Click Finish when you are finished adding commands.
The Windows Setup Manager Wizard displays a dialog box indicating that
the Windows Setup Manager has successfully created an answer file. It also
prompts you for a location and a name for the script. The default is a file named
unattend.txt in the folder from which you launched Windows Setup Manager.
Note
If multiple computer names were specified, the wizard also creates a .udb file.
3-12
Chapter 3
Deploying Windows XP Professional
31. Accept the default name and location, or type an alternate name and location.
Click OK to continue.
The Windows Setup Manager Wizard displays the Setup Manager Complete page,
indicating that new files were created:
❑
unattend.txt is the answer file.
❑
unattend.udb is the uniqueness database file created if you supply multiple
computer names.
❑
unattend.bat is a batch script that will launch the Windows installation using
the answer file and uniqueness database file.
32. On the File menu, click Exit.
How to Start an Unattended Installation
To perform an installation, you can use the unattend.bat file created by the Windows
Setup Manager. This batch file simply uses the winnt32.exe command to start the installation, supplying parameters based on the location you saved the files to when you ran
Windows Setup Manager. You can modify this batch file to suit your needs or simply
start Setup from the command line yourself (the most common way to start an unattended installation). To start Setup from the command line (or modify the batch file),
you must use a specific parameter and indicate the location of the answer file.
To use the winnt.exe command from a Microsoft MS-DOS or Windows 3.x command
prompt to perform a clean installation of Windows XP, you must use the following syntax:
winnt [/s:SourcePath] [/u:answer file] [/udf:ID [,UDB_file]]
To use the winnt32.exe command from a Windows 95, Windows 98, Windows Me, or
Windows 2000 command prompt to perform a clean installation of Windows XP, you
must use the following syntax:
winnt32 [/unattend[num]:[answer_file] [/udf:ID [,UDB_file]]
See Also
For more information on answer file structure, syntax, and configurable options,
see the Deployment User Tools Guide on the Windows XP Professional CD. You can find it in
the following location: \Support\Tools\Deploy.cab\Deploy.chm.
On the CD
At this point, you should view the multimedia presentation, “How Setup Uses
Answer Files and UDFs,” included in the Multimedia folder on the CD accompanying this book.
This presentation will help deepen your understanding of unattended installations.
Lesson 1
Creating Unattended Installations by Using Windows Setup Manager
3-13
Practice: Creating Unattended Installations with Windows
Setup Manager
In this practice, you extract the Windows XP Professional deployment tools from the
Windows XP Professional CD-ROM you used for program installation, and then you
use the Windows System Manager to create a fully automated unattended answer file.
Exercise 1: Extract the Windows XP Deployment Tools
In this exercise, you extract the Windows deployment tools from the CD-ROM you
used to install Windows XP Professional and copy them to your hard drive.
1. Insert the Windows XP Professional CD-ROM in the CD-ROM drive.
2. If the Welcome To Microsoft Windows XP screen opens automatically, click Exit to
close the screen.
3. In Windows Explorer, locate the root of the C drive and create a folder named
Deploy.
The C:\Deploy folder will be used to contain the files extracted from
DEPLOY.CAB on the Windows XP Professional CD-ROM.
4. In Windows Explorer, open your CD-ROM drive and locate the Support\Tools\
folder. In the Tools folder, double-click Deploy.cab.
Note
If D is not the correct drive letter for your CD-ROM drive, replace the D with the letter
representing your CD-ROM drive.
Windows XP Professional displays the contents of Deploy.cab.
5. Press CTRL+A to select all of the files listed in Deploy.cab.
6. Press CTRL+C to copy the selected files.
7. In Windows Explorer, locate and open the Deploy folder that you created on the
C drive.
8. In the Deploy folder that you created, press CTRL+V to paste (copy) the files.
9. Double-click Readme.txt.
10. Take a moment to view the topics covered in the Readme.txt file, and then close
Notepad.
Exercise 2: Create an Answer File by Using Windows Setup Manager
In this exercise, you use Windows Setup Manager to create an answer file for a fully
automated unattended installation. At the same time, the Windows Setup Manager
Wizard creates a distribution folder and a .udb file.
3-14
Chapter 3
Deploying Windows XP Professional
1. In Windows Explorer, locate the C:\Deploy folder.
2. Double-click Setupmgr.exe
Windows XP Professional starts the Windows Setup Manager Wizard.
3. Click Next.
The New Or Existing Answer File page appears.
4. Ensure that Create A New Answer File is selected, and then click Next.
The Windows Setup Manager Wizard displays the Product To Install page.
5. Ensure that Windows Unattended Installation is selected, and then click Next.
The Windows Setup Manager Wizard displays the Platform page.
6. Ensure that Windows XP Professional is selected, and then click Next.
The Windows Setup Manager Wizard displays the User Interaction Level page.
7. Click Fully Automated, and then click Next.
The Windows Setup Manager Wizard displays the Distribution Folder page.
8. Select No, This Answer File Will Be Used To Install From A CD, and then click
Next.
The Windows Setup Manager Wizard displays the License Agreement page.
9. Select I Accept The Terms Of The License Agreement, and then click Next.
The Windows Setup Manager Wizard displays the Customize The Software page.
10. Type your name in the Name box and your organization in the Organization box,
and then click Next.
The Windows Setup Manager Wizard displays the Display Settings page.
11. Leave the default settings on the Display Settings page, and then click Next.
Windows Setup Manager displays the Time Zone page.
12. Select the appropriate time zone, and then click Next.
The Windows Setup Manager Wizard displays the Providing The Product Key
page.
13. Enter your Windows XP Professional product key, and then click Next.
The Windows Setup Manager Wizard displays the Computer Names page.
14. In the Computer Name text box, type Client1, and then click Add. Repeat this
step to add Client2 and Client3 to the list of names.
Notice that the names Client1, Client2, and Client3 appear in the Computers To Be
Installed box.
Lesson 1
Creating Unattended Installations by Using Windows Setup Manager
3-15
15. Click Next.
The Windows Setup Manager Wizard displays the Administrator Password page.
16. Ensure that Use The Following Administrative Password (127 Characters Maximum) is selected, and then type password in the Password text box and the
Confirm Password text box.
17. Click Encrypt Administrator Password In Answer File, and then click Next.
The Windows Setup Manager Wizard displays the Networking Components page.
18. Leave Typical Settings selected, and then click Next.
The Windows Setup Manager Wizard displays the Workgroup Or Domain page.
19. Click Next to accept the default of the computers joining a workgroup named
WORKGROUP.
The Windows Setup Manager Wizard displays the Telephony page.
20. Select the appropriate setting for What Country/Region Are You In.
21. Type the appropriate setting for What Area (Or City) Code Are You In.
22. If necessary, type the appropriate setting for If You Dial A Number To Access An
Outside Line, What Is It.
23. Select the appropriate setting for The Phone System At This Location Uses, and
then click Next.
The Windows Setup Manager Wizard displays the Regional Settings page.
24. Click Next to accept the default settings.
The Windows Setup Manager Wizard displays the Languages page.
25. Click Next to accept the default setting.
The Windows Setup Manager Wizard displays the Browser And Shell Settings
page.
26. Click Next to accept the default setting: Use Default Internet Explorer Settings.
The Windows Setup Manager Wizard displays the Installation Folder page.
27. Select This Folder. In the This Folder text box, type WINXPPro, and then click
Next.
The Windows Setup Manager Wizard displays the Install Printers page.
28. Click Next to continue without having the script install any network printers.
The Windows Setup Manager Wizard displays the Run Once page.
29. Click Next to continue without having the script run any additional commands.
The Windows Setup Manager Wizard displays the Additional Commands page.
3-16
Chapter 3
Deploying Windows XP Professional
30. Click Finish to complete the script without having the script run any additional
commands.
The Windows Setup Manager Wizard displays a dialog box indicating that the
Windows Setup Manager has successfully created an answer file.
31. Click OK to accept the default file name and location.
The Windows Setup Manager Wizard displays the Setup Manager Complete page.
32. On the File menu, click Exit.
Lesson Review
The following questions are intended to reinforce key information presented in this
lesson. If you are unable to answer a question, review the lesson materials and try the
question again. You can find answers to the questions in the “Questions and Answers”
section at the end of this chapter.
1. What is the purpose of Windows Setup Manager?
2. How can you apply an application update pack as part of the Windows XP Professional installation?
3. What type of answer files does Windows Setup Manager allow you to create?
4. Why would you use a UDF?
Lesson Summary
■
The Windows Setup Manager Wizard makes it easy to create the answer files that
are necessary for unattended installations.
■
To use the Windows Setup Manager, you must extract the files located in the
\Support\Tools\Deploy.cab file on the Windows XP Professional CD-ROM.
Lesson 1
Creating Unattended Installations by Using Windows Setup Manager
3-17
■
Windows Setup Manager provides a wizard with an easy-to-use graphical interface
with which you can create and modify answer files and UDFs. The Windows Setup
Manager makes it easy to specify computer-specific or user-specific information and
to include application setup scripts in the answer file. The Windows Setup Manager
can also create the distribution folder and copy the installation files to it.
■
You run Windows Setup Manager by launching the setupmgr.exe file that you
extracted from the Deploy.cab file. The wizard walks you through choosing the
type of installation you want to create and how much detail you want to provide
in the answer file.
■
To perform an installation, you can use the Unattend.bat file created by the Windows Setup Manager. You can also start Setup from the command line by using
the Winnt.exe command (from an MS-DOS or Windows 3.1 command line) or the
Winnt32.exe command (from a Windows 95 or later command line).
3-18
Chapter 3
Deploying Windows XP Professional
Lesson 2: Using Disk Duplication to Deploy
Windows XP Professional
When you install Windows XP Professional on several computers with identical hardware configurations, the most efficient installation method to use is disk duplication.
By creating a disk image of a Windows XP Professional installation and copying that
image onto multiple destination computers, you save time in the rollout of Windows XP
Professional. This method also creates a convenient baseline that you can easily recopy
onto a computer that is experiencing significant problems.
After this lesson, you will be able to
■ Explain the purpose of disk duplication.
■ Extract the System Preparation Tool that is used to prepare a disk image for duplication.
■ Prepare a computer for the creation of a master image by using the System Preparation
Tool.
■ Install Windows XP Professional from a master disk image.
Estimated lesson time: 40 minutes
Overview of Disk Duplication
Windows XP Professional includes a program named System Preparation
(sysprep.exe) that allows you to prepare master images of an existing Windows XP
installation for distribution to other computers by removing machine-specific information from the image. The first step of creating a disk image is for the administrator to
install Windows XP Professional onto a reference computer. The reference computer
can contain just the Windows XP Professional operating system, or it can contain the
operating system and any number of installed applications.
After the reference computer is configured properly, you will use the System Preparation Tool to prepare the computer for imaging. Many settings on a Windows XP Professional computer must be unique, such as the Computer Name and the Security
Identifier (SID), which is a number used to track an object through the Windows
security subsystem. The System Preparation Tool removes the SID and all other userand computer-specific information from the computer, and then shuts down the computer so that you can use can use a disk duplication utility to create a disk image. The
disk image is simply a compressed file that contains the contents of the entire hard disk
on which the operating system is installed.
When a client computer starts Windows XP Professional for the first time after loading
a disk image that has been prepared with Sysprep, Windows automatically generates a
unique SID, initiates Plug-and-Play detection, and starts the Mini Setup Wizard. The
Lesson 2
Using Disk Duplication to Deploy Windows XP Professional
3-19
Mini Setup Wizard prompts the user for user- and computer-specific information, such
as the following:
■
End-User License Agreement (EULA)
■
Regional options
■
User name and company
■
Product key
■
Computer name and administrator password
■
Time zone selection
Note
When you create a disk image, all the hardware settings of the reference computer
become part of the image. Thus, the reference computer should have the same (or similar)
hardware configuration as the destination computers. If the destination computers contain
Plug and Play devices that are not present in the reference computer, they are automatically
detected and configured at the first startup following installation. The user must install any
non–Plug and Play devices manually.
To install Windows XP Professional using disk duplication, you first need to install and
configure Windows XP Professional on a test computer. You then need to install and
configure any applications and software updates on the test computer.
How to Extract the Windows System Preparation Tool
Before you can use the Windows System Preparation Tool, you must copy the necessary files onto the computer you are using to create the master image. To copy the
System Preparation Tool, you must extract the files from \Support\Tools\Deploy.cab
on the Windows XP Professional CD-ROM. For the steps to do this, see Lesson 1,
“Creating Unattended Installations by Using Windows Setup Manager.”
Preparing a Computer for the Creation of a Master Image
by Using the System Preparation Tool
The System Preparation Tool was developed to eliminate problems encountered in
disk copying. First of all, every computer must have a unique security identifier
(SID). If you copied an existing disk image to other computers, every computer on
which the image was copied would have the same SID. To prevent this problem, the
System Preparation Tool adds a system service to the master image that creates a
unique local domain SID the first time the computer to which the master image is
copied is started.
3-20
Chapter 3
Deploying Windows XP Professional
The hard drive controller device driver and the hardware abstraction layer (HAL)
on the computer on which the disk image was generated and on the computer to
which the disk image was copied must be identical. The other peripherals, such as the
network adapter, the video adapter, and sound cards on the computer on which the
disk image was copied, need not be identical to the ones on the computer on which
the image was generated because the computer will run a full Plug and Play detection
when it starts the first time following installation from the image.
You can run the System Preparation Tool in its default mode by simply double-clicking
the Sysprep.exe file that you extracted from Windows XP deployment tools. Table 3-1
describes some of the optional parameters you can use when running Sysprep.exe.
Table 3-1
Optional Parameters for Sysprep.exe
Switch
Description
/quiet
Runs with no user interaction because it does not show the user
confirmation dialog boxes
/nosidgen
Does not regenerate SID on reboot
/pnp
Forces Setup to detect Plug and Play devices on the destination
computers on the next reboot
/reboot
Restarts the source computer after Sysprep.exe has completed
/noreboot
Shuts down without a reboot
/forceshutdown
Forces a shutdown instead of powering off
Note
For a complete list of the switches for Sysprep.exe, start a command prompt, change
to the Deploy folder or the folder where you installed Sysprep.exe, type sysprep.exe/?, and
press ENTER.
How to Install Windows XP Professional from a Master Disk Image
After running Sysprep on your test computer, you are ready to run a non-Microsoft disk
image copying tool to create a master disk image. Save the new disk image on a shared
folder or CD-ROM, and then copy this image to the multiple destination computers.
End users can then start the destination computers. The Mini-Setup Wizard prompts the
user for computer-specific variables, such as the administrator password for the computer and the computer name. If a sysprep.inf file was provided, the Mini-Setup Wizard
is bypassed, and the system loads Windows XP Professional without user intervention.
You can also automate the completion of the Mini-Setup Wizard further by creating a
sysprep.inf file.
Lesson 2
Using Disk Duplication to Deploy Windows XP Professional
3-21
Practice: Deploying Windows XP Professional by Using Disk Duplication
In this practice, you use the Windows System Preparation Tool to prepare a master image
for disk duplication. You will then use that master image to perform an installation.
Exercise 1: Prepare a Master Image
Important
If you have not completed Exercise 1 of Lesson 1 in this chapter, you must complete that exercise and extract the System Preparation Tool from the Windows XP Professional
CD-ROM before you can complete the following exercise.
Caution
You should perform this procedure only on a test computer that does not contain
valuable data. After completing the following exercise, you will have to reinstall Windows XP
Professional on your computer.
1. Click Start, point to All Programs, point to Accessories, and then click Command
Prompt.
2. In the Command Prompt window, type cd \Deploy, and then press ENTER.
Note
If you extracted the sysprep.exe file to a different location, use that location instead.
3. Type sysprep.exe /pnp /noreboot and then press ENTER.
4. What do the optional parameters /pnp and /noreboot do?
Note
You should run Sysprep only if you are preparing your computer for duplication.
5. If you are certain that you do not mind having to reinstall Windows XP Professional, click OK to continue.
Sysprep displays a System Preparation Tool dialog box that allows you to configure Sysprep.
3-22
Chapter 3
Deploying Windows XP Professional
Note
To quit Sysprep, in the Flags box, click the down-pointing arrow in the Shutdown box,
select Quit, and then click Reseal to stop System Preparation from running on your computer.
6. In the Flags box, select Mini-Setup.
7. In the Shutdown list, click Shut Down, and then click Reseal.
Sysprep displays a Windows System Preparation Tool message box, telling you
that you have chosen to regenerate the SIDs on the next reboot. You need to
regenerate SIDs only if you plan to image after shutdown.
Note
If you did not want to regenerate SIDs, you would click Cancel, select the NoSIDGEN
check box in the Flags box, and then click Reseal.
8. Click OK.
Sysprep displays a Sysprep Is Working message box, telling you that the tool is
removing the system-specific data on your computer. When Sysprep is finished,
your computer shuts down.
9. If your computer does not turn off automatically after shutting down, turn your
computer off.
Exercise 2: Install Windows XP Professional from a Master Image
In this exercise, you use a master disk image that you created in the previous exercise
to install Windows XP Professional. Normally, you would use a third-party tool to copy
this disk image to another computer. For the purposes of this practice, you reinstall by
using the master disk image as if it were a computer that had the disk image copied to it.
1. Turn on your computer.
Setup displays the following message: Please Wait While Windows Prepares To Start.
After a few minutes, Setup displays the Welcome To The Windows XP Setup Wizard page.
2. Click Next to continue with Setup.
The Windows XP Professional Setup Wizard displays the License Agreement page.
3. Read through the license agreement, click I Accept This Agreement, and then
click Next.
The Windows XP Professional Setup Wizard displays the Regional And Language
Options page.
4. Ensure that the Regional And Language Options and Text Input Languages settings
are correct, and then click Next.
The Windows XP Professional Setup Wizard displays the Personalize Your Software page.
Lesson 2
Using Disk Duplication to Deploy Windows XP Professional
3-23
5. In the Name text box, type your name. In the Organization text box, type your
organization name, and then click Next.
The Windows XP Professional Setup Wizard displays the Your Product Key page.
6. Enter your product key, and then click Next.
The Windows XP Professional Setup Wizard displays the Computer Name And
Administrator Password page.
7. In the Computer Name text box, type the name for your computer.
8. In the Password and Confirm Password text boxes, type a password, and then click Next.
The Windows XP Professional Setup Wizard displays the Modem Dialing Information page.
Note
If you do not have a modem, you might not see this page. If you do not get the
Modem Dialing Information page, skip to Step 13.
9. Select the appropriate setting for What Country/Region Are You In.
10. Type the appropriate setting for What Area Or City Code Are You In.
11. If necessary, type the appropriate setting for If You Dial A Number To Access An
Outside Line, What Is It.
12. Select the appropriate setting for The Phone System At This Location Uses, and
then click Next.
The Windows XP Professional Setup Wizard displays the Date And Time Settings page.
13. Ensure that the settings for Date, Time, Time Zone, and Daylight Saving Changes
are correct, and then click Next.
The Windows XP Professional Setup Wizard displays the Networking Settings page.
14. Ensure that the default setting of Typical Settings is selected, and then click Next.
The Windows XP Professional Setup Wizard displays the Workgroup Or Computer
Domain page.
15. Ensure that No, This Computer Is Not On A Network Or Is On A Network Without
A Domain is selected.
16. Ensure that WORKGROUP appears in the Workgroup Or Computer Domain Box,
and then click Next.
The Windows XP Professional Setup Wizard displays the Performing Final Tasks
page, and then it displays the Completing The Windows XP Setup Wizard page.
17. Click Finish.
The system will reboot, and the Welcome screen appears.
18. Log on as you normally would.
3-24
Chapter 3
Deploying Windows XP Professional
Lesson Review
The following questions are intended to reinforce key information presented in this
lesson. If you are unable to answer a question, review the lesson materials and try the
question again. You can find answers to the questions in the “Questions and Answers”
section at the end of this chapter.
1. What is disk duplication?
2. What is the purpose of the System Preparation Tool?
3. What does the /quiet switch do when you run Sysprep.exe?
Lesson Summary
■
The first step in disk duplication is preparing a computer running Windows XP
Professional that will serve as a reference computer. This preparation includes
installing, updating, and configuring the operating system, as well as installing
other applications. After the reference computer is configured, the next step is
using the System Preparation Tool to prepare the computer for imaging. The final
step is using a non-Microsoft disk duplication utility to create a hard disk image.
■
To use the System Preparation Tool, you must extract the files located in the
\Support\Tools\Deploy.cab file on the Windows XP Professional CD-ROM.
■
One of the primary functions of the System Preparation Tool is to delete security
identifiers (SIDs) and all other user-specific or computer-specific information.
■
When the user restarts the destination computer, the Windows Setup Wizard
appears, but requires very little input to complete. You can automate the completion of the Windows Setup Wizard by creating a sysprep.inf file.
Lesson 3
Performing Remote Installations
3-25
Lesson 3: Performing Remote Installations
Remote Installation Services (RIS) is a service that is available for servers running Windows 2000 Server and Windows Server 2003 in a Microsoft Active Directory directory
service environment. The RIS server is a disk image server that contains as many disk
images as are necessary to support the different configurations of Windows XP Professional on a network. A RIS client is a computer that connects to the RIS server and
downloads an image for installation. The RIS server might be preconfigured to download a particular image to a client computer, or the user might be able to select an
image manually from a special RIS Administration menu.
After this lesson, you will be able to
■ Describe how RIS is used
■ Install and configure RIS on a server running Windows Server 2003
■ Explain requirements for RIS client computers
Estimated lesson time: 60 minutes
Overview of RIS
RIS provides the best features of unattended installations and disk duplication and also
provides a powerful way to make remote installations possible in large network environments. The basic RIS process works as follows:
1. In an Active Directory domain, you install RIS on a server running Windows 2000
Server or Windows Server 2003. The methods for installation on each version are
different, and each method is covered in this lesson.
2. You load disk images on the RIS server. RIS supports two types of images:
❑
A CD-based image that contains the Windows XP Professional operating
installation files. You can create answer files for these images to automate the
installation process on the client end.
❑
A Remote Installation Preparation (RIPrep) image that can contain the Windows XP Professional operating system along with other applications. This
image is based on a preconfigured reference computer, much like the computer used in creating images for disk duplication.
3. A client computer connects to the RIS server over the network. Clients must
conform to the Net PC specification or have a network adapter that supports the
Preboot eXecution Environment (PXE) standard for network booting. This
type of adapter allows the client to boot the computer with no pre-existing operating system installed, locate a RIS server, and start the installation process using
an image on the RIS server. For clients who do not have a PXE-compliant network
adapter, you can create a special boot floppy disk that will allow the client to boot
up and contact the RIS server.
3-26
Chapter 3
Deploying Windows XP Professional
4. The client begins the installation of Windows XP Professional from an image on the
RIS server. A RIS server can support many different disk images, and the user of the
client computer can choose the image they want to use to install Windows XP Professional. You can also configure a RIS server so that installation choices are made
automatically when a client computer contacts the RIS server. The user of the client
computer sees a screen that indicates the operating system being installed, but is not
prompted to make any choices or provide any information. If only one image is
available on the RIS server, the user also does not get to make a choice.
5. Windows XP Professional is installed on the client computer. Depending on the
image and type of installation, the user might be or might not be prompted for
personal information during the installation.
RIS provides the following benefits:
■
It enables remote installation of Windows XP Professional.
■
It simplifies server image management by eliminating hardware-specific images
and by detecting Plug and Play hardware during setup.
■
It supports recovery of the operating system and computer in the event of computer failure.
■
It retains security settings after restarting the destination computer.
■
It reduces total cost of ownership (TCO) by allowing either users or technical staff
to install the operating system on individual computers.
Installing and Configuring RIS
RIS is available only on computers running Windows 2000 Server or Windows Server
2003. The RIS server can be a domain controller or a member server. Table 3-2 lists the
network services required for RIS and their RIS function. These network services do
not have to be installed on the same computer as RIS, but they must be available somewhere on the network.
Table 3-2
Network Services Requirements for RIS
Network Service
RIS Function
DNS Service
RIS relies on the Domain Name System (DNS) server for locating
both the directory service and client computer accounts.
DHCP service
Client computers that can perform a network boot receive an Internet
Protocol (IP) address from the DHCP server.
Active Directory
RIS relies on the Active Directory service in Windows XP Professional for locating existing client computers as well as existing RIS
servers.
Lesson 3
Performing Remote Installations
3-27
Note
This chapter covers installing RIS on a computer running Windows Server 2003. The
method for installing RIS on a computer running Windows 2000 Server is different, but you
make many of the same choices.
!
Exam Tip
Remember that RIS requires an Active Directory environment so that RIS clients
can locate RIS servers. Active Directory requires that DNS be used on a network; DNS is
used to locate services in Active Directory. DHCP is also required for RIS because RIS clients
must be able to contact a DHCP server to obtain an IP address so that they can communicate
with other devices on the network.
Remote installation requires that RIS be installed on a volume that is shared over the
network. This shared volume must meet the following criteria:
■
The shared volume cannot be on the same volume that holds the Windows 2000
Server or Windows Server 2003 system files.
■
The shared volume must be large enough to hold the RIS software and the various
Windows XP Professional images.
■
The shared volume must be formatted with the NTFS file system.
To install RIS on a computer running Windows Server 2003, use the following steps:
1. Click Start, point to Control Panel, and then click Add Or Remove Programs.
2. In the Add Or Remove Programs window, click Add/Remove Windows Components.
3. In the Windows Components Wizard, in the Components list, select the Remote
Installation Services check box, and then click Next.
Windows Server 2003 builds a list of necessary files, and then installs RIS.
4. Click Finish to exit the Windows Components Wizard.
Windows prompts you to restart your computer.
5. Click Yes.
The computer restarts.
6. After the computer restarts, log on as an administrator, click Start, point to Administrative Tools, and then click Remote Installation Services Setup.
7. On the Welcome page of the Remote Installation Services Setup Wizard, click Next.
Windows displays the Remote Installation Folder Location page, shown in Figure 3-7. You must specify a path for the location in which to create the installation
folder structure—the folders that will contain the RIS images. This path cannot be
3-28
Chapter 3
Deploying Windows XP Professional
on the system volume. The path must be on an NTFS-formatted volume that has
enough space to hold the images.
F03us07.bmp
Figure 3-7 Specify a path in which to create the installation folder structure.
8. Type a path, and then click Next.
Windows displays the Initial Settings page, as shown in Figure 3-8. By default, the
RIS server will not support client computers until you specifically configure it to
do so following Setup. This gives you the chance to configure the server before
accepting client connections. However, you can select the Respond To Client
Computers Requesting Service check box if you want the server to begin responding immediately.
F03us08.bmp
Figure 3-8 Choose whether the server should respond to client requests immediately or after
configuration.
Lesson 3
Performing Remote Installations
3-29
9. Choose whether you want the server to begin responding to client requests immediately, and then click Next.
Windows displays the Installation Source Files Location page, which you can use to
specify the path to the Windows XP Professional installation files you want to use.
10. Type the path into the Path text box, and then click Next to continue.
11. On the Windows Installation Image Folder Name page, type the name for the
folder to which the Windows installation files will be copied. This folder is created
in the path you specified on the Remote Installation Folder Location page.
12. On the Friendly Description And Help Text page, shown in Figure 3-9, type a
description and help text that helps users on RIS clients identify the operating system.
Click Next to continue.
F03us09.bmp
Figure 3-9 Enter a friendly description for the operating system and any help text that might
assist users.
13. On the Review Settings page, make sure that the settings you have selected look
okay, and then click Finish.
The Remote Installation Services Setup Wizard begins copying Windows installation
files, and then performs a number of additional tasks that include the following:
❑
Creating the remote installation folder
❑
Copying files needed by RIS
❑
Copying the Windows XP Professional installation files to the server
❑
Configuring the Client Installation Wizard screens that appear during a
remote installation
❑
Creating an unattended installation answer file
3-30
Chapter 3
Deploying Windows XP Professional
❑
Creating remote installation services
❑
Updating the Registry
❑
Creating the Single-Instance Store volume
❑
Starting the required RIS services
❑
Authorizing the RIS server in DHCP
14. When the wizard is finished, click Done.
Requirements for RIS Client Computers
To support remote installation from a RIS server, client computers must have one of the
following configurations:
■
A configuration meeting the Net PC specification
■
A network adapter card with a PXE-compliant network adapter and basic input/
output system (BIOS) support for starting the computer from PXE
■
A supported network adapter card and a remote installation boot disk
!
Exam Tip For the exam, remember the three options for enabling a RIS client to boot from
the network and locate a RIS server: Net PC configuration, a PXE-compliant network adapter,
or a supported network adapter card and a remote installation boot disk.
Net PCs
The Net PC is a highly manageable platform with the capability to perform a network
boot, manage upgrades, and prevent users from changing the hardware or operating
system configuration. Additional requirements for the Net PC are as follows:
■
The network adapter must be set as the primary boot device within the system BIOS.
■
The user account that will be used to perform the installation must be assigned the
user right Log On As A Batch Job. For more information on assigning user rights,
see Chapter 16, “Configuring Security Settings and Internet Options.”
Note
The Administrator group does not have the right to log on to a batch job by default.
You should create a new group for performing remote installations, assign that group the Log
On As A Batch Job user right, and then add users to that group prior to attempting a remote
installation.
■
Users must be assigned permission to create computer accounts in the domain
they are joining. The domain is specified in the Advanced Settings on the RIS
server.
Lesson 3
Performing Remote Installations
3-31
PXE-Compliant Network Adapters
Computers that do not directly meet the Net PC specification can still interact with the
RIS server. To enable remote installation on a computer that does not meet the Net PC
specification, perform the following steps:
1. Install a PXE-compliant network adapter card.
2. Set the BIOS to start from the PXE boot ROM.
3. The user account that will be used to perform the installation must be assigned the
user right Log On As A Batch Job.
4. Users must be assigned permission to create computer accounts in the domain they
are joining. The domain is specified in the Advanced Settings on the RIS server.
RIS Boot Floppy Disk
If the network adapter card in a client is not equipped with a PXE boot ROM, or the
BIOS does not allow starting from the network adapter card, create a remote installation boot disk. The boot disk simulates the PXE boot process. After installing RIS, you
can use the Remote Boot Disk Generator (see Figure 3-10), which allows you to easily
create a boot disk.
F03us10.bmp
Figure 3-10
Use the Remote Boot Disk Generator to create RIS boot floppy disks.
You can run the Remote Boot Disk Generator (rbfg.exe) to create a boot disk. The
rbfg.exe file is located in the Admin\i386 folder in the remote installation folder location
you specified when installing RIS. These boot floppies support only the Peripheral Component Interconnect (PCI)–based network adapters listed in the Adapters List. To see the
list of the supported network adapters, click Adapter List, as shown in Figure 3-10. A partial listing of the supported network adapter cards is shown in Figure 3-11.
You also need to set the user rights and permissions. The user account that will be used
to perform the installation must be assigned the user right Log On As A Batch Job. The
users must be assigned permission to create computer accounts in the domain they are
joining. The domain is specified in the Advanced Settings on the RIS server.
3-32
Chapter 3
Deploying Windows XP Professional
F03us11.bmp
Figure 3-11
View network adapters that are supported by boot floppies.
Lesson Review
The following questions are intended to reinforce key information presented in this
lesson. If you are unable to answer a question, review the lesson materials and try the
question again. You can find answers to the questions in the “Questions and Answers”
section at the end of this chapter.
1. What is a RIS server and what is it used for?
2. What network services are required for RIS?
3. What can you do if the network adapter card in a client is not PXE-compliant?
Does this solution work for all network adapter cards? Why or why not?
4. Which user rights must be assigned to the user account that will be used to
perform the remote installation?
Lesson 3
Performing Remote Installations
3-33
Lesson Summary
■
Remote installation is the process of connecting to a Remote Installation Services
(RIS) server and starting an automated installation of Windows XP Professional on
a local computer. Remote installation enables administrators to install Windows XP
Professional on client computers throughout a network from a central location.
■
RIS is available only on computers running Windows 2000 Server or Windows
Server 2003. The RIS server can be a domain controller or a member server. In
Windows Server 2003, you use the Add/Remove Windows Components Wizard to
add the RIS service. After adding the service, you use the Remote Installation Services Setup Wizard to configure RIS.
■
Client computers that support remote installation must have one of the following
configurations:
❑
A configuration that meets the Net PC specification, and the network adapter
must be set as the primary boot device within the system BIOS
❑
A network adapter card with a PXE boot ROM, and BIOS support for starting
from the PXE boot ROM
❑
A supported network adapter card and a remote installation boot disk
Real World Automating Installations in Large Networks
In large network environments, users typically are not responsible for installing
Windows XP Professional themselves. Most IT departments have dedicated staff
whose job it is to purchase or build computers, install the operating system and
applications, configure the computer, and deliver the computers to users. Most
often, this process happens by using disk duplication or RIS.
After installation of the operating system, most large companies use software like
Microsoft Systems Management Server (SMS) to distribute and upgrade software
(SMS cannot be used to install an operating system to new computers because the
client computer must have SMS client components installed). SMS not only automates installations and upgrades; it also monitors the distribution of software
throughout the network, helps resolve problems related to installations, and generates reports on the rate and success of deployments.
3-34
Chapter 3
Deploying Windows XP Professional
Lesson 4: Using Tools to Simplify Deployment
There are some additional tools in Windows XP Professional that will help make your
deployment of the operating system easier. These tools include the Files And Settings
Transfer Wizard, the User State Migration Tool (USMT), and Windows Installer.
After this lesson, you will be able to
■ Use the Files And Settings Transfer Wizard
■ Explain the purpose of the USMT
■ Manage applications by using Windows Installer
Estimated lesson time: 60 minutes
How to Use the Files And Settings Transfer Wizard
Windows XP Professional provides the Files And Settings Transfer Wizard to simplify
the task of moving data files and personal settings from your old computer to your new
one. You do not have to configure all your personal settings on your new computer
because you can move your old settings—including display settings, Microsoft Internet
Explorer and Microsoft Outlook Express options, dial-up connections, and your folder
and taskbar options—to your new computer. The wizard also helps you move specific
files and folders to your new computer as well.
The best way to connect your old computer to your new computer is to use a network
connection, but you can also use a direct cable connection. To directly connect your
computers using a cable, you must have the following items:
■
An available COM port (serial port) on both computers
■
A null modem cable long enough to connect the two computers
Tip Null modem cables are sometimes called serial file transfer cables. The null modem
cable must be serial. You cannot use parallel cables for file transfers using the Direct cable
option. Most older computers have 25-pin serial ports, and most newer ones have 9-pin serial
ports. Before you purchase your cable, check what type of serial ports are on your computers.
To connect your computers and use a network, check out Chapter 15, “Configuring
Network and Internet Connections.” After you have connected your computers, you
are ready to run the Files And Settings Transfer Wizard.
To open the Files And Settings Transfer Wizard, do the following:
1. Click Start, point to All Programs, point to Accessories, and point to System Tools.
Lesson 4
Using Tools to Simplify Deployment
3-35
2. Click Files And Settings Transfer Wizard.
Windows XP Professional starts the Files And Settings Transfer Wizard.
3. In the Welcome To The Files And Settings Transfer Wizard page, click Next.
The Files And Settings Transfer Wizard displays the What Computer Is This page,
which has the following two options:
❑
New Computer. Select this option if you want to transfer your files and
settings to this computer.
❑
Old Computer. Select this option if you want to transfer the files and settings
on this computer to your new computer.
Note
The old computer can be running Windows 95 or later.
4. Select the Old Computer option and click Next. If you have Service Pack 2
installed, a Windows Security Alert dialog box appears. Click Unblock.
The Files And Settings Transfer Wizard displays the Select The Transfer Method
page, which has the following four options:
❑
Direct Cable. A cable that connects your computer’s serial ports.
❑
Home Or Small Office Network. Both computers must be connected to a
network.
❑
Floppy Drive Or Other Removable Media. Both computers must have the
same type of drive.
❑
Other. You can save files and settings to any disk drive or folder on your
computer or on the network.
Note
If you are saving the files and settings to your computer, you can click Browse to
locate or create a new folder to hold the files and settings.
5. Select the appropriate option and click Next. Depending on your choice, you
might be asked to configure your connection. Configure the connection, and then
click Next.
The Files And Settings Transfer Wizard displays the What Do You Want To Transfer page, which has the following three options:
❑
Settings Only. The following settings are transferred: Accessibility, Command Prompt Settings, Display Properties, Internet Explorer Settings,
Microsoft Messenger, Microsoft NetMeeting, Mouse And Keyboard, MSN
Explorer, Network Printer And Drives, Outlook Express, Regional Settings,
Sounds And Multimedia, Taskbar Options, Windows Media Player, and Windows Movie Maker.
3-36
Chapter 3
Deploying Windows XP Professional
❑
Files Only. The following folders are transferred: Desktop, Fonts, My Documents, My Pictures, Shared Desktop, and Shared Documents. The following
files types are transferred: *.asf (Windows Media Audio/Video file), *.asx
(Windows Media Audio/Video shortcut), *.AU (AU format sound), *.avi (video
clip), *.cov (fax cover page file), *.cpe (fax cover page file), *.doc (WordPad
document), *.dvr-ms (Microsoft Recorded TV Show), *.eml (Internet e-mail
message), *.m3u (M3U file), *.mid (MIDI sequence), *.midi (MIDI sequence),
*.mp2 (Movie File MPEG), *.mp3 (MP3 Format Sound), *.mpa (Movie File
MPEG), *.mpeg and *.mpg (Movie File MPEG), *.MSWMM (Windows Movie
Maker Project), *.nws (Internet News Message), *.ppi (Microsoft Passport configuration), *.rft (Rich Text Format), *.snd (AU Sound Format), *.wav (Wave
Sound), *.wm (Windows Media Audio/Video file), *.wma (Windows Media
Audio file), *.wpl (Windows Media Playlist), *.wri (Write document).
❑
Both Files And Settings.
Tip
You can select the Let Me Select A Custom List Of Files And Settings When I Click Next
check box if you do not want all the default folders, file types, and settings to be transferred.
6. Select the appropriate option and click Next.
Unless you select the Let Me Select A Custom List Of Files And Settings When I
Click Next check box, the Files And Settings Transfer Wizard displays the Collection In Progress page. The Files And Settings Transfer Wizard displays the Completing The Collection Phase page.
Important
This page indicates any files and settings that the wizard could not collect. You
must manually transfer these files and settings or they will not be transferred to your new
computer.
7. Click Finish to complete the wizard on your old computer.
8. Move to your new computer and run the Files And Settings Transfer Wizard on it
to complete the transfer of files and settings.
What Is the User State Migration Tool?
The User State Migration Tool (USMT) provides all the same functionality as the Files
And Settings Transfer Wizard plus the ability to fully customize specific settings such as
unique modifications to the Registry. Where the Files And Settings Transfer Wizard is
designed for a single user to migrate settings and files from an old computer to a new
computer, the USMT is designed for administrators to facilitate large-scale deployments
of Windows XP Professional in an Active Directory setting.
Lesson 4
Using Tools to Simplify Deployment
3-37
The USMT consists of two executable files (ScanState.exe, LoadState.exe), and four
migration rule information files (Migapp.inf, Migsys.inf, Miguser.inf, and Sysfiles.inf).
ScanState.exe collects user data and settings based on the information contained in
Migapp.inf, Migsys.inf, Miguser.inf and Sysfiles.inf. LoadState.exe deposits this user
state data on a computer running a fresh (not upgraded) installation of Windows XP
Professional.
See Also For more information on using the USMT, visit http://www.microsoft.com/technet/
prodtechnol/winxppro/deploy/usermigr.mspx.
How to Manage Applications by Using Windows Installer
Windows Installer and installation packages (.msi files) simplify the installation and
removal of software applications. An installation package contains all the information
that the Windows Installer requires to install or uninstall an application or product and to
run the setup user interface. Each installation package includes an .msi file that contains
an installation database, a summary information stream, and data streams for various
parts of the installation. The .msi file can also contain one or more transforms, internal
source files, and external source files or cabinet files required by the installation.
If there is a problem during the installation of a software application, or if the installation fails, Windows Installer can restore or roll back the operating system to its previous state. Windows Installer also reduces conflicts between applications by preventing
the installation of an application from overwriting a dynamic-link library (DLL) used by
another application. Windows Installer can determine if an application you installed
using it has any missing or corrupted files, and can then replace them to resolve the
problem.
To preserve users’ disk space, Windows Installer allows you to install only the essential
files required to run an application. It supports the installation of application features
on demand, which means that the first time a user accesses any feature not included in
the minimal installation, the necessary files are automatically installed. Windows
Installer allows you to configure unattended application installations and it supports
both 32-bit and 64-bit applications.
The Windows Installer can advertise the availability of an application to users or other
applications without actually installing the application. If an application is advertised,
only the interfaces required for loading and launching the application are presented to
the user or other applications. If a user or application activates an advertised interface,
the installer then proceeds to install the necessary components.
The two types of advertising are assigning and publishing. An application appears
installed to a user when that application is assigned to the user. The Start menu
contains the appropriate shortcuts, icons are displayed, files are associated with the
3-38
Chapter 3
Deploying Windows XP Professional
application, and Registry entries reflect the application’s installation. When the user
tries to open an assigned application, it is installed upon demand.
You can also publish a Windows Installer application from within Active Directory. A
published application becomes available to the user for installation, but is not advertised to the user. The user can locate and install the application by using the Add Or
Remove Programs tool in Control Panel.
Windows Installer supports Microsoft’s .NET framework technology. The .NET framework gives developers code reuse, code specialization, resource management, multilanguage development, improved security, deployment, and administration. Windows
Installer also provides software restriction policies that provide virus protection, including protection from Trojan horse viruses and worms propagated through e-mail and
the Web.
The way you troubleshoot a Windows Installer package depends on the problem you
are having. If a Windows Installer package does not install correctly, you need to determine whether the package has become corrupted. To repair a corrupted Windows
Installer package, use the Windows Installer repair option. Open a command prompt
and type the following command:
msiexec /f[p][o][e][d][c[][a][u][m][s][v] {package|ProductCode}
For an explanation of the parameters used with the /f switch in the Msiexec.exe command, see Table 3-3.
Table 3-3
Parameters for the /f Switch for Msiexec.exe
Parameters
Description
P
Reinstall only if the file is missing
O
Reinstall if the file is missing or if an older version is installed
E
Reinstall if the file is missing or if an equal or older version is installed
D
Reinstall if the file is missing or if a different version is installed
C
Reinstall if the file is missing or if the stored checksum does not match the
calculated value
A
Force all the files to be reinstalled
U
Rewrite all the required user-specific Registry entries
M
Rewrite all the required computer-specific Registry entries
S
Overwrite all the existing shortcuts
V
Run from source and recache the local package
There are several additional switches for the Msiexec.exe command. These switches
include the ones explained in Table 3-4. In this table, package is the name of the
Lesson 4
Using Tools to Simplify Deployment
3-39
Windows Installer Package file, and ProductCode is the globally unique identifier
(GUID) of the Windows Installer package. For a complete listing of switches, see Help
And Support Center.
Table 3-4
Switches for Msiexec.exe
Switch
Parameter
Description
/I
{package|ProductCode}
Installs or configures a product
For example: msiexec /i a:\sample.msi
/a
Package
Administrative installation option
For example: msiexec /a a:\sample.msi
/x
{package|ProductCode}
Uninstalls a product
For example: msiexec /x sample.msi
/j
[u|m]package]
Advertises a product, as follows:
u Advertises to the current user
m Advertises to all users
For example: msiexec /jm sample.msi
/L
[i][w][e][a][r][u]
[c][m][p][v][+][!]logfile
The path to the log file. The parameters specify
what to log, as follows:
i Log status messages
w Log nonfatal warnings
e Log all error messages
a Log all startup actions
r Log action-specific records
u Log user requests
c Log initial user interface parameters
m Log out of memory
p Log terminal properties
v Log verbose output
+ Append to existing file
! Flush each line to the log
* Log all information except the v option (wildcard)
To include the v options, specify /L*v
If the installation process stops before completing, either Windows Installer was unable
to read the package, or conditions on your computer prevented it from installing the
application. Open Event Viewer and review the Application log.
See Also
For more information about how to use Event Viewer, see Chapter 18, “Using
Windows XP Tools.”
3-40
Chapter 3
Deploying Windows XP Professional
Lesson Review
The following questions are intended to reinforce key information presented in this
lesson. If you are unable to answer a question, review the lesson materials and try the
question again. You can find answers to the questions in the “Questions and Answers”
section at the end of this chapter.
1. When do you use the Files And Settings Transfer Wizard?
2. Which of the following statements are true for the Files And Settings Transfer Wizard?
(Choose all that apply.)
a. You run the Files And Settings Transfer Wizard only on your old computer.
b. You must run the Files And Settings Transfer Wizard on both your old and
your new computers.
c. You can use a standard 25-pin cable to connect the parallel ports on your old
and new computers to run the Files And Settings Transfer Wizard.
d. You can use serial ports to directly connect your old and new computers to
run the Files And Settings Transfer Wizard.
3. How can Windows Installer help you minimize the amount of disk space taken up
on a user’s disk when you install a new application on that user’s disk?
Lesson Summary
■
The Files And Settings Transfer Wizard simplifies the task of moving data files and
personal settings from your old computer to your new one. The Files And Settings
Transfer Wizard can move your display settings, Internet Explorer and Outlook
Express options, dial-up connections, and your folder and taskbar options to your
new computer.
Case Scenario Exercise
3-41
■
The USMT offers all the advantages of the Files And Settings Transfer Wizard, but is
geared toward large-scale deployments of multiple users in an Active Directory setting.
■
Windows Installer has a client-side installer service, Msiexec.exe, which allows the
operating system to control the installation. Windows Installer uses the information stored in the package file, an .msi file, to install the application.
Case Scenario Exercise
In this exercise, you will read a scenario about deploying Windows XP Professional, and
then answer the questions that follow. If you have difficulty completing this work, review
the material in this chapter before beginning the next chapter. You can find answers to
these questions in the “Questions and Answers” section at the end of this chapter.
Scenario
You are working as an administrator for the School of Fine Art, which has a large campus
in San Francisco. The school’s network consists of 75 client computers running Windows XP Professional and six servers running Windows Server 2003. All computers are
members of the same Active Directory domain. Two of the servers are configured as
domain controllers. The rest are configured as member servers that serve various roles on
the network. The company is adding 25 computers to its network, and you have been
given the responsibility of installing Windows XP Professional on these computers. All 25
of these computers are the same model computer from the same manufacturer and have
similar hardware. Your company has a volume licensing arrangement and has purchased
an additional 25 licenses of Windows XP Professional for the computers.
Questions
1. What automated methods could you use to install Windows XP Professional on
these computers?
2. Because all the computers have the same hardware configuration, you have
decided to use disk duplication to install Windows XP Professional on the computers. What component will you need to obtain that does not come with Windows XP Professional?
3-42
Chapter 3
Deploying Windows XP Professional
3. How should you prepare the reference computer?
Troubleshooting Lab
You are working as an administrator for a company named Wide World Importers,
which has recently hired a number of new employees. The company has purchased a
number of new computers and placed them in the appropriate locations. You do not
have time to install Windows XP Professional for every new user, so you have installed
a RIS server that will enable users to install the operating system when they first start
their computers. The new users have been briefed on the process, but you decide to
test the process on one of the new computers. When you turn on his computer, the
process does not work.
List the network, server, and client requirements for using a RIS server and why those
requirements are important.
The requirements for using a RIS server are as follows:
■
RIS requires an Active Directory environment with DNS and DHCP service. RIS clients must be able to contact a DHCP server to obtain an IP address so they can
communicate with other devices on the network. RIS clients require DNS so that
they can locate the appropriate services in Active Directory. RIS clients require
Active Directory so that they can locate RIS servers.
■
RIS must be installed on a server running Windows 2000 Server or Windows
Server 2003 that is a member of an Active Directory domain. You must add the RIS
service to the computer, and then set the service up.
■
RIS clients must be able to boot from the network. To do this, the client must support the Net PC specification or have a PXE-compliant network adapter, or you
must create a floppy boot disk for the client with drivers for the client’s network
adapter.
Exam Highlights
3-43
Chapter Summary
■
Small deployments or situations involving many different hardware configurations
often use an unattended installation, in which the Winnt32 and Winnt commands
are used along with an unattended answer file to script the installation. This file is
created with Windows Setup Manager.
■
Many larger enterprise deployments use disk duplication to deploy systems, a process in which you use the System Preparation Tool to create an image from a computer running Windows XP Professional, and then clone that image on other
computers. Using disk duplication usually requires third-party software.
■
Microsoft provides RIS for use in environments in which Active Directory service
is available. The RIS server software (which resides on a server computer running
Windows 2000 Server or Windows Server 2003) stores images of Windows XP
installations and makes those images available over the network. A client computer boots from the network (or using a special RIS boot disk), contacts the RIS
server, and then installs an image from that server.
■
Windows XP Professional also provides tools that help make your deployment of
Windows XP Professional easier. These tools include the Files And Settings Transfer Wizard, the USMT, and Windows Installer.
Exam Highlights
Before taking the exam, review the key points and terms that are presented in this
chapter. You need to know this information.
Key Points
■
An answer file is used to provide the common configuration settings for all computers that are affected during an unattended installation. A UDF provides the
unique settings that each computer needs to distinguish it from other computers.
■
RIS requires an Active Directory environment so that RIS clients can locate RIS
servers. Active Directory requires that DNS be used on a network; DNS is used to
locate services in Active Directory. DHCP is also required for RIS because RIS clients must be able to contact a DHCP server to obtain an IP address so that they
can communicate with other devices on the network.
■
There are three ways that a RIS client can boot from the network and locate a RIS
server: by being compliant with the Net PC configuration, having a PXE-compliant
network adapter, or having a supported network adapter card and using a RIS
boot disk.
3-44
Chapter 3
Deploying Windows XP Professional
Key Terms
answer file A text file that supplies Windows XP Professional Setup with information
necessary during the installation process.
disk duplication An automated installation in which you use the System Preparation
Tool to create an image from a computer running Windows XP Professional, and
then clone that image on other computers. Using disk duplication usually requires
third-party software.
Files And Settings Transfer Wizard A Windows XP Professional wizard that simplifies the task of moving data files and personal settings from your old computer to
your new one.
Preboot eXecution Environment (PXE) A standard for network booting that is
supported by some network adapters. Using a PXE-compliant network adapter is
one of three configurations that allow a RIS client to boot from the network and
locate a RIS server. (RIS clients can also be compliant with the Net PC specification
or use a RIS boot disk.)
Remote Installation Services (RIS) Software stores images of Windows XP installations and makes those images available over the network.
System Preparation A utility that allows you to prepare master images of an existing Windows XP installation for distribution to other computers by removing
machine-specific information from the computer.
unattended installation An automated installation in which the Winnt32 and Winnt
commands are used along with an unattended answer file to script the installation.
uniqueness database file (UDF) A text file that is used in conjunction with an
answer file and contains the settings that are unique to each computer.
User State Migration Tool (USMT) A utility that provides all the same functionality
as the Files And Settings Transfer Wizard plus the ability to fully customize specific
settings such as unique modifications to the Registry. The USMT is designed for
administrators to facilitate large-scale deployments of Windows XP Professional in
an Active Directory setting.
Windows Setup Manager A wizard-based program that allows you to quickly create
a script for a unattended installation of Windows XP Professional.
winnt.exe A command-line utility used to start Windows Setup from the MS-DOS or
Windows 3.1 command prompt.
winnt32.exe A command-line utility used to start Windows Setup from the Windows 95 or later command prompt.
Questions and Answers
3-45
Questions and Answers
Lesson 1 Review
Page
3-16
1. What is the purpose of Windows Setup Manager?
Windows Setup Manager makes it easy to create the answer files and uniqueness database
files that you use to run unattended installations.
2. How can you apply an application update pack as part of the Windows XP Professional installation?
You need to add the commands to execute in the Additional Commands page of the Windows
Setup Manager Wizard so that the update packs will be applied to the application as part of the
Windows XP Professional installation.
3. What type of answer files does Windows Setup Manager allow you to create?
Windows Unattended Installation, Sysprep Install, and RIS
4. Why would you use a UDF?
A UDF allows you to specify per-computer parameters for an unattended installation. This file
overrides values in the answer file.
Lesson 2 Practice: Exercise 1
Page
3-21
4. What do the optional parameters /pnp and /noreboot do?
The /pnp parameter forces the destination computer to detect Plug and Play devices on their
first reboot following installation. The /noreboot parameter prevents the computer on which
you are running Sysprep.exe from rebooting after running Sysprep.exe.
A Windows System Preparation Tool dialog box appears, warning you that running Sysprep
might modify some of the security parameters of this system.
Lesson 2 Review
Page
3-24
1. What is disk duplication?
Creating a disk image of a Windows XP Professional installation and copying that image to multiple computers with identical hardware configurations.
2. What is the purpose of the System Preparation Tool?
The System Preparation Tool was developed to prepare a master image for disk copying. Every
computer must have a unique SID. The System Preparation Tool adds a system service to the
master image that will create a unique local domain SID the first time the computer to which
the master image is copied is started. The System Preparation Tool also adds a Mini-Setup Wizard to the master copy that runs the first time the computer to which the master image is copied is started and guides you through entering user-specific information.
3-46
Chapter 3
Deploying Windows XP Professional
3. What does the /quiet switch do when you run Sysprep.exe?
The /quiet switch causes Sysprep.exe to run without any user intervention.
Lesson 3 Review
Page
3-32
1. What is a RIS server and what is it used for?
A RIS server is a computer running Windows 2000 Server or Windows Server 2003, on which
you have installed RIS. The RIS server is used to perform remote installations of Windows XP
Professional. Remote installation enables administrators to install Windows XP Professional on
client computers throughout a network from a central location.
2. What network services are required for RIS?
DNS Service, DHCP, and Active Directory
3. What can you do if the network adapter card in a client is not PXE-compliant?
Does this solution work for all network adapter cards? Why or why not?
If the network adapter card in a client is not PXE-compliant, you can create a remote installation
boot disk that simulates the PXE boot process. A remote installation boot disk does not work
for all network adapter cards; it works only for those cards supported by the Windows 2000
Remote Boot Disk Generator.
4. Which user rights must be assigned to the user account that will be used to perform the remote installation?
The user account that will be used to perform the installation must be assigned the user right
Log On As A Batch Job.
Lesson 4 Review
Page
3-40
1. When do you use the Files And Settings Transfer Wizard?
The Files And Settings Transfer Wizard helps you move data files and personal settings when
you upgrade your hardware. The settings you can move include display settings, Internet
Explorer and Outlook Express options, dial-up connections, and your folder and taskbar
options. The wizard also helps you move specific files and folders to your new computer.
2. Which of the following statements are true for the Files And Settings Transfer
Wizard? (Choose all that apply.)
a. You run the Files And Settings Transfer Wizard only on your old computer.
b. You must run the Files And Settings Transfer Wizard on both your old and
your new computers.
c. You can use a standard 25-pin cable to connect the parallel ports on your old
and new computers to run the Files And Settings Transfer Wizard.
d. You can use serial ports to directly connect your old and new computers to
run the Files And Settings Transfer Wizard.
Questions and Answers
3-47
The correct answers are B and D. A is not correct because you run the wizard on both the old
and new computers. C is not correct because you use parallel ports to directly connect the old
and new computers.
3. How can Windows Installer help you minimize the amount of disk space taken up
on a user’s disk when you install a new application on that user’s disk?
Windows Installer allows you to install only the essential files required to run an application to
reduce the amount of space used on a user’s hard disk. The first time a user accesses any feature not included in the minimal installation, the necessary files are automatically installed.
Case Scenario Exercise Questions
Page
3-41
1. What automated methods could you use to install Windows XP Professional on
these computers?
You could use one of the three methods discussed in this chapter: use Setup Manager to create an answer file, use the System Preparation Tool to prepare images for disk duplication, or
configure RIS on one of the server computers.
2. Because all the computers have the same hardware configuration, you have
decided to use disk duplication to install Windows XP Professional on the computers. What component will you need to obtain that does not come with Windows XP Professional?
You will need to obtain a disk duplication utility to copy the disk images to the new computers.
3. How should you prepare the reference computer?
You should first install Windows XP Professional on the reference computer, and then apply all
available software updates. You should then configure Windows as it should be configured on
all the computers. You should also install any other applications that all of the computers will
need. After you have done this, you should run the System Preparation Tool on the reference
computer to prepare it for disk imaging.
4 Modifying and
Troubleshooting the Startup
Process
Exam Objectives in this Chapter:
■
Restore and back up the operating system, System State data, and user data.
❑
Troubleshoot system restoration by starting in safe mode.
❑
Recover System State data and user data by using the Recovery Console.
Why This Chapter Matters
Troubleshooting startup problems in Microsoft Windows XP Professional is an
important skill. To effectively troubleshoot startup problems, you must have a
clear understanding of how the startup process works. This chapter introduces
the Windows XP Professional startup process. It also teaches how the Windows
Registry works and how to use the startup and recovery tools that Windows XP
Professional provides.
Lessons in this Chapter:
■
Lesson 1: Explaining the Startup Process . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-2
■
Lesson 2: Editing the Registry. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-15
■
Lesson 3: Troubleshooting Problems Using Startup and Recovery Tools. . . . .4-25
Before You Begin
To complete this chapter, you must have a computer that meets the minimum hardware requirements listed in the preface, “About This Book.” You must also have Windows XP Professional installed on your computer.
4-1
4-2
Chapter 4
Modifying and Troubleshooting the Startup Process
Lesson 1: Explaining the Startup Process
In this lesson, you learn about the files that Windows XP Professional uses during the
startup process. You also learn the five stages of startup: preboot sequence, boot
sequence, kernel load, kernel initialization, and logon. You also learn how to effectively troubleshoot the Windows XP Professional startup process.
After this lesson, you will be able to
■ Describe the files used in the startup process.
■ Explain what happens during the preboot sequence.
■ Explain what happens during the boot sequence.
■ Explain the purpose and function of the BOOT.INI file.
■ Explain what happens during the kernel load phase.
■ Explain what happens during the kernel initialization phase.
■ Explain what happens during the logon phase.
Estimated lesson time: 40 minutes
Files Used in the Startup Process
Windows XP Professional requires certain files during startup. Table 4-1 lists the files
used in the Windows XP Professional startup process, the appropriate location of each
file, and the phases of the startup process associated with each file.
Note
%systemroot% represents the path of your Windows XP Professional installation directory, which by default is a folder named \Windows on the system partition.
Table 4-1
Files Used in the Windows XP Professional Startup Process
File
Location
Startup Phase
NTLDR
System partition root (C:\ )
Preboot and boot
BOOT.INI
System partition root
Boot
BOOTSECT.DOS
System partition root
Boot (optional)
NTDETECT.COM
System partition root
Boot
NTBOOTDD.SYS
System partition root
Boot (optional)
NTOSKRNL.EXE
%systemroot%\System32
Kernel load
HAL.DLL
%systemroot%\System32
Kernel load
SYSTEM
%systemroot%\System32
Kernel initialization
Device drivers (.sys)
%systemroot%\System32\Drivers
Kernel initialization
Lesson 1
Explaining the Startup Process
4-3
Note
To view the files listed in Table 4-1, open Windows Explorer and click Folder Options
on the Tools menu. In the View tab of the Folder Options dialog box, under Hidden Files And
Folders, click Show Hidden Files And Folders. Clear the Hide Protected Operating System
Files (Recommended) check box. A Warning message box appears, indicating that it is not a
good idea to display the protected operating system files. Click Yes to display them. Click OK
to close the Folder Options dialog box.
What Happens During the Preboot Sequence
During startup, a computer running Windows XP Professional initializes and then
locates the boot portion of the hard disk.
The following four steps occur during the preboot sequence:
1. The computer runs power-on self test (POST) routines to determine the amount of
physical memory, whether the hardware components are present, and so on. If
the computer has a Plug and Play–compatible basic input/output system (BIOS),
enumeration and configuration of hardware devices occurs at this stage.
2. The computer BIOS locates the boot device, and then loads and runs the Master
Boot Record (MBR).
3. The MBR scans the partition table to locate the active partition, loads the boot sector on the active partition into memory, and then executes it.
4. The computer loads and initializes the NTLDR file, which is the operating system
loader.
Note
Windows XP Professional Setup modifies the boot sector during installation so that
NTLDR loads during system startup.
There are a number of problems that can occur during the preboot sequence, including
the following:
Improper hardware configuration or malfunctioning hardware If the BIOS
cannot detect a hard drive during its POST routine, startup fails early during the
preboot sequence and usually presents a message stating that a hard drive cannot
be located.
Corrupt MBR If your MBR becomes corrupt (a fairly common action taken by
viruses), you can generally repair it by using the Recovery Console, which is covered in Lesson 3, “Troubleshooting Problems Using Startup and Recovery Tools.”
Antivirus software can prevent and often repair a corrupt MBR.
4-4
Chapter 4
Modifying and Troubleshooting the Startup Process
Floppy or USB disk inserted If you see an error message stating that there is a nonsystem disk or a disk error, or stating that no operating system could be found, a
common reason is that a floppy disk or a universal serial bus (USB) flash memory
disk is inserted in the drive during startup. On most computers, BIOS is configured
by default to try starting using the floppy drive or an available USB drive before it
attempts to start by using the hard drive.
What Happens During the Boot Sequence
After the computer loads NTLDR into memory, the boot sequence gathers information
about hardware and drivers in preparation for the Windows XP Professional load
phases. The boot sequence uses the following files: NTLDR, BOOT.INI, BOOTSECT.DOS (optional), NTDETECT.COM, and NTOSKRNL.EXE.
The boot sequence has four phases: initial boot loader phase, operating system selection,
hardware detection, and configuration selection (described in the following sections).
Initial Boot Loader Phase
During the initial boot loader phase, NTLDR switches the microprocessor from real
mode to 32-bit flat memory mode, which NTLDR requires to carry out any additional
functions. Next, NTLDR starts the appropriate minifile system drivers. The minifile system drivers are built into NTLDR so that NTLDR can find and load Windows XP Professional from partitions formatted with file allocation table (FAT), FAT32, or NT file
system (NTFS).
Operating System Selection
During the boot sequence, NTLDR reads the BOOT.INI file. If more than one operating
system selection is available in the BOOT.INI file, a Please Select The Operating System
To Start screen appears, listing the operating systems specified in the BOOT.INI file. If
you do not select an entry before the timer reaches zero, NTLDR loads the operating
system specified by the default parameter in the BOOT.INI file. Windows XP Professional Setup sets the default parameter to the most recent Windows XP Professional
installation. If there is only one entry in the BOOT.INI file, the Please Select The Operating System To Start screen does not appear, and the default operating system is automatically loaded.
Note
If the BOOT.INI file is not present, NTLDR attempts to load Windows XP Professional
from the first partition of the first disk—typically C:\.
Lesson 1
Explaining the Startup Process
4-5
Hardware Detection
NTDETECT.COM and NTOSKRNL.EXE perform hardware detection. NTDETECT.COM
executes after you select Windows XP Professional on the Please Select The Operating
System To Start screen (or after the timer times out).
Note
If you select an operating system other than Windows XP Professional (such as Windows 98), NTLDR loads and executes BOOTSECT.DOS, which is a copy of the boot sector that
was on the system partition at the time Windows XP Professional was installed. Passing execution to BOOTSECT.DOS starts the boot process for the selected operating system.
NTDETECT.COM collects a list of currently installed hardware components and
r e t u r n s this list to NTLDR for later inclusion in the Registry under the
HKEY_LOCAL_MACHINE\HARDWARE key.
NTDETECT.COM detects the following components:
■
Bus/adapter type
■
Communication ports
■
Floating-point coprocessor
■
Floppy disks
■
Keyboard
■
Mouse/pointing device
■
Parallel ports
■
SCSI adapters
■
Video adapters
Configuration Selection
After NTLDR starts loading Windows XP Professional and collects hardware information, the operating system loader presents you with the Hardware Profile/Configuration Recovery menu, which contains a list of the hardware profiles that are set up on
the computer. The first hardware profile is highlighted. You can press the DOWN
arrow key to select another profile. You also can press L to invoke the Last Known
Good configuration.
If there is only a single hardware profile, NTLDR does not display the Hardware Profile/Configuration Recovery menu and loads Windows XP Professional using the
default hardware profile configuration.
4-6
Chapter 4
Modifying and Troubleshooting the Startup Process
Troubleshooting the Boot Sequence
There are a number of problems that can occur during the boot sequence, including
the following:
Missing or corrupt boot files If the NTLDR, BOOT.INI, BOOTSECT.DOS, NTDETECT.COM, or NTOSKRNL.EXE files become corrupt or are missing, you see an error
message indicating the situation, and Windows startup fails. You should use the Recovery Console (described in Lesson 3) to restore the files.
Improperly configured BOOT.INI An improperly configured BOOT.INI file generally results from an error while manually editing the file or from a change to disk configuration. It is also possible for the BOOT.INI file to become corrupt or missing. In this
case, you should use the Recovery Console to restore the files.
Improperly configured hardware NTDETECT.COM can fail during its detection of
hardware if a hardware device is incorrectly configured, a bad driver is installed, or the
device is malfunctioning. If startup fails during hardware detection, you should begin
troubleshooting hardware by removing unnecessary devices from the computer and
adding them back one at a time until you discover the source of the problem. You can
also try the Last Known Good configuration if you suspect that a new configuration or
driver is at fault.
What Is the BOOT.INI File?
When you install Windows XP Professional on a computer, Windows Setup saves the
BOOT.INI file in the active partition. NTLDR uses information in the BOOT.INI file to
display the boot loader screen, from which you select the operating system to start.
The BOOT.INI file includes two sections, [boot loader] and [operating systems], which
contain information that NTLDR uses to create the Boot Loader Operating System
Selection menu. A typical BOOT.INI might contain the following lines:
[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS=”Microsoft Windows XP Professional” /fastdetect
multi(0)disk(0)rdisk(0)partition(1)\WINNT=”Windows NT Workstation Version 4.00”
multi(0)disk(0)rdisk(1)partition(1)\ WINNT=”Windows NT Server Workstation 4.00 [VGA mo
de]” /basevideo /sos
C:\CMDCONS\BOOTSECT.DAT=”Microsoft Windows Recovery Console” /cmdcons
The [operating systems] section of a BOOT.INI file that is created during a default installation of Windows XP Professional contains a single entry for Windows XP Professional. If your computer is a Windows 95–based or Windows 98–based dual-boot
Lesson 1
Explaining the Startup Process
4-7
system, the [operating systems] section also contains an entry for starting the system by
using the other operating system. If you installed Windows XP Professional on a computer and kept an installation of Windows NT 4.0 on another partition of the same
computer, the [operating systems] section also contains an entry for starting the system
using this version of Windows NT.
ARC Paths
During installation, Windows XP Professional generates the BOOT.INI file, which contains Advanced RISC Computing (ARC) paths pointing to the computer’s boot partition.
(RISC stands for Reduced Instruction Set Computing, a microprocessor design that uses
a small set of simple instructions for fast execution.) The following is an example of an
ARC path:
multi(0)disk(0)rdisk(1)partition(2)
Table 4-2 describes the naming conventions for ARC paths.
Table 4-2
ARC Path Naming Conventions
Convention
Description
multi(x) | scsi(x)
The adapter/disk controller. Use scsi to indicate a Small Computer System
Interface (SCSI) controller on which SCSI BIOS is not enabled. For all
other adapter/disk controllers, use multi, including SCSI disk controllers
with BIOS enabled. Here, x represents a number that indicates the load
order of the hardware adapter. For example, if you have two SCSI adapters in a computer, the first to load and initialize receives number 0, and
the next SCSI adapter receives number 1.
Disk(y)
The SCSI ID. For multi, this value is always 0.
Rdisk(z)
A number that identifies the disk (ignored for SCSI controllers).
Partition(a)
A number that identifies the partition.
In both multi and scsi conventions, multi, scsi, disk, and rdisk numbers are assigned
starting with 0. Partition numbers start with 1. All primary partitions are assigned numbers first, followed by logical volumes in extended partitions.
!
Exam Tip
Learn the syntax of ARC paths and how to determine which disk and partition a particular path refers to. Most disk types use the multi convention. The value following multi indicates the disk number. The value following partition indicates the partition number on that disk.
See Figure 4-1 for some examples of how to determine the ARC path.
4-8
Chapter 4
Modifying and Troubleshooting the Startup Process
multi(0)disk(0)rdisk(1)partition(2)
No BIOS
scsi(0)
multi(0)
rdisk(0)
partition
(1)
partition
(2)
disk(0)
rdisk(1)
C:
D:
F:
G:
partition
(1)
partition
(2)
E:
partition
(1)
F04us01
Figure 4-1 ARC paths list the available partitions.
The scsi ARC naming convention varies the disk(y) parameter for successive disks on
one controller, whereas the multi format varies the rdisk(z) parameter.
BOOT.INI Switches
You can add a variety of switches to the entries in the [operating systems] section of the
BOOT.INI file to provide additional functionality. Table 4-3 describes some of these
optional switches that you can use for entries in the BOOT.INI file.
Table 4-3
BOOT.INI Optional Switches
Switch
Description
/basevideo
Boots the computer using the standard Video Graphics
Adapter (VGA) video driver. If a new video driver is not
working correctly, use this switch to start Windows XP
Professional, and then change to a different driver.
/fastdetect=[comx | comx,y,z.]
Disables serial mouse detection. Without a port specification,
this switch disables peripheral detection on all COM ports.
This switch is included in every entry in the BOOT.INI file by
default.
/maxmem:n
Specifies the amount of random access memory (RAM) that
Windows XP Professional uses. Use this switch if you suspect
that a memory chip is bad.
/noguiboot
Boots the computer without displaying the graphical boot
status screen.
/sos
Displays the device driver names as they are loading. Use this
switch when startup fails while loading drivers to determine
which driver is triggering the failure.
Lesson 1
Explaining the Startup Process
4-9
Modifications to BOOT.INI
You can modify the timeout and default parameter values in the BOOT.INI file using
the Startup And Recovery dialog box (which you can open from the Advanced tab of
the System Properties dialog box). In addition, you can manually edit these and other
parameter values in the BOOT.INI file. For example, you might modify the BOOT.INI
file to add more descriptive entries for the Boot Loader Operating System Selection
menu or to include various switches to aid in troubleshooting the boot process.
During Windows XP Professional installation, Windows Setup sets the read-only and
system attributes for the BOOT.INI file. Before editing the BOOT.INI file with a text
editor, you must make the file visible and turn off the read-only attribute. You can
change file attributes using My Computer, Windows Explorer, or the command prompt.
To change file attributes by using My Computer or Windows Explorer, complete the
following steps:
1. From the Start menu, click My Computer.
2. In the My Computer window, double-click the icon for the drive containing the
BOOT.INI file.
3. On the Tools menu, click Folder Options.
4. In the Folder Options dialog box, on the View tab, click Show Hidden Files And
Folders. Clear the Hide Protected Operating System Files check box and click Yes
when prompted. Click OK.
5. Click Show The Contents Of This Drive. In the window showing the contents of
the drive, right-click the file named BOOT, and then click Properties.
6. On the General tab, under Attributes, clear the Read-Only check box, and then
click OK.
To change file attributes using the command prompt, switch to the directory containing
the BOOT.INI file if necessary, and then type
attrib -s -r boot.ini
After you have changed the attributes of the BOOT.INI file, you can open and modify
the file using a text editor.
What Happens During the Kernel Load Phase
After configuration selection, the Windows XP Professional kernel (NTOSKRNL.EXE)
loads and initializes. NTOSKRNL.EXE also loads and initializes device drivers and loads
services. If you press ENTER when the Hardware Profile/Configuration Recovery menu
4-10
Chapter 4
Modifying and Troubleshooting the Startup Process
appears, or if NTLDR makes the selection automatically, the computer enters the kernel
load phase. The screen clears, and a series of white rectangles appears across the bottom of the screen, indicating startup progress.
During the kernel load phase, NTLDR does the following:
■
Loads NTOSKRNL.EXE, but does not initialize it.
■
Loads the hardware abstraction layer file (HAL.DLL).
■
Loads the HKEY_LOCAL_MACHINE\SYSTEM Registry key.
■
Selects the control set it will use to initialize the computer. A control set contains
configuration data used to control the system, such as a list of the device drivers
and services to load and start.
■
Loads device drivers with a value of 0x0 for the Start entry. These typically are
low-level hardware device drivers, such as those for a hard disk. The value for the
List entry, which is specified in the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ServiceGroupOrder subkey of the Registry, defines the order
in which NTLDR loads these device drivers.
Problems during the kernel load phase of startup often occur because of corrupted system files or because of a hardware malfunction. In the case of corrupted system files,
you can try to replace those files using the Recovery Console, which is covered in Lesson 3. In the case of a hardware problem, you will likely need to troubleshoot by
removing or replacing hardware components until you identify the problem. You may
be able to isolate the hardware device causing the problem by enabling boot logging
(which is also covered in Lesson 3).
What Happens During the Kernel Initialization Phase
When the kernel load phase is complete, the kernel initializes, and then NTLDR passes
control to the kernel. At this point, the system displays a graphical screen with a status
bar that indicates load status. Four tasks are accomplished during the kernel initialization stage:
The Hardware key is created. On successful initialization, the kernel uses the data
collected during hardware detection to create the Registry key
HKEY_LOCAL_MACHINE\HARDWARE. This key contains information about
hardware components on the system board and the interrupts used by specific
hardware devices.
The Clone control set is created. The kernel creates the Clone control set by copying the control set referenced by the value of the Current entry in the
Lesson 1
Explaining the Startup Process
4-11
HKEY_LOCAL_MACHINE\SYSTEM\Select subkey of the Registry. The Clone control set is never modified because it is intended to be an identical copy of the data
used to configure the computer and should not reflect changes made during the
startup process.
Device drivers are loaded and initialized. After creating the Clone control set, the
kernel initializes the low-level device drivers that were loaded during the kernel
load phase. The kernel then scans the HKEY_LOCAL_MACHINE\ SYSTEM\CurrentControlSet\Services subkey of the Registry for device drivers with a value of
0x1 for the Start entry. As in the kernel load phase, a device driver’s value for the
Group entry specifies the order in which it loads. Device drivers initialize as soon
as they load. If an error occurs while loading and initializing a device driver, the
boot process proceeds based on the value specified in the ErrorControl entry for
the driver. Table 4-4 describes the possible ErrorControl values and the resulting
boot sequence actions.
Table 4-4
ErrorControl Values and Resulting Action
ErrorControl
Value
Action
0x0 (Ignore)
The boot sequence ignores the error and proceeds without displaying an
error message.
0x1 (Normal)
The boot sequence displays an error message, but ignores the error and proceeds.
0x2 (Severe)
The boot sequence fails and then restarts using the Last Known Good control
set. If the boot sequence is currently using the Last Known Good control set,
the boot sequence ignores the error and proceeds.
0x3 (Critical)
The boot sequence fails and then restarts using the Last Known Good control
set. However, if the Last Known Good control set is causing the critical error,
the boot sequence stops and displays an error message.
Note
ErrorControl values appear in the Registry under the subkey HKEY_LOCAL_MACHINE\
SYSTEM\CurrentControlSet\Services\name_of_service_or_driver\ErrorControl.
Services are started. After the kernel loads and initializes device drivers, Session
Manager (SMSS.EXE) starts the higher-order subsystems and services for Windows
XP Professional. Session Manager executes the instructions in the BootExecute
data item, and in the Memory Management, DOS Devices, and SubSystems keys.
Table 4-5 describes the function of each instruction set and the resulting Session
Manager action.
4-12
Chapter 4
Table 4-5
Modifying and Troubleshooting the Startup Process
Session Manager Reads and Executes These Instruction Sets
Data Item or Key Action
BootExecute
data item
Session Manager executes the commands specified in this data item before
it loads any services.
Memory Management key
Session Manager creates the paging file information required by the Virtual
Memory Manager.
DOS Devices key
Session Manager creates symbolic links that direct certain classes of commands to the correct component in the file system.
SubSystems key
Session Manager starts the Win32 subsystem, which controls all input/output (I/O) and access to the video screen, and starts the WinLogon process.
What Happens During the Logon Phase
The logon phase begins at the conclusion of the kernel initialization phase. The Win32
subsystem automatically starts WINLOGON.EXE, which in turn starts the Local Security
Authority (LSASS.EXE) and displays the Logon dialog box. You can log on at this time,
even though Windows XP Professional might still be initializing network device drivers.
Next, the Service Control Manager executes and makes a final scan of the HKEY_
LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services subkey, looking for services
with a value of 0x2 for the Start entry. These services, including the Workstation service
and the Server service, are marked to load automatically.
The services that load during this phase do so based on their values for the DependOnGroup or DependOnService entries in the HKEY_LOCAL_MACHINE\ SYSTEM\CurrentControlSet\Services Registry subkey.
A Windows XP Professional startup is not considered good until a user successfully
logs on to the system. After a successful logon, the system copies the Clone control set
to the Last Known Good control set.
Note
For more information on Last Known Good configuration, see Lesson 3 later in this
chapter.
Lesson Review
Use the following questions to help determine whether you have learned enough to
move on to the next lesson. If you are unable to answer a question, review the lesson
materials and try the question again. You can find answers to the questions in the
“Questions and Answers” section at the end of this chapter.
Lesson 1
Explaining the Startup Process
4-13
1. Windows XP Professional modifies the boot sector during installation so that
__________ loads during system startup. Fill in the blank.
2. What is the purpose of the BOOT.INI file, and what happens if it is not present?
3. What does the BOOTSECT.DOS file contain and when is it used?
4. A user calls you and tells you that Windows XP Professional does not appear to be
loading correctly. The Hardware Profile/Configuration Recovery menu does not
appear when the computer is restarted, but it does appear on the computer of the
person sitting in the next cubicle when that computer is restarted. What would
you tell the user?
Lesson Summary
■
Files used during the Windows XP Professional startup process include NTLDR,
BOOT.INI, BOOTSECT.DOS, NTDETECT.COM, NTBOOTDD.SYS, NTOSKRNL.EXE, HAL.DLL, SYSTEM, and Device drivers (.sys).
■
During the preboot sequence, the BIOS runs a POST test, locates a boot device,
and loads the MBR found on that boot device. The MBR loads the boot sector on
the active partition into memory and then initializes NTLDR.
■
The boot sequence has four phases: initial boot loader phase, operating system
selection, hardware detection, and configuration selection. The boot sequence
uses the following files: NTLDR, BOOT.INI, BOOTSECT.DOS (optional), NTDETECT.COM, and NTOSKRNL.EXE.
4-14
Chapter 4
Modifying and Troubleshooting the Startup Process
■
NTLDR uses information in the BOOT.INI file to display the boot loader screen,
from which you select the operating system to start. You can edit the BOOT.INI
file, including modifying ARC paths and using the optional BOOT.INI switches.
■
During the kernel load phase, the Windows XP Professional kernel (NTOSKRNL.EXE) loads and initializes. NTOSKRNL.EXE also loads and initializes device
drivers and loads services.
■
During the kernel initialization phase, the kernel initializes, and then NTLDR
passes control to the kernel. At this point, the system displays a graphical screen
with a status bar that indicates load status. Four tasks are accomplished during the
kernel initialization phase:
■
❑
The Hardware key is created.
❑
The Clone control set is created.
❑
Device drivers are loaded and initialized.
❑
Services are started.
During the logon phase, the Win32 subsystem automatically starts WINLOGON.EXE, which in turn starts the Local Security Authority (LSASS.EXE) and
displays the Logon dialog box. You can log on at this time, even if Windows XP
Professional might still be initializing network device drivers.
Lesson 2
Editing the Registry
4-15
Lesson 2: Editing the Registry
Windows XP Professional stores hardware and software settings centrally in a hierarchical database called the Registry, which replaces many of the .ini, .sys, and .com configuration files used in earlier versions of Windows. The Registry controls the Windows
XP Professional operating system by providing the appropriate initialization information to boot Windows XP Professional, to start applications, and to load components
such as device drivers and network protocols.
Most users of Windows XP Professional never need to access the Registry. However,
management of the Registry is an important part of the system administrator’s job, and
includes viewing, editing, backing up, and restoring the Registry. You use Registry Editor to view and change the Registry configuration.
After this lesson, you will be able to
■ Identify the purpose of the Registry.
■ Define the hierarchical structure of the Registry.
■ View and edit the Registry by using Registry Editor.
Estimated lesson time: 40 minutes
What Is the Registry?
The Registry is a hierarchical database that contains a variety of different types of data,
including descriptions of the following:
■
The hardware installed on the computer, including the central processing unit
(CPU), bus type, pointing device or mouse, and keyboard.
■
Installed device drivers.
■
Installed applications.
■
Installed network protocols.
■
Network adapter card settings. Examples include the interrupt request (IRQ) number, memory base address, I/O port base address, I/O channel ready, and transceiver type.
The Registry structure provides a secure set of records. The data in the Registry is read,
updated, or modified by many of the Windows XP Professional components. Table 4-6
describes some of the components that access and store data in the Registry.
4-16
Chapter 4
Table 4-6
Modifying and Troubleshooting the Startup Process
Components That Use the Registry
Component
Description
Windows XP
Professional kernel
During startup, the Windows XP Professional kernel (NTOSKRNL.EXE)
reads information from the Registry, including the device drivers to load
and the order in which they should be loaded. The kernel writes information about itself to the Registry, such as the version number.
Device drivers
Device drivers receive configuration parameters from the Registry. They
also write information to the Registry. A device driver informs the Registry which system resources it is using, such as hardware interrupts or
direct memory access (DMA) channels. Device drivers also report discovered configuration data.
User profiles
Windows XP Professional creates and maintains user work environment
settings in a user profile. When a user logs on, the system caches the
profile in the Registry. Windows XP Professional first writes user configuration changes to the Registry and then to the user profile.
Setup programs
During setup of a hardware device or application, a setup program can
add new configuration data to the Registry. It can also query the Registry
to determine whether required components have been installed.
Hardware profiles
Computers with two or more hardware configurations use hardware profiles. When Windows XP Professional starts, the user selects a hardware
profile, and Windows XP Professional configures the system accordingly.
NTDETECT.COM
During system startup, NTDETECT.COM performs hardware detection.
This dynamic hardware configuration data is stored in the Registry.
The Hierarchical Structure of the Registry
The Registry is organized in a hierarchical structure similar to the hierarchical structure
of folders and files on a disk. Figure 4-2 shows the hierarchical structure of the Registry
as displayed by the Registry Editor.
F04us02r
Figure 4-2 Registry Editor displays the hierarchical structure of the Registry.
Lesson 2
Editing the Registry
4-17
Table 4-7 describes the components that make up the hierarchical structure of the Registry.
Table 4-7
Components That Make Up the Registry
Component Description
Subtree
A subtree (or subtree key) is analogous to the root folder of a disk. The Windows XP Professional Registry has two subtrees: HKEY_LOCAL_MACHINE and
HKEY_USERS. However, to make the information in the Registry easier to find
and view, there are five predefined subtrees that can be seen in the editor:
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_CURRENT_CONFIG
Keys
Keys, which are analogous to folders and subfolders, correspond to hardware or
software objects and groups of objects. Subkeys are keys within higher-level keys.
Entries
Keys contain one or more entries. An entry has three parts: name, data type, and
value (data or configuration parameter).
Hive
A hive is a discrete body of keys, subkeys, and entries. Each hive has a corresponding Registry file and .log file located in %systemroot%\System32\Config.
Windows XP Professional uses the .log file to record changes and ensure the
integrity of the Registry.
Data types
Each entry’s value is expressed as one of these data types:
REG_SZ (String value). One value; Windows XP Professional
interprets it as a string to store.
■ REG_BINARY (Binary value). One value; it must be a string of
hexadecimal digits. Windows XP Professional interprets each pair as
a byte value.
■ REG_DWORD (DWORD value). One value; must be a string of 1–8
hexadecimal digits.
■ REG_MULTI_SZ (Multistring value). Multiple values allowed;
Windows XP Professional interprets each string as a component of
MULTI_SZ separate entries.
■ REG_EXPAND_SZ (Expandable string value). Similar to REG_SZ,
except the text can contain a replaceable variable. For example, in the
string %systemroot%\NTVDM.EXE, Windows XP Professional replaces
the systemroot environmental variable with the path to the Windows XP
Professional System32 folder.
■ REG_FULL_RESOURCE_DESCRIPTOR. Stores a resource list for hardware components or drivers. You cannot add or modify an entry with
this data type.
■
4-18
Chapter 4
Modifying and Troubleshooting the Startup Process
Registry Subtrees
Understanding the purpose of each subtree can help you locate specific keys and values in the Registry. The following five subtrees or subtree keys are displayed in the
Registry Editor (refer to Figure 4-2):
HKEY_CLASSES_ROOT Contains software configuration data: object linking and
embedding (OLE) and file-class association data. This subtree points to the Classes
subkey under HKEY_LOCAL_MACHINE\SOFTWARE.
HKEY_CURRENT_USER Contains data about the current user. Retrieves a copy of
each user account used to log on to the computer from the NTUSER.DAT file and
stores it in the %systemroot%\Profiles\username key. This subkey points to the
same data contained in HKEY_USERS\SID_currently_logged_on_user. This subtree takes precedence over HKEY_LOCAL_MACHINE for duplicated values.
HKEY_LOCAL_MACHINE Contains all configuration data for the local computer,
including hardware and operating system data such as bus type, system memory,
device drivers, and startup control data. Applications, device drivers, and the operating system use this data to set the computer configuration. The data in this subtree remains constant regardless of the user.
HKEY_USERS Contains the .DEFAULT subkey, which holds the system default settings (system default profile) used to display the CTRL+ALT+DELETE logon screen,
and the Security Identifier (SID) of the current user.
HKEY_CURRENT_CONFIG Contains data on the active hardware profile extracted
from the SOFTWARE and SYSTEM hives. This information is used to configure settings such as the device drivers to load and the display resolution to use.
The HKEY_LOCAL_MACHINE Subtree
HKEY_LOCAL_MACHINE provides a good example of the subtrees in the Registry for
two reasons:
■
The structure of all subtrees is similar.
■
HKEY_LOCAL_MACHINE contains information specific to the local computer and
is always the same, regardless of the user who is logged on.
The HKEY_LOCAL_MACHINE root key has five subkeys, which are explained in Table 4-8.
Table 4-8
HKEY_LOCAL_MACHINE Subkeys
Subkey
Description
HARDWARE
The type and state of physical devices attached to the computer. This subkey is
volatile, meaning that Windows XP Professional builds it from information gathered during startup. Because the values for this subkey are volatile, it does not
map to a file on the disk. Applications query this subkey to determine the type
and state of physical devices attached to the computer.
Lesson 2
Table 4-8
Editing the Registry
4-19
HKEY_LOCAL_MACHINE Subkeys
Subkey
Description
SAM
The directory database for the computer. The SAM hive maps to the SAM and
SAM.LOG files in the %systemroot%\System32\Config directory. Applications
that query SAM must use the appropriate application programming interfaces
(APIs). This hive is a pointer to the same one accessible under
HKEY_LOCAL_MACHINE\SECURITY\SAM.
SECURITY
The security information for the local computer. The SECURITY hive maps to
the Security and SECURITY.LOG files in the %systemroot%\System32\Config
directory.
Applications cannot modify the keys contained in the SECURITY subkey.
Instead, applications must query security information by using the security APIs.
SOFTWARE
Information about the local computer software that is independent of per-user
configuration information. This hive maps to the Software and SOFTWARE.LOG
files in the %systemroot%\System32\Config directory. It also contains file associations and OLE information.
SYSTEM
Information about system devices and services. When you install or configure
device drivers or services, they add or modify information under this hive.
The SYSTEM hive maps to the System and SYSTEM.LOG files in the
%systemroot%\System32\Config directory. The Registry keeps a backup of
the data in the SYSTEM hive in the SYSTEM.ALT file.
Control Sets
A typical Windows XP Professional installation contains the following control set subkeys: Clone, ControlSet001, ControlSet002, and CurrentControlSet. Control sets are
stored as subkeys of the Registry key HKEY_LOCAL_MACHINE\SYSTEM (see Figure
4-3). The Registry might contain several control sets, depending on how often you
change or have problems with system settings.
F04us03
Figure 4-3
You can view the current control sets using Registry Editor.
4-20
Chapter 4
Modifying and Troubleshooting the Startup Process
The CurrentControlSet subkey is a pointer to one of the ControlSet00x keys. The Clone
control set is a clone of the control set used to initialize the computer (either Default
or Last Known Good), and is created by the kernel initialization process each time you
start your computer. The Clone control set is not available after you log on.
To better understand control sets, you should know about the Registry subkey
HKEY_LOCAL_MACHINE\SYSTEM\Select. The entries contained in this subkey
include the following:
Current Identifies which control set is the CurrentControlSet. When you use Control
Panel options or the Registry Editor to change the Registry, you modify information in the CurrentControlSet.
Default Identifies the control set to use the next time Windows XP Professional starts
unless you select the Last Known Good configuration. Default and Current typically contain the same control set number.
Failed Identifies the control set that was designated as failed the last time the computer was started using the Last Known Good control set.
LastKnownGood Identifies a copy of the control set that was used the last time the
computer started Windows XP Professional successfully. After a successful logon,
the Clone control set is copied to the Last Known Good control set.
Each of these entries in HKEY_LOCAL_MACHINE\SYSTEM\Select takes a
REG_DWORD data type, and the value for each entry refers to a specific control set.
For example, if the value for the Current entry is set to 0x1, the CurrentControlSet
points to ControlSet001. Similarly, if the value for the Last Known Good entry is set to
0x2, the Last Known Good control set points to ControlSet002.
How to View and Edit the Registry Using the Registry Editor
Setup installs Registry Editor (REGEDIT.EXE) in the %systemroot%\System32 directory
during installation. However, because most users do not need to use Registry Editor, it
does not appear on the Start menu. To start Registry Editor, click Run on the Start
menu, type Regedit, and then click OK.
Although Registry Editor allows you to perform manual edits on the Registry, it is
intended for troubleshooting and problem resolution. You should make most configuration changes through either Control Panel or Administrative Tools. However, some
configuration settings can be made only directly through the Registry.
Caution Using Registry Editor incorrectly can cause serious, system-wide problems that
could require reinstallation of Windows XP Professional. When using Registry Editor to view or
edit data, use a program such as Windows Backup to save a backup copy of the Registry file
before viewing. In Windows XP Professional, you can use Backup to back up the System State,
which includes the Registry, the COM class registration database, and the system boot files.
Lesson 2
Editing the Registry
4-21
Registry Editor saves data automatically as you make entries or corrections. New Registry data takes effect immediately.
You can select Find Key on the View menu to search the Registry for a specific key.
Key names appear in the left pane of Registry Editor. The search begins at the currently
selected key and parses all descendant keys for the specified key name. The search is
local to the subtree in which the search begins. For example, a search for a key in the
HKEY_LOCAL_MACHINE subtree does not include keys under
HKEY_CURRENT_USER.
Practice: Modifying the Registry
In this practice, you use Registry Editor to view the information in the Registry. Complete Exercise 1 to determine information such as the BIOS, the processor on your
computer, and the version of the operating system. Complete Exercise 2 to use Registry
Editor’s Find Key command to search the Registry for a specific word with key names.
Complete Exercise 3 to modify the Registry by adding a value to it, and save a subtree
as a file so that you can use an editor such as Notepad to search the file.
Exercise 1: Exploring the Registry
1. Ensure that you are logged on as Administrator.
2. From the Start menu, click Run.
3. In the Run dialog box, type Regedit and then click OK.
Security Alert
You should make it a practice not to log on as an administrator when performing non-administrative functions. It is better to log on as a normal user and use the Run
As command when you need to perform an administrative function. If you prefer to run the
Registry Editor without logging on as an administrator, at the command prompt, type
runas /user:administrator regedit.
4. Maximize the Registry Editor window, and then expand HKEY_LOCAL_MACHINE.
5. Under HKEY_LOCAL_MACHINE, expand HARDWARE.
6. Expand DESCRIPTION and then double-click the System subkey. Find the following information:
❑
The SystemBiosDate and SystemBiosVersion of your computer
❑
The computer type of your local machine according to the Identifier entry
7. Expand SOFTWARE\Microsoft\WindowsNT.
8. Click CurrentVersion, and then fill in the following information.
4-22
Chapter 4
Modifying and Troubleshooting the Startup Process
Software Configuration
Value and String
Current build number
Current version
Registered organization
Registered owner
Exercise 2: Using the Find Command
In this exercise, you use the Registry Editor’s Find command to search the Registry to
find a specific word in the keys, values, and data in the Registry.
1. In Registry Editor, click the HKEY_LOCAL_MACHINE subkey to ensure that the
entire subtree is searched.
2. On the Edit menu, click Find.
3. In the Find dialog box, in the Find What text box, type serial and then clear the
Values and Data check boxes. Click Find Next.
4. The Registry Editor locates and highlights the first entry containing serial. Press F3
to find the next entry containing serial. Continue pressing F3 until a Registry Editor
dialog box appears, indicating that Registry Editor has finished searching the Registry. Notice that serial appears in many locations in the Registry.
5. Click OK to close the Registry Editor dialog box.
Exercise 3: Modifying the Registry
1. In Registry Editor, expand HKEY_CURRENT_USER.
2. Under HKEY_CURRENT_USER, click Environment. The values in the Environment
key appear in the right pane of the Registry Editor window.
3. Click the Edit menu, point to New, and then click String Value. The Registry Editor
adds a New Value #1 entry in the right pane of the Registry Editor window.
4. Name the new value Test and then press ENTER.
5. Right-click the Test value, and then click Modify.
6. In the Edit String dialog box, in the Value Data text box, type
%windir%\system32 and then click OK. Test REG_SZ %windir%\ system32 is
now an entry in the right pane of the Registry Editor window.
7. Minimize the Registry Editor window.
8. From the Start menu, right-click My Computer, and then click Properties.
Lesson 2
Editing the Registry
4-23
9. In the System Properties dialog box, on the Advanced tab, click Environment
Variables.
10. In the Environment Variables dialog box, ensure that the test variable appears in
the User Variables For Administrator list.
11. Close the Environment Variables dialog box, and then close the System Properties
dialog box.
Lesson Review
Use the following questions to help determine whether you have learned enough to
move on to the next lesson. If you are unable to answer a question, review the lesson
materials and try the question again. You can find answers to these questions in the
“Questions and Answers” section at the end of this chapter.
1. What is the Registry and what does it do?
2. What are some of the Windows XP Professional components that use the Registry?
3. How do you access the Registry Editor?
4. Why should you make most of your configuration changes through either Control
Panel or Administrative Tools rather than by editing the Registry directly with the
Registry Editor?
4-24
Chapter 4
Modifying and Troubleshooting the Startup Process
Lesson Summary
■
Windows XP Professional stores hardware and software settings in the Registry, a
hierarchical database that replaces many of the .ini, .sys, and .com configuration
files used in earlier versions of Windows. The Registry provides the appropriate
initialization information to boot Windows XP Professional, to start applications,
and to load components such as device drivers and network protocols.
■
The Registry structure provides a secure set of records that can be read,
updated, or modified by many of the Windows XP Professional components.
The Registry has two subtrees: HKEY_LOCAL_MACHINE and HKEY_USERS.
However, additional parts of the Registry (including HKEY_CLASSES_ROOT,
HKEY_CURRENT_USER, and HKEY_CURRENT_CONFIG) are represented in the
top level of the visible structure in Registry Editor to make important areas easier
to locate.
■
The Registry Editor (REGEDIT.EXE) allows you to view and change the Registry.
The Registry Editor is primarily intended for troubleshooting. For most configuration changes, you should use either Control Panel or Administrative Tools, not
Registry Editor.
Lesson 3
Troubleshooting Problems Using Startup and Recovery Tools
4-25
Lesson 3: Troubleshooting Problems Using Startup and
Recovery Tools
In this lesson, you learn about the tools and options Windows XP Professional provides to help you troubleshoot problems with starting your computer and recovering
from disasters. These tools include safe mode, the Last Known Good configuration,
and the Recovery Console (which are all covered in this lesson), and the Automated
System Restore Wizard (which is covered in Chapter 20, “Backing Up and Restoring
Data”).
After this lesson, you will be able to
■ Troubleshoot startup using safe mode.
■ Troubleshoot startup using the Last Known Good configuration.
■ Describe additional advanced boot options.
■ Perform troubleshooting and recovery tasks using the Windows XP Professional Recov-
ery Console.
Estimated lesson time: 40 minutes
Guidelines for Troubleshooting Startup Using Safe Mode
If your computer does not start normally, you might be able to start it by using safe
mode. Pressing F8 during the operating system selection phase of startup (just after the
POST screen disappears) displays a screen with advanced options for booting Windows XP Professional. If you select safe mode, Windows XP Professional starts with
limited device drivers and system services. These basic device drivers and system services include the mouse, standard VGA monitor, keyboard, mass storage, default system services, and no network connections. Safe mode also ignores programs that
automatically start up, user profiles, programs listed in the Registry to automatically
run, and all local group policies.
Safe mode provides access to Windows XP Professional configuration files, so you can
make configuration changes. You can disable or delete a system service, a device
driver, or an application that automatically starts that prevents the computer from starting normally.
If you choose to start your computer in safe mode, the background will be black and
“Safe Mode” appears in all four corners of the screen (see Figure 4-4). If your computer
does not start using safe mode, you can try Windows XP Professional Automatic System Recovery.
4-26
Chapter 4
Modifying and Troubleshooting the Startup Process
F04us04
Figure 4-4 Use safe mode to troubleshoot drivers and services that prevent Windows from starting
normally.
Safe Mode with Networking
One variation of safe mode is safe mode with networking, which is identical to safe
mode except that it adds the drivers and services necessary to enable networking to
function when you restart your computer. Safe mode with networking allows Group
Policy to be implemented, including settings that are implemented by the server during
the logon process and those configured on the local computer.
Safe Mode with Command Prompt
A second variation of safe mode is safe mode with command prompt, which is similar
to safe mode, but it loads the command interpreter as the user shell instead of the
graphical interface, so when the computer restarts, it displays a command prompt.
See Also After starting a computer in safe mode, you can use the tools built into Windows
XP Professional to troubleshoot any problems you are having. Coverage of specific troubleshooting tools appears throughout this book. You can learn more about troubleshooting hardware devices and drivers in Chapter 6, “Installing, Managing, and Troubleshooting Hardware
Devices and Drivers.” You can learn more about using the Windows Event Viewer to view
important event logs in Chapter 18, “Using Windows XP Tools.”
Lesson 3
Troubleshooting Problems Using Startup and Recovery Tools
4-27
Guidelines for Troubleshooting Startup Using the Last Known Good
Configuration
Selecting the Last Known Good configuration advanced boot option starts Windows XP
Professional using the control set saved to the Registry following the last successful
logon. If you change the Windows XP Professional configuration to load a driver and
have problems rebooting, you can use the Last Known Good configuration to recover
your working configuration.
Windows XP Professional provides two configurations for starting a computer, Default
and Last Known Good. Figure 4-5 shows the events that occur when you make configuration changes to your system. Any configuration changes (for example, adding or
removing drivers) are saved in the Current control set.
Map
addresses
Virtual address space
Physical memory
Swap memory
contents
Disk
F04us05
Figure 4-5
Default and Last Known Good are the two available startup configurations.
After you reboot the computer, the kernel copies the information in the Current control
set to the Clone control set during the kernel initialization phase. When you successfully log on to Windows XP Professional, the information in the Clone control set is
copied to the Last Known Good control set, as shown in the lower part of Figure 4-5.
If you experience startup problems that you think might relate to Windows XP Professional configuration changes, shut down the computer without logging on, and then
restart it. When you are prompted to select the operating system to start from a list of the
operating systems specified in the BOOT.INI file, press F8 to open the Windows
Advanced Options Menu screen. Then select the Last Known Good Configuration option.
!
Exam Tip The Safe Mode and Last Known Good Configuration options are two of the most
useful tools to try first when troubleshooting Windows startup. Enabling Boot Logging is also
useful, typically when you are having trouble locating the source of the problem.
4-28
Chapter 4
Modifying and Troubleshooting the Startup Process
The next time you log on, the Current configuration is copied to the Default configuration. If your configuration changes work correctly, the next time you log on, the Current
configuration is copied to the Default configuration. If your configuration changes do
not work, you can restart and use the Last Known Good Configuration option to log on.
Table 4-9 summarizes the purpose of the Default and Last Known Good configurations.
Table 4-9
Default and Last Known Good Configurations
Configuration
Description
Default
Contains information that the system saves when a computer shuts down.
To start a computer using the default configuration, select Windows XP
Professional on the Please Select The Operating System To Start menu.
Last Known Good
Contains information that the system saves after a successful logon. The
Last Known Good configuration loads only if the system is recovering from
a severe or critical device driver loading error or if it is selected during the
boot process.
Table 4-10 lists situations in which you can use the Last Known Good configuration
and the related solutions.
Table 4-10 When to Use the Last Known Good Configuration
Situation
Solution
After a new device driver is
installed, Windows XP
Professional restarts, but the
system stops responding.
Use the Last Known Good configuration option to start Windows
XP Professional because the Last Known Good configuration
does not contain any reference to the new (possibly faulty)
driver.
You accidentally disable a
critical device driver (such
as the Scsiport driver).
Some critical drivers are written to keep users from making the
mistake of disabling them. With these drivers, the system automatically reverts to the Last Known Good control set if a user
disables the driver. If the driver does not automatically cause the
system to revert to the Last Known Good control set, you must
manually select the Last Known Good Configuration option.
Using the Last Known Good configuration does not help in the following situations:
■
When the problem is not related to Windows XP Professional configuration
changes. Such a problem might arise from incorrectly configured user profiles or
incorrect file permissions.
■
After you log on. The system updates the Last Known Good control set with Windows XP Professional configuration changes after a successful logon.
■
When startup failures relate to hardware failures or missing or corrupted files.
Lesson 3
Troubleshooting Problems Using Startup and Recovery Tools
4-29
Important
Starting Windows XP Professional using the Last Known Good configuration
overwrites any changes made since the last successful boot of Windows XP Professional.
Additional Advanced Boot Options
Pressing F8 during the operating system selection phase displays a screen with the
Windows Advanced Options menu. This menu provides the following additional
options:
Enable Boot Logging Selecting the Enable Boot Logging advanced boot option logs
the loading and initialization of drivers and services for troubleshooting boot
problems. All drivers and services that are loaded and initialized or that are not
loaded in a file are logged. The log file, NTBTLOG.TXT, is located in the %windir%
folder. All three versions of safe mode automatically create this boot log file.
See Also
You can learn more about using boot logging to troubleshoot by reading Appendix D
of the Microsoft Windows XP Professional Resource Kit Documentation on the Microsoft Web
site at http://www.microsoft.com/resources/documentation/Windows/XP/all/reskit/en-us/.
Enable VGA Mode Selecting the Enable VGA Mode advanced boot option starts
Windows XP Professional with a basic VGA driver. Use this setting if you are experiencing problems with the video card, video driver, or monitor.
Directory Services Restore Mode Selecting the Directory Services Restore Mode
advanced boot option is applicable only to domain controllers, so it does not
apply to computers running Windows XP Professional.
Debugging Mode Selecting the Debugging Mode advanced boot option starts Windows XP Professional in kernel debug mode, which allows a debugger to break
into the kernel for troubleshooting and system analysis.
Disable Automatic Restart On System Failure By default, Windows XP Professional automatically restarts the computer when there is a system failure. Normally, this default setting works well, but you might want to disable automatic
restarts when you are troubleshooting certain problems. A good example of this is
when troubleshooting stop errors. If automatic restarting is enabled, Windows
restarts the computer before you can get a chance to read the error message. Use
the Disable Automatic Restart On System Failure setting to prevent Windows from
restarting when the computer fails (using this setting gives you the chance to read
the error or perform any actions you need to perform before a restart).
4-30
Chapter 4
Modifying and Troubleshooting the Startup Process
Note
When using the advanced boot options in Windows XP, logging is enabled with every
option except Last Known Good Configuration. The system writes the log file (NTBTLOG.TXT)
to the %systemroot% folder. In addition, each option except Last Known Good Configuration
loads the default VGA driver.
Using an advanced boot option to boot the system sets the environment variable
%SAFEBOOT_OPTION% to indicate the mode used to boot the system.
How to Perform Troubleshooting and Recovery Tasks Using the
Recovery Console
The Windows XP Professional Recovery Console is a text mode command interpreter
that you can use to access NTFS, FAT, and FAT32 volumes without starting Windows XP
Professional. The Recovery Console allows you to perform a variety of troubleshooting
and recovery tasks, including the following:
■
Copying files between hard disks and from a floppy disk to a hard disk (but not
from hard disk to a floppy disk), which allows you replace or remove items that
might be affecting the boot process, or to retrieve user data from an unsalvageable
computer
■
Starting and stopping services
■
Adding, removing, and formatting partitions on the hard disk
■
Repairing the MBR or boot sector of a hard disk or volume
■
Restoring the Registry
This section explains how to install, start, and use the Recovery Console and presents
the major Recovery Console commands.
!
Exam Tip
The Recovery Console provides an excellent way to access hard disks when the
operating system will not boot. You can use the Recovery Console to access all partitions on
a drive, regardless of the file system.
How to Install the Recovery Console
To install the Recovery Console, insert the Windows XP Professional CD-ROM into
your CD-ROM drive, and close the Windows XP Professional CD dialog box if it opens.
Open a Run dialog box or a Command Prompt window in Windows XP Professional,
and run the command drive:\i386\Winnt32.exe /cmdcons, where drive represents the
Lesson 3
Troubleshooting Problems Using Startup and Recovery Tools
4-31
letter of the CD-ROM or network drive that holds the Windows XP installation files.
After installation, you can start the Recovery Console by choosing it from the list of
installed operating systems—you do not need to have the installation CD.
How to Start the Windows XP Professional Recovery Console
You can also run the Recovery Console from the Windows XP Professional CD-ROM
without installing it. The Recovery Console provides a limited set of administrative
commands that you can use to repair your Windows XP Professional installation. You
can use the following steps to start the Recovery Console from the Windows XP Professional CD-ROM:
1. Insert the Windows XP Professional CD-ROM into the CD-ROM drive and restart
the computer. If your computer or the workstation you want to repair does not
have a bootable CD-ROM drive, you need to insert your Windows XP Professional
Setup Boot disk into your floppy disk drive. Insert the additional Windows XP Professional Setup disks when you are prompted to do so.
2. When Setup displays the Setup Notification message, read it, and then press Enter
to continue.
3. Setup displays the Welcome To Setup screen. In addition to the initial installation
of Windows XP Professional, you can use Windows Setup to repair or recover a
damaged Windows XP Professional installation. Press R to repair a Windows XP
Professional installation.
4. The Windows XP Recovery Console screen appears. Press C to start the Recovery
Console.
5. If you have more than one installation of Windows XP Professional on the computer, you are prompted to select which installation you want to repair. Type 1
and then press ENTER.
6. Type the Administrator’s password, and then press ENTER.
7. Setup displays a command prompt. Type help and then press ENTER for a list of
the commands available.
8. When you have completed the repair process, type exit and then press ENTER.
The computer will restart.
The Major Recovery Console Commands
There are a number of commands available in the Recovery Console, some of which
are described in Table 4-11.
4-32
Chapter 4
Modifying and Troubleshooting the Startup Process
Table 4-11 Major Recovery Console Commands
Command
Description
Attrib
Changes the attributes of a file or folder.
– Clears an attribute
+ Sets an attribute
c Compressed file attribute
h Hidden file attribute
r Read-only attribute
s System file attribute
Chdir (cd)
Displays the name of the current folder or changes the current folder.
Chkdsk
Checks a disk and displays a status report.
Cls
Clears the screen.
Copy
Copies a single file to another location. You cannot copy a file from a hard
drive to a floppy disk, but you can copy a file from a floppy disk or a CD-ROM
to a hard drive or from a hard drive to another hard drive. This command
allows you to access and recover user data when you cannot otherwise start
the computer.
Delete (Del)
Deletes one or more files.
Dir
Displays a list of files and subfolders in a folder. The wildcard characters * and
? are permitted.
Disable
Disables a system service or a device driver.
Diskpart
Creates, deletes, and manages partitions on your hard disk.
/add Creates a new partition
/delete Deletes an existing partition
Do not modify the structure of dynamic disks with this command because you
might damage your partition table.
Enable
Starts or enables a system service or a device driver.
Exit
Exits the Recovery Console and restarts your computer.
Expand
Expands a compressed file stored on the Windows XP Professional CD-ROM
or from within a .cab file and copies it to a specified destination.
Fdisk
Manages partitions on your hard disk.
Fixboot
Writes a new partition boot sector onto the system partition.
Fixmbr
Repairs the MBR of the partition boot sector. This command overwrites only the
master boot code, leaving the existing partition table intact. If corruption in the
MBR affects the partition table, running fixmbr might not resolve the problem.
Format
Formats a disk. If no file system is specified, NTFS is used by default.
Help
Lists the commands you can use in the Recovery Console.
Logon
Logs on to a Windows XP Professional installation.
Map
Displays the drive letter mappings.
Mkdir (md)
Creates a folder.
Lesson 3
Table 4-11
Troubleshooting Problems Using Startup and Recovery Tools
4-33
Major Recovery Console Commands
Command
Description
More
Displays a test file.
Rmdir (rd)
Deletes a folder.
Rename (ren)
Renames a single file.
Systemroot
Sets the current folder to the %systemroot% folder of the system you are currently logged on to.
Type
Displays a text file.
See Also
You can also use Recovery Console to restore System and Software files, which
are stored in the %systemroot%\System32\Config folder, with a backup copy that is stored in
the %systemroot%\repair folder. Windows XP Professional uses these files to create the registry keys HKEY_LOCAL_MACHINE\SYSTEM and HKEY_LOCAL_MACHINE\SOFTWARE. The Windows Backup program automatically backs up these files when you back up the System
State. For more information about backups and about restoring these files by using Recovery
Console, see Chapter 20, “Backing Up and Restoring Data.”
Real World Fixing Corrupted Boot Files
Although the Recovery Console is useful for replacing missing and corrupted boot
files such as NTLDR and for fixing problematic MBRs, this is an area in which you
should be careful. One of the most common reasons for MBR and NTLDR problems is a type of virus known as a boot sector virus—a virus that resides in the
MBR. Once entrenched, boot sector viruses can set about corrupting other files,
such as NTLDR. Boot sector viruses can also be difficult to get rid of because they
can often survive even a full reformatting of a hard disk. Even if you use the
Recovery Console to fix a corrupted boot file, you should not assume that you
have gotten to the root of the problem.
Fortunately, there are some fairly simple steps you can take to help prevent boot
sector viruses from ever becoming a problem. First, all computers should be running good antivirus software that is kept up-to-date with the latest virus information. You should configure the antivirus software to perform full system scans
regularly—scans that include the MBR. On most computers, you can also configure BIOS to prevent virus-like activity (which essentially means that it will prompt
you before it allows any program to write information to the boot sector).
4-34
Chapter 4
Modifying and Troubleshooting the Startup Process
Practice: Installing and Accessing the Windows XP Professional
Recovery Console
In this practice, you install and then start the Recovery Console, and you look at Help
to determine which commands are available in the Recovery Console. You also use the
Listsvc command to view the services, and then use the Disable command to disable
the Server service. Complete Exercises 1, 2, and 3.
Exercise 1: Installing the Windows XP Professional Recovery Console
In this exercise, you install the Recovery Console.
1. Log on as Administrator.
2. Insert the Windows XP Professional CD into the CD-ROM drive.
3. When the Windows XP Professional CD splash screen appears, close it.
4. From the Start menu, click Run.
5. In the Run dialog box, type <cd-drive>:\i386\winnt32 /cmdcons (where
<cd-drive> represents the letter assigned to your CD-ROM drive), and then click
OK.
Security Alert If you have installed Windows XP Service Pack 2 on your computer, you cannot install the Recovery Console. Instead, you must run the Recovery Console from your
installation CD. If you have not yet installed Service Pack 2, you can first install the Recovery
Console and then install Service Pack 2.
6. In the Windows Setup message box that appears, click Yes to install the Windows
XP Professional Recovery Console. Windows Setup next attempts to contact
Microsoft and confirm that you have the latest version of Setup; it then installs the
Windows XP Recovery Console on your hard disk. Windows XP Professional then
displays a Windows XP Professional Setup message box indicating that the Windows Recovery Console has been successfully installed.
7. Click OK to close the Microsoft Windows XP Professional Setup dialog box.
Exercise 2: Using the Recovery Console to Disable the Server Service
In this exercise, you start the Recovery Console and use the Help command to view the
available commands. You then use the Listsvc and Disable commands.
1. Restart your computer.
2. In the Please Select The Operating System To Start screen, select Windows Recovery Console.
Lesson 3
Troubleshooting Problems Using Startup and Recovery Tools
4-35
3. The Windows XP Recovery Console starts and prompts you to select which Windows installation you want to log on to. If you had more than one Windows XP
Professional installation on this computer, all of them would be listed here. Type
1 and then press ENTER.
4. When prompted for the Administrator password, enter your password and press
ENTER.
5. At the prompt, type help and then press ENTER to see the list of available commands.
6. Scroll through the list of commands.
7. The Listsvc command allows you to view all the available services. Type listsvc
and press ENTER, and then scroll through the list of available services.
8. Press ESC to stop viewing services.
9. Type disable and press ENTER.
The Disable command allows you to disable a Windows system service or driver.
10. Type disable server and then press ENTER.
Recovery Console displays several lines of text describing how the Registry entry
for the Server service has been changed from Service_Demand_Start to
Service_Disabled. The Server service is now disabled.
11. Type exit and then press ENTER to restart your computer.
Exercise 3: Restarting the Server Service
In this exercise, you confirm that the Server service is disabled and then restart it.
1. Log on as Administrator.
2. Click Start, click All Programs, click Administrative Tools, and then click Computer
Management.
3. In the Computer Management window, expand Services And Applications.
4. Under Services And Applications, click Services.
5. Double-click Server.
6. In the Server Properties dialog box, change the Startup Type option to Automatic
and click OK.
7. Right-click Server and click Start.
8. Close the Computer Management window.
4-36
Chapter 4
Modifying and Troubleshooting the Startup Process
Lesson Review
Use the following questions to help determine whether you have learned enough to
move on to the next lesson. If you are unable to answer a question, review the lesson
materials and try the question again. You can find answers to these questions in the
“Questions and Answers” section at the end of this chapter.
1. What is safe mode and why do you use it?
2. How do you start Windows XP Professional in safe mode?
3. When is the Last Known Good configuration created?
4. When do you use the Last Known Good configuration?
Case Scenario Exercise
4-37
5. How can you install the Windows XP Professional Recovery Console on your
computer?
Lesson Summary
■
If your computer does not start, you might be able to start it by using safe mode
because Windows XP Professional starts with limited device drivers and system
services.
■
If you change the Windows XP Professional configuration to load a driver and
have problems rebooting, you can use the Last Known Good process to recover
your working configuration.
■
Pressing F8 during the operating system selection phase displays a screen with the
Windows Advanced Options menu that provides the following options: Safe
Mode, Safe Mode With Networking, Safe Mode With Command Prompt, Enable
Boot Logging, Enable VGA Mode, Last Known Good Configuration, Directory Services Restore Mode, and Debugging Mode.
■
The Windows XP Professional Recovery Console is a command-line interface that
you can use to perform a variety of troubleshooting and recovery tasks.
Case Scenario Exercise
In this exercise, you will read a scenario about a user who is experiencing a startup
problem and then answer the questions that follow. If you have difficulty completing
this work, review the material in this chapter before beginning the next chapter. You
can find answers to these questions in the “Questions and Answers” section at the end
of this chapter.
Scenario
You are an administrator working for a company named Contoso, Ltd. You receive a
call from one of your users. She tells you that this morning, on advice from a friend,
she downloaded and installed the newest drivers for her video card. After the installation, the setup program prompted her to restart the computer. When the computer
restarted, the user could log on, but the computer stopped responding shortly thereafter. The user tells you that she has made no other changes to her system.
4-38
Chapter 4
Modifying and Troubleshooting the Startup Process
Questions
1. What is the likely problem?
2. You decide to remove the new driver. However, the computer stops responding
before you can do so. What should you do? Choose the correct answer.
a. Start the computer using the Last Known Good configuration.
b. Start the computer in safe mode and try to roll back the driver.
c. Use the Recovery Console to roll back the new driver.
d. Use the Recovery Console to edit the BOOT.INI file.
Troubleshooting Lab
In this lab, you will create a system boot failure, and then repair that failure using the
Recovery Console. Complete Exercises 1 and 2.
Important
To complete this exercise, you must have a computer that is capable of booting
using the CD-ROM drive. You must also know the password for the local Administrator
account. If you do not meet these requirements, do not attempt this exercise. You should
also not attempt this exercise on a production computer.
Exercise 1: Creating a System Boot Failure
To create a system boot failure, use the following steps:
1. From the Start menu, right-click My Computer, and then click Explore.
2. In the Explorer window, in the Folders list, click Local Disk (C:), and then click
Show The Contents Of This Folder.
3. Click the Tools menu, and then click Folder Options.
4. In the Folder Options dialog box, on the View tab, in the Advanced Settings list,
click Show Hidden Files And Folders. Also clear the Hide Protected Operating System Files (Recommended) check box. Click OK.
5. In the right pane of the Explorer window, right-click the file named NTLDR and
then click Rename.
Troubleshooting Lab
4-39
6. Type oldntldr and then press ENTER.
7. Windows XP Professional displays a Confirm File Rename dialog box asking if you
are sure you want to rename the system file NTLDR to OLDNTLDR. Click Yes.
8. Restart the computer.
When you restart the computer, you should see an error message stating that
NTLDR is missing. Windows startup will fail at this point.
Restart your computer, start the Recovery Console, and try to repair the installation. If
you need assistance, you can use the following procedure.
Exercise 2: Using the Recovery Console to Repair an Installation
1. Insert the Windows XP Professional installation CD into the CD-ROM drive and
press CTRL+ALT+DELETE to restart the computer.
2. If your computer requires you to press a key to boot from the CD-ROM, press
SPACEBAR when prompted.
3. Setup displays the Welcome To Setup screen. Press R to repair a Windows XP Professional installation.
4. Setup starts the Recovery Console. Type 1 and press ENTER.
5. You are prompted to enter the Administrator’s password. Type your password and
press ENTER.
6. Setup displays a C:\Windows command prompt. Type d: (where d is the letter of
your CD-ROM drive) and press ENTER.
7. Type cd i386 to change to the i386 folder and press ENTER.
8. Type dir and press ENTER.
9. Most of the files on the CD-ROM end with an _ (for example, NTOSKRNL.EX_).
Press SPACEBAR to scroll through the files and locate NTLDR. NTLDR is not compressed, so you can copy it directly to your computer.
10. Type copy ntldr c:\ntldr and then press ENTER.
11. When the copy is complete, Setup displays a 1 File(s) Copied message. If there is
a disk in your floppy drive, remove it. If your computer is capable of booting from
the CD-ROM drive, remove the Windows XP Professional CD from your CD-ROM
drive. Type exit and press ENTER. The computer reboots and should start normally.
4-40
Chapter 4
Modifying and Troubleshooting the Startup Process
Chapter Summary
■
Files used during the Windows XP Professional startup process include NTLDR,
BOOT.INI, BOOTSECT.DOS, NTDETECT.COM, NTBOOTDD.SYS, NTOSKRNL.EXE, HAL.DLL, SYSTEM, and Device drivers (.sys). The startup sequence
occurs in five major stages:
❑
Preboot sequence
❑
Boot sequence
❑
Kernel load
❑
Kernel initialization
❑
Logon
■
Windows XP Professional stores hardware and software settings in the Registry, a
hierarchical database that replaces many of the .ini, .sys, and .com configuration
files used in earlier versions of Windows. The Registry provides the appropriate
initialization information to boot Windows XP Professional, to start applications,
and to load components such as device drivers and network protocols. The Registry Editor (REGEDIT.EXE) allows you to view and change the Registry.
■
Pressing F8 during the operating system selection phase displays a screen with the
Windows Advanced Options menu that provides the following options: Safe
Mode, Safe Mode With Networking, Safe Mode With Command Prompt, Enable
Boot Logging, Enable VGA Mode, Last Known Good Configuration, Directory Services Restore Mode, and Debugging Mode. The Windows XP Professional Recovery Console is a command-line interface that you can use to perform a variety of
troubleshooting and recovery tasks.
Exam Highlights
Before taking the exam, review the key points and terms that are presented in this
chapter. You need to know this information.
Key Points
■
Learn the syntax of ARC paths and how to determine which disk and partition a
particular path refers to. Most disk types use the multi convention. The value following multi indicates the disk number. The value following partition indicates the
partition number on that disk.
■
The Safe Mode and Last Known Good Configuration options are two of the most
useful tools to try first when troubleshooting Windows startup. Enabling Boot Logging is also useful, typically when you are having trouble locating the source of
the problem.
Exam Highlights
■
4-41
The Recovery Console provides an excellent way to access hard disks when the
operating system will not boot. You can use the Recovery Console to access all
partitions on a drive, regardless of the file system.
Key Terms
BOOT.INI A file used to build the operating system choices that are displayed during
startup.
Last Known Good configuration A hardware configuration that is available by
pressing the F8 key during startup. The Last Known Good configuration contains
the configuration information saved after the last successful logon.
master boot record (MBR) The first sector on a hard disk, which begins the process
of starting a computer. The MBR contains the partition table for the disk.
NTLDR A file used to control the Windows startup process until control is passed to
the Windows kernel.
Recovery Console A command-line console interface that provides access to the
hard disks and a limited set of administrative commands useful for recovering a
computer.
Registry A hierarchical database that controls the Windows XP Professional operating system by providing the appropriate initialization information to boot Windows XP Professional, to start applications, and to load components.
safe mode A method of starting Windows using only basic files and drivers and without networking support.
4-42
Chapter 4
Modifying and Troubleshooting the Startup Process
Questions and Answers
Lesson 1 Review
Page
4-12
1. Windows XP Professional modifies the boot sector during installation so that
__________ loads during system startup. Fill in the blank.
NTLDR
2. What is the purpose of the BOOT.INI file, and what happens if it is not present?
NTLDR reads BOOT.INI to determine the operating system selections to be loaded. If BOOT.INI
is missing, NTLDR attempts to load Windows XP Professional from the Windows folder on the
first partition of the first disk—typically C:\Windows.
3. What does the BOOTSECT.DOS file contain and when is it used?
BOOTSECT.DOS is a copy of the boot sector that was on the system partition at the time Windows
XP Professional was installed. BOOTSECT.DOS is used if you are booting more than one operating
system and you choose to load an operating system other than Windows XP Professional.
4. A user calls you and tells you that Windows XP Professional does not appear to be
loading correctly. The Hardware Profile/Configuration Recovery menu does not
appear when the computer is restarted, but it does appear on the computer of the
person sitting in the next cubicle when that computer is restarted. What would
you tell the user?
The user probably has only one hardware profile. If there is a single hardware profile, NTLDR
does not display the Hardware Profile/Configuration Recovery menu and instead loads Windows XP Professional using the default hardware profile configuration.
Lesson 2 Review
Page
4-23
1. What is the Registry and what does it do?
The Registry is a hierarchical database in which Windows XP Professional stores hardware and
software settings. The Registry provides the appropriate initialization information to boot Windows XP Professional, to start applications, and to load components such as device drivers
and network protocols.
2. What are some of the Windows XP Professional components that use the Registry?
Windows NT kernel, device drivers, user profiles, setup programs, hardware profiles, and NTDETECT.COM.
3. How do you access the Registry Editor?
On the Start menu, click Run, type Regedit and then click OK.
Questions and Answers
4-43
4. Why should you make most of your configuration changes through either Control
Panel or Administrative Tools rather than by editing the Registry directly with the
Registry Editor?
Using the Registry Editor to modify the Registry is dangerous because the Registry Editor saves
data automatically as you make entries or corrections, so new Registry data takes effect immediately. If you incorrectly edit the Registry it can cause serious, system-wide problems that
could require you to reinstall Windows XP Professional.
Lesson 3 Review
Page
4-36
1. What is safe mode and why do you use it?
Starting Windows XP Professional in safe mode uses limited device drivers and system services, and no network connections. Safe mode also ignores programs that automatically
start up, user profiles, programs listed in the Registry to automatically run, and all local
group policies. Safe mode allows Windows to start successfully when the normal Windows XP
startup fails.
You use safe mode because it provides access to Windows XP Professional configuration
files so you can make configuration changes. You can disable or delete a system service, a
device driver, or application that automatically starts that prevents the computer from starting normally.
2. How do you start Windows XP Professional in safe mode?
To start Windows XP Professional in safe mode, restart or boot the computer and press F8 during the operating system selection phase.
3. When is the Last Known Good configuration created?
After you reboot the computer, the kernel copies the information in the Current control set to
the Clone control set during the kernel initialization phase. When you successfully log on to
Windows XP Professional, the information in the Clone control set is copied to the Last Known
Good control set.
4. When do you use the Last Known Good configuration?
If you change the Windows XP Professional configuration to load a driver and have problems
rebooting, you use the Last Known Good process to recover your working configuration.
5. How can you install the Windows XP Professional Recovery Console on your
computer?
To install the Recovery Console, insert the Windows XP Professional CD-ROM into your CD-ROM
drive. Open a Command Prompt window, change to the i386 folder on the Windows XP Professional CD, and then run the winnt32 command with the /cmdcoms switch.
4-44
Chapter 4
Modifying and Troubleshooting the Startup Process
Case Scenario Exercise
Page
4-37
1. What is the likely problem?
Because the user has made no other configuration changes, and because the problem started
after the new driver installation, the most likely problem is the new driver.
2. You decide to remove the new driver. However, the computer stops responding
before you can do so. What should you do? Choose the correct answer.
a. Start the computer using the Last Known Good configuration.
b. Start the computer in safe mode and try to roll back the driver.
c. Use the Recovery Console to roll back the new driver.
d. Use the Recovery Console to edit the BOOT.INI file.
The correct answer is B. Starting the computer in safe mode loads only a generic video driver.
You should then be able to roll back the new driver. A is not correct because the Last Known
Good configuration is created after a successful logon. Because the user could log on following
the driver installation, reverting to the Last Known Good configuration would not roll back the
new driver. C is not correct because you cannot use the Recovery Console to roll back drivers.
D is not correct because editing the BOOT.INI file does not help in this situation.
5 Configuring Windows XP
Professional
Exam Objectives in this Chapter:
■
Manage and troubleshoot Web server resources.
■
Implement, manage, and troubleshoot display devices.
❑
Configure multiple-display support.
❑
Install, configure, and troubleshoot a video adapter.
■
Configure Advanced Configuration Power Interface.
■
Configure and manage user profiles and desktop settings.
■
Configure support for multiple languages or multiple locations.
❑
Enable multiple-language support.
❑
Configure multiple-language support for users.
❑
Configure local settings.
❑
Configure Microsoft Windows XP Professional for multiple locations.
Why This Chapter Matters
The Microsoft Windows XP Professional desktop environment provides a user
interface that is easily customized. Appropriate configuration of the desktop
enhances a user’s experience with the operating system and can increase productivity. Configuration information on a computer running Windows XP Professional is stored in the Windows Registry. On computers that are part of a domain,
configuration information might also be stored in Active Directory or on other
server computers. Each user on a computer has a profile that contains that user’s
desktop configuration settings and also governs the location in which configuration information is stored.
It is important that you understand the options that are available for desktop configuration and management. This chapter covers configuring and troubleshooting
display settings, power management, basic operating system settings, the desktop
environment, and Windows components.
5-1
5-2
Chapter 5
Configuring Windows XP Professional
Lessons in this Chapter:
■
Lesson 1: Configuring and Troubleshooting the Display . . . . . . . . . . . . . . . . .5-3
■
Lesson 2: Configuring Power Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-13
■
Lesson 3: Configuring System Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-21
■
Lesson 4: Configuring Languages, Locations, and Accessibility Options . . . . . 5-40
■
Lesson 5: Managing Windows Components . . . . . . . . . . . . . . . . . . . . . . . . . 5-51
Before You Begin
To complete this chapter, you must have a computer that meets the minimum hardware requirements listed in the preface, “About This Book.” You must also have Windows XP Professional installed on a computer on which you can make changes.
Lesson 1
Configuring and Troubleshooting the Display
5-3
Lesson 1: Configuring and Troubleshooting the Display
Users can configure and clean up the icons that appear on their computer’s desktop.
Users with permission to load and unload device drivers can also install and test video
drivers. Windows XP Professional allows you to change video resolutions dynamically
without restarting the system and also supports multiple display configurations.
After this lesson, you will be able to
■ Configure display and desktop properties.
■ Configure a computer to use multiple displays.
Estimated lesson time: 30 minutes
How to Configure Display and Desktop Properties
To view or modify the display or the Desktop properties, in Control Panel, click
Appearance And Themes, and then click Display. The tabs in the Display Properties
dialog box (see Figure 5-1) are described in Table 5-1.
F05us01.bmp
Figure 5-1
Table 5-1
Use the Display Properties dialog box to control display and desktop settings.
Display Properties Dialog Box Tabs
Tab
Description
Themes
Allows you to choose a theme. A theme is a collection of settings that include
desktop background, sounds, icons, and other elements to help you personalize
your computer.
Desktop
Allows you to choose a background and color for your desktop. The Customize
Desktop button allows you to add or remove some Windows program icons and
determine which icons represent those programs. You can also include Web content on your desktop (see Figure 5-2).
5-4
Chapter 5
Configuring Windows XP Professional
Table 5-1
Display Properties Dialog Box Tabs
Tab
Description
Screen Saver Allows you to choose a screen saver to appear on your screen when the computer
is idle. The default time after which a screen saver initiates is 10 minutes. On older
CRT monitors, screen savers prevented damage to monitors by preventing an image
from becoming burned into the monitor. Although this is no longer a problem on
newer cathode-ray tube (CRT) and liquid crystal display (LCD) monitors, screen
savers are still useful. When a computer is left unattended, a screen saver protects
the information on the screen from casual eavesdropping. If you configure the
screen saver to prompt for a password to return to the desktop, you can also prevent more deliberate intrusion. You can also click Power to adjust monitor power
settings and save energy. See Lesson 2, “Configuring Power Options.”
Appearance
Allows you to configure the windows and buttons styles, the color scheme, and
the font size. Click Effects to configure the following options:
■ Use The Following Transition Effect For Menus And Tooltips. Options
■
■
■
■
■
■
Settings
Important
include a fade effect or scroll effect. Although these features look nice to
some people, many people find that it slows the perceived responsiveness of Windows.
Use The Following Method To Smooth Edges Of Screen Fonts. Options
include Standard (best for CRT monitors) and Clear Type (best for LCD
monitors).
Use Large Icons. This option can help users who have trouble seeing
smaller icons. However, using this option can reduce performance on
slow computers.
Show Shadows Under Menus. This option gives menus a threedimensional appearance.
Show Windows Contents While Dragging. This option causes Windows to
redraw folders as you drag them. Although useful, this option can reduce
performance on slow computers.
Hide Underlined Letters For Keyboard Navigation Until I Press The Alt
Key. Windows provides keyboard access to many menu commands when
you press the ALT key. Clear this check box if users find the underlined
letters in commands bothersome.
If you select Windows Classic as your theme, you can click Advanced to
customize the look of windows, menus, fonts, and icons.
Allows you to configure display options including the number of colors, video
resolution, font size, and refresh frequency, as shown in Figure 5-3 and
explained in Table 5-2.
You can enable security settings that restrict access to Display options. For
example, you can remove the Appearance tab or the Settings tab from the Display Properties
dialog box. For more information about security settings, see Chapter 16, “Configuring Security Settings and Internet Options.”
Lesson 1
Configuring and Troubleshooting the Display
5-5
F05us02.bmp
Figure 5-2
Use the Desktop Items dialog box to control what appears on your desktop.
To access the Desktop Items dialog box, on the Desktop tab, click Customize Desktop.
The Desktop Items dialog box allows you to include or exclude an icon for My Documents, My Computer, My Network Places, and the Internet Explorer on your desktop,
as well as to customize the icons used to represent these items. You can also configure
the frequency with which the Desktop Cleanup Wizard runs. The default setting for
running the Desktop Cleanup Wizard is every 60 days. Click Clean Desktop Now to
run the Desktop Cleanup Wizard immediately. The Desktop Cleanup Wizard removes
icons from the desktop that have not been used in the last 60 days, but it does not
remove any programs from your computer.
To include Web content on your desktop, in the Desktop Items dialog box, click the
Web tab. Any Web page listed in the Web Pages text box can be included on your
desktop by selecting it. Click New to add a Web page and click Delete to remove a
Web page from the list. Click Properties to view the Properties dialog box for the Web
page. The Properties dialog box allows you to make the Web page available offline,
synchronize immediately or schedule the synchronization of this offline Web page with
the content on the Internet, and specify whether you want Internet Explorer to download more than just the top-level page of this Web site.
Note
If you want Internet Explorer to download more than just the top-level page, you can
specify up to three levels deep, but specifying three levels deep downloads all the pages
linked to the second-level pages. This process can quickly result in hundreds of pages,
depending on how many links are on each page.
5-6
Chapter 5
Configuring Windows XP Professional
F05us03.bmp
Figure 5-3 Use the Settings tab to control the color quality and screen resolution of the desktop.
Table 5-2 describes the options available in the Settings tab for configuring the display
settings.
Table 5-2
Settings Tab Options for Configuring the Display
Option
Description
Color Quality
The Color Quality setting displays the current color configuration for the
monitor attached to the video adapter listed under Display. This option allows
you to change the color quality for the display adapter. You should set this
value to the highest quality available for your chosen screen resolution
because using a higher-quality color depth does not significantly affect performance.
Screen
Resolution
Screen Resolution controls the current resolution settings for the monitor
attached to the video adapter listed under Display. This option allows you to
set the resolution for the display adapter. As you increase the number of pixels, you display more information on the screen, but you decrease the size of
the fonts and pictures. Users will need to experiment with resolutions until
they find one that strikes a good balance between amount of information displayed and the size of that information. You should also note that many LCD
monitors operate at a fixed native resolution. Changing the resolution on these
monitors might make the information displayed look bad.
Identify
Identify displays large numbers on the desktop of each monitor in a multipledisplay configuration. This helps you identify which physical monitor corresponds to each displayed monitor on the Settings tab. For more information
on using multiple displays, see the section “How to Configure Multiple
Displays,” later in this lesson.
Troubleshoot
Troubleshoot opens the Video Display Troubleshooter to aid you in diagnosing display problems.
Advanced
Advanced opens the Properties dialog box for the display adapter, as
described next.
Lesson 1
Configuring and Troubleshooting the Display
5-7
To open the Properties dialog box for the display adapter, click Advanced. Table 5-3
describes the display adapter options.
Table 5-3
Display Adapter Advanced Options
Tab
Option
Description
General
Display
Provides small, large, or other display font option. The
other option lets you choose any custom font size you
want.
General
Compatibility
Determines the action that the Windows XP operating
systems should take when you make changes to display
settings. After you change the color settings, you must
choose one of the following options:
■ Restart The Computer Before Applying The New
Display Settings
■ Apply The New Display Settings Without
Restarting
■ Ask Me Before Applying The New Display
Settings
You should use Restart The Computer Before Applying
The New Display Settings only if you experience problems changing resolution.
Adapter
Adapter Type
Provides the manufacturer and model number of the
installed adapter. Clicking Properties displays the Properties dialog box for your adapter. The General tab of
the Properties dialog box provides additional information, including device status, resource settings, and any
conflicting devices. The Driver tab of the Properties dialog box provides details about the driver and allows
you to update the driver, roll back to the previously
installed driver, and uninstall the driver. The Resources
tab of the Properties dialog box indicates resources,
such as areas of memory being used by the adapter.
Adapter
Adapter
Information
Provides additional information about the display
adapter, such as video chip type, digital-to-analog converter (DAC) type, memory size, and basic input/output
system (BIOS).
Adapter
List All Modes
Displays all compatible modes for your display adapter
and lets you select resolution, color depth, and refresh
frequency in one step.
Monitor
Monitor Type
Provides the manufacturer and model number of the
monitor currently installed. The Properties button provides additional information and gives access to the
Video Display Troubleshooter to help resolve problems
with this device.
5-8
Chapter 5
Configuring Windows XP Professional
Table 5-3
!
Display Adapter Advanced Options
Tab
Option
Description
Monitor
Monitor Settings
Configures the refresh rate frequency. This option
applies only to high-resolution drivers. Do not select a
refresh rate and screen resolution combination that is
unsupported by the monitor. If you are unsure, refer to
your monitor documentation or select the lowest
refresh rate option.
Troubleshoot
Hardware
Acceleration
Lets you progressively decrease your display hardware’s
acceleration features to help you isolate and eliminate
display problems. Lets you select whether to use write
combining, which improves video performance by
speeding up the display of information to your screen.
Increased speed can lead to screen corruption, however.
If you experience trouble with your display, try clearing
the Enable Write Combining check box.
Color
Management
Chooses the color profile for your monitor.
Other tabs
Some video adapters create additional tabs with other
options for controlling the adapter features.
Exam Tip
Understand how to control color quality and screen resolution. Also understand
how to control advanced display settings, such as adapter type, monitor type, and compatibility.
How to Configure Multiple Displays
Windows XP Professional supports using multiple displays simultaneously, which
means that you can attach more than one monitor to your computer and have your
desktop spread across all attached monitors, as shown in Figure 5-4. Windows XP Professional supports the extension of your display across a maximum of 10 monitors.
· Use of multiple displays extends the desktop
across a maximum of 10 monitors.
· Multiple displays must use Peripheral Component
Interconnect (PCI) or Accelerated Graphics Port
(AGP) devices.
· Hardware requirements for primary (main) and
secondary displays differ.
F05us04.bmp
Figure 5-4 Windows XP Professional can spread your desktop across multiple displays.
Lesson 1
Configuring and Troubleshooting the Display
5-9
Important
You must use Peripheral Component Interconnect (PCI) or Accelerated Graphics
Port (AGP) video adapters when configuring multiple displays.
If one of the display adapters is built into the motherboard, note these additional
considerations:
■
The motherboard adapter always becomes the secondary adapter. It must be
multiple-display compatible.
■
You must set up Windows XP Professional before installing another adapter. Windows XP Professional Setup disables the motherboard adapter if it detects another
adapter. Some systems completely disable the onboard adapter on detecting an
add-in adapter. If you are unable to override this detection in the BIOS, you cannot use the motherboard adapter with multiple displays.
Typically, the system BIOS selects the primary display based on PCI slot order. However, on some computers, the BIOS allows the user to select the primary display
device.
You cannot stop the primary display (in other words, there will always be a primary
display, although you can switch the monitor that is the primary display). This caveat
is an important consideration for laptop computers with docking stations. For example,
some docking stations contain a display adapter; they often disable, or turn off, a laptop’s built-in display. Multiple display support does not function on these configurations unless you attach multiple adapters to the docking station.
How to Install Multiple Monitors
Before you can configure multiple displays, you must install them. When you configure
multiple displays, you must configure each one in a multiple-display environment.
To install multiple monitors, complete the following steps:
1. Turn off your computer and insert one or more additional PCI or AGP video
adapters into available slots on your computer.
2. Plug an additional monitor into each PCI or AGP video adapter that you installed.
3. Turn on your computer and allow Windows XP Professional to detect the new
adapters and install the appropriate device drivers.
4. In Control Panel, click Appearance And Themes, and then click Display.
5. In the Settings tab, click the monitor icon that represents the monitor you want to
use in addition to your primary monitor. Click Identify if you are not sure which
monitor corresponds to which display.
5-10
Chapter 5
Configuring Windows XP Professional
6. Select the Extend My Windows Desktop Onto This Monitor check box and then
click OK.
To configure your display in a multiple-display environment, complete the following
steps:
1. In Control Panel, click Appearance And Themes, and then click Display.
2. In the Display Properties dialog box, click the Settings tab.
3. Click the monitor icon for the primary display device.
4. Select the color depth and resolution.
5. Click the monitor icon for the secondary display device.
6. Select the Extend My Windows Desktop Onto This Monitor check box.
7. Select the color depth and resolution for the secondary display.
8. Repeat Steps 5 through 7 for each additional display.
Windows XP Professional uses the virtual desktop concept to determine the relationship of each display. The virtual desktop uses coordinates to track the position of each
individual display desktop.
The coordinates of the top-left corner of the primary display always remain 0, 0. Windows XP Professional sets secondary display coordinates so that all the displays adjoin
each other on the virtual desktop, which allows the system to maintain the illusion of
a single large desktop in which users can cross from one monitor to another without
losing track of the mouse.
To change the display positions on the virtual desktop, in the Settings tab click Identify
and drag the display representations to the desired position. The positions of the icons
dictate the coordinates and the relative positions of the displays to one another.
Real World
Using Multiple Displays
Using multiple displays is a great way to increase your desktop space (although
it can quickly consume the space on your actual desk). Many video adapter manufacturers have adapters that already have ports for more than one monitor—an
easy way to set up a multiple-display configuration. Some of these adapters come
with extra software to help manage the displays that provides features like controlling the particular display on which applications appear, limiting the appearance of dialog boxes to the display on which the parent application is shown,
using separate screen savers for each display, and so on.
When you are purchasing extra monitors, you should try to use monitors that are
roughly the same size and set them to use the same resolution. The reason for this
Lesson 1
Configuring and Troubleshooting the Display
5-11
decision is that when you arrange your displays on the Settings tab, the location
of the monitor icons accurately predicts what happens when you move your
mouse pointer between displays. For example, assume that you have two displays side by side. One of the displays is a 19-inch monitor and one is a 15-inch
monitor. You can arrange these displays on the Settings tab so that either the tops
or the bottoms of the displays are aligned. If the tops were aligned, whenever you
move your mouse pointer from the bottom of the bigger display toward the second display, the pointer would get “stuck.” To get the pointer over to the smaller
display, you would have to move the pointer upward to the point where the bottom of the smaller display was. Although it seems as if it might not be a big deal,
losing track of your mouse pointer because of this arrangement is a common
complaint among multiple-display users.
How to Troubleshoot Multiple Displays
If you encounter problems with multiple displays, use the troubleshooting guidelines
in Table 5-4 to help resolve them.
Table 5-4
Troubleshooting Tips for Multiple Displays
Problem
Solution
You cannot see any output
on the secondary displays.
Activate the device in the Display Properties dialog box.
Confirm that you chose the correct video driver.
Restart the computer to confirm that the secondary display
initialized. If not, check the status of the video adapter in
Device Manager.
Switch the order of the adapters in the slots. (The primary
adapter must qualify as a secondary adapter.)
The Extend My Windows
Desktop Onto This Monitor
check box is unavailable.
Select the secondary display rather than the primary one in
the Display Properties dialog box.
Confirm that the secondary display adapter is supported.
Confirm that Windows XP Professional can detect the
secondary display.
An application fails to display
on the secondary display.
Run the application on the primary display.
Run the application in full-screen mode (for Microsoft
MS-DOS-based programs) or maximized (for older
Windows-based programs).
Disable the secondary display to determine whether the
problem is specific to multiple-display support.
5-12
Chapter 5
Configuring Windows XP Professional
Lesson Review
The following questions are intended to reinforce key information presented in this
lesson. If you are unable to answer a question, review the lesson materials and try the
question again. You can find answers to the questions in the “Questions and Answers”
section at the end of this chapter.
1. You can enable ________________________________ to restrict access to Display
options.
2. Which of the following items does the Desktop Items dialog box allow you to
choose to include or exclude an icon on your desktop? (Choose all that apply.)
a. My Documents
b. Control Panel
c. My Network Places
d. Recycle Bin
3. Windows XP Professional supports extension of your display across a maximum
of ______________ monitors.
4. You must use __________________________ or ______________________ video
adapters when configuring multiple displays.
5. If one of the display adapters is built into the motherboard, the motherboard
adapter always becomes the _____________ (primary/secondary) adapter.
Lesson Summary
■
You can use the Display Properties dialog box to control most settings that govern
the appearance of your desktop and the settings for your video adapter and monitor.
■
Windows XP Professional supports the use of up to 10 displays, extending the
Windows desktop so that it is spread across all available displays. You must use
PCI or AGP video adapters when configuring multiple displays.
Lesson 2
Configuring Power Options
5-13
Lesson 2: Configuring Power Options
Windows XP Professional contains a number of features that allow the operating system to manage the use of power by your computer and the hardware devices attached
to it. Power management features included in Windows XP Professional include System Power Management, Device Power Management, Processor Power Management,
System Events, and Battery Management.
After this lesson, you will be able to
■ Select a power scheme.
■ Configure advanced power options.
■ Enable hibernate mode.
■ Configure Advanced Power Management.
■ Configure an uninterruptible power supply.
Estimated lesson time: 40 minutes
How to Select a Power Scheme
Power Options allows you to configure Windows XP Professional to turn off the power
to your monitor and your hard disk, or put the computer in hibernate mode. To configure Power Options, in Control Panel, click Performance And Maintenance, and then
click Power Options. The Power Options Properties dialog box allows you to configure
Power Options (see Figure 5-5).
F05us05.bmp
Figure 5-5 Use the Power Schemes tab of the Power Options Properties dialog box to control
automatic power-saving options.
5-14
Chapter 5
Configuring Windows XP Professional
Note
Your hardware must support powering off the monitor and hard disk for you to configure power schemes. Almost all modern monitors and hard disks support this feature. However, some applications (particularly older applications) do not respond well to monitors and
hard disks being turned off, causing loss of data or even crashing.
Power schemes allow you to configure Windows XP Professional to turn off the
power to your monitor and your hard disk, conserving energy. In the Power Options
Properties dialog box, click the Power Schemes tab. Windows XP Professional provides
the following six built-in power schemes:
■
Home/Office Desk This power scheme is designed for a desktop computer.
After 20 minutes of inactivity, the monitor is turned off, but the hard disks are never
turned off.
■
Portable/Laptop This power scheme is optimized for portable computers that
will be running on batteries. After 15 minutes of inactivity, the monitor is turned
off; after 30 minutes of inactivity, the hard disks are turned off.
■
Presentation This power scheme is designed for use with presentations for
which the computer display is always to remain on. The monitor and the hard
disks are never turned off.
■
Always On This power scheme is designed for use with personal servers. After
20 minutes of inactivity, the monitor is turned off, but the hard disks are never
turned off.
■
Minimal Power Management This power scheme disables some power management features such as timed hibernation. After 15 minutes of inactivity, the
monitor is turned off, but the hard disks are never turned off.
■
Max Battery This power scheme is designed to conserve as much battery power
as possible. After 15 minutes of inactivity, the monitor is turned off, but the hard
disks are never turned off.
To select a power scheme, use the following steps:
1. Ensure that you are logged on with a user account that is a member of the Administrators local group.
2. Click Start, click Control Panel, and then click Performance And Maintenance.
3. Click Power Options.
Windows XP Professional displays the Power Options Properties dialog box with
the Power Schemes tab active.
4. Click the arrow at the end of the Power Schemes box to display the pull-down
menu listing the available power schemes. Click the power scheme you want to use.
5. Click OK to close the Power Options Properties dialog box.
Lesson 2
Configuring Power Options
5-15
If none of these power schemes is appropriate for your computer environment, you
can modify one of the built-in power schemes or configure a new power scheme. To
modify a power scheme or to create a new power scheme, use the following steps:
1. Ensure that you are logged on with a user account that is a member of the Administrators group.
2. Click Start, click Control Panel, and then click Performance And Maintenance.
3. Click Power Options.
Windows XP Professional displays the Power Options Properties dialog box with
the Power Schemes tab active.
4. Click the arrow at the end of the Power Schemes box to display the pull-down
menu listing the available power schemes. Click the power scheme you want to
base your new power scheme on.
5. In the Settings For Power_Scheme_Name Power Scheme text box, modify the amount
of inactive time before the monitor or hard drives are turned off.
6. Do one of the following:
❑
Click OK to modify the existing power scheme and close the Power Options
Properties dialog box.
❑
Click Save As to create a new power scheme.
How to Configure Advanced Power Options
To configure your computer to use advanced power options, open the Power Options
Properties dialog box and click the Advanced tab. There are two options that always
appear on the Advanced tab. If you want an icon to appear in the notification area that
displays the current power status for your computer (plugged-in or on battery power)
and provides quick power-management access, select the Always Show Icon On The
Taskbar check box. The second check box on the Advanced tab is Prompt For Password When Computer Resumes From Standby. Selecting this check box causes Windows to prompt you for your Windows password when your computer comes out of
standby mode.
If you have a portable computer, you will also see a Power Buttons section on the
Advanced tab. This section allows you to configure what happens when you press the
power button on the computer, when you close the lid (thereby pressing the small button signaling that the lid is closed, and when you press the sleep button (if your computer has one). Options that you can choose for each of these buttons include shutting
down the computer, sending the computer to standby mode, and having the computer
enter hibernation.
5-16
Chapter 5
Configuring Windows XP Professional
Note
The Prompt For Password When Computer Resumes From Standby box will not be displayed if the computer does not support standby mode (this is the case with many desktop
computers).
How to Enable Hibernate Mode
Hibernate mode works in a way that is a bit different from standby mode. When a
computer enters standby mode, Windows XP turns off most of the devices in the computer (including the display, hard disks, and peripherals), but keeps just enough power
flowing to keep the information in memory intact—information that includes open
windows and running programs. When you exit standby mode (typically by moving
the mouse or pressing a key), Windows is returned to the state in which you left it.
However, when a computer is in standby mode, it is still reliant on a power source. If
the power source is interrupted (for example, if the battery runs out), information in
memory is lost.
When your computer enters hibernate mode, Windows saves the information in memory (including open programs and windows) to your hard disk, and then your computer shuts down. When you start the computer after it has been hibernating, Windows
returns to its previous state. Restarting to the previous state includes automatically
restarting any programs that were running when it went into hibernate mode, and it
even restores any network connections that were active at the time. The advantage of
hibernation mode over standby mode is that when a computer is in hibernation mode,
it is not reliant on a power source—the computer is completely shut down.
To configure your computer to use hibernate mode, use the Power Options Properties
dialog box. Click the Hibernate tab and select the Enable Hibernation check box. If the
Hibernate tab is unavailable, your computer does not support this mode.
Hibernation works by saving the information currently stored in your computer’s memory to hard disk. To do this, Windows creates a hibernation file on the root of your system partition. This file changes size, depending on the amount of memory you have,
but always consumes the amount of space it will need—even if you have never hibernated. Unless you plan to use hibernation, you should disable this option to save disk
space.
How to Configure Advanced Power Management
Windows XP Professional supports Advanced Power Management (APM), which
helps reduce the power consumption of your system. To configure your computer to
use APM, use the Power Options Properties dialog box. Click the APM tab and select
the Enable Advanced Power Management Support check box. If the APM tab is
unavailable, your computer is compliant with a newer standard named Advanced
Lesson 2
Configuring Power Options
5-17
Configuration and Power Interface (ACPI), which automatically enables Advanced
Power Management Support and disables the APM tab. You must be logged on as a
member of the Administrators group to configure APM.
If your computer does not have an APM BIOS installed, Windows XP Professional does
not install APM, so there will not be an APM tab in the Power Options Properties dialog
box. However, your computer can still function as an ACPI computer if it has an ACPIbased BIOS, which takes over system configuration and power management from the
Plug and Play BIOS.
Note
If your laptop has an ACPI-based BIOS, you can insert and remove PC cards on the fly,
and Windows XP Professional automatically detects and configures them without requiring
you to restart your machine. This is known as dynamic configuration of PC cards. There are
two other important features for mobile computers that rely on dynamic Plug and Play: hot
and warm docking/undocking and hot swapping of Integrated Device Electronics (IDE) and
floppy devices. Hot and warm docking/undocking means you can dock and undock from the
Windows XP Professional Start menu without turning off your computer. Windows XP Professional automatically creates two hardware profiles for laptop computers: one for the docked
state and one for the undocked state. (For more information about hardware profiles see
Chapter 6, “Installing, Managing, and Troubleshooting Hardware Devices and Drivers.”) Hot
swapping of IDE and floppy devices means that you can remove and swap devices such as
floppy drives, DVD/CD drives, and hard drives without shutting down your system or restarting
your system. Windows XP Professional automatically detects and configures these devices.
How to Configure an Uninterruptible Power Supply
An uninterruptible power supply (UPS) is a device connected between a computer
or another piece of electronic equipment and a power source, such as an electrical outlet. The UPS ensures that the electrical flow to the computer is not interrupted because
of a power outage and, in most cases, protects the computer against potentially damaging events such as power surges and brownouts. When a power outage occurs, the
UPS provides a limited amount of time for you to save documents, exit applications,
and turn off the computer. Different UPS models offer different levels of protection.
To configure your UPS, click the UPS tab in the Power Options Properties dialog box.
The UPS tab shows the current power source, the estimated UPS run time, the estimated UPS capacity, and the battery condition. In the UPS tab, click Configure to display the UPS Selection dialog box. It displays a list of manufacturers from which you
can select the manufacturer of your UPS.
Note
Check the Windows Catalog to make sure that the UPS you are considering is compatible with Windows XP Professional before you purchase it.
5-18
Chapter 5
Configuring Windows XP Professional
If you want to configure a custom simple-signaling UPS, in the Select Manufacturer list
box, click Generic. In the Select Model list box, click Generic, and then click Next. You
can configure the conditions that trigger the UPS device to send a signal in the UPS
Interface Configuration dialog box (see Figure 5-6). These conditions include power
failures, a low battery, and the UPS shutting down.
F05us06.bmp
Figure 5-6 Configure the UPS by using the UPS Configuration dialog box.
After you have configured the UPS service for your computer, you should test the configuration to ensure that your computer is protected from power failures. Disconnect
the main power supply to simulate a power failure. During your test, the computer and
the devices connected to the computer should remain operational. You should let the
test run long enough for the UPS battery to reach a low level so that you can verify that
an orderly shutdown occurs.
Off the Record
Although Windows XP Professional provides some level of support for
UPSs, a good UPS usually comes with software of its own. The manufacturer’s software is
often better than Windows XP Professional at determining battery levels and estimated run
time. In addition, some software includes extra features such as the capability to automatically save documents, exit programs, and shut down the computer (or even to send the
computer into hibernation) when a power outage occurs.
Practice: Configuring Power Options
In this practice, you use Control Panel to configure Power Options.
1. Ensure that you are logged on with a user account that is a member of the Administrators group.
2. Click Start, click Control Panel, and then click Performance And Maintenance.
Lesson 2
Configuring Power Options
5-19
3. Click Power Options.
Windows XP Professional displays the Power Options Properties dialog box with
the Power Schemes tab active.
4. In the Power Schemes list, select Portable/Laptop.
5. In the Turn Off Monitor box, select After 10 Mins.
6. In the Turn Off Hard Disks box, select After 20 Mins.
7. Click Save As, and then in the Save Scheme text box, type Airplane.
8. Click OK.
You have just created a new power scheme. If you click the arrow at the end of
the Power Scheme box, Airplane is now included in the list of available power
schemes. If you want to use this power scheme, click Apply.
9. Click the Advanced tab and select the Always Show Icon On The Taskbar check box.
10. Click the Hibernate tab.
11. If the Enable Hibernation check box is not selected, select it, and then click Apply.
12. Click the APM tab.
13. If you do not see an APM tab on your computer, what are two reasons why it
might not be there?
14. If the Enable Advanced Power Management Support check box is not selected,
select it, and then click Apply.
15. To apply these changes you would click OK. Click Cancel.
Windows XP Professional closes the Power Options Properties dialog box.
16. Close all open windows.
Lesson Review
The following questions are intended to reinforce key information presented in this
lesson. If you are unable to answer a question, review the lesson materials and try the
question again. You can find answers to the questions in the “Questions and Answers”
section at the end of this chapter.
1. What is a power scheme and why would you use one?
5-20
Chapter 5
Configuring Windows XP Professional
2. Which of the following statements about Windows XP Professional power
schemes are true? (Choose all that apply.)
a. Windows XP Professional ships with six built-in power schemes.
b. Windows XP Professional allows you to create your own power schemes.
c. Windows XP Professional allows you to modify existing power schemes, but
you cannot create new ones.
d. Windows XP Professional does not ship with any built-in power schemes.
3. A(n) _____________________________ is a device that connects between a computer and a power source to ensure that the electrical flow to the computer is not
abruptly stopped because of a blackout.
4. What does hibernate mode do?
Lesson Summary
■
A power scheme is a collection of energy-saving power options. You can configure
a power scheme to turn off your monitor or hard disk, or even send the computer
to standby after a certain amount of idle time.
■
The advanced power management options allow you to add an icon for quick
access to Power Management to the taskbar and choose to be prompted for your
Windows password when your computer comes out of standby mode.
■
When your computer hibernates, it saves the current system state to your hard
disk, and then your computer shuts down. When you start the computer after it
has been hibernating, it returns to its previous state.
■
APM is a power standard that helps reduce the power consumption of your computer. To support APM, you must have an APM-compatible BIOS in your computer. A newer standard, ACPI, automatically enables APM support.
■
A UPS is a device that ensures that the electrical flow to a computer is not interrupted because of power loss.
Lesson 3
Configuring System Settings
5-21
Lesson 3: Configuring System Settings
You use the System Properties dialog box (available in the Control Panel window) to
configure operating system settings. These system settings affect the operating system
environment regardless of which user is logged on to the computer.
After this lesson, you will be able to
■ Configure system performance options.
■ Create, modify, and manage user profiles.
■ Configure startup and recovery settings.
■ Configure environmental variables.
■ Configure error reporting.
Estimated lesson time: 70 minutes
How to Configure System Performance Options
To configure system settings, in Control Panel, click Performance And Maintenance. To
view operating system performance configuration options, in the Performance And
Maintenance window, click System, and then click the Advanced tab. The Advanced
tab of the System Properties dialog box (see Figure 5-7) allows you to configure performance options, user profiles, startup and recovery settings, environment variables,
and error reporting.
Tip You can open the System Properties dialog box quickly by right-clicking the My Computer icon and clicking Properties.
F05us07.bmp
Figure 5-7 Use the Advanced tab of the System Properties dialog box to configure a number of
system settings.
5-22
Chapter 5
Configuring Windows XP Professional
On the Advanced tab, in the Performance section, click Settings to display the Performance Options dialog box. There are three tabs on the Performance Options dialog
box: Visual Effects, Advanced, and Data Execution Prevention.
Visual Effects Tab
The Visual Effects tab of the Performance Options dialog box is shown in Figure 5-8.
There are a number of options that you can select to manually control the visual effects
on your computer. Windows XP Professional provides four options to help you control
the visual effects: Let Windows Choose What’s Best For My Computer, Adjust For Best
Appearance, Adjust For Best Performance, and Custom. If you want to manually indicate which visual effects to apply, click Custom.
F05us08.bmp
Figure 5-8 Use the Visual Effects tab to control performance options.
Table 5-5 lists the visual effects along with descriptions of those that are not selfexplanatory.
Table 5-5
Windows XP Visual Effects
Visual Effect
Description
Animate windows
when minimizing and
maximizing
Causes a zoom effect when you minimize or maximize a window. Disabling this effect makes windows minimize and maximize faster.
Fade or slide menus
into view
Causes menus to fade or slide into view instead of simply appearing.
Disabling this effect makes menus appear faster.
Fade or slide ToolTips Causes ToolTips to fade or slide into view instead of simply appearing.
into view
ToolTips are the pop-up descriptions that appear beside certain items
when you hold your pointer over them. Disabling this effect makes
ToolTips appear faster.
Lesson 3
Table 5-5
Configuring System Settings
5-23
Windows XP Visual Effects
Visual Effect
Description
Fade-out menu items
after clicking
Causes menus to fade out after you select a command. Disabling this
effect makes menus disappear instantly after selecting a command.
Show shadows under
menus
Causes Windows to display a drop shadow behind menus for a threedimensional effect. Disabling this effect makes menus appear more
quickly.
Show shadows under
mouse pointer
Causes Windows to display a drop shadow behind the mouse pointer.
Disabling this effect can make the mouse more responsive. Also, some
older applications do not work well when this feature is enabled.
Show translucent
selection rectangle
Draws a filled-in rectangle when selecting multiple items on the desktop instead of just a rectangle outline. Disabling this effect slightly
increases the speed with which you can select items.
Show window
contents while
dragging
Causes Windows to redraw a window while the window is being
moved. Disabling this command makes dragging open windows
noticeably faster.
Slide open
combo boxes
Causes combo boxes to slide open instead of simply appear. A combo
box is a drop-down list of items that you open from within a dialog box.
Disabling this effect makes combo boxes appear more quickly.
Slide taskbar buttons
Causes taskbar buttons to slide to the left when other programs are
closed or to the right when new programs are opened. Disabling this
effect makes taskbar buttons appear instantly in the new location
instead of sliding. Disabling this effect makes taskbar buttons available
more quickly when they change locations.
Smooth edges of
screen fonts
Makes screen fonts easier to read, especially at higher resolutions. Disabling this effect increases the speed at which Windows displays windows and dialog boxes.
Smooth-scroll
list boxes
Causes the contents of a list box to scroll smoothly when you click the
scroll bar rather than just jump down a few items in the list. Disabling this
effect makes scrolling list boxes faster, but often disorienting.
Use a background
image for each
folder type
Different types of folders in Windows XP can use different background
images. Many of the special Windows folders, such as Control Panel,
make use of this effect.
Use common tasks
in folders
Causes folders in Windows to display a task pane on the left side of the
folder that lists tasks that are related to the files in the folder.
Use drop shadows
for icon labels on
the desktop
Creates a transparency effect on text labels for icons, but this transparency really allows you to see only any other icons obscured by an icon
on top. The transparency does not allow you to “see through” to the
actual desktop background. Disabling this effect causes Windows to
display the desktop more quickly.
Use visual styles on
windows and buttons
This setting is an important one in that it controls the new look of Windows XP. If you disable it, your desktop will look like previous versions of Windows.
5-24
Chapter 5
Configuring Windows XP Professional
Advanced Performance Options
The Advanced tab of the Performance Options dialog box is shown in Figure 5-9. The
options in this dialog box allow you to adjust the application response, which is the
priority of foreground programs versus background programs, and virtual memory.
F05us09.bmp
Figure 5-9 Configure additional settings on the Advanced tab of the Performance
Options dialog box.
Processor Scheduling Windows XP Professional uses the Processor Scheduling settings to distribute microprocessor resources among running programs. Selecting Programs assigns more resources to the foreground program (the active program that is
responding to user input). Windows XP Professional assigns more resources to the
foreground program by allocating short, variable time slices, or quanta, to running programs. A time slice, or quantum, is a brief period of time during which a particular task
is given control of the microprocessor. When you select Background Services, Windows assigns an equal number of resources to all programs by assigning long fixed
quanta instead. You should select Background Services only when a computer is used
as a server.
!
Exam Tip
Understand the difference between the Programs and Background Services
options.
Memory Usage Windows XP Professional uses the Memory Usage settings to distribute memory resources between running programs. Select Programs if your computer is
being used primarily as a workstation. With the Programs option, your programs
will work faster, and your system cache will be the default size for Windows XP
Lesson 3
Configuring System Settings
5-25
Professional. Select System Cache if you are using your computer as a server or if the
programs you are running require a large system cache.
Virtual Memory For virtual memory, Windows XP Professional uses a process called
demand paging to exchange data between random access memory (RAM) and paging
files on the hard disk. When you install Windows XP Professional, Setup creates a
virtual-memory paging file, PAGEFILE.SYS, on the partition in which you installed
Windows XP Professional. The default or recommended paging file size for Windows XP
Professional is equal to 1.5 times the total amount of RAM. For best results, never set
the value of the paging file size to less than the recommended amount. Typically, you
can leave the size of the paging file set to the default value and let Windows XP Professional manage the file size. In some circumstances, such as when you run a large
number of applications simultaneously, you might find it advantageous to use a larger
paging file or multiple paging files.
!
Exam Tip By default, Windows XP manages the paging file size, but you can designate a
file size for special circumstances. The recommended paging file size is equal to 1.5 times
the total amount of RAM.
To configure the paging file, in the Performance Options dialog box, click the Change
button in the Virtual Memory section. The Virtual Memory dialog box (see Figure 5-10)
identifies the drives in which the paging files reside and allows you to modify the
paging file size for the selected drive.
F05us10.bmp
Figure 5-10
Configure paging file settings in the Virtual Memory dialog box.
5-26
Chapter 5
Configuring Windows XP Professional
Important
Only users with administrative rights can use the Performance Options dialog
box to increase the paging file size.
Paging files never decrease below the value found in the Initial Size text box that was
set during installation. Unused space in the paging file remains available to the internal
Windows XP Professional Virtual Memory Manager (VMM). As needed, a paging file
grows from its initial size to the maximum configured size, which is listed in the Maximum Size text box. When a paging file reaches the maximum size, but a running program still needs to allocate more virtual memory, Windows XP Professional will refuse
that allocation, which can cause an error, or even a crash, in applications.
When you restart a computer running Windows XP Professional, the system resizes all
paging files to the initial size.
Data Execution Prevention
Data Execution Prevention (DEP) is a set of hardware and software technologies that
perform additional checks on memory to help prevent malicious code from running on
a computer. In Windows XP Professional, DEP can be enforced by compatible hardware and by software.
Note
DEP is an update included with Windows XP Service Pack 2. Hardware DEP is available with compatible devices and runs only on the 32-bit version of Windows XP Professional
and Home Edition.
Hardware DEP works by marking all pages in memory as non-executable unless the
page explicitly contains executable code. This process helps prevent malicious
attacks that try to insert and run executable code into memory. To use hardware DEP,
a computer must have a compatible processor that allows Windows to mark memory
pages as non-executable. Both Intel and AMD provide hardware DEP–compatible
processors.
Software DEP is a set of security checks that can run on any processor capable of running Windows XP. However, the security provided by software DEP is limited compared to that provided by hardware DEP.
You can configure DEP by using the Data Execution Prevention tab of the Performance
Options dialog box. By default, DEP is enabled for only essential Windows programs
and services. However, you can turn DEP on for all programs and services, and then
select specific programs and services for which you do not want DEP enabled.
Lesson 3
Configuring System Settings
5-27
How to Enhance System Performance
You can enhance system performance in several ways. First, if your computer has multiple hard disk controllers, you can create a paging file on a disk on each controller.
Distributing information across multiple paging files improves performance because
Windows can read and write from disks on different controllers simultaneously. When
attempting to write to the paging file, VMM tries to write the page data to the paging
file on the controller that is the least busy.
Second, you can enhance performance by moving the paging file off the drive that
contains the Windows XP Professional %systemroot% folder (by default, the Windows
folder), which avoids competition between the various reading and writing requests. If
you place a paging file on the Windows XP Professional system partition to facilitate
the recovery feature, which is discussed in the section entitled “How to Configure Startup
and Recovery Settings” later in this lesson, you can still increase performance by creating multiple paging files. Because the VMM alternates write operations between paging
files, the paging file on the boot partition is accessed less frequently.
Third, you can enhance system performance by setting the initial size of the paging
file to the value displayed in the Virtual Memory dialog box’s Maximum Size box,
which eliminates the time required to enlarge the file from the initial size to the maximum size.
Note
When applying new settings, be sure to click Set before clicking OK.
How to Configure User Profiles
Each user account in Windows XP has an associated user profile that stores userspecific configuration settings, such as a customized desktop or personalized application settings. Understanding how user profiles function and how to control them
lets you effectively manage the user’s desktop environment.
Windows XP supports three types of user profiles:
■
Local A local user profile is available only on the system on which it was created. A unique local user profile is created and stored on each computer that a
user logs on to.
■
Roaming Roaming profiles, which are stored in a shared folder on a network
server, are accessible from any location in the network.
■
Mandatory Mandatory user profiles are roaming user profiles that users cannot
make permanent changes to. Mandatory profiles are used to enforce configuration
settings.
5-28
Chapter 5
Configuring Windows XP Professional
Where Local User Profiles Are Stored
Windows stores local user profiles in the Documents And Settings folder hierarchy on
the %systemroot% drive. When a user logs on to a Windows XP system for the first
time, Windows creates a folder in Documents And Settings that matches the user’s user
name. Within each user profile, several files and folders contain configuration information and data. These files and folders include the following:
■
Application Data Contains application configuration information. Applications
that are Windows XP–aware can take advantage of this folder to store user-specific
configuration settings. This folder is hidden.
■
Cookies Contains cookie files, which Web sites usually create to store user
information and preferences on the local system. When you return to a site, the
cookie files allow the site to provide you with customized content and track your
activity within the site.
■
Desktop Contains files, folders, and shortcuts that have been placed on the
Windows XP desktop.
■
Favorites Used to store shortcuts to locations that a user has added to the Favorites list in Windows Explorer or Internet Explorer.
■
Local Settings Holds application data, history, and temporary files (including
temporary Internet files). This folder is hidden.
■
My Documents Used to store documents and other user data. My Documents is
easily accessible from the Start menu.
■
My Recent Documents Contains shortcuts to recently accessed documents and
folders. You can also access My Recent Documents from the Start Menu. This
folder is hidden.
■
NetHood Holds shortcuts created by the Add Network Place option in My Network Places. This folder is hidden.
■
PrintHood Contains shortcuts to printer folder items. This folder is hidden.
■
SendTo Contains shortcuts to document-handling utilities, such as e-mail applications. These shortcuts are displayed on the Send To option on the action menu
for files and folders. This folder is hidden.
■
Start Menu Holds the shortcuts to programs that are displayed in the Start
menu. One way to modify the Start Menu is to add or delete folders and shortcuts
to the Start Menu folder within a user’s profile folder.
■
Templates Contains template items. Created by user applications and are used
by those applications when a user creates a new document. This folder is hidden.
■
NTUSER.DAT The user-specific portion of the Registry. This file contains configuration changes made to Windows Explorer and the taskbar, as well as user-specific
Lesson 3
Configuring System Settings
5-29
Control Panel and Accessories settings. These settings are visible under
HKEY_CURRENT_USER in the Registry.
■
NTUSER.DAT.LOG A log file used as part of the process of committing changes
to Ntuser.dat and also in the recovery of Ntuser.dat if the system crashes.
Built-In User Profiles
Windows stores user profiles locally by default. A local user profile is available only on
the system on which it was created. Windows creates two built-in local user profiles
during installation:
■
Default User profile Windows uses the Default User profile as a template to
create all new profiles on the system. When a new user logs on, the user receives
a copy of the Default User profile as her own personal user profile. You can customize the Default User profile to control which options and settings a new user
will receive. Modifications to the Default User profile will affect only the profiles
of new users; existing personal profiles will not be affected. The Default User profile is stored in the \Documents and Settings\Default User folder. This folder is
hidden. To view and work with it, you must set the Folder Options in Windows
Explorer to include hidden files and folders.
■
All Users profile The All Users profile contains settings that apply to every user
who logs on to the system. Windows merges the settings in All Users with the current user’s profile for the duration of the logon session, but the settings are not made
a permanent part of the user’s profile. You can modify the All Users profile to contain settings that all users logging on to the system should have. For example, many
applications create shortcuts in the Start menu or desktop of the All Users profile
during installation, which ensures that all users who log on to the system have easy
access to those applications. As the Administrator, you can directly edit the All Users
profile to add and remove items as necessary. The All Users profile is stored in the
\Documents and Settings\All Users folder. The folder contains only a subset of the
folders contained in other profiles on the system because it is concerned only with
settings that could potentially apply to everyone.
How to Use Multiple Profiles for the Same User Account
If a computer running Windows XP Professional is a member of a Windows domain,
there is the potential for two users with the same user account name to log on to the
same system. An example of this is the local Administrator account (stored in the local
accounts database of the Windows XP computer) and the domain Administrator
account (stored in the centralized accounts database on the domain controllers). The
local account and the domain account are discrete entities, each maintaining a different
user profile.
Windows XP does not permit two user accounts with the same name to share the same
profile folder (for example, C:\Documents and Settings\Administrator). If Windows
5-30
Chapter 5
Configuring Windows XP Professional
did allow this to happen, the profile of one user would overwrite the profile of the
other. Instead, Windows creates the profile of the first user to log on using the user
name of the user in \Documents and Settings\%username%. Windows stores subsequent user accounts with the same name using the path \Documents and Settings\%username%.x. The folder extension (x) varies as follows:
■
If the additional user to log on with the same user name is a domain account, Windows creates the folder extension using the name of the domain.
■
If the additional user to log on with the same user name is a local account, Windows creates the folder extension using the name of the computer.
For example, if the local Administrator logs on first, and the domain Administrator logs
on second, Windows stores the local Administrator’s profile in the Administrator folder,
and the domain Administrator’s profile would be stored in a folder named Administrator.<domain_name>.
Multiple user profiles are an issue only when the system is a member of a domain
because domain membership enables both local and domain accounts to log on. In a
workgroup environment, Windows XP relies solely on the local accounts database, and
you cannot create two user accounts of the same name on the same computer.
How to Work with Local User Profiles
To view, create, delete, and change the type of user profiles, in Control Panel, click
Performance And Maintenance, click System, and then click the Advanced tab (refer to
Figure 5-7). In the User Profiles box, click Settings to display the User Profiles dialog
box (see Figure 5-11).
F05us11r.bmp
Figure 5-11
Use the User Profiles dialog box to control local user profiles.
Lesson 3
Configuring System Settings
5-31
The User Profiles dialog box lists the profiles stored on the computer you are sitting at.
You can perform the following tasks:
■
Change Type
■
Delete
■
Copy To Allows you to create user profiles by copying an existing user profile
and assigning it to another user.
Allows you to change the type of profile to local or roaming.
Allows you to delete user profiles.
After you click Copy To, the Copy Profile To text box allows you to specify a path for
the location to which the user profile is to be copied. You can click Browse to locate
the appropriate path. The Permitted To Use box allows you to specify the user or users
who can use the user profile.
How to Configure Startup and Recovery Settings
The System Properties dialog box also controls the startup and recovery settings for a
computer. Click Settings in the Startup And Recovery section of the Advanced Tab of
the System Properties dialog box to display the Startup And Recovery dialog box, as
shown in Figure 5-12. The System Startup options control the behavior of the Please
Select The Operating System To Start menu that appears when your computer starts.
The System Failure options control the actions that Windows XP Professional performs
in the event of a stop error, which is a severe error that causes Windows XP Professional to stop all processes.
F05us12.bmp
Figure 5-12 Use the Startup And Recovery dialog box to control startup and system
failure settings.
Off the Record
Stop errors are often referred to as fatal system errors or blue screen errors.
5-32
Chapter 5
Configuring Windows XP Professional
System Startup
When you first turn on the computer, the system displays the Please Select The Operating System To Start screen, which lists the available operating systems if more than
one is installed. By default, the system chooses one of the operating systems and displays a countdown timer. If you do not choose another operating system, the system
starts the preselected operating system when the countdown timer reaches zero or
when you press ENTER. Modify the options under System Startup to determine which
operating system is preselected, how long the countdown timer runs, and whether to
display the boot menu. You are also given the option of modifying the BOOT.INI file
manually, but it is usually better to allow Windows XP Professional to modify the file
rather than attempting to do so manually.
System Failure
The four recovery options that Windows XP Professional provides to assist administrators in the event of a system failure are described in Table 5-6.
Important
You must be logged on as a member of the Administrators group to set the
options in the Startup And Recovery dialog box.
Table 5-6
Recovery Options
Option
Additional Information
Write An Event To
The System Log
Select this check box to have Windows XP Professional write an event
to the system log when a system stops unexpectedly. Read Chapter 18,
“Using Windows XP Tools,” for more on events and the system log.
Send An
Administrative Alert
Select this check box to have Windows XP Professional send an
administrative alert to administrators when the system stops
unexpectedly.
Automatically Restart
Select this check box to have Windows XP Professional reboot whenever the system stops unexpectedly. Clear this check box if you are
troubleshooting a computer that continually reboots itself due to a
startup error.
Write Debugging
Information
This section allows you to specify whether Windows XP Professional
should record the contents of memory to a debugging file when there
is a system failure and how much of the memory contents to write.
Typically, debugging information is used by Microsoft support technicians to help identify and solve problems. The first option allows you
to specify what information Windows XP Professional should write to
the dump file: Memory.dmp. The following four choices are available:
■ None
Nothing is written to the dump file.
Lesson 3
Table 5-6
Option
Configuring System Settings
5-33
Recovery Options
Additional Information
■ Small Memory Dump
The minimum amount of useful information will be dumped. This option (the default setting)
requires a paging file of at least 2 MB on the boot volume of
your computer. A new dump file will be created every time the
system stops unexpectedly. The small dump directory stores a
history of these dumps. By default, the small dump directory is
%Systemroot%\Minidump. A small memory dump can be useful
when troubleshooting stop errors because it allows you to see
the actual stop error and often determines the driver causing
the error.
■ Kernel Memory Dump
Only kernel memory is written to the
dump file. Depending on the amount of RAM on your computer,
you must have from 50 MB to 800 MB available in the paging file
on the boot volume. A kernel memory dump can be useful when
debugging more complicated system failures. Typically, providing
a kernal memory to Microsoft support technicians allows them to
determine the cause of most errors.
■ Complete Memory Dump
Records the entire contents of
system memory when the system stops unexpectedly. You must
have a paging file on the boot volume large enough to hold all
the RAM on your system plus 1 MB. A complete memory dump
is quite large and usually contains more information than you
will find useful for simple debugging. You should enable this
option only when a Microsoft support technician requests it.
There are also two additional options:
■ Small Dump Directory
Specifies the name and location
of the small memory dump file. By default, it is %Systemroot%\
Memory.dmp.
■ Overwrite Any Existing File
By default, if you choose Complete Memory Dump or Kernel Memory Dump, Windows XP
Professional always writes to the same dump file: Memory.dmp.
Clear this check box to prevent Windows from overwriting
Memory.dmp.
The following requirements must be met for the Write Debugging Information recovery
option to work:
■
A paging file must be on the system partition (the partition that contains the %systemroot% folder).
■
The paging file must be at least 1 MB larger than the amount of physical RAM in
your computer if you choose Complete Memory Dump.
■
You must have enough disk space to write the file to the location you specify.
5-34
Chapter 5
Configuring Windows XP Professional
How to Configure Environment Variables
Environment variables define the system and user environment information, and
they contain information such as a drive, path, or file name. Environment variables
provide information that Windows XP Professional uses to control various applications.
For example, the TEMP environment variable specifies where some applications place
temporary files.
In the Advanced tab of the System Properties dialog box, click Environment Variables
to display the system and user environment variables that are currently in effect in the
Environment Variables dialog box (see Figure 5-13).
F05us13.bmp
Figure 5-13
Environment variables control the system and user environment.
System Environment Variables
Because system environment variables apply to the entire computer, they also affect all
users of the computer. During installation, Setup configures the default system environment variables, including the path to the Windows XP Professional files. Only an
administrator can add, modify, or remove a system environment variable.
User Environment Variables
The user environment variables differ for each user of a particular computer. The user
environment variables include any user-defined settings (such as a desktop pattern)
and any variables defined by applications (such as the path to the location of the application files). Users can add, modify, or remove their user environment variables in the
System Properties dialog box.
Lesson 3
Configuring System Settings
5-35
How Windows XP Professional Sets Environment Variables
Windows XP Professional sets environment variables in the following order:
1. By default, Windows XP Professional searches the AUTOEXEC.BAT file, if it exists,
and sets any environment variables.
2. Next, the system environment variables are set. If any system environment variables conflict with environment variables set from the search of the
AUTOEXEC.BAT file, the system environment variables override them.
3. Finally, the user environment variables are set. If any user environment variables
conflict with environment variables set from the search of the AUTOEXEC.BAT file
or from the system environment variables, the user environment variables override
them.
For example, if you add the line SET TMP=C:\ in AUTOEXEC.BAT, and a
TMP=X:\TEMP user variable is set, the user environment variable setting (X:\TEMP)
overrides the prior setting C:\.
Note
You can prevent Windows XP Professional from searching the AUTOEXEC.BAT file by
editing the registry and setting the value of the ParseAutoexec entry to 0. The ParseAutoexec
entry is located in the registry under the following subkey:
\HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\ CurrentVersion\Winlogon. See
Chapter 4, “Modifying and Troubleshooting the Startup Process,” for more information on the
Windows Registry.
How to Configure Error Reporting
Error reporting helps Microsoft improve future products and resolve any difficulties
you might encounter with Windows XP Professional. To configure error reporting, in
the Advanced tab of the System Properties dialog box, click Error Reporting. This displays the Error Reporting dialog box. Notice that Enable Error Reporting is selected by
default. To turn off error reporting, click Disable Error Reporting.
If you do not want to turn off error checking, you can configure reporting to indicate
which errors to report. Under Enable Error Reporting there are two check boxes
selected by default. Clear the Windows Operating System check box if you do not want
errors in the operating system to be reported. Clear the Programs check box if you do
not want errors in any of the programs running on your system to be reported. If you
want to specify the programs for which Windows XP Professional reports errors, click
Select Programs.
5-36
Chapter 5
Configuring Windows XP Professional
Note If a system or program error occurs and you have configured your system to report it,
Windows XP Professional displays a dialog box that allows you to indicate whether you want
to send the report to Microsoft.
Practice: Configuring System Settings by Using Control Panel
In this practice, you use the System program to change some of the system settings.
First, you change the paging file size. Then, you add a new system environment
variable.
Exercise 1: Change the Paging File Size
In this exercise, you use the System Properties dialog box to change the size of the
Windows XP Professional paging file.
1. In the System Properties dialog box, click the Advanced tab.
2. In the Performance box, click Settings.
Windows XP Professional displays the Performance Options dialog box with the
Visual Effects tab active.
3. Click the Advanced tab.
By default, both Processor Scheduling and Memory Usage are optimized for applications.
4. In the Virtual Memory box, click Change.
Windows XP Professional displays the Virtual Memory dialog box.
5. In the Drive list, click the drive that contains your paging file, if necessary.
6. In the Initial Size text box, increase the value by 10, and then click Set.
You have just increased the initial size of the paging file.
7. Click OK to close the Virtual Memory dialog box.
8. Click OK to close the Performance Options dialog box.
Leave the System Properties dialog box open for the next exercise.
Exercise 2: Add a System Environment Variable
In this exercise, you use the System Properties dialog box to add a new system environment variable. You then test the new variable by using it at the command prompt.
1. In the System Properties dialog box, in the Advanced tab, click Environment
Variables.
Windows XP Professional displays the Environment Variables dialog box.
Lesson 3
Configuring System Settings
5-37
2. Under System Variables, click New.
Windows XP Professional displays the New System Variable dialog box.
3. In the Variable Name text box, type WinXPdir.
4. In the Variable Value text box, type the path to the folder containing the Windows
XP Professional system files, for example, C:\Windows.
If you are not sure of the path to the Windows XP Professional system files, use
Windows Explorer to locate the Windows directory.
5. Click OK.
You are returned to the Environment Variables dialog box.
6. Scroll through the System Environment Variables and verify that WinXPdir is listed.
7. Click OK to close the Environment Variables dialog box, and then click OK to
close the System Properties dialog box.
8. Close the Performance And Maintenance window.
9. From the Start menu, click Run.
10. In the Open text box, type cmd, and then click OK.
11. What does typing the cmd command do?
12. At the command prompt, type set | more, and then press ENTER.
The list of current environment variables is displayed, and WinXPdir is listed. (You
might need to press SPACEBAR to scroll down to see WinXPdir listed.)
13. If necessary, type c: and then press ENTER to switch to the drive on which you
installed Windows XP Professional. (Adjust the drive letter, if necessary.)
14. Type cd\ and then press ENTER to switch to the root directory.
15. Type cd %WinXPdir%, and then press ENTER.
You should now be in the Windows directory.
16. Type exit and press ENTER to close the command prompt.
Lesson Review
The following questions are intended to reinforce key information presented in this
lesson. If you are unable to answer a question, review the lesson materials and try the
question again. You can find answers to the questions in the “Questions and Answers”
section at the end of this chapter.
5-38
Chapter 5
Configuring Windows XP Professional
1. What performance options can you control with the tabs of the Performance
Options dialog box?
2. Which of the following statements about the use of virtual memory in Windows
XP Professional are correct? (Choose all that apply.)
a. When you install Windows XP Professional, Setup creates a virtual memory
paging file, PAGEFILE.SYS, on the partition where you installed Windows XP
Professional.
b. In some environments, you might find it advantageous to use multiple paging
files.
c. If the entire paging file is not in use, it can decrease below the initial size that
was set during installation.
d. Unused space in the paging file remains unavailable to all programs, even the
internal Windows XP Professional VMM.
3. When you first turn on the computer, the system displays a Please Select The
Operating System To Start screen, which lists the available operating systems.
What happens if a user does not select an operating system before the countdown
timer reaches zero?
4. Which requirements must be met for the Write Debugging Information recovery
option to work?
Lesson 3
Configuring System Settings
5-39
Lesson Summary
■
The Advanced tab of the System Properties dialog box allows you to configure
performance options for a computer. You can enable and disable visual effects
that affect performance, as well as configure processor scheduling, memory usage,
virtual and memory settings.
■
Each user account in Windows XP has an associated user profile that stores userspecific configuration settings. There are three types of user profiles: local, roaming, and mandatory. Local user profiles are stored in the Documents And Settings
folder hierarchy on the %systemroot% drive.
■
You can also use the System Properties dialog box to control the startup and
recovery settings for a computer. Startup settings include which operating system
is loaded by default during Windows Startup and how long Windows waits for
you to choose an operating system before loading the default automatically.
Recovery settings allow you to control Windows behavior in the event of a system
failure.
■
Environment variables define the system and user environment information. Environment variables provide information that Windows XP Professional uses to control various applications.
■
When Error Reporting is enabled, Windows collects information after an application or operating system error and offers to send that information to Microsoft.
Error reporting assists Microsoft in improving future products and in resolving any
difficulties you might encounter with Windows XP Professional.
5-40
Chapter 5
Configuring Windows XP Professional
Lesson 4: Configuring Languages, Locations,
and Accessibility Options
Windows XP Professional provides great flexibility when configuring the desktop. You
can configure your computer for multiple languages and multiple locations. This is
especially important for international companies that deal with customers in more than
one country or users who live in a country in which more than one language is spoken. Windows XP Professional also provides accessibility options that allow you to
make the operating system easier to use.
After this lesson, you will be able to
■ Configure and troubleshoot regional and language options.
■ Configure and troubleshoot accessibility options.
Estimated lesson time: 40 minutes
How to Configure and Troubleshoot Regional and Language Options
Regional And Language Options, available from Date, Time, Language, And Regional
Options in Control Panel, define the standards and formats that the computer uses to
perform calculations; provide information such as date and time; and display the correct format for currency, numbers, dates, and other units. These settings also define a
user’s location, which enables help services to provide local information such as news
and weather. Language options define the input languages (one computer can accept
input in many different languages); therefore, the computer must be configured with
the proper settings.
In many instances, users need to add a region or an input language because they
travel, work, or live in two different countries or regions; an input language needs to
be added because users who share a computer speak different languages; or a currency, time, and date need to be changed temporarily on a user’s laptop while he is on
a business trip.
You will perform almost all regional and language configuration and troubleshooting
tasks in Control Panel by clicking Date, Time, Language, And Regional Options; and
then clicking Regional And Language Options. Figure 5-14 shows the Regional And
Language Options dialog box.
Configuring Correct Currency, Time, and Date
When a user requests a change to the currency, time, or date standards and formats on
a computer, you make those changes in the Regional And Language Options dialog
box on the Regional Options tab. Changing the standard and format is as simple as
clicking the drop-down list in the Standards And Formats section and selecting a new
Lesson 4
Configuring Languages, Locations, and Accessibility Options
5-41
option. In Figure 5-15, English (United States) is no longer selected; French (France) is.
Notice that the date is written in French, that the currency has changed, and that the
date, November 4, 2004, is written 04/11/2004—different from the English version,
which is 11/04/2004.
F05us14.bmp
Figure 5-14 The Regional And Language Options dialog box allows you to select available
languages and customize formatting.
F05us15.bmp
Figure 5-15
and more.
Changing standard and format options changes the currency, date, language,
To make changes and to access the other regional and language options, use these steps:
1. Click Start, and then click Control Panel.
2. In the Control Panel window, click Date, Time, Language, And Regional Options;
and then click Regional And Language Options.
5-42
Chapter 5
Configuring Windows XP Professional
3. In the Regional And Language Options dialog box, on the Regional Options tab,
in the Standards And Formats section, click the drop-down list to view the additional choices. Select one of these choices.
4. In the Location section, choose a country or region from the list to change the
default location.
5. To further customize the settings, click Customize.
6. When finished, click OK in each open dialog box to exit.
How to Customize Regional Options
If you need to change the default settings—such as changing the currency symbol, the
time or date format, or the system of measurement—but need to keep other default settings intact, click Customize (refer to Figure 5-14) and make the appropriate changes.
Each option has a drop-down list, and selecting a different option requires only selecting it from the list.
How to Configure Input Languages
The input language that is configured for the computer tells Windows how to react
when a user types text using the keyboard. A user might want you to add a language
if he works in or travels between two or more countries that use different languages
and he needs to work in those languages or perform calculations with the currencies
in those countries. With multiple languages configured, the user can toggle between
them as needed. In addition, users might want to change language settings even if they
do not travel because they do work with an international group or conduct business
with other countries.
To add (or remove) an input language, use these steps:
1. Click Start menu, and then click Control Panel.
2. In the Control Panel window, click Date, Time, Language, And Regional Options;
and then click Regional And Language Options.
3. In the Regional And Language Options dialog box, on the Languages tab, click
Details.
4. In the Text Services And Input Languages dialog box, click Add to add a language.
5. In the Add Input Language dialog box, click the language you want to add. To
choose a specific keyboard layout, select the Keyboard Layout/IME check box and
choose the appropriate layout. (To add a keyboard layout or input method editor
[IME], you need to have installed it on your computer first.) Click OK.
6. In the Text Services And Input Languages dialog box, select which language
should be the default language from the Default Input Language drop-down list
and click OK.
Lesson 4
Configuring Languages, Locations, and Accessibility Options
5-43
Figure 5-16 shows two available languages: English [United States]-US and French
[France]-France. You can now switch between these languages by using the Language
toolbar located on the taskbar.
F05us16.bmp
Figure 5-16
Two languages are now available.
How to Troubleshoot Language-Related Problems
When users have multiple languages configured, language-related problems will probably occur. A common problem occurs when a user who has multiple languages configured changes the default language in use by accidentally pressing the key
combination that switches between them. By default, pressing L EFT A LT + S HIFT
switches between languages. If you press this combination accidentally, it might suddenly seem that the keyboard does not act as it is supposed to. You must press the key
combination again (or use the Language toolbar) to switch back to the default language. You might want to disable this feature if it becomes a regular problem.
!
Exam Tip
Consider regional settings as a possibility when keyboard errors are reported or
when users report that symbols do not look correct.
How to Configure and Troubleshoot Accessibility Options
Windows XP Professional provides the ability to configure accessibility options
through the Accessibility Options icon in Control Panel.
Keyboard Options
To configure keyboard options, in Control Panel, click Accessibility Options. In the
Accessibility Options window, click Accessibility Options to display the Accessibility
Options dialog box. The Keyboard tab of the Accessibility Options dialog box, shown
5-44
Chapter 5
Configuring Windows XP Professional
in Figure 5-17, allows you to configure the keyboard options StickyKeys, FilterKeys,
and ToggleKeys.
F05us17.bmp
Figure 5-17
Configure keyboard accessibility options.
StickyKeys Turning on StickyKeys allows you to press a multiple-key combination,
such as CTRL+ALT+DELETE, one key at a time. This is useful for people who have difficulty pushing more than one key at a time. This is a check box selection, so it is either
on or off. You can configure StickyKeys by clicking Settings to activate the Settings For
StickyKeys dialog box (see Figure 5-18).
F05us18.bmp
Figure 5-18
StickyKeys allows you to press a multiple-key combination one key at a time.
Lesson 4
Configuring Languages, Locations, and Accessibility Options
5-45
You can also configure a shortcut key for StickyKeys. You can use the default shortcut
key, pressing SHIFT five times, to turn on StickyKeys. This option is activated by default.
Two other options can also be configured for StickyKeys: Press Modifier Key Twice To
Lock and Turn StickyKeys Off If Two Keys Are Pressed At Once. The modifier keys are
CTRL, ALT, SHIFT, and the Windows Logo key. If you select the modifier key option,
pressing one of the modifier keys twice will cause that key to remain active until you
press it again. This is useful for people who have difficulty pressing key combinations.
If you choose to use the second option, StickyKeys is disabled if two keys are pressed
simultaneously.
Two Notification settings can be configured for StickyKeys: Make Sounds When Modifier Key Is Pressed and Show StickyKeys Status On Screen. The first notification setting
causes a sound to be made when any of the modifier keys—CTRL, ALT, SHIFT, or the
Windows Logo key—is pressed. The second notification setting causes a StickyKeys
icon to be displayed in the taskbar when StickyKeys is turned on.
FilterKeys The Keyboard tab also allows you to configure FilterKeys. Turning on
FilterKeys causes the keyboard to ignore brief or repeated keystrokes. This option also
allows you to configure the keyboard repeat rate, which is the rate at which a key continuously held down repeats the keystroke. This is a check box selection, so it is either
on or off. You can configure FilterKeys by clicking Settings to activate the Settings For
FilterKeys dialog box (see Figure 5-19).
F05us19.bmp
Figure 5-19
FilterKeys causes the keyboard to ignore brief or repeated keystrokes.
You can also configure a shortcut key for FilterKeys. You can use the default shortcut
key, holding down the RIGHT SHIFT key for eight seconds, to turn on FilterKeys. This
setting is activated by default.
5-46
Chapter 5
Configuring Windows XP Professional
Two other Filter options can also be configured for FilterKeys: Ignore Repeated Keystrokes and Ignore Quick Keystrokes And Slow Down The Repeat Rate. Ignore
Repeated Keystrokes is inactive by default; Ignore Quick Keystrokes And Slow Down
The Repeat Rate is active by default. Only one of these two filter options can be active
at a time. Configure each of them by clicking Settings.
Two Notification settings can be configured for FilterKeys: Beep When Keys Pressed
Or Accepted and Show FilterKey Status On Screen. The first notification setting causes
a beep when you press a key and another beep when the keystroke is accepted. The
second notification option causes a FilterKeys icon to be displayed in the taskbar when
FilterKeys is turned on. These settings are check boxes, so one of the settings, both of
the settings (the default), or neither of the settings can be selected.
ToggleKeys You can also configure ToggleKeys in the Keyboard tab. Turning on
ToggleKeys causes the computer to make a high-pitched sound each time the CAPS
LOCK, NUM LOCK, or SCROLL LOCK key is switched on. Turning on ToggleKeys also causes
the computer to make a low-pitched sound each time these three keys are turned off.
You can configure a shortcut key for ToggleKeys by clicking Settings. You can use the
shortcut key, holding down NUM LOCK for five seconds, to turn on ToggleKeys. This
setting is activated by default.
Note
There is one more check box on the Keyboard tab: Show Extra Keyboard Help In
Programs. When activated, this check box causes other programs to display additional
keyboard help if available.
Sound Options
The Sound tab provides the Use SoundSentry check box, which allows you to configure Windows XP Professional to generate visual warnings when your computer makes
a sound. The Sound tab also provides the Use ShowSounds check box, which allows
you to configure Windows XP Professional programs to display captions for the speech
and sounds they make.
Display Options
The Display tab of the Accessibility Options dialog box provides the Use High Contrast
check box, which allows you to configure Windows XP Professional to use color and
fonts designed for easy reading. You can click Settings to turn off or on the use of a
shortcut, LEFT ALT+LEFT SHIFT+PRTSCN, which is enabled by default. Clicking Settings
also allows you to select the high-contrast appearance scheme that you want to use.
The Display tab also provides cursor options that allow you to set the blink rate and
the width of the cursor.
Lesson 4
Configuring Languages, Locations, and Accessibility Options
5-47
Mouse Options
The Mouse tab provides the Use MouseKeys check box, which allows you to configure
Windows XP Professional to control the pointer with the numeric keypad on your keyboard. You can click Settings to configure MouseKeys in the Settings For MouseKeys
dialog box (see Figure 5-20).
F05us20.bmp
Figure 5-20
MouseKeys allows you to control the pointer with the numeric keypad.
MouseKeys uses a shortcut, LEFT ALT+LEFT SHIFT+NUM LOCK, which is enabled by
default. You can also configure the pointer speed and acceleration speed. There is
even a check box, Hold Down Ctrl To Speed Up And Shift To Slow Down, that allows
you to temporarily speed up or slow down the mouse pointer speed when you are
using MouseKeys. To speed up the mouse pointer movement, hold down CTRL while
you press the numeric keypad directional keys. To slow down the mouse pointer
movement, hold down SHIFT while you press the numeric keypad directional keys.
General Tab
The General tab of the Accessibility Options dialog box (see Figure 5-21) allows you to
configure Automatic Reset. This feature turns off all the accessibility features, except
the SerialKeys devices, after the computer has been idle for a specified amount of time.
The General tab also includes the Notification feature, which allows you to configure
Windows XP Professional to give a warning message when a feature is activated and to
make a sound when turning a feature on or off.
The General tab also allows you to activate the SerialKeys Devices feature, which configures Windows XP Professional to support an alternative input device (also called an
augmentative communication device) to your computer’s serial port.
5-48
Chapter 5
Configuring Windows XP Professional
F05us21.bmp
Figure 5-21
Configure general accessibility options.
The Administrative Options feature provides two check boxes, Apply All Settings To
Logon Desktop and Apply All Settings To Defaults For New Users, which allow you to
configure Windows XP Professional to apply all configured accessibility options to this
user at logon and to apply all configured accessibility options to all new users.
Practice: Configuring Multiple Languages by Using Control Panel
In this practice, you use the Regional And Language Options icon in Control Panel to
configure multiple languages and multiple locations.
1. In Control Panel, click the Date, Time, Language, And Regional Options icon.
2. Click Regional And Language Options.
Windows XP Professional displays the Regional And Language Options dialog box
with the Regional Options tab active.
3. Click the Languages tab.
4. In the Text Services And Input Languages box, click Details.
Windows XP Professional displays the Text Services And Input Languages dialog
box.
5. In the Installed Services box, click Add.
Windows XP Professional displays the Add Input Language dialog box.
Lesson 4
Configuring Languages, Locations, and Accessibility Options
5-49
6. Click the down-pointing arrow at the end of the Input Languages box to scroll
through the listed languages and select French (France).
The French Keyboard Layout/IME is selected automatically.
7. Click OK to close the Add Input Language dialog box.
Windows XP Professional displays the Text Services And Input Languages dialog
box. Notice that there are now two Installed Services.
8. Click OK to close the Text Services And Input Languages dialog box.
9. Click OK to close the Regional And Language Options dialog box.
10. Close all open programs.
Lesson Review
The following questions are intended to reinforce key information presented in this
lesson. If you are unable to answer a question, review the lesson materials and try the
question again. You can find answers to the questions in the “Questions and Answers”
section at the end of this chapter.
1. How can you configure Windows XP Professional to use multiple languages?
2. Which of the following features allows you to press a multiple-key combination,
such as CTRL+ALT+DELETE, one key at a time. (Choose the correct answer.)
a. FilterKeys
b. StickyKeys
c. ToggleKeys
d. MultiKeys
5-50
Chapter 5
Configuring Windows XP Professional
3. Turning on ________________________ causes the keyboard to ignore brief or
repeated keystrokes. This option also allows you to configure the keyboard
repeat rate, which is the rate at which a key continuously held down repeats the
keystroke.
4. When using MouseKeys, to speed up the mouse pointer movement, hold down
the ________ key while you press the numeric keypad directional keys. To slow
down the mouse pointer movement, hold down the ________ key while you press
the numeric keypad directional keys.
Lesson Summary
■
Regional and language options, available from Control Panel, define the standards
and formats that the computer uses to perform calculations; provide information
such as date and time; and display the correct format for currency, numbers, dates,
and other units.
■
Windows XP also provides a number of accessibility options that make Windows
easier to work with for some people. Some of these features are as follows:
❑
StickyKeys allows you to press a multiple-key combination, such as
CTRL+ALT+DELETE, one key at a time.
❑
FilterKeys causes the keyboard to ignore brief or repeated keystrokes.
❑
ToggleKeys causes the computer to make a high-pitched sound each time the
CAPS LOCK, NUM LOCK, or SCROLL LOCK key is switched on.
❑
SoundSentry causes Windows XP Professional to generate visual warnings
when your computer makes a sound.
❑
ShowSounds causes Windows XP Professional programs to display captions
for the speech and sounds they make.
❑
MouseKeys allows you to configure Windows XP Professional to control the
pointer with the numeric keypad on your keyboard.
Lesson 5
Managing Windows Components
5-51
Lesson 5: Managing Windows Components
Windows XP Professional provides the Add or Remove Programs tool in Control Panel
to make it easy for you manage programs and Windows components on your computer. You use it to add applications, such as Microsoft Word, from CD-ROM, floppy
disk, or network shares. You also use it to add Windows components to a Windows XP
Professional installation. The Add Or Remove Programs tool also allows you to remove
applications or Windows components.
After this lesson, you will be able to
■ Add Windows components
■ Remove Windows components
■ Manage Microsoft Internet Information Services (IIS)
Estimated lesson time: 20 minutes
How to Add Windows Components
You can install Windows components that you did not select when you installed Windows XP Professional on your computer. The components you can install include Fax
Services, Internet Information Services (IIS), Management and Monitoring Tools,
Message Queuing, and additional Network Services. If you want to install one of the
Windows components, select it, and then click Next.
To install or remove Windows components, use the Add Or Remove Programs tool. In
the Add Or Remove Programs window, click Add/Remove Windows Components to
open the Windows Components Wizard (see Figure 5-22).
F05us22.bmp
Figure 5-22 Use the Windows Components Wizard to add or remove components from a
Windows XP Professional installation.
5-52
Chapter 5
Configuring Windows XP Professional
Adding components works pretty much the same way no matter what component you
install, so this chapter focuses on IIS: Web server software that is included with Windows XP.
To install IIS, use these steps:
1. Click Start, and then click Control Panel
2. In the Control Panel window, click Add Or Remove Programs.
3. In the Add Or Remove Programs window, click Add/Remove Windows Components.
Windows XP Professional starts the Windows Components Wizard.
4. Select the Internet Information Services (IIS) check box.
5. Click Details.
The Windows Components Wizard displays the Internet Information Services
page, which shows the components included when you install IIS. Table 5-7 lists
these components.
Table 5-7
Components Included with IIS
Component
Selected by
Default
Common Files
Yes
Installs the required IIS program files
Documentation
Yes
Installs documentation about publishing site content, and Web and FTP Server Administration
File Transfer Protocol
(FTP) Service
No
Provides support to create FTP sites used to
upload and download files
FrontPage 2000 Server
Extensions
Yes
Enables authoring and administration of Web
sites with Microsoft FrontPage and Microsoft
Visual InterDev
Internet Information
Services Snap-In
Yes
Installs the IIS Administrative interface into
Microsoft Management Console
SMTP Service
Yes
Supports the transfer of electronic mail
World Wide
Web Service
Yes
Uses the Hypertext Transfer Protocol (HTTP)
to respond to Web client requests on a TCP/IP
network
Description
6. Click OK to close the Internet Information Services (IIS) page.
7. In the Windows Components page, click Next to continue with the installation of IIS.
The Windows Components Wizard displays the Configuring Components page while
the appropriate files are copied and the components are configured. This might take
a few minutes.
Lesson 5
Managing Windows Components
5-53
8. In the Completing The Windows Components Wizard page, click Finish.
9. Click Close to close the Add Or Remove Programs tool.
How to Remove Windows Components
The Windows Components Wizard is also used to uninstall or remove Windows components from your computer. If you want to remove a Windows component, on the
Windows Component page of the Windows Components Wizard, clear the check box
for the component you want to remove, and then click Next. The Windows Components Wizard displays the Configuring Components page as the files are removed from
your computer. When the component is removed, the Windows Components Wizard
displays the Completing The Windows Components Wizard page; click Finish to close
the wizard. Click Close to close the Add Or Remove Programs tool, and then close
Control Panel.
How to Manage Internet Information Services
IIS allows you to easily publish information on the Internet, or on your or your company’s intranet. You place your Web files in directories on your server and users establish HTTP connections and view your files with a Web browser. IIS for Windows XP
Professional is designed for home or small business networks and allows only 10
simultaneous client connections. It also does not provide all the features that the version included with Windows Server 2003 provides.
You will use the Internet Information Services snap-in to manage IIS. The Internet
Information Services snap-in helps you manage the content of and access to your Web
and FTP sites. To access the Internet Information Services snap-in, click Start, point to
All Programs, point to Administrative Tools, and then click Internet Information Services. The Internet Information Services snap-in lets you handle all aspects of administration for IIS. For example, every Web and FTP site must have a home directory. When
you install IIS, a default home directory is created. When you create a new Web site,
you can use the Internet Information Services snap-in to change your home directory.
To change your home directory, in the Internet Information Services snap-in, rightclick a Web or FTP site, and then click Properties. In the site’s Properties dialog box,
click the Home Directory tab. You can specify a directory on this computer, a shared
directory located on another computer, or a redirection to a URL, and then type the
path in the Local Path text box. Click OK and you have changed your home directory.
If your Web site contains files that are located in directories other than your home directory (for example, on another computer), you must create virtual directories to include
these files on your Web site. You use the IIS console to create these virtual directories. In
the console, select the Web or FTP site to which you want to add a directory. On the
Action menu, point to New, and click Virtual Directory. This starts the Virtual Directory
Creation Wizard, which will guide you through creating the new directory.
5-54
Chapter 5
Configuring Windows XP Professional
When IIS is installed on a computer running Windows XP Professional, an additional
tab named Web Sharing becomes available on the Properties dialog box of any folder,
as shown in Figure 5-23. You can use this tab to quickly make any folder accessible via
your personal Web site.
F05us23.bmp
Figure 5-23
IIS makes the Web Sharing tab available on the Properties dialog box for folders.
To share a folder on a personal Web site by using the Web Sharing tab, use these steps:
1. In Windows Explorer, right-click the folder you want to share through your Web
site, and then click Properties.
2. In the Properties dialog box for the folder, on the Web Sharing tab, use the Share
On menu to select the site on which you want to share the folder. By default, the
Default Web Site is selected. If you have only one Web site, there are no other
choices on the menu.
3. Click Share This Folder.
Windows XP displays the Edit Alias dialog box.
4. In the Edit Alias dialog box, type an Alias for the folder. The alias is the name by
which the folder is displayed on the Web site. By default, Windows creates an alias
that is the same as the folder name.
5. Configure access permissions for the folder. Available access permissions are as
follows:
❑
The Read permission allows users to open or download files in the folder.
❑
The Write permission allows users to modify files in the folder.
❑
The Script Source Access permission allows users to access source code for
scripts in the folder.
❑
The Directory Browsing permission allows users to view the files in the folder.
Lesson 5
Managing Windows Components
5-55
6. Configure Application Permissions for the folder. This setting determines whether
applications can run scripts or executable files in the folder.
7. Click OK to exit the Edit Alias dialog box.
8. Click OK again to apply settings and exit the Properties dialog box for the folder.
You can also use the Web Sharing tab to create additional aliases for a folder, edit the
properties of existing aliases, and remove an alias from a folder.
Lesson Review
The following questions are intended to reinforce key information presented in this
lesson. If you are unable to answer a question, review the lesson materials and try the
question again. You can find answers to the questions in the “Questions and Answers”
section at the end of this chapter.
1. How do you add Windows components to your Windows XP Professional
installation?
2. What service does IIS provide?
3. How many simultaneous client connections can you have by using IIS for Windows XP Professional?
a. 8
b. 10
c. 20
d. 32
5-56
Chapter 5
Configuring Windows XP Professional
4. How do you administer IIS for Windows XP Professional?
Lesson Summary
■
Use the Add or Remove Programs tool in Control Panel to add applications and
Windows components. To add a Windows component, in the Add or Remove Programs window, select Add/Remove Windows Components.
■
You will also use the Add/Remove Windows Components dialog box to remove
components from a Windows XP Professional installation.
■
IIS allows you to publish information on the Internet or on your intranet. IIS for
Windows XP Professional is designed for home or small business networks and
only allows 10 simultaneous client connections.
Case Scenario Exercise
In this exercise, you will read a scenario about configuring Windows XP and then
answer the questions that follow. If you have difficulty completing this work, review
the material in this chapter before beginning the next chapter. You can find answers to
these questions in the “Questions and Answers” section at the end of this chapter.
Scenario
You are working as an administrator for a company named Trey Research, a manufacturer of wireless tracking devices. You are working with Olinda, a technical writer and
translator who is creating a user manual in English and French for the software interface to one of the company’s products.
Questions
1. The software interface for the products uses the metric system instead of the U.S.
system of measurement. Olinda’s regional settings are configured to use the
English (United States) standard. How would you change the default system of
measurement on her computer from U.S. to metric?
Case Scenario Exercise
5-57
2. Because Olinda is documenting how to run the software interface in Windows XP,
she needs to be able to use Windows XP in both English and French. How should
you configure this feature?
3. After adding French to Olinda’s computer, how can she switch between English
and French?
4. After working with the software interface for the company’s product, Olinda
reports that sometimes after she leaves her computer for a while, her monitor goes
blank. When she moves her mouse, she says the monitor comes back, but the program crashes. She wants to stop her monitor from going blank when she leaves it
unattended. What should you do?
5. After working with the creators of the software interface, Olinda discovers that the
program does not respond well to certain visual effects. In particular, the programmers tell her that displaying shadows under the mouse pointer can cause problems with the program. Olinda wants to include instructions in her manual for
disabling this feature and has asked you to provide those instructions. What do
you tell her?
5-58
Chapter 5
Configuring Windows XP Professional
Troubleshooting Lab
You are working as an administrator for a company named Contoso, Ltd., a national
distributor of paper products. Marcel, a user in the Sales department, reports that he is
having a problem with his computer running Windows XP Professional. When he starts
his computer, the startup process gets as far as the Windows logo screen and then fails.
Marcel sees a blue screen with a lot of text on it, and then the computer restarts. The
computer does this over and over again.
1. What is happening to Marcel’s computer?
2. You can start Marcel’s computer successfully in safe mode. You want to see the
Stop error. What should you do?
3. After researching the Stop error on Marcel’s computer, you have determined that
a damaged paging file is causing the stop error. You need to remove the paging
file from Marcel’s computer. How would you do this?
4. After removing the damaged paging file, you need to create a new paging file. You
want Windows to manage the paging file size. How would you do this?
Exam Highlights
5-59
Chapter Summary
■
You can use the Display Properties dialog box to control most settings that govern
the appearance of your desktop and the settings for your video adapter and monitor. Windows XP Professional supports the use of up to 10 displays, extending the
Windows Desktop so that it is spread across all available displays. You must use
PCI or AGP video adapters when configuring multiple displays.
■
Power Options allows you to configure Windows XP Professional to turn off the
power to your monitor and your hard disk, configure APM support, enable hibernation, and configure support for a UPS.
■
The Advanced tab of the System Properties dialog box allows you to configure
performance options for a computer. You can enable and disable visual effects
that affect performance, as well as configure processor scheduling, memory usage,
and virtual and memory settings. You can also use the System Properties dialog
box to control the startup and recovery settings for a computer, user profiles, and
environmental variables.
■
Regional and language options, available from Control Panel, define the standards
and formats that the computer uses to perform calculations; provide information
such as date and time; and display the correct format for currency, numbers, dates,
and other units. Windows XP also provides a number of accessibility options that
make Windows easier to work with for some people.
■
You can use the Add Or Remove Programs tool in Control Panel to add and
remove applications and Windows components. IIS, Web server software built
into Windows XP Professional, is an example of a component you can add.
Exam Highlights
Before taking the exam, review the key points and terms that are presented in this
chapter. You need to know this information.
Key Points
■
Understand how to control color quality and screen resolution. Also understand
how to control advanced display settings, such as adapter type, monitor type, and
compatibility.
■
You can configure processor scheduling to favor Programs or Background Services. Selecting Programs assigns more resources to the foreground program (the
active program that is responding to user input). When you select Background
Services, Windows assigns an equal number of resources to all programs.
5-60
Chapter 5
Configuring Windows XP Professional
■
By default, Windows XP manages the paging file size, but you can designate a file
size for special circumstances. The recommended paging file size is equal to 1.5
times the total amount of RAM.
■
Consider regional settings as a possibility when keyboard errors are reported or
when users report that symbols do not look correct.
Key Terms
Advanced Configuration and Power Interface (ACPI) A newer power standard
than APM that allows Windows to control power settings for a computer. A computer that supports ACPI automatically supports APM.
Advanced Power Management (APM) A power standard that allows Windows to
manage the power settings on a computer.
Color Quality A setting that affects the number of colors used to display objects on
the Desktop.
Desktop Cleanup Wizard A wizard that runs every 60 days by default, offering to
remove unused Desktop icons.
Environment variables Variables that define the system and user environment
information, and contain information such as a drive, path, or file name.
hibernate mode A state in which Windows saves the current system state (including open programs and windows) to your hard disk, and then shuts the computer
down. When you restart the computer, the open programs and windows are
restored.
input languages Languages installed on a computer running Windows XP Professional from which the computer can accept input.
Internet Information Services (IIS) Web server software built into Windows XP
Professional that allows you to easily publish information on the Internet, or on
your or your company’s intranet.
paging file The file Windows uses to swap pages of data between physical memory
and hard disk to augment the memory on a computer. This augmentation is
known as virtual memory.
Power schemes Schemes that allow you to configure Windows XP Professional to
turn off the power to your monitor and your hard disk, conserving energy.
primary display The default display in a multiple display configuration. You can
often change which video adapter controls the primary display by changing settings in the computer’s BIOS.
Screen Resolution A setting that allows you to set the number of pixels Windows
uses to display the Desktop.
Exam Highlights
5-61
uninterruptible power supply (UPS) A device connected between a computer or
another piece of electronic equipment and a power source to ensure that the electrical flow to the computer is not interrupted because of a power outage.
user profile A collection of user-specific settings, such as a customized desktop or
personalized application settings.
Visual Effects Desktop display features that look nice, but often degrade a computer’s performance.
5-62
Chapter 5
Configuring Windows XP Professional
Questions and Answers
Lesson 1 Review
Page
5-12
1. You can enable ________________________________ to restrict access to Display
options.
Group Policy settings
2. Which of the following items does the Desktop Items dialog box allow you to
choose to include or exclude an icon on your desktop? (Choose all that apply.)
a. My Documents
b. Control Panel
c. My Network Places
d. Recycle Bin
The correct answers are A and C. B is not correct because you cannot include the Control Panel
icon on your Desktop. D is not correct because you cannot remove the Recycle Bin icon from
your Desktop.
3. Windows XP Professional supports extension of your display across a maximum
of ______________ monitors.
10
4. You must use __________________________ or ______________________ video
adapters when configuring multiple displays.
PCI, AGP
5. If one of the display adapters is built into the motherboard, the motherboard
adapter always becomes the _____________ (primary/secondary) adapter.
Secondary
Lesson 2 Practice: Configuring Power Options
Page
5-19
13. If you do not see an APM tab on your computer, what are two reasons why it
might not be there?
The APM tab is not shown if your computer does not have an APM-capable BIOS. Also, if your
computer supports the newer ACPI standard, the APM tab is not shown because Windows XP
Professional automatically enabled APM support.
Lesson 2 Review
Page
5-19
1. What is a power scheme and why would you use one?
Power schemes allow you to configure Windows XP Professional to turn off the power to your
monitor and your hard disk to conserve energy.
Questions and Answers
5-63
2. Which of the following statements about Windows XP Professional power
schemes are true? (Choose all that apply.)
a. Windows XP Professional ships with six built-in power schemes.
b. Windows XP Professional allows you to create your own power schemes.
c. Windows XP Professional allows you to modify existing power schemes, but
you cannot create new ones.
d. Windows XP Professional does not ship with any built-in power schemes.
The correct answers are A and B. C is not correct because Windows XP Professional does allow
you to create new power schemes. D is not correct because Windows XP Professional comes
with several power schemes built in.
3. A(n) _____________________________ is a device that connects between a computer and a power source to ensure that the electrical flow to the computer is not
abruptly stopped because of a blackout.
UPS
4. What does hibernate mode do?
When your computer hibernates, it saves the current system state to your hard disk, and then
your computer shuts down. When you start the computer after it has been hibernating, it
returns to its previous state, restarts any programs that were running, and restores any active
network connections.
Lesson 3 Practice: Exercise 2
Page
5-37
11. What does typing the cmd command do?
Typing cmd in the Run dialog box opens the Command Prompt window.
Lesson 3 Review
Page
5-37
1. What performance options can you control with the tabs of the Performance
Options dialog box?
The Visual Effects tab of the Performance Options dialog box provides a number of options that
allow you to manually control the visual effects on your computer. The Advanced tab of the Performance Options dialog box allows you to adjust the application response, which is the priority
of foreground applications versus background applications, and virtual memory.
2. Which of the following statements about the use of virtual memory in Windows
XP Professional are correct? (Choose all that apply.)
a. When you install Windows XP Professional, Setup creates a virtual memory
paging file, PAGEFILE.SYS, on the partition where you installed Windows XP
Professional.
b. In some environments, you might find it advantageous to use multiple paging
files.
5-64
Chapter 5
Configuring Windows XP Professional
c. If the entire paging file is not in use, it can decrease below the initial size that
was set during installation.
d. Unused space in the paging file remains unavailable to all programs, even the
internal Windows XP Professional VMM.
The correct answers are A and B. C is not correct because the paging file size will never
decrease below the initial size. D is not correct because unused space in the paging file is
available to all programs.
3. When you first turn on the computer, the system displays a Please Select The
Operating System To Start screen, which lists the available operating systems.
What happens if a user does not select an operating system before the countdown
timer reaches zero?
If a user does not choose an operating system, the system starts the preselected operating
system when the countdown timer reaches zero.
4. Which requirements must be met for the Write Debugging Information recovery
option to work?
A paging file must be on the system partition (the partition that contains the %systemroot%
folder). You must have enough disk space to write the file to the location you specify. A small
memory dump requires a paging file of at least 2 MB on the boot volume. A kernel memory
dump requires 50 MB to 800 MB available in the paging file on the boot volume. A complete
memory dump requires a paging file on the boot volume large enough to hold all the RAM on
your computer plus 1 MB. With a small memory dump, a new dump file will be created every
time the system stops unexpectedly. For a complete memory dump or kernel memory dump, if
you want the new dump file to overwrite an existing file, select the Overwrite Any Existing File
check box.
Lesson 4 Review
Page
5-49
1. How can you configure Windows XP Professional to use multiple languages?
To configure multiple languages, in Control Panel, click Date, Time, Language, And Regional
Options. In the Date, Time, Language, And Regional Options window, click Regional And Language Options to open the Regional And Language Options dialog box. In the Languages tab of
the Regional And Languages Options dialog box, click Details. Windows XP Professional displays the Text Services And Input Languages dialog box. Click Add. Click the down-pointing
arrow at the end of the Input Language list box. Scroll through the list of languages and select
the ones you want to add. If you added at least one language to the one already installed on
your computer, your computer is now supporting multiple languages.
2. Which of the following features allows you to press a multiple key combination,
such as CTRL+ALT+DELETE, one key at a time. (Choose the correct answer.)
a. FilterKeys
b. StickyKeys
c. ToggleKeys
d. MultiKeys
Questions and Answers
5-65
The correct answer is B. A, C, and D are not correct because it is the StickyKeys feature that
allows you to press a multiple key combination one key at a time.
3. Turning on ________________________ causes the keyboard to ignore brief or
repeated keystrokes. This option also allows you to configure the keyboard repeat
rate, which is the rate at which a key continuously held down repeats the keystroke.
FilterKeys
4. When using MouseKeys, to speed up the mouse pointer movement, hold down
the ________ key while you press the numeric keypad directional keys. To slow
down the mouse pointer movement, hold down the ________ key while you press
the numeric keypad directional keys.
CTRL; SHIFT
Lesson 5 Review
Page
5-55
1. How do you add Windows components to your Windows XP Professional
installation?
In Control Panel, click Add Or Remove Programs. In the Add Or Remove Windows Programs window, click Add/Remove Windows Components to start the Windows Components Wizard. You
use the Windows Components Wizard to select the Windows components that you want to add
to or remove from your Windows XP Professional installation.
2. What service does IIS provide?
IIS allows you to publish information on the Internet or on your intranet. You place your files in
directories on your server, and IIS allows users to establish HTTP connections and view the
files with their Web browsers.
3. How many simultaneous client connections can you have by using IIS for Windows XP Professional?
a. 8
b. 10
c. 20
d. 32
The correct answer is B. Windows XP Professional allows up to 10 concurrent connections.
4. How do you administer IIS for Windows XP Professional?
You use the Internet Information Services snap-in to manage IIS and the content of and access
to your Web and FTP sites.
5-66
Chapter 5
Configuring Windows XP Professional
Case Scenario Exercise
Page
5-56
1. The software interface for the products uses the metric system instead of the U.S.
system of measurement. Olinda’s regional settings are configured to use the
English (United States) standard. How would you change the default system of
measurement on her computer from U.S. to metric?
You should keep the English (United States) setting, but customize the measurement system
to use the metric system.
2. Because Olinda is documenting how to run the software interface in Windows XP,
she needs to be able to use Windows XP in both English and French. How should
you configure this feature?
You should add the French input language to Olinda’s computer. To do this, use the Regional
And Language Options dialog box. On the Languages tab, click Details to show the languages
installed on Olinda’s computer. Click Add to add French to Olinda’s computer.
3. After adding French to Olinda’s computer, how can she switch between English
and French?
Olinda can switch between installed input languages by using the Language toolbar on the taskbar or by pressing left ALT+SHIFT—the default key combination for switching languages.
4. After working with the software interface for the company’s product, Olinda
reports that sometimes after she leaves her computer for a while, her monitor goes
blank. When she moves her mouse, she says the monitor comes back, but the program crashes. She wants to stop her monitor from going blank when she leaves it
unattended. What should you do?
You should configure Olinda’s current power scheme so that Windows does not attempt to turn
off the monitor after an idle period.
5. After working with the creators of the software interface, Olinda discovers that the
program does not respond well to certain visual effects. In particular, the programmers tell her that displaying shadows under the mouse pointer can cause problems with the program. Olinda wants to include instructions in her manual for
disabling this feature and has asked you to provide those instructions. What do
you tell her?
You should tell her to open the System Properties dialog box by right-clicking the My Computer
icon and clicking Properties. She should click the Advanced tab and, in the Performance section, click Settings. In the Performance Options dialog box that opens, Olinda should click Custom, and then clear the Show Shadows Under Mouse Pointer check box. She should then click
OK to close the Performance Options dialog box, and then click OK again to close the System
Properties dialog box.
Questions and Answers
5-67
Troubleshooting Lab
Page
5-58
1. What is happening to Marcel’s computer?
Marcel’s computer is experiencing a Stop error when it starts. However, the computer is restarting each time it encounters this error, causing an endless loop.
2. You can start Marcel’s computer successfully in safe mode. You want to see the
Stop error. What should you do?
You should use the Startup and Recovery dialog box to clear the Automatically Restart check
box in the System Failure section. This action will prevent Marcel’s computer from restarting
when it encounters the error, giving you time to see the actual error.
3. After researching the Stop error on Marcel’s computer, you have determined that
a damaged paging file is causing the stop error. You need to remove the paging
file from Marcel’s computer. How would you do this?
You should use the Virtual Memory dialog box (available via the Advanced tab in the Performance Options dialog box). In the Paging File Size For Selected Drive section, you should click
No Paging File, click Set, and then exit the dialog boxes that are open. You should then restart
the computer.
4. After removing the damaged paging file, you need to create a new paging file. You
want Windows to manage the paging file size. How would you do this?
You should open the Virtual Memory dialog box again. In the Paging File Size For Selected Drive
section, you should click System Managed Size, click Set, and then exit the dialog boxes that
are open. You should then restart the computer.
6 Installing, Managing, and
Troubleshooting Hardware
Devices and Drivers
Exam Objectives in this Chapter:
■ Implement, manage, and troubleshoot input and output (I/O) devices.
■
❑
Monitor, configure, and troubleshoot I/O devices, such as printers, scanners, multimedia devices, mouse, keyboard, and smart card reader.
❑
Monitor, configure, and troubleshoot multimedia hardware, such as
cameras.
❑
Install, configure, and manage Infrared Data Association (IrDA) devices.
❑
Install, configure, and manage universal serial bus (USB) devices.
❑
Install, configure, and manage handheld devices.
Manage and troubleshoot drivers and driver signing.
Why This Chapter Matters
Microsoft Windows XP Professional provides features that make installing, configuring, and managing hardware devices easier than ever. The Plug and Play specification, taken advantage of by most modern hardware, makes installation and
configuration of devices nearly automatic. Device Manager provides a single
interface for configuring and troubleshooting hardware devices on a computer.
This chapter introduces the installation, configuration, and troubleshooting of
hardware devices in Windows XP Professional. It also teaches how to configure
hardware profiles and work with hardware drivers.
Lessons in this Chapter:
■
Lesson 1: Installing a Hardware Device . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-2
■
Lesson 2: Configuring and Troubleshooting Hardware Devices . . . . . . . . . . .6-11
■
Lesson 3: Viewing and Configuring Hardware Profiles . . . . . . . . . . . . . . . . .6-27
■
Lesson 4: Configuring and Troubleshooting Device Drivers . . . . . . . . . . . . .6-32
Before You Begin
To complete this chapter, you must have a computer that meets the minimum hardware requirements listed in the preface, “About This Book.” You must also have Windows XP Professional installed on the computer.
6-1
6-2
Chapter 6
Installing, Managing, and Troubleshooting Hardware Devices and Drivers
Lesson 1: Installing a Hardware Device
Windows XP Professional supports both Plug and Play and non–Plug and Play hardware. This lesson introduces you to the automatic hardware-installation features of
Windows XP Professional. Occasionally, Windows XP Professional fails to automatically detect a hardware device. When this occurs, you must install the hardware device
manually. You might also have to do this if the device requires a specific hardware
resource to ensure that it is installed properly.
After this lesson, you will be able to
■ Install a hardware device automatically.
■ Install a hardware device manually.
Estimated lesson time: 30 minutes
How to Install Hardware Automatically
Windows XP Professional supports Plug and Play hardware. For most devices that are
Plug and Play–compliant, as long as the appropriate driver is available and the basic
input/output system (BIOS) on the computer is Plug and Play–compatible or supports
Advanced Configuration and Power Interface (ACPI), Windows XP Professional automatically detects, installs, and configures the device. When Windows XP Professional
detects a new piece of hardware for which it does not have a hardware driver, it displays the Found New Hardware Wizard, shown in Figure 6-1.
F06us01
Figure 6-1 Use the Found New Hardware Wizard to configure devices for which Windows does not
have a hardware driver.
Lesson 1
!
Installing a Hardware Device
6-3
Exam Tip
Windows XP Professional automatically detects, installs, and configures most
Plug and Play and some non–Plug and Play hardware. If Windows does not detect Plug and
Play hardware, you can often force the detection by restarting the computer or running the
Add Hardware Wizard. For many non–Plug and Play devices, you must use the Add Hardware
Wizard to manually configure the device.
To Use the Add Hardware Wizard
Occasionally, Windows does not detect a new Plug and Play hardware device automatically, so you might need to initiate the installation process by using the Add Hardware
Wizard. You can also use the Add Hardware Wizard to initiate automatic hardware
installation for undetected hardware devices (both Plug and Play and non–Plug and
Play) and to troubleshoot devices.
To use the Add Hardware Wizard to have Windows automatically detect and install
Plug and Play hardware, complete the following steps:
1. From the Start menu, select Control Panel.
2. In the Control Panel window, click Printers And Other Hardware.
3. In the Printers And Other Hardware window, in the See Also section, click Add
Hardware.
4. On the Welcome To The Add Hardware Wizard page, click Next.
5. Windows XP Professional searches for new devices and one of the following three
events occurs:
❑
If Windows XP Professional detects any new Plug and Play hardware for
which it has a hardware driver built in, Windows installs the new hardware.
❑
If Windows XP Professional detects new hardware for which it does not have
a hardware driver, Windows starts the Found New Hardware Wizard.
❑
If the wizard cannot find a new device, it displays the Is The Hardware Connected page. If you have already connected the new device, click Yes, I Have
Already Connected The Hardware, and then click Next. The wizard displays
the The Following Hardware Is Already Installed On Your Computer page, as
shown in Figure 6-2. To add hardware that is not in the list, click Add A New
Hardware Device.
6-4
Chapter 6
Installing, Managing, and Troubleshooting Hardware Devices and Drivers
F06us02
Figure 6-2 Add hardware or troubleshoot with the Add Hardware Wizard.
Note
To use the Add Hardware Wizard to troubleshoot a hardware device, click the device in
the list of installed hardware devices and click Next. The Completing The Add Hardware Wizard page appears. Click Finish to launch a troubleshooter to help resolve any problems you
might be having with that hardware device.
To Confirm Hardware Installation
After installing hardware, you should confirm the installation by using Device Manager.
To start Device Manager, follow these steps:
1. From the Start menu, select Control Panel.
2. In the Control Panel window, click Performance And Maintenance.
3. In the Performance And Maintenance window, click System.
4. In the System Properties dialog box, on the Hardware tab, click Device Manager.
Device Manager allows you to view the hardware installed on a computer, as
shown in Figure 6-3.
Lesson 1
Installing a Hardware Device
6-5
F06us03
Figure 6-3 Device Manager shows devices listed by type.
Windows XP Professional uses icons in the Device Manager window to identify each
installed hardware device. If Windows XP Professional does not have an icon for the
device type (usually because the hardware device is unidentified), Device Manager displays a question mark as the icon for the device.
Expand the device tree to locate the newly installed hardware device. The device icon
indicates whether the hardware device is operating properly. You can use the information in Table 6-1 to determine the hardware status.
Table 6-1
Device Manager Hardware Status
Icon
Hardware Status
Normal icon
Hardware is operating properly.
Stop sign on icon
Windows XP Professional disabled the hardware device because of
hardware conflicts.
Exclamation point on icon The hardware device is incorrectly configured or its drivers are
missing.
Red “x” on icon
The hardware device is disabled in the current hardware profile.
How to Install Hardware Manually
Most non–Plug and Play hardware requires manual installation. Although it is rare
these days to find computers running Windows XP Professional that still use non–Plug
and Play hardware, it does happen on occasion, so you should understand how to
install and configure hardware manually. To manually install hardware, first determine
6-6
Chapter 6
Installing, Managing, and Troubleshooting Hardware Devices and Drivers
which hardware resource is required by the hardware device. Next, you must determine the available hardware resources. In some cases, you have to change hardware
resources. Finally, you might have to troubleshoot any problems you encounter.
Hardware Device Communication Resources
With older, non–Plug and Play devices, you often must configure the device itself to
specify which hardware resources the device will use. This configuration mostly happens by changing jumpers or switches on the device, but sometimes happens through
a software interface. Again, it is extremely rare that you will encounter a device made
within the last few years that you will have to configure manually, but it is still handy
information to have.
When installing new hardware, you need to know which resources the hardware can
use. You can reference the product documentation to determine the resources that a
hardware device requires. Table 6-2 describes the resources that hardware devices use
to communicate with an operating system.
Table 6-2
Hardware Device Resources
Resource
Description
Interrupt
Hardware devices use interrupts to send messages. The microprocessor
knows this as an interrupt request (IRQ). The microprocessor uses this
information to determine which device needs its attention and the type of
attention that it needs. There are 16 IRQs (numbered 0 to 15) that Windows
XP assigns to devices. For example, Windows XP Professional assigns IRQ
1 to the keyboard.
Input/output (I/O) I/O ports are a section of memory that a hardware device uses to commuport
nicate with the operating system. When a microprocessor receives an IRQ,
the operating system checks the I/O port address to retrieve additional
information about what the hardware device wants it to do. An I/O port is
represented as a hexadecimal number.
Direct memory
access (DMA)
DMAs are channels that allow a hardware device, such as a floppy disk
drive, to access memory directly, without interrupting the microprocessor.
DMA channels speed up access to memory. Windows XP Professional
assigns eight DMA channels, numbered 0 through 7.
Memory
Many hardware devices, such as a network interface card (NIC), use
onboard memory or reserve system memory. This reserved memory is
unavailable for use by other devices or Windows XP Professional.
Lesson 1
Installing a Hardware Device
6-7
To Determine Available Hardware Resources
After you determine which resources a hardware device requires, you can look for an
available resource. Device Manager provides a list of all hardware resources and their
availability, as shown in Figure 6-4.
F06us04
Figure 6-4
Device Manager can also list resources by connection type.
To view the hardware resource lists in Device Manager, follow these steps:
1. In Device Manager, click the View menu, and then click Resources By Connection.
2. The Device Manager displays the resources that are currently in use (for example,
IRQs). To view a list of resources for another type of hardware resource, on the
View menu, click the type of hardware resource you want to see.
After you know which hardware resources are available, you can configure the device
to use those resources and then install the hardware manually with the Add Hardware
Wizard.
Note If you select a hardware resource during manual installation, you might need to configure the hardware device so that it can use the resource. For example, for a network adapter
to use IRQ 5, you might have to set a jumper on the adapter and configure Windows XP Professional so that it recognizes that the adapter now uses IRQ 5.
6-8
Chapter 6
Installing, Managing, and Troubleshooting Hardware Devices and Drivers
To Change Hardware Resource Assignments
In some circumstances, you might need to change the resource assignments for a
device. For example, a hardware device might require a specific resource presently in
use by another device. You might also encounter two hardware devices requesting the
same hardware resource, resulting in a conflict.
To change a resource setting, in Device Manager, open the device’s Properties dialog
box and switch to the Resources tab.
When you change a hardware resource, print the content of Device Manager, which
provides you with a record of the hardware configuration. If you encounter problems,
you can use the printout to verify the hardware resource assignments.
From this point, follow the same procedures that you used to choose a hardware
resource during a manual installation.
Note Changing the resource assignments for non–Plug and Play devices in Device Manager
does not change the resources used by that device. You use Device Manager only to instruct
the operating system on device configuration. To change the resources used by a non–Plug
and Play device, consult the device documentation to see whether switches or jumpers must
be configured on the device.
Practice: Running the Add Hardware Wizard
In this practice, you will manually install the software for a printer that is not actually
connected to your computer. Complete the following steps.
Important
This practice assumes that you do not already have a hardware device connected to a parallel port named LPT2 on your computer. Do not worry if you do not have an
LPT2 port; the exercise will work anyway.
1. From the Start menu, click Control Panel.
2. In the Control Panel window, click Printers And Other Hardware.
3. In the Printers And Other Hardware window, in the See Also section, click Add
Hardware.
4. On the Welcome To The Add Hardware Wizard page of the Add Hardware Wizard, click Next.
5. The Add Hardware Wizard searches for any new Plug and Play devices, and then
displays the Is The Hardware Connected page. Click Yes, I Have Already Connected The Hardware, and then click Next.
Lesson 1
Installing a Hardware Device
6-9
6. In the list of installed hardware, scroll to the bottom and click Add A New Hardware Device. Click Next.
7. Click Install The Hardware That I Manually Select From A List (Advanced), and
then click Next.
8. In the list of common hardware types, click Printers and then click Next.
9. On the Select A Printer Port page, in the Use The Following Port drop-down list,
click LPT2: (Printer Port), and then click Next.
10. On the Install Printer Software page, in the Manufacturer list, click Royal. In the
Printers list, select Royal CJP 450. Click Next.
11. On the Name Your Printer page, click Next.
12. On the Print Test Page page, select No and then click Next.
13. If you are using Windows XP Professional and you have Simple File Sharing disabled, you next will see a page asking whether you want to share the new printer.
Select Do Not Share This Printer, and then click Next.
14. Click Finish to exit the Add Hardware Wizard.
Lesson Review
Use the following questions to help determine whether you have learned enough to
move on to the next lesson. If you have difficulty answering these questions, review
the material in this lesson before beginning the next lesson. You can find answers to
these questions in the “Questions and Answers” section at the end of this chapter.
1. When you initiate automatic hardware installation by starting the Add Hardware
Wizard, what does Windows XP Professional query the hardware about?
2. _______________________ are channels that allow a hardware device, such as a
floppy disk drive, to access memory directly (without interrupting the microprocessor). Fill in the blank.
3. Why would you install a hardware device manually?
Lesson Summary
■
For most Plug and Play hardware, you connect the device to the computer, and
Windows XP Professional automatically configures the new settings. For non–Plug
and Play hardware, Windows XP Professional often identifies the hardware and
6-10
Chapter 6
Installing, Managing, and Troubleshooting Hardware Devices and Drivers
automatically installs and configures it. For the occasional Plug and Play hardware
device and for any non–Plug and Play hardware that Windows XP Professional
does not identify, install, and configure, you initiate automatic hardware installation with the Add Hardware Wizard.
■
When you manually install hardware, you must determine any resources required
by that hardware device. Hardware resources include interrupts, I/O ports, and
memory. The Device Manager snap-in provides a list of all hardware resources
and their availability.
Lesson 2
Configuring and Troubleshooting Hardware Devices
6-11
Lesson 2: Configuring and Troubleshooting Hardware
Devices
Device Manager is one of the tools you use to manage and troubleshoot devices—you
learn how to use it and how it helps you manage your computer. You also learn to
install and configure fax support in Windows XP Professional, as well as how to manage various I/O devices.
After this lesson, you will be able to
■ Configure and troubleshoot devices by using Device Manager.
■ Install, configure, and troubleshoot fax support.
■ Manage and troubleshoot I/O devices.
Estimated lesson time: 40 minutes
How to Configure and Troubleshoot Devices Using Device Manager
Device Manager provides you with a graphical view of the hardware installed on your
computer and helps you manage and troubleshoot hardware devices. You can use
Device Manager to configure, disable, and uninstall devices as well as to update device
drivers. Device Manager also helps you determine whether the hardware on your computer is working properly.
Tip
Windows XP Professional also provides the Hardware Troubleshooter to troubleshoot
hardware problems. It should appear automatically if you have problems. To start it manually,
on the Start menu, click Help And Support. In the Help And Support Center, under Pick A Help
Topic, click Hardware. In the Hardware list, click Fixing A Hardware Problem. Under Fixing A
Hardware Problem, click Hardware Troubleshooter. The Hardware Troubleshooter walks you
through the troubleshooting process.
When you change device configurations manually, Device Manager can help you avoid
problems by allowing you to identify free resources, assign devices to those resources,
disable devices to free resources, and reallocate resources used by devices to free a
required resource. You must be logged on as a member of the Administrators group to
change resource settings. Even if you are logged on as Administrator, if your computer
is connected to a network, policy settings on the network might prevent you from
changing resources.
6-12
Chapter 6
Installing, Managing, and Troubleshooting Hardware Devices and Drivers
Caution Improperly changing resource settings on devices can disable your hardware and
cause your computer to stop working.
Windows XP Professional automatically identifies Plug and Play devices and arbitrates
their resource requests. However, the resource allocation among Plug and Play devices
is not permanent. If another Plug and Play device requests a resource that has already
been allocated, Windows XP Professional again arbitrates the requests to satisfy all the
devices.
You should not change resource settings for a Plug and Play device manually because
Windows XP Professional is then unable to arbitrate the assigned resources if
requested by another Plug and Play device. In Device Manager, Plug and Play devices
have a Resources tab in their Properties dialog box. To free the resource settings you
manually assigned and to allow Windows XP Professional to again arbitrate the
resources, select the Use Automatic Settings check box in the Resources tab.
You can use the following procedure to configure or troubleshoot a device using
Device Manager:
1. From the Start menu, right-click My Computer, and then click Manage. The Computer Management window opens, as shown in Figure 6-5.
F06us05
Figure 6-5 You can access Device Manager through the Computer Management window.
2. Expand the System Tools node, and then click Device Manager.
3. In the right pane, expand the device category (Network adapters, for example),
and then double-click the device you want to configure. The Properties dialog box
for the device appears, as shown in Figure 6-6.
Lesson 2
Configuring and Troubleshooting Hardware Devices
6-13
F06us06
Figure 6-6 Use the Properties dialog box to configure the device.
Although the tabs available in a device’s Properties dialog box vary depending on the
device, they usually include some of the tabs listed in Table 6-3.
Table 6-3
A Device’s Properties Dialog Box Tabs
Tab
Functionality
Advanced or
Advanced Properties
The properties listed vary depending on the device selected.
General
Displays the device type, manufacturer, and location. It also displays
the device status and provides a troubleshooter to help you troubleshoot any problems you are having with the device. The troubleshooter steps you through a series of questions to determine the
problem and provide a solution.
Device Properties
The properties listed vary depending on the device selected.
Driver
Displays the driver provider, driver date, driver version, and digital
signer. This tab also provides the following three additional buttons:
Driver Details, Uninstall, and Driver Update. These buttons allow you
to get additional information on the driver, uninstall the driver, or
update the driver with a newer version, respectively.
Port Settings
In a communications port (COM1) Properties dialog box, displays and
allows you to configure settings for bits per second, data bits, parity,
stop bits, and flow control.
Properties
Determines the way Windows uses the device. For example, on the
CD-ROM, the properties could include volume and a feature named
Digital CD Playback, which allows you to to enable digital instead of
analog playback. These settings determine how Windows uses the CDROM for playing CD music.
Resources
Displays the resource type and setting, whether there are any resource
conflicts, and whether or not you can change the resource settings.
6-14
Chapter 6
Installing, Managing, and Troubleshooting Hardware Devices and Drivers
Viewing Hidden Devices
By default, Device Manager does not display all devices. Some devices are hidden, such as non–Plug and Play devices and devices that are not currently connected to the computer (phantom devices). To view any hidden non–Plug and
Play devices, on the Device Manager View menu, click Show Hidden Devices.
To view phantom devices, follow these steps:
1. Click Start and then click Run. In the Open text box, type cmd and click OK.
2. At the command prompt, type set DEVMGR_SHOW_NONPRESENT_
DEVICES=1.
3. Press ENTER.
4. Start Device Manager by typing start devmgmt.msc and pressing ENTER.
To set Device Manager to always show phantom devices, add the following system environment variable: set DEVMGR_SHOW_NONPRESENT_DEVICES=1.
For information on adding system environment variables, see Chapter 5, “Configuring Windows XP Professional.”
How to Install, Configure, Manage, and Troubleshoot Fax Support
Windows XP Professional can provide complete fax facilities from your computer. It
provides you with the capability to send and receive faxes with a locally attached fax
device, or with a remote fax device connected on your network. You can track and
monitor fax activity as well. However, the Fax component of Windows XP Professional
is not installed by default, so you must install it.
You can use the following procedure to install the Fax component:
1. From the Start menu, click Control Panel.
2. In the Control Panel window, click Add Or Remove Programs.
3. In the Add Or Remove Programs window, click Add/Remove Windows Components.
4. In the Windows Components Wizard, select Fax Services, and then click Next.
The Configuring Components page appears while the Windows Components
Wizard examines the components, copies the necessary files, and configures
the Fax Service.
5. On the Completing The Windows Components Wizard page, click Finish.
Lesson 2
Configuring and Troubleshooting Hardware Devices
6-15
6. Close the Add Or Remove Programs window.
7. In the Control Panel window, click Printers And Other Hardware.
8. In the Printers And Other Hardware window, click Printers And Faxes. Notice that
a new printer named Fax has been added.
Note
If there is no Fax icon, click Install A Local Fax Printer to add one.
After installing the Fax Service, a new icon named Fax appears in the Control Panel
window. You can use this tool to add, monitor, and troubleshoot fax devices, including
fax modems and fax printers.
You can use the following procedure to configure how Windows sends and receives
faxes:
1. From the Start menu, select Printers And Faxes.
2. In the Printers And Faxes window, double-click the Fax icon.
3. On the Welcome To The Fax Configuration Wizard page, click Next.
4. On the Sender Information page, enter information in the following text boxes:
Your Full Name, Fax Number, E-Mail Address, Title, Company, Office Location,
Department, Home Phone, Work Phone, Address, and Billing Code. When you are
done, click Next.
5. On the Completing The Fax Configuration Wizard page, click Finish. Windows XP
Professional displays the Fax Console.
Tip
To configure a fax, click Configure Fax on the Tools menu of the Fax Console. To open
the Fax Console, click Start, point to All Programs, point to Accessories, point to Communications, point to Fax, and then click Fax Console.
To Manage and Troubleshoot Fax Support
Windows XP Professional provides the Fax Console to help you manage and troubleshoot faxes.
To manage and troubleshoot faxes, complete the following steps:
1. From the Start menu, point to All Programs, point to Accessories, point to Communications, point to Fax, and then click Fax Console.
2. Windows XP Professional displays the Fax Console, as shown in Figure 6-7.
6-16
Chapter 6
Installing, Managing, and Troubleshooting Hardware Devices and Drivers
F06us07
Figure 6-7 Use the Fax Console to manage and troubleshoot faxes.
The Outbox contains all faxes waiting to be sent or in the process of being sent,
whether the faxes were sent using a locally attached fax device or a network fax
device. You can right-click any fax shown, and then press DELETE or click Delete on the
File menu to delete the fax. When you right-click a fax, you can also click Pause to prevent it from being sent or click Resume to place a fax that you paused back in the
queue to be sent. If a fax fails, you can right-click the fax and click Restart to attempt
to resend the fax. Finally, when you right-click a fax, you can click Save As to save a
copy of the fax, Mail To to mail a copy of the fax to someone, or Print to print a copy
of the fax.
The Incoming box allows you to manage incoming faxes in the same manner that the
Outgoing box helps you manage outgoing faxes. You can click the Incoming box, and
then right-click a fax to delete, pause, resume, save, mail to someone, and print the fax.
You can also click Properties to view the properties of an incoming fax.
Table 6-4 discusses some common troubleshooting scenarios for faxes.
Table 6-4
Common Fax Troubleshooting Scenarios
Problem
Cause
Solution
When I click the Print
button on my application’s toolbar, my fax
does not print to a fax
printer.
The print button on the toolbar
of some Windows applications
does not use the Print dialog
box, causing your document to
be printed on the last printer
used.
On the File menu of your Windows application, click Print to
access the Print dialog box so
that you can select your fax
printer.
Lesson 2
Table 6-4
Configuring and Troubleshooting Hardware Devices
6-17
Common Fax Troubleshooting Scenarios
Problem
Cause
Solution
A fax I sent is pending
in the Outbox.
There is a problem with the
local fax device.
Either there is no local fax
device configured to send
faxes or there is a problem
with the local fax device. Verify
that there is a local fax device
and that it is configured for
sending faxes. On the Tools
menu of the Fax Console, click
Fax Printer Status.
The remote fax device is
busy.
On the Tools menu of the Fax
Console, click Fax Printer Status.
Someone sent me a
fax, and my incoming
fax device is not
detecting the call.
There is a problem with your
local fax device.
Verify that your local fax device
is configured to receive faxes. If
you have an external modem,
turn it off and on. If you have
an internal modem, shut down
your computer and restart it.
I am using dialing rules
with calling cards, but
the calling card
information is not
working.
Calling card information is
defined on a per-user basis.
Ensure that the Fax Service is
running by using the same
user account as the calling
card information.
Right-click My Computer, click
Manage, and then click Services And Applications. In the
Services list, double-click Fax.
Click Log On. Set the Fax Service to run under the calling
card user account.
To Send a Fax
Windows XP Professional makes it simple for you to use your computer to send faxes.
You can use the following procedure to send a fax:
1. From the Start menu, point to All Programs, point to Accessories, point to Communications, point to Fax, and then click Send A Fax.
2. On the Welcome To The Send Fax Wizard page (which indicates that if you want
to fax a document, you create or open the document in a Windows-based application and print it to a fax printer), click Next.
3. On the Recipient Information page, enter the name and number of the person to
whom you want to send a fax, and then click Next.
Tip
To send the fax to multiple recipients, enter the first person’s name and phone number,
and then click Add. Enter the information for each recipient and click Add until all recipients
have been entered.
6-18
Chapter 6
Installing, Managing, and Troubleshooting Hardware Devices and Drivers
4. On the Preparing The Cover Page page, select a cover page template. You can also
enter a subject line, a note, and sender information. Click Next.
Note
Either the Subject Line or Note text boxes must be filled in to proceed.
5. On the Schedule page, choose when to send the fax (Now, When Discount Rates
Apply, or A Specific Time In The Next 24 Hours). You can also specify a priority
of High, Normal, or Low. Click Next.
6. On the Completing The Send Fax Wizard page, review the information. If the
information is correct, click Finish to send the fax.
How to Manage and Troubleshoot the Most Common I/O Devices
The list of possible devices that you can install is too long to include here. Instead, the
following sections include some of the most common devices and how they are
installed, configured, and managed.
Scanners and Cameras
Most digital cameras, scanners, and other imaging devices are Plug and Play devices,
and Windows XP Professional installs them automatically when you connect them to
your computer. If your imaging device is not installed automatically when you connect
it, or if it does not support Plug and Play, use the Scanner And Camera Installation Wizard. To open this wizard, in Control Panel, click Printers And Other Hardware, and
then click Scanners And Cameras. In the Scanners And Cameras window, double-click
Add An Imaging Device to start the Scanners And Camera Installation Wizard. Click
Next and follow the onscreen instructions to install your digital camera, scanner, or
other imaging device.
In Device Manager, select the appropriate device, and then click Properties. The standard color profile for Integrated Color Management (ICM 2.0) is RGB, but you can add,
remove, or select an alternate color profile for a device. To change the color profile,
click the Color Management tab on the device’s Properties dialog box. If you are having problems with your scanner or camera, click Troubleshoot in the Scanners And
Cameras Properties dialog box.
You use the Scanners And Cameras tool in Control Panel to manage imaging devices.
Configuration options vary depending on the device that is connected, but at a minimum you can test the device to verify that it is functioning, set the rate at which data
is transferred from the camera or scanner to the computer, and control color profiles.
It is important to not set the data transfer rate higher than what the device supports. If
the transfer rate is set too high, image transfer might fail.
Lesson 2
Configuring and Troubleshooting Hardware Devices
6-19
Mouse Devices
Mouse devices are generally Plug and Play, and Windows generally recognizes mouse
devices when they are connected to the computer or, at the least, when Windows starts
up. In some cases, though, you must install a mouse using the Add Hardware Wizard.
Mouse devices connect to computers through a mouse (PS/2) port, serial port, or USB
port. Wireless mouse devices are also available, although they usually communicate
with a receiver that connects to the computer using a USB port.
Click the Mouse icon in the Printers And Other Hardware window of Control Panel to
configure and troubleshoot your mouse. The Buttons tab (see Figure 6-8) allows you to
configure your mouse for a left-handed or right-handed user. It also allows you to set
a single mouse click as select or open and to control the double-click speed.
F06us08
Figure 6-8
Configure button properties using the Buttons tab of the Mouse Properties dialog box.
The Pointers tab allows you to select or create a custom scheme for your pointer. The
Pointer Options tab allows you to adjust the speed and acceleration of your pointer
and to set the Snap To Default option, which moves the pointer automatically to the
default button in dialog boxes.
The Hardware tab allows you to access the troubleshooter if you are having problems
with your mouse. The Hardware tab also has a Properties button that allows you to do
an advanced configuration for your mouse. This includes uninstalling or updating your
driver, viewing or changing the resources allocated to your mouse, and increasing or
decreasing the sensitivity of your mouse by varying the sample rate, which changes
how often Windows XP Professional determines the position of your mouse.
Keyboards
Like mouse devices, keyboards are generally Plug and Play devices. Keyboards are
usually connected to the computer through a (PS/2) keyboard port or a USB port.
6-20
Chapter 6
Installing, Managing, and Troubleshooting Hardware Devices and Drivers
Wireless keyboards are also available, although (like wireless mouse devices) they typically communicate with a receiver that connects to the computer using a USB port.
Click Keyboard in the Printers And Other Hardware window of Control Panel to configure or troubleshoot a keyboard. In the Speed tab, you can configure the character
repeat delay and the character repeat rate. You can also control the cursor blink rate.
The Hardware tab shows you the device properties for the installed keyboard and
allows you to access the troubleshooter if you are having problems with your keyboard. You can also install a device driver, roll back to a previous device driver, or
uninstall a device driver.
USB Devices
Universal serial bus (USB) is a type of connection developed to provide a fast, flexible
method of attaching up to 127 peripheral devices to a computer. USB provides a connection format designed to replace the computer’s traditional serial-port and parallelport connections. The term “universal” indicates that many kinds of devices can take
advantage of USB. USB is fully Plug and Play–compliant.
The USB system comprises a single USB host and USB devices. The host is at the top
of the USB hierarchy. In a Windows XP environment, the operating system and the
hardware work together to form the USB host. Devices include hubs, which are connection points for other USB devices and nodes. Nodes are end devices such as printers, scanners, mouse devices, keyboards, and so on. Some nodes also function as hubs,
allowing additional USB devices to be connected to them.
You can connect USB peripherals together by using connection hubs that allow the bus
to branch out through additional port connections. In this example, some of the
peripheral devices are simply devices, whereas others serve as both devices and connection hubs. The computer provides a USB host connection that serves as the main
USB connection.
A special hub, called the root hub, is an integral part of the host system (typically built
into the motherboard), and provides one or more attachment points for USB devices
(the ports available on the computer). The built-in USB ports on computers function as
the root hub. USB provides for a total of up to five levels of devices. The root hub is
at the first level. Regular hubs can form up to three additional levels, and nodes can
function as the last level.
You can add or remove most USB devices from a computer while the computer is
turned on. This practice is often referred to as hot-plugging the device. Plug and Play
detects the presence (or absence) of the device and configures it for operation.
The USB interface provides power to the peripheral that is attached to it. The root hub
provides power from the host computer to directly connected devices. Hubs also supply
power to connected devices. Even if the interface supplies power to the USB devices, USB
Lesson 2
Configuring and Troubleshooting Hardware Devices
6-21
devices also can have their own power sources, if necessary. Many devices, such as digital
cameras and scanners, draw more power than a USB hub can provide.
!
Exam Tip
Some USB hubs are self-powered, and some are not. Hubs that are not self-powered draw power from the hub to which they are connected or from the computer itself. If you
find that a USB device that is connected to an unpowered USB hub is not working as
expected, try replacing the unpowered USB hub with a self-powered hub.
Because you can add nearly any type of peripheral device to the PC through the USB
port, the range of symptoms that are associated with USB devices include all the symptoms that are listed for peripheral devices in this chapter. Problems that are associated
specifically with the USB technology occur in the following general areas:
■
USB hardware device
■
USB controller
■
USB drivers
The first step in troubleshooting USB problems is to check the BIOS setup to make sure
that the USB function is enabled for the computer. Table 6-5 describes basic USB troubleshooting procedures.
Table 6-5
Basic USB Troubleshooting
If This Happens
Do This
USB functionality is enabled
in the BIOS.
Check Device Manager to make sure that the USB controller
appears there. In Windows XP, the USB controller should be
listed under the Universal Serial Bus Controllers entry (using
the default Devices By Type view in Device Manager).
The controller does not
Contact the BIOS manufacturer for an updated copy of the
appear in Device Manager,
BIOS because the computer’s BIOS might be outdated.
or a yellow warning icon
appears next to the controller.
The controller is present in
Device Manager.
Right-click the USB controller, and then select Properties. If
there are any problems, a message should appear in the Device
Status section on the General tab of the controller’s Properties
dialog box.
The BIOS and controller
settings appear to be correct.
Check the USB port drivers next. USB ports are listed in Device
Manager as USB Root Hubs. Right-click a USB Root Hub entry,
and then select Properties. Use the Driver tab of the USB Root
Hub Properties dialog box to update or roll back drivers, if
necessary.
6-22
Chapter 6
Installing, Managing, and Troubleshooting Hardware Devices and Drivers
When troubleshooting USB devices, you must be aware that the problem could be a
result of general USB issues or be a problem with the device itself. Usually, but not
always, general USB issues affect more than one device. If you suspect a problem with
a specific device, uninstall the device by using Device Manager, disconnect the device
from the computer, and then restart the computer. After the computer restarts, reconnect the device and let Plug and Play detect, install, and configure it again. If the device
still does not function correctly, investigate the possibility that the device is damaged in
some way or that you need to obtain updated drivers from Microsoft or the device
manufacturer.
Smart Card Readers
Smart cards are small, credit card–sized devices that are used to store information.
Smart cards are generally used to store authentication credentials, such as public and
private keys, and other forms of personal information. They are highly portable, allowing users to easily carry their credentials and other personal information with them.
A computer must have a smart card reader to access a smart card. The reader is generally a PS/2, USB, or PC Card device, although some computers have smart card readers
built in. Windows XP supports Plug and Play smart card readers that follow the Personal Computer/Smart Card (PC/SC) standards. A manufacturer might provide a device
driver for its legacy smart card device, but Microsoft recommends using only Plug and
Play smart card readers.
In addition to installing drivers for a smart card reader, you must enable the Smart Card
service for Windows XP Professional to read smart cards. After you have installed and
configured the smart card reader, make sure that the Smart Card service is started by
using the Services snap-in in Computer Management.
Modems
Analog modems connect a computer to a remote device through the Public Switched
Telephone Network (PSTN). Modems are often used to connect to the Internet through
an Internet service provider (ISP) or to connect to a remote private network, such as a
corporate network.
A modem can be either an internal or an external device. Internal modems connect to
one of the computer’s internal expansion slots. External modems connect to one of the
computer’s serial or USB ports.
You can manage modems through the Phone And Modem Options tool in Control Panel
and through Device Manager. In Control Panel, select Printers And Other Hardware;
then select Phone And Modem Options. In the Phone and Modem Options dialog box,
on the Modems tab, double-click a modem to open a modem’s Properties dialog box.
The Properties dialog box allows you to control speaker volume for the modem or to
Lesson 2
Configuring and Troubleshooting Hardware Devices
6-23
disable modem sound entirely. This is actually a common request from users who do
not like hearing the modem sounds every time they connect to the Internet.
The Maximum Port Speed list controls how quickly communications programs are permitted to send information to the modem. This is not the same as the modem’s connection speed, which is negotiated when the modem dials out and establishes a
connection. The maximum port speed is generally configured during installation and
does not need to be reconfigured to match the modem’s connection speed.
The Wait For Dial Tone Before Dialing check box is enabled by default. The telephone
systems of some countries do not use a dial tone, in which case this option must be disabled or else the modem will never dial.
The Diagnostics tab of the modem’s Properties dialog box lets you query the modem
to see whether it can respond to standard modem commands. When you are troubleshooting, this is a useful way to determine whether the modem is initializing and functioning correctly.
During installation, Windows XP often installs a standard modem driver rather than the
specific driver for the modem. This happens in cases where Windows cannot find a
device-specific driver. The standard modem driver provides basic functionality, but
does not support advanced modem features. You can use this driver temporarily until
you obtain the appropriate driver from the manufacturer.
Game Controllers
Click Game Controllers in the Printers And Other Hardware window of Control Panel
to install, configure, or troubleshoot your game controller. Attach the game controller
to the computer (for example, if it is USB game controller, attach it to a USB port). If it
does not install properly, in Device Manager, look under Human Interface Devices. If
the controller is not listed, then check to make sure that USB is enabled in the BIOS.
When prompted during system startup, access BIOS setup and enable USB. If USB is
enabled in BIOS, contact the maker or vendor for your computer and obtain the current version of BIOS.
To configure the controller, select a device, and then click Properties. To troubleshoot
a device, select it, and then click Troubleshoot.
IrDA and Wireless Devices
Most internal Infrared Data Association (IrDA) devices should be installed by Windows
XP Professional Setup or when you start Windows XP Professional after adding one of
these devices. If you attach an IrDA transceiver to a serial port, you must install it using
the Add Hardware Wizard. In Control Panel, click Printers And Other Hardware, and
then click Add Hardware to start the Add Hardware Wizard. Click Next to close the
6-24
Chapter 6
Installing, Managing, and Troubleshooting Hardware Devices and Drivers
Welcome To The Add Hardware Wizard page. Select Yes, I Have Already Connected
The Hardware, and then click Next. Select Add A New Hardware Device and then click
Next, and follow the directions onscreen.
To configure an IrDA device, in Control Panel click Wireless Link. In the Hardware tab,
click the device you want to configure, and then click Properties. The Properties dialog
box shows the status of the device, driver files, and any power management settings.
Note
The Wireless Link icon appears in Control Panel only if you have already installed an
infrared device on your computer.
Handheld Devices
Most handheld devices support either IrDA standards or connect to the computer
through a serial or USB port. For handheld devices that use a port, some connect directly
to the port, and some connect to a cradle, which in turn is connected to the port.
You will need to install software so that Windows XP can communicate correctly with
the handheld device. For example, Palm-based personal digital assistants (PDAs)
require you to install the Palm desktop software to allow the PDA to transfer data to
and from a Windows-based PC. Handheld devices running Windows Mobile software,
such as the Pocket PC, require that you install a program named ActiveSync on the
computer.
See Also
For more information about supporting handheld devices running Windows
Mobile software, visit the Windows Mobile page of the Microsoft Web site at http://
www.microsoft.com/windowsmobile/.
Practice: Disabling and Re-enabling a Hardware Device
In this practice, you use Device Manager to disable and re-enable a hardware device.
Complete the following steps.
1. From the Start menu, click Control Panel.
2. In the Control Panel window, click Performance And Maintenance.
3. In the Performance And Maintenance window, click System.
4. In the System Properties dialog box, on the Hardware tab, click the Device Manager button.
Lesson 2
Configuring and Troubleshooting Hardware Devices
6-25
5. In the Device manager window, expand the Ports (COM & LPT) category, rightclick the parallel port—almost always named Printer Port (LPT1)—and click
Properties.
6. In the Printer Port (LPT1) Properties dialog box, on the General tab, in the Device
Usage drop-down list, select Do Not Use This Device (Disable). Click OK.
7. In the Device Manager window, note that the icon for Printer Port (LPT1) has a red
“x” on it, indicating that the device is disabled. Right-click the Printer Port (LPT1)
and click Properties.
8. In the Printer Port (LPT1) Properties dialog box, on the General tab, in the Device
Usage drop-down list, select Use This Device (Enable). Click OK.
9. Close all open windows.
Lesson Review
Use the following questions to help determine whether you have learned enough to
move on to the next lesson. If you have difficulty answering these questions, review
the material in this lesson before beginning the next lesson. You can find answers to
these questions in the “Questions and Answers” section at the end of this chapter.
1. Windows XP Professional automatically identifies Plug and Play devices and arbitrates their resource requests; the resource allocation among these devices is
___________________________ (permanent/not permanent).
2. How can you free any resource settings that you manually assigned to a Plug and
Play device?
3. You get a call on the help desk from a user wondering why there is no Wireless
Link icon in Control Panel on her desktop computer like the one on her laptop
computer. What should you tell the user?
6-26
Chapter 6
Installing, Managing, and Troubleshooting Hardware Devices and Drivers
Lesson Summary
■
Device Manager provides you with a graphical view of the hardware installed on
your computer and helps you manage and troubleshoot it. Device Manager flags
each device with an icon that indicates the device type and the status of the
device. By default, Device Manager does not display non–Plug and Play devices
and devices that are not currently connected to the computer (phantom devices).
■
You can use the Windows XP Professional Fax Service to send and receive faxes
with a locally attached fax device or with a remote fax device connected on your
network. The Fax Service is not installed by default, so you must install it.
■
Windows XP Professional supports a number of different types of I/O devices,
including the following:
❑
Most imaging devices are installed automatically when you connect them. If
your device is not installed, Windows XP Professional provides the Scanner
and Camera Installation Wizard to help you install it.
❑
Use the Mouse option in the Printers And Other Hardware window of Control
Panel to configure and troubleshoot your mouse.
❑
Use the Phone And Modem Options option in the Printers And Other Hardware window of Control Panel to install, configure, or troubleshoot your
modem.
❑
Use the Game Controllers option in the Printers And Other Hardware window
of Control Panel to install, configure, or troubleshoot your game controller.
❑
Use the Add Hardware Wizard to install an IrDA transceiver you attach to a
serial port.
❑
The Wireless Link icon that you use to configure an infrared device does not
appear in Control Panel until you have installed an infrared device on your
computer.
❑
Use the Keyboard option in the Printers And Other Hardware window of
Control Panel to configure or troubleshoot a keyboard.
Lesson 3
Viewing and Configuring Hardware Profiles
6-27
Lesson 3: Viewing and Configuring Hardware Profiles
A hardware profile is a collection of configuration information about the hardware that
is installed on your computer. Within a profile, you can enable or disable each piece of
hardware (such as networking adapters, ports, monitors, and so on) or provide specific
configuration information. You can have many hardware profiles on a computer and
switch between different profiles when booting into Windows XP.
After this lesson, you will be able to
■ Explain when to use hardware profiles.
■ Create a hardware profile.
■ Manage hardware profiles.
■ Configure hardware settings in a hardware profile.
■ Select a hardware profile during Windows startup.
Estimated lesson time: 15 minutes
When to Use Hardware Profiles
With Windows XP Professional’s capability to reconfigure network settings when it
detects a new network, hardware profiles are not as important as they used to be, and
it is likely that you will never need to use them. Nonetheless, hardware profiles are still
used, and you should understand how to create and configure them.
Hardware profiles are useful when you have one or more hardware devices that you
want to disable sometimes and enable other times. Rather than enabling and disabling
the devices using Device Manager each time you start Windows, you can create hardware profiles in which the devices are enabled or disabled, and then just choose the
correct hardware profile during startup.
This functionality is particularly useful when you have an older portable computer that
does not support hot docking (the capability for Windows XP to automatically determine whether the portable computer is docked and reconfigure devices appropriately).
How to Create a Hardware Profile
Hardware profiles provide a way to configure a single computer for different situations.
Within a profile, you can enable or disable specific hardware devices and configure
those devices differently. As an example, assume that you have a user with a portable
computer. When he is at home, the computer is connected to an external monitor, keyboard, mouse, and printer. When the user takes the computer away from home, none
of these devices is connected. You could set his computer up with two hardware profiles: one in which those devices were enabled, and one in which they were disabled.
6-28
Chapter 6
Installing, Managing, and Troubleshooting Hardware Devices and Drivers
Whenever the computer starts, the user would choose the hardware profile to use, preventing him from having to make configuration changes or be notified of missing
devices.
By default, Windows creates one hardware profile named Profile 1 during installation.
To create an additional hardware profile, perform the following steps:
1. From the Start menu, select Control Panel.
2. In the Control Panel window, select Performance And Maintenance.
3. In the Performance And Maintenance window, select System.
4. In the System Properties dialog box, on the Hardware tab, click the Hardware Profiles button.
5. In the Hardware Profiles dialog box, shown in Figure 6-9, select Profile 1 (Current), and then click the Copy button. You cannot create a new profile directly;
you must copy an existing profile and then modify the copy.
F06us09
Figure 6-9 Copy and modify an existing hardware profile.
6. In the Copy Profile dialog box, type a name for the new profile, and then click
OK.
7. In the Hardware Profiles dialog box, select the new profile you just named, and
then click the Properties button.
8. In the Properties dialog box for the profile, you can configure two options:
❑
Select the This Is A Portable Computer check box if the computer is a portable
computer that uses a docking station (and if that docking station is one that
Windows XP supports). When a supported docking station is used, Windows
Lesson 3
Viewing and Configuring Hardware Profiles
6-29
XP can determine whether a portable computer is docked or undocked, and
then apply the correct profile automatically. If you do not use a docking station (or just prefer to set up and control your own profiles), leave this option
deselected.
❑
Select the Always Include This Profile As An Option When Windows Starts
check box if you want the profile to appear on the boot menu as a selectable
profile.
9. In the Properties dialog box for the profile, click OK to return to the Hardware
Profiles dialog box.
10. Click OK to return to the System Properties dialog box, and then click OK again
to return to Windows.
How to Manage Hardware Profiles
After you have created a profile, you can control generally how Windows XP treats
profiles by using the same Hardware Profiles dialog box you used to create the profile.
(Open the System Properties dialog box, switch to the Hardware tab, and then click the
Hardware Profiles button to access the dialog box.)
First, you can specify how Windows uses hardware profiles during startup. You have
the following options:
■
Have Windows wait until you select a hardware profile before it continues booting.
■
Have Windows automatically select the first hardware profile in the list and continue booting after a specified amount of time. If you select this option, you can
specify how long Windows should wait before going on without you. The default
is 30 seconds.
You also can specify the order in which hardware profiles appear in the list during startup. The order is important, mostly because it is the first profile on the list that Windows will boot if you configure Windows to select a profile automatically. Select any
profile on the list and use the up or down buttons on the right to move the profile
around.
How to Configure Hardware Settings in a Profile
After you have created the necessary profiles and configured Windows to display and
start them the correct way, the next step is to configure hardware settings for each profile. To configure hardware for a profile, you must start the computer by using that profile. After you have started Windows by using a profile, use Device Manager to enable,
disable, and configure individual devices. The settings you make will affect the currently loaded profile.
6-30
Chapter 6
Installing, Managing, and Troubleshooting Hardware Devices and Drivers
The only tricky part of setting up hardware devices in profiles is actually remembering
which profile you are currently using because neither Device Manager nor a device’s
Properties dialog box provides information on the current profile. You can always
switch back to the System Properties dialog box and open the Hardware Profiles window to determine your current profile.
How to Select a Hardware Profile During Startup
If there are two or more profiles in the Available Hardware Profiles list, Windows XP
Professional prompts the user to make a selection during startup. You can configure
how long the computer waits before starting the default configuration. To adjust this time
delay, click the Select The First Profile Listed If I Don’t Select A Profile option, and then
specify the number of seconds in the Seconds text box within the Hardware Profiles
Selection group. You can configure Windows XP Professional to start the default profile
by setting the number of seconds to 0. To override the default during startup, press
SPACEBAR during the system prompt. You can also select the Wait Until I Select A Hardware Profile option to have Windows XP Professional wait for you to select a profile.
Lesson Review
Use the following questions to help determine whether you have learned enough to
move on to the next lesson. If you have difficulty answering these questions, review
the material in this lesson before beginning the next lesson. You can find answers to
these questions in the “Questions and Answers” section at the end of this chapter.
1. What is the minimum number of hardware profiles you can have on your computer?
2. Windows XP Professional creates an initial profile during installation and assigns
it the name of _______________________ in the list of hardware profiles available
on the computer. Fill in the blank.
3. Which of the following statements are true about hardware profiles in Windows
XP Professional? Choose all that apply.
a. Windows XP Professional prompts the user to select a hardware profile during startup only if there are two or more profiles in the Available Hardware
Profiles list.
b. It is a good idea to delete the default profile when you create a new profile
to avoid confusion.
Lesson 3
Viewing and Configuring Hardware Profiles
6-31
c. You can configure Windows XP Professional to always start the default profile
by selecting the Do Not Display The Select Hardware Profile check box.
d. You can select the Wait Until I Select A Hardware Profile option to have Windows XP Professional wait for you to select a profile at startup.
Lesson Summary
■
A hardware profile stores configuration settings for a set of devices and services.
Windows XP Professional uses hardware profiles to determine which drivers to
load when system hardware changes. To create or modify a hardware profile, in
the System Properties dialog box, click the Hardware tab and then click Hardware
Profiles to view the Available Hardware Profiles list.
■
After you have created a profile, you can control whether Windows displays available profiles during startup and whether Windows automatically selects a particular profile after a specified amount of time.
■
After you have created a profile and configured how Windows uses profiles, you
can configure hardware for a profile by starting Windows using that profile and
configuring the hardware using Device Manager.
■
If there are two or more profiles in the Available Hardware Profiles list, Windows
XP Professional prompts the user to make a selection during startup.
6-32
Chapter 6
Installing, Managing, and Troubleshooting Hardware Devices and Drivers
Lesson 4: Configuring and Troubleshooting Device Drivers
Hardware drivers are software that govern the interactions between Windows and a
hardware device. Device Manager provides a simple method of viewing and updating
drivers for any device in the system. Windows XP also supports driver signing, which
provides a method to verify that Microsoft has tested the designated device drivers for
reliability.
After this lesson, you will be able to
■ Explain the purpose of the Driver.cab file.
■ Update device drivers.
■ Configure and monitor driver signing.
Estimated lesson time: 20 minutes
What Is the Driver.cab File?
Drivers that ship with Windows XP are stored on the installation CD in a single cabinet
file called Driver.cab. Windows XP Setup copies this file to the %systemroot%\Driver
Cache\i386 folder on the local hard disk during installation. Windows uses this file during and after installation to install drivers when new hardware is detected. This process
helps by ensuring that users do not have to provide the installation CD whenever drivers are installed. All drivers in the Driver.cab file are digitally signed.
Actions You Can Take to Update Drivers
It is important to keep device drivers updated for all devices in a system. Using up-todate drivers ensures optimum functionality and reduces the chance of an outdated
device driver causing problems.
The Driver tab of a device’s Properties dialog box (shown in Figure 6-10) displays basic
information about the device driver, such as the date of the driver and version number.
You can also perform the following actions on the Driver tab:
■
View the names of the actual driver files by clicking the Driver Details button.
■
Update a device driver to a more recent version by clicking the Update Driver button. Windows prompts you for the location of the newer version of the driver. You
can obtain new drivers from the device’s manufacturer. You can also use the
Update Driver option to reinstall drivers for a device that has ceased to function
correctly because of a driver problem. If updating the drivers does not successfully
restore device functionality, consider removing the device by using Device Manager and then restarting the computer. If the device supports Plug and Play, Win-
Lesson 4
Configuring and Troubleshooting Device Drivers
6-33
dows will recognize the device when the computer restarts. Non–Plug and Play
devices require manual reinstallation.
■
Revert to a previous version of a driver by clicking the Roll Back Driver button.
This feature restores the last device driver that was functioning before the current
driver was installed. Windows supports driver rollback for all devices except printers. In addition, driver rollback is available only on devices that have had new
drivers installed. When a driver is updated, the previous version is stored in the
%systemroot%\system32\reinstallbackups folder.
■
Remove the device from the computer by clicking the Uninstall button.
Security Alert
To work with device drivers, your user account must have the Load And
Unload Device Drivers user right.
F06us10
Figure 6-10
!
Use the Driver tab of a device’s Properties dialog box to view driver details.
Exam Tip
You should consider rolling back a driver when you are sure that a new driver is
causing a problem and you do not want to affect other system configurations or drivers with a
tool such as System Restore.
How to Configure and Monitor Driver Signing
Hardware drivers can often cause a computer running Windows XP to become unstable or to fail entirely. Windows XP implements driver signing as a method to reduce
the likelihood of such problems. Driver signing allows Windows XP to identify drivers
that have passed all Windows Hardware Quality Labs (WHQL) tests, and have not been
altered or overwritten by any program’s installation process.
6-34
Chapter 6
Installing, Managing, and Troubleshooting Hardware Devices and Drivers
To configure how the system responds to unsigned files, click System in the Performance And Maintenance window in Control Panel. In the System Properties dialog
box, on the Hardware tab, click Driver Signing to open the Driver Signing Options dialog box (see Figure 6-11).
F06us11
Figure 6-11
Configure driver signing in the Driver Signing Options dialog box.
You can configure the following three driver signing settings:
■
Ignore This option allows any files to be installed regardless of their digital signature or the lack thereof.
■
Warn This option, the default, displays a warning message before allowing the
installation of an unsigned file.
■
Block
This option prevents the installation of unsigned files.
Real World
Driver Signing
Because of the time that it takes for Microsoft to test device drivers before signing
them, the most recent drivers available from a manufacturer are rarely signed. If
you are managing a small number of computers, you are usually better off not
worrying too much about driver signing and just using the most recent driver
available from the manufacturer of a device because newer drivers are likely to
have bug fixes and improvements that are worth having. Just make sure that you
acquire the drivers directly from the vendor.
If you are managing a large installation of computers, though, the small risk associated with using unsigned drivers becomes significant enough that it is probably
better to wait for the signed drivers to come out.
Lesson 4
Configuring and Troubleshooting Device Drivers
6-35
If you are logged on as Administrator or as a member of the Administrators group, you
can select the Make This Action The System Default check box to apply the driver signing configuration you set up to all users who log on to the computer.
The File Signature Verification utility (Sigverif.exe) in Windows scans a computer
running Windows XP and notifies you if there are any unsigned drivers on the computer. You can start the utility by typing sigverif.exe at the command prompt or at the
Run dialog box. After the File Signature Verification utility scans your computer, the
utility displays the results in a window similar to the one shown in Figure 6-12. Note
that you cannot use the utility to remove or modify unsigned drivers; the utility scans
only for unsigned drivers and shows you their location.
F06us12
Figure 6-12
The File Signature Verification utility scans a system for unsigned drivers.
The File Signature Verification utility also writes the results of the scan to a log file
named Segverif.txt, which is found in the %systemroot% folder. You can change this
log file’s name and location, as well as configure advanced search options, by clicking
the Advanced button on the File Signature Verification dialog box.
Practice: Configuring Driver Signature Settings and Scanning for
Unsigned Drivers
In this practice, you will configure settings for unsigned drivers and use the File Signature Verification utility to scan your computer for unsigned drivers. Complete the following two exercises.
6-36
Chapter 6
Installing, Managing, and Troubleshooting Hardware Devices and Drivers
Exercise 1: Configure Settings for Driver Signatures
1. From the Start menu, click Control Panel.
2. In the Control Panel window, click Performance And Maintenance.
3. In the Performance And Maintenance window, click System.
4. In the System Properties dialog box, on the Hardware tab, click the Driver Signing
button.
5. In the Driver Signing Options dialog box, ensure that the Warn option is selected
so that you are prompted whenever Windows detects drivers that have not been
digitally signed. Click OK to close the Driver Signing Options dialog box.
6. Click OK again to close the System Properties dialog box.
Exercise 2: Using the Windows File Signature Verification Tool
1. From the Start menu, click Run.
2. In the Run dialog box, type sigverif.exe and click OK.
3. In the File Signature Verification dialog box, click Start.
4. The File Signature Verification utility scans your system for unsigned drivers, a
process that can take anywhere from a few seconds to a few minutes. When the
scan is finished, a list of unsigned drivers is displayed.
5. Click Close to exit the Signature Verification Results window. Click Close again to
exit the File Signature Verification dialog box.
Lesson Review
Use the following questions to help determine whether you have learned enough to
move on to the next lesson. If you have difficulty answering these questions, review
the material in this lesson before beginning the next lesson. You can find answers to
these questions in the “Questions and Answers” section at the end of this chapter.
1. Why does Microsoft digitally sign the files in Windows XP Professional?
Case Scenario Exercise
6-37
2. Which of the following tools would you use to block the installation of unsigned
files? Choose the correct answer.
a. File Signature Verification utility
b. Driver Signing Options in the System Control Panel
c. System File Checker
d. Sigverif
3. How can you view the file signature verification log file?
Lesson Summary
■
The Driver.cab file contains all the device drivers that ship with Windows XP Professional. Windows uses this file during and after installation to install drivers
when new hardware is detected.
■
You can use the Driver tab of a device’s Properties dialog box in Device Manager to view driver details for a device. Windows XP Professional also allows
you to roll back a driver to a previous version if a new driver causes instability
in a system.
■
Digitally signed drivers indicate that a driver has passed quality testing at Microsoft
and has not been altered since testing. You can configure Windows to ignore or
accept unsigned drivers, or to notify you if an unsigned driver is about to be
installed. Windows XP Professional provides two tools to verify the digital signatures of system files: SFC and File Signature Verification.
Case Scenario Exercise
In this exercise, you will read a scenario about a user who is trying to install a device
driver for a new sound card that he has purchased for his computer; you will then
answer the questions that follow. If you have difficulty completing this work, review
the material in this chapter before beginning the next chapter. You can find answers to
these questions in the “Questions and Answers” section at the end of this chapter.
6-38
Chapter 6
Installing, Managing, and Troubleshooting Hardware Devices and Drivers
Scenario
You are an administrator working for Contoso, Ltd., a nationwide insurance company.
You receive an e-mail from Darren Parker, one of your users, that says “After receiving
authorization from the IT support staff, I purchased a sound card for my desktop computer running Windows XP Professional. The IT support staff created a temporary administrator account so that I could install the drivers for the card. I followed the instructions
provided by the manufacturer for physically installing the sound card in the computer.
After restarting Windows, I continued to follow the manufacturer’s instructions and canceled the Found New Hardware Wizard when it appeared. Then I inserted the CD-ROM
that came with the sound card. The Setup program on the CD ran automatically and notified me that it would first install device drivers and then install other related applications.
But then early during the installation, I received an error message, stating that the drivers
I am trying to install are unsigned and cannot be installed. The Setup program ended
with an error message. I have a big video presentation to finish today, and if I do not get
this problem fixed in the next hour, I am totally hosed. Help!”
Questions
1. What is the likely problem?
2. What should you tell Darren to do to allow driver signing?
3. If the IT staff had not provided Darren with a temporary administrator account,
what might have prevented Darren from being able to allow driver signing?
4. Aside from assigning Darren a temporary administrator account, in what two ways
might the IT support staff allow Darren to install unsigned drivers?
Troubleshooting Lab
6-39
Troubleshooting Lab
In this lab, you will use Device Manager to simulate troubleshooting an unterminated
Small Computer System Interface (SCSI) chain. Complete the following steps.
1. From the Start menu, right-click My Computer, and then click Manage.
2. In the Computer Management window, under the System Tools node, click Device
Manager.
3. In the right pane, expand the Disk Drives category, and then double-click one of
the drives listed.
4. In the Properties dialog box for the drive you selected, on the General tab, the
Device Status field indicates whether there are any problems with the device. Click
Troubleshoot. (Normally, you would do this only if a problem was indicated with
this device.)
5. Windows XP Professional displays the Help And Support Center window with the
Drives And Network Adapters Troubleshooter displayed.
6. Click I Am Having A Problem With A Hard Disk Drive Or Floppy Disk Drive, and
then click Next.
7. Read the information about SCSI devices; click Yes, I Am Having A Problem With
A SCSI Device; and then click Next.
8. Read the information provided, click Yes, My Hardware Is On The HCL, and then
click Next.
9. On the Does The SCSI Adapter Or A Device In The Chain Need Power page, you
are asked, “Does Your Drive Work When All The SCSI Components Have The
Power They Need?” Click No, My Drive Does Not Work, and then click Next.
10. On the Does Device Manager Show A Problem With Your Device page, you are
asked, “Does This Information Help You To Solve The Problem?” Click No, My
Device Still Does Not Work, and then click Next.
11. On the Did You Recently Install A New Driver page, you are asked, “Does Rolling
Back To A Previous Driver Solve The Problem?” Click No, I Still Have A Problem,
and then click Next.
12. On the Is There A Problem With The Driver For Your Device page, you are asked,
“Does Reinstalling Or Updating Your Driver Solve The Problem?” Click No, I Still
Have A Problem, and then click Next.
13. On the Is Your SCSI Cable Connected Correctly page, you are asked, “Does Your
Drive Work When You Replace Any Faulty Cables Or Adapters?” Click No, My
Drive Does Not Work.
6-40
Chapter 6
Installing, Managing, and Troubleshooting Hardware Devices and Drivers
14. On the Is the SCSI Chain Terminated page, you are asked, “Does Your Drive Work
When You Terminate The SCSI Chain?” Click Yes, Terminating The SCSI Chain
Solves The Problem, and then click Next.
15. Close Help And Support Center, close the Properties dialog box for the selected
disk drive, and close Computer Management.
Chapter Summary
■
For most Plug and Play hardware, you connect the device to the computer, and
Windows XP Professional automatically configures the new settings. For non–Plug
and Play hardware, Windows XP Professional often identifies the hardware and
automatically installs and configures it. For the occasional Plug and Play hardware
device and for any non–Plug and Play hardware that Windows XP Professional
does not identify, install, and configure, you initiate automatic hardware installation with the Add Hardware Wizard. When you manually install hardware, you
must determine any resources required by that hardware device. Hardware
resources include interrupts, I/O ports, and memory. The Device Manager snap-in
provides a list of all hardware resources and their availability.
■
Device Manager provides you with a graphical view of the hardware installed on
your computer, and helps you manage and troubleshoot it. Device Manager flags
each device with an icon that indicates the device type and the status of the
device. Windows XP Professional supports a number of different types of I/O
devices, including the following:
❑
Most imaging devices are installed automatically when you connect them, but
if your device is not, Windows XP Professional provides the Scanner and
Camera Installation Wizard to help you install it.
❑
Use the Mouse option in the Printers And Other Hardware window of Control
Panel to configure and troubleshoot your mouse.
❑
Use the Phone And Modem Options option in the Printers And Other Hardware window of Control Panel to install, configure, or troubleshoot your
modem.
❑
Use the Game Controllers option in the Printers And Other Hardware window
of Control Panel to install, configure, or troubleshoot your game controller.
❑
Use the Add Hardware Wizard to install an IrDA transceiver you attach to a
serial port.
❑
The Wireless Link icon that you use to configure an infrared device does not
appear in Control Panel until you have installed an infrared device on your
computer.
❑
Use the Keyboard option in the Printers And Other Hardware window of
Control Panel to configure or troubleshoot a keyboard.
Exam Highlights
6-41
■
A hardware profile stores configuration settings for a set of devices and services.
Windows XP Professional uses hardware profiles to determine which drivers to
load when system hardware changes. To create or modify a hardware profile, in
the System Properties dialog box, click the Hardware tab, and then click Hardware
Profiles to view the Available Hardware Profiles list.
■
You can use the Driver tab of a device’s Properties dialog box in Device Manager
to view driver details for a device. Windows XP Professional also allows you to
roll back a driver to a previous version if a new driver causes instability in a system. Digitally signed drivers indicate that a driver has passed quality testing at
Microsoft and has not been altered since testing. You can configure Windows to
ignore or accept unsigned drivers, or to notify you if an unsigned driver is about
to be installed. Windows XP Professional provides two tools to verify the digital
signatures of system files: SFC and File Signature Verification.
Exam Highlights
Before taking the exam, review the key points and terms that are presented in this
chapter. You need to know this information.
Key Points
■
Windows XP Professional automatically detects, installs, and configures most Plug
and Play (and some non–Plug and Play) hardware. If Windows does not detect
Plug and Play hardware, you can often force the detection by restarting the computer or running the Add Hardware Wizard. For many non–Plug and Play devices,
you must use the Add Hardware Wizard to manually configure the device.
■
Some USB hubs are self-powered, and some are not. Hubs that are not self-powered draw power from the hub to which they are connected or from the computer
itself. If you find that a USB device that is connected to an unpowered USB hub
is not working as expected, try replacing the unpowered USB hub with a selfpowered hub.
■
You should consider rolling back a driver when you are sure that a new driver is
causing a problem and you do not want to affect other system configurations or
drivers with a tool such as System Restore.
Key Terms
Device Manager An administrative tool that you can use to manage the devices on
your computer. Using Device Manager, you can view and change device properties, update device drivers, configure device settings, and uninstall devices.
6-42
Chapter 6
Installing, Managing, and Troubleshooting Hardware Devices and Drivers
driver signing A process in which device drivers that have passed a series of tests
by Microsoft are digitally signed, enabling the operating system to determine
whether the drivers are acceptable for use.
File Signature Verification utility (Sigverif.exe) A utility that is used to scan a
Windows XP system for unsigned files, providing a simple method to identify
unsigned drivers.
Plug and Play A technology that enables the computer to automatically determine
which hardware devices are installed on the computer and then to allocate system
resources to those devices as required to configure and manage the devices.
Roll Back Driver A feature in Windows XP that permits you to reinstall (roll back)
a previously installed driver. The uninstalled drivers are stored in the systemroot\system32\reinstallbackups folder.
Questions and Answers
6-43
Questions and Answers
Lesson 1 Review
Page
6-9
1. When you initiate automatic hardware installation by starting the Add Hardware
Wizard, what does Windows XP Professional query the hardware about?
The resources the hardware requires and the settings for those resources.
2. _______________________ are channels that allow a hardware device, such as a
floppy disk drive, to access memory directly (without interrupting the microprocessor). Fill in the blank.
DMAs
3. Why would you install a hardware device manually?
You install a hardware device manually if Windows XP Professional fails to automatically detect
a hardware device.
Lesson 2 Review
Page
6-25
1. Windows XP Professional automatically identifies Plug and Play devices and arbitrates their resource requests; the resource allocation among these devices is
___________________________ (permanent/not permanent).
Not permanent
2. How can you free any resource settings that you manually assigned to a Plug and
Play device?
To free the resource settings you manually assigned and allow Windows XP Professional to
again arbitrate the resources, in Device Manager, select the Use Automatic Settings check box
in the Resources tab of the Properties dialog box for the device.
3. You get a call on the help desk from a user wondering why there is no Wireless
Link icon in Control Panel on her desktop computer like the one on her laptop
computer. What should you tell the user?
Tell the user that the Wireless Link icon appears in Control Panel only if she has already
installed an infrared device on her computer. Apparently, infrared devices are not installed on
her desktop computer.
Lesson 3 Review
Page
6-30
1. What is the minimum number of hardware profiles you can have on your computer?
Windows XP Professional creates an initial profile during installation, which is listed as Profile
1 (Current), so one is the minimum number of hardware profiles you can have on a computer.
6-44
Chapter 6
Installing, Managing, and Troubleshooting Hardware Devices and Drivers
2. Windows XP Professional creates an initial profile during installation and assigns
it the name of _______________________ in the list of hardware profiles available
on the computer. Fill in the blank.
Profile 1 (Current)
3. Which of the following statements are true about hardware profiles in Windows
XP Professional? Choose all that apply.
a. Windows XP Professional prompts the user to select a hardware profile during startup only if there are two or more profiles in the Available Hardware
Profiles list.
b. It is a good idea to delete the default profile when you create a new profile
to avoid confusion.
c. You can configure Windows XP Professional to always start the default profile
by selecting the Do Not Display The Select Hardware Profile check box.
d. You can select the Wait Until I Select A Hardware Profile option to have Windows XP Professional wait for you to select a profile at startup.
A and D are the correct answers. B is not correct because you cannot delete the default profile.
C is not correct because you must choose the Select The First Profile Listed If I Don’t Select A
Profile In xx Seconds option to always start a particular profile.
Lesson 4 Review
Page
6-36
1. Why does Microsoft digitally sign the files in Windows XP Professional?
Windows XP Professional drivers and operating system files have been digitally signed by
Microsoft to ensure their quality and to simplify troubleshooting of altered files. Some applications overwrite existing operating files as part of their installation process, which might cause
system errors that are difficult to troubleshoot.
2. Which of the following tools would you use to block the installation of unsigned
files? Choose the correct answer.
a. File Signature Verification utility
b. Driver Signing Options in the System Control Panel
c. System File Checker
d. Sigverif
B is the correct answer. A and D are not correct because the File Signature Verification Utility
(sigverif.exe) scans a computer for unsigned files. C is not correct because the System File
Checker scans a computer for Windows files that have been modified since the installation of
Windows.
Questions and Answers
6-45
3. How can you view the file signature verification log file?
By default, the Windows File Signature Verification tool saves the file signature verification to a
log file. To view the log file, click Start, click Run, type sigverif, and then press ENTER. Click
Advanced, click the Logging tab, and then click View Log.
Case Scenario Exercise
Page
6-37
1. What is the likely problem?
Driver signing on Darren’s computer is configured so that unsigned drivers might not be
installed.
2. What should you tell Darren to do to allow driver signing?
He should open the Driver Signing Options dialog box. He can do this by clicking the Driver Signing button on the Hardware tab of the System Properties dialog box. In the Driver Signing
Options dialog box, he should select either the Warn or Ignore option.
3. If the IT staff had not provided Darren with a temporary administrator account,
what might have prevented Darren from being able to allow driver signing?
If an administrator has configured a system default for the computer so that Windows
blocks unsigned drivers, Darren could not configure Windows to allow the installation of
unsigned drivers.
4. Aside from assigning Darren a temporary administrator account, in what two ways
might the IT support staff allow Darren to install unsigned drivers?
The IT support staff could have Darren use the Run As command to enable Driver Signing without actually logging on with an administrator account. Also, the IT support staff could assign
Darren’s account the Load And Unload Device Drivers user right.
7 Setting Up and Managing
User Accounts
Exam Objectives in this Chapter:
■
Configure, manage, and troubleshoot local user and group accounts.
❑
Configure, manage, and troubleshoot account settings.
Why This Chapter Matters
One of the most important functions that you will undertake as an administrator
is the creation and management of user accounts. User accounts allow a person
to log on to a computer or a network. User accounts also govern the access that
person has to various resources and the ability a person has to perform certain
actions on the computer. Groups make the administration of user accounts easier by allowing you to group together users who share common security and
access needs.
This chapter explains how to plan, establish, and maintain local user accounts
and local groups on computers running Microsoft Windows XP Professional.
Lessons in this Chapter:
■
Lesson 1: Introduction to User Accounts. . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-2
■
Lesson 2: Planning New User Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-9
■
Lesson 3: Modifying, Creating, and Deleting User Accounts. . . . . . . . . . . . . .7-13
■
Lesson 4: Configuring Properties for User Accounts . . . . . . . . . . . . . . . . . . .7-28
■
Lesson 5: Implementing Groups. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-36
Before You Begin
To complete this chapter, you must have a computer that meets the minimum hardware requirements listed in the preface, “About This Book.” You must also have Windows XP Professional installed on your computer.
7-1
7-2
Chapter 7
Setting Up and Managing User Accounts
Lesson 1: Introduction to User Accounts
A user logs on to a computer or a network by supplying a user name and password
that identify that user’s user account. There are two types of user accounts.
■
A local user account allows you to log on to a specific computer to access
resources on that computer.
■
A domain user account allows you to log on to a domain to access network
resources.
After this lesson, you will be able to
■ Describe how a local user account works
■ Describe how a domain user account works
■ Identify the built-in local user accounts in Windows XP Professional
■ Enable or disable the built-in Guest account
Estimated lesson time: 30 minutes
Local User Accounts
Local user accounts allow users to log on only to the computer on which the local user
account has been created and to access resources only on that computer. When you
create a local user account, Windows XP Professional creates the account only in that
computer’s security database, called the local security database, shown in Figure 7-1.
Windows XP Professional uses the local security database to authenticate the local user
account, which allows the user to log on to that computer. Windows XP Professional
does not replicate local user account information on any other computer.
Local User
Account
Local User
Local Security
Database
Local user accounts
• Provide access to resources on the local computer
• Are created only on computers that are not in a domain
• Are created in the local security database
F07us01
Figure 7-1 Local user accounts provide access to local resources only and should be used in workgroup settings.
Lesson 1
Introduction to User Accounts
7-3
Microsoft recommends that you use local user accounts only on computers in workgroups. If you create a local user account in a workgroup of five computers running
Windows XP Professional—for example, User1 on Computer1—you can only log on to
Computer1 with the User1 account. If you need to be able to log on as User1 to all five
computers in the workgroup, you must create a local user account, User1, on each of
the five computers. Furthermore, if you decide to change the password for User1, you
must change the password for User1 on each of the five computers because each computer maintains its own local security database.
!
Exam Tip
A domain does not recognize local user accounts, so do not create local user
accounts on computers running Windows XP Professional that are part of a domain. Doing so
restricts users from accessing resources on the domain and prevents the domain administrator from administering the local user account properties or assigning access permissions for
domain resources.
Domain User Accounts
Domain user accounts allow you to log on to the domain and access resources anywhere on the network. When you log on, you provide your logon information, which
is your user name and password. A domain controller running Windows 2000 Server or
Windows Server 2003 uses this logon information to authenticate your identity and
build an access token that contains your user information and security settings. The
access token identifies you to the computers in the domain on which you try to access
resources. The access token is valid throughout the logon session.
Note
You can have domain user accounts only if you have a domain. You can have a
domain only if you have at least one computer running Windows 2000 Server or later that is
configured as a domain controller (which means that the server has the Active Directory directory service installed).
You create a domain user account in the Active Directory database (the directory) on
a domain controller, as shown in Figure 7-2. The domain controller replicates the new
user account information to all domain controllers in the domain. After the domain
controller replicates the new user account information to other domain controllers, all
the domain controllers in the domain tree and other computers that are members of the
domain can authenticate the user during the logon process.
7-4
Chapter 7
Setting Up and Managing User Accounts
Domain Controller
Domain User
Account
Domain User
Active
Directory
Domain user accounts
• Provide access to network resources
• Provide the access token for authentication
• Are created in Active Directory directory services
on a domain controller
F07us02
Figure 7-2 Domain user accounts
Built-In User Accounts
Windows XP Professional automatically creates a number of built-in local user
accounts. Table 7-1 describes these accounts.
Table 7-1 Built-In Local User Accounts
Account
Description
Administrator
Use the built-in Administrator account to manage the overall computer.
You can perform tasks to create and modify user accounts and groups,
manage security policies, create printer resources, and assign the permissions and rights that allow user accounts to access resources.
Guest
Use the built-in Guest account to allow occasional users to log on and
access resources. For example, an employee who needs access to
resources for a short time can use the Guest account. This account is
disabled by default to protect your computer from unauthorized use.
InitialUser
The InitialUser account is named based on the registered user and is
created during Windows Activation (directly following installation)
only if the computer is a member of a workgroup. For example, if a
user named Sandra installed and activated Windows XP Professional as
a member of a workgroup, an account named Sandra is created following installation. This account is made a member of the Administrators local group.
HelpAssistant
The HelpAssistant account is not available for standard logon. Instead,
this account is used to authenticate users who connect by using
Remote Assistance. Windows enables this account automatically when
a user creates a Remote Assistance invitation and disables the account
automatically when all invitations have expired. You will learn more
about Remote Assistance in Chapter 18, “Using Windows XP Tools.”
Lesson 1
Table 7-1
Account
Introduction to User Accounts
7-5
Built-In Local User Accounts
Description
SUPPORT_xxxxxxxx The SUPPORT_xxxxxxxx account (where xxxxxxxx is a random number generated during Windows setup) is used by Microsoft when providing remote support through the Help And Support Service account.
It is not available for logon or general use
Although you cannot delete any of the built-in user accounts, you can rename or disable them. To rename a user account, right-click the account in the Computer Management window and then select Rename. You will learn more about disabling accounts
later in this section.
Real World Using RunAs to Start a Program
As you might expect, administrators require more permissions and user rights to
perform their duties than other users. However, logging on using an administrator
account as a regular practice is not a good idea because it makes the computer
(and the network) more vulnerable to security risks such as viruses, Trojan
horses, spyware, and other malicious programs. A much safer practice is to log on
routinely using a normal account that is a member of the Users or Power Users
group and to use the RunAs command to perform tasks that require administrative rights or permissions. For example, you could log on using your normal user
account and then launch the Computer Management tool using administrative
credentials.
Windows XP Professional provides this functionality using the Secondary Logon
service, which must be enabled for the RunAs command to work. To learn how
to enable this service, read Chapter 1, “Introduction to Windows XP Professional.”
After the Secondary Logon service is enabled, you can use the RunAs command
in one of two ways.
■
In Windows Explorer (or on the Start menu), hold down the SHIFT key, rightclick the program (or shortcut) you want to run, and click Run As. In the Run
As dialog box, provide your administrative credentials.
■
At the command prompt, type runas /user: domain_name\administrator_
account program name. For example, you might type runas /user: contoso\administrator compmgmt.msc to start the Computer Management
tool using an account named Administrator in a domain named Contoso.
7-6
Chapter 7
Setting Up and Managing User Accounts
How to Enable or Disable the Guest Account
The Guest account has limited privileges on a computer and is used to provide access
to users who do not have a user account on the computer. Although the Guest account
can be useful for providing limited access to a computer, the account does present
security problems because by design the Guest account allows anyone to log on to the
computer. Fortunately, the Guest account is turned off (also known as disabled) by
default. For a more secure environment, leave the Guest account turned off and create
a normal user account for anyone who needs to use the computer.
!
Exam Tip
Allow Guest access only in low-security workgroups, and always assign a password to the Guest account. Also, you can rename the Guest account, but you cannot delete it.
Log on with a user account that is a member of the Administrators group, and use the
User Accounts tool in the Control Panel (shown in Figure 7-3) to turn the Guest
account on or off. The User Accounts window displays the user accounts that can log
on to the computer. The User Accounts window in Figure 7-3 indicates that Guest
access is on.
F07us03
Figure 7-3 Use the User Accounts window to enable and disable the Guest account.
To enable or disable the Guest account, complete the following steps:
1. Click Start, click Control Panel, and then click User Accounts.
2. In the User Accounts window, click User Accounts.
Lesson 1
Introduction to User Accounts
7-7
3. If the Guest account is turned off, in the User Accounts window (a different window from the one in step 2), click the Guest icon to access the Do You Want To
Turn On The Guest Account window (shown in Figure 7-4). Click Turn On The
Guest Account. The Guest account is now turned on.
If the Guest account is turned on, click the Guest icon to access the What Do You
Want To Change About The Guest Account page. Click Turn Off The Guest
Account.
F07us04
Figure 7-4 The Do You Want To Turn On The Guest Account window
4. Close the User Accounts window and the Control Panel window.
Lesson Review
Use the following questions to help determine whether you have learned enough to
move on to the next lesson. If you have difficulty answering these questions, review
the material in this lesson before beginning the next lesson. You can find answers to
these questions in the “Questions and Answers” section at the end of this chapter.
1. Where do local user accounts allow users to log on and gain access to resources?
2. Where should you create user accounts for computers running Windows XP Professional that are part of a domain?
7-8
Chapter 7
Setting Up and Managing User Accounts
3. Which of the following statements about domain user accounts are correct?
(Choose all that apply.)
a. Domain user accounts allow users to log on to the domain and gain access to
resources anywhere on the network, as long as the users have the required
access permissions.
b. If at least one computer on the network is configured as a domain controller,
you should use domain user accounts only.
c. The domain controller replicates the new user account information to all
other computers in the domain.
d. A new domain user account is established in the local security database on
the domain controller on which you created the account.
4. Which of the following statements about built-in accounts are correct? (Choose all
that apply.)
a. You can delete the Guest account.
b. You cannot delete the Administrator account.
c. You cannot rename the Guest account.
d. You can rename the Administrator account.
5. How do you disable the Guest account?
Lesson Summary
■
Local user accounts allow users to log on at and access resources on only the computer on which you create the local user account. When you create a local user
account, Windows XP Professional creates the account only in that computer’s
security database, which is called the local security database.
■
Domain user accounts allow users to log on to the domain and access resources
anywhere on the network. You create a domain user account in the copy of the
Active Directory database (the directory) on a domain controller.
■
Windows XP Professional automatically creates a number of built-in local user
accounts. The two most important built-in local user accounts are Administrator
and Guest. You cannot delete built-in accounts, but you can rename them or disable them.
■
You can use the User Accounts tool to enable or disable the Guest account.
Lesson 2
Planning New User Accounts
7-9
Lesson 2: Planning New User Accounts
On networks with more than just a few computers, you should take the time to create
a plan for user accounts. In particular, you should establish a naming convention so
that user account names are consistent. You should also establish password requirements for users.
After this lesson, you will be able to
■ Establish an effective naming convention for your organization’s local user accounts
■ Create password requirements for protecting access to computers running Windows XP
Professional
Estimated lesson time: 10 minutes
Naming Conventions
A naming convention is an organization’s established standard for identifying users.
Following a consistent naming convention, especially on large networks, helps administrators and users remember logon names. It also makes it easier for administrators to
locate specific user accounts to add them to groups or perform account administration.
Table 7-2 summarizes some guidelines for determining an effective naming convention
for your organization.
Table 7-2
Naming Convention Guidelines
Guideline
Explanation
Create unique user
logon names.
Local user account names must be unique on the computer on which
you create the local user account. User logon names for domain user
accounts must be unique to the directory. Common practices include
the following:
■ Use the first and middle initials and the last name. A user
named Kevin F. Browne, for example, would have the user
name kfbrowne.
■ Separate first and last name with a period (.). A user named
David Johnson would have the user name David.Johnson.
Use a maximum of
20 characters.
User account names can contain up to 20 uppercase or lowercase
characters. The field accepts more than 20 characters, but Windows
XP Professional recognizes only the first 20.
Remember that user
logon names are not
case sensitive.
You can use a combination of special and alphanumeric characters
to establish unique user accounts. User logon names are not case sensitive, but Windows XP Professional preserves the case for display
purposes.
Avoid characters that
are not valid.
The following characters are not valid: “ / \ [ ] : ; | = , + * ? < >
7-10
Chapter 7
Setting Up and Managing User Accounts
Table 7-2
Naming Convention Guidelines
Guideline
Explanation
Accommodate
employees with
duplicate names.
If two users have the same name, you could create a user logon name
consisting of the first name, the last initial, and additional letters from
the last name to differentiate the users. For example, if two users are
named John Evans, you could create one user account logon as johne
and the other as johnev. You could also number each user logon
name—for example, johne1 and johne2.
Identify the type of
employee.
Some organizations prefer to identify temporary employees in their
user accounts. You could add a T and a dash in front of the user’s
logon name (T-johne) or use parentheses at the end—for example,
johne(Temp).
Rename the
Administrator and
Guest built-in user
accounts.
You should rename the Administrator and Guest accounts to provide
greater security.
Password Guidelines
To protect access to the computer, every user account should have a password. Consider the following guidelines for passwords:
■
Always assign a password to the Administrator account to prevent unauthorized
access to the account.
■
Determine whether the Administrator or the users will control passwords. You can
assign unique passwords to user accounts and prevent users from changing them,
or you can allow users to enter their own passwords the first time they log on. In
most cases, users should control their passwords.
■
Use passwords that are hard to guess. For example, avoid using passwords with
an obvious association, such as a family member’s name. Using a real name, a user
name, or a company name makes for an easy-to-guess password. Also avoid using
common passwords such as “letmein” or “password.”
■
Using a common dictionary word makes you vulnerable to automated programs
that are designed to guess passwords.
■
Using any password that you write down or that you share with someone else is
not secure.
■
Passwords can contain up to 128 characters; a minimum length of 8 characters is
recommended.
Lesson 2
Planning New User Accounts
7-11
■
Include both uppercase and lowercase letters (unlike user names, user passwords
are case sensitive), numerals, and the valid nonalphanumeric characters (such as
punctuation).
■
Using no password at all is not a good practice because it is then easy for other
users to just walk up to an unsecured computer and log on.
If users find that complex passwords are difficult to remember, tell them that Windows
XP allows the use of pass phrases instead of passwords. For example, a perfectly valid
password in Windows XP is “My dog ate 2 turkeys last Thanksgiving.” Another technique is to join together simple words with numbers and symbols. An example of a
password that uses this technique is “2eggs+2bacon=1breakfast”.
!
Exam Tip
You should understand the guidelines for creating strong passwords. In particular, remember that a password should be a minimum of eight characters and should include a
mix of uppercase and lowercase letters, numbers, and symbols.
Security Alert You can use a blank password by default on Windows XP Professional if the
computer is a member of a workgroup. However, you will only be able to use this password to
log on and access local resources on the computer. By default, the local security policy in
Windows XP prohibits you from logging on to a remote computer if you have a blank password. The name of this security setting is Accounts: Limit Local Account Use Of Blank Passwords To Console Logon Only. You will learn more about local security policy in Chapter 16,
“Configuring Security Settings and Internet Options.”
Creating Strong Passwords
Weak passwords are a big security risk. You should encourage users to select and
use strong passwords, even if they do not really want to. You can use the following guidelines to create strong passwords:
■
Passwords should be at least eight characters long—and longer is better.
■
Passwords should use a combination of lowercase and uppercase letters,
numbers, and symbols (for example, ` ~ ! @ # $ % ^ & * ( ) _ + - = { } | [ ] \
: “ ; ‘ < > ? , . / or a space character).
■
Passwords should be changed regularly.
An example of a strong password using these guidelines is J5!if^8D.
7-12
Chapter 7
Setting Up and Managing User Accounts
Lesson Review
Use the following questions to help determine whether you have learned enough to
move on to the next lesson. If you have difficulty answering these questions, review
the material in this lesson before beginning the next lesson. You can find answers to
these questions in the “Questions and Answers” section at the end of this chapter.
1. The maximum number of characters that Windows XP Professional recognizes in
a local user account name is __________.
2. When are duplicate local user accounts valid in a network of computers running
Windows XP Professional?
3. Passwords can be up to ______ characters long with a minimum length of ______
characters recommended.
Lesson Summary
■
Local user account names must be unique on the computer on which you create
the account, and domain user accounts must be unique to the directory. User
logon names can contain up to 20 uppercase or lowercase characters. The User
Name text box in the Log On To Windows dialog box accepts more than 20 characters, but Windows XP Professional recognizes only the first 20. The following
characters are not valid: “ / \ [ ] : ; | = , + * ? < >
■
Passwords can be up to 128 characters long; a minimum of 8 characters is recommended. Use a mixture of uppercase and lowercase letters, numerals, and valid
nonalphanumeric characters in creating passwords.
Lesson 3
Modifying, Creating, and Deleting User Accounts
7-13
Lesson 3: Modifying, Creating, and Deleting User Accounts
Windows XP Professional provides two tools for modifying, creating, and deleting user
accounts: the User Accounts tool in the Control Panel (for creating and managing user
accounts in a workgroup) and the Computer Management snap-in (for creating and
managing user accounts in a workgroup or domain).
After this lesson, you will be able to
■ Manage users by using the User Accounts tool
■ Manage users by using the Computer Management snap-in
■ Create a password reset disk
Estimated lesson time: 50 minutes
User Accounts Tool
The User Accounts tool in the Control Panel (shown in Figure 7-5) is one of the tools
that you use to modify, create, and delete local user accounts when working in a workgroup environment.
F07us05
Figure 7-5
Use the User Accounts tool to perform limited user account tasks.
7-14
Chapter 7
Setting Up and Managing User Accounts
If you are logged on with an account that is a member of the Administrators group, the
Pick A Task portion of the User Accounts tool allows you to perform the following
tasks:
■
Change an account (which includes deleting the account)
■
Create a new user account
■
Change the way users log on or log off
How to Modify an Existing User Account by Using the User Accounts Tool
If you are an administrator, the Change An Account task allows you to make changes
to any user account on the computer. If you are logged on with a limited user account,
you do not see the same Pick A Task page as an administrator; you see only a Pick A
Task page that contains some of the following options that an administrator can perform:
■
Change My/The Name Changes the user account name of an account on the
computer. You see this option only if you are logged on as an administrator
because only an administrator can perform this task.
■
Create A Password Creates a password for your account. You only see this
option if your user account does not have a password. Only an administrator can
create passwords for other user accounts.
■
Change My/The Password Changes the password for your account. You only
see this option if your user account already has a password signed to it; you see
this option instead of the Create A Password option. Only an administrator can
change passwords for other user accounts.
■
Remove My/The Password Removes the password for your account or any
other account on the computer. You only see this option if your user account
already has a password assigned to it. Only an administrator can remove passwords for other user accounts.
■
Change My/The Picture Changes the picture that appears on the Welcome
screen. Only an administrator can change the pictures for other user accounts.
■
Change My/The Account Type Changes the account type for a specified
account. Only an administrator can change the account type for a user account.
■
Set Up My Account To Use A .NET Passport Starts the Add A .NET Passport To
Your Windows XP Professional Account Wizard. A passport allows you to have
online conversations with family and friends, create your own personal Web
pages, and sign in instantly to all Microsoft .NET–enabled sites and services. You
can set up only your own account to use a .NET Passport.
Lesson 3
■
Modifying, Creating, and Deleting User Accounts
7-15
Delete The Account Deletes a specified user account. You only see this option
if you are logged on as an administrator because only an administrator can perform this task.
Caution
When you delete a user account, there is no way to recover the permissions and
the rights that are associated with that account. Also, when you delete a user account, Windows XP Professional displays the Do You Want To Keep local_user_account’s Files window. If
you click Keep Files, Windows XP Professional saves the contents of the user’s desktop and
My Documents folder to a new folder named local_user_account on your desktop. However, it
cannot save user’s e-mail messages, Internet Favorites, or other settings.
To modify an account while logged on with a limited user account, complete the following steps:
1. Click Start, click Control Panel, and then click User Accounts.
The Pick A Task page appears.
2. Click the appropriate option for the modification that you want to make, and then
follow the prompts on the screen.
To change an account while logged on as an administrator, complete the following
steps:
1. Click Start, click Control Panel, and then click User Accounts.
2. In the User Accounts window, click Change An Account.
The Pick An Account To Change page appears. The account modifications that
you can make on this page depend on the account type and how it is configured.
3. Click the account you want to change.
The What Do You Want To Change About account_name Account page appears.
4. Click the appropriate option for the modification that you want to make, and then
follow the prompts on the screen.
How to Change the Way That Users Log On or Off by Using the User Accounts Tool
Only administrators can change the way users log on or log off the computer. This
option is available on the Pick A Task page only if you are logged on with a user
account that is a member of the Administrators group.
7-16
Chapter 7
Setting Up and Managing User Accounts
The following options control how all users log on and log off the computer. Remember that these options are only available if the computer is a member of a workgroup
and not if the computer is part of a domain.
■
Use The Welcome Screen This check box, enabled by default, allows you to
click your user account on the Welcome screen to log on to the computer. If you
clear this check box, you must type your user name and password at a logon
prompt to log on.
■
Use Fast User Switching This check box, enabled by default, allows you to
quickly switch to another user account without first logging off and closing all programs.
To change the way users log on or log off, complete the following steps:
1. Click Start, click Control Panel, and then click User Accounts.
2. In the User Accounts window, click Change The Way Users Log On Or Off. The
Select Logon And Logoff Options window appears.
3. Select or clear the appropriate check boxes.
How to Create a New User Account in the User Accounts Tool
Only administrators can create new user accounts. This option is only available on the
Pick A Task screen if you are logged on with a user account that is a member of the
Administrators group.
To create a new user account, complete the following steps:
1. Click Start, click Control Panel, and then click User Accounts.
2. In the User Accounts window, click Create A New Account.
The Name The New Account page appears.
3. In the Type A Name For The New Account box, type a user logon name (up to 20
characters), and then click Next.
Note
The user’s logon name appears in the Welcome screen and on the Start menu. For
information about valid characters for creating user accounts, see Table 7-2.
The Pick An Account Type window appears. Windows XP Professional provides
two account types: Computer Administrator and Limited. Table 7-3 lists the capabilities of each account type.
4. Select the appropriate account type, and then click Create Account.
Lesson 3
Table 7-3
Modifying, Creating, and Deleting User Accounts
7-17
User Account Types and Capabilities
Computer
Administrator
Limited
Account
Change your own picture
X
X
Create, change, or remove your password
X
X
Change your own account type
X
Change your own account name
X
Change other users’ pictures, passwords, account types, and
account names
X
Have full access to other user accounts
X
Create user accounts on this computer
X
Capability
Delete user accounts on this computer
X
Access and read all files on this computer
X
Install programs and hardware
X
Make system-wide changes to the computer
X
Computer Management Snap-In
The Computer Management snap-in, shown in Figure 7-6, provides a more sophisticated means of managing local users than the User Accounts tool. Using Computer
Management, you can create, delete, and disable local user accounts. You can also create and manage local groups.
F07us06
Figure 7-6
Use the Computer Management snap-in for a more detailed set of user account tasks.
7-18
Chapter 7
Setting Up and Managing User Accounts
How to Create a Local User Account by Using Computer Management
To create local user accounts by using the Computer Management snap-in complete
the following steps:
1. From the Start menu, click Control Panel.
2. In the Control Panel window, click Performance And Maintenance.
3. In the Performance And Maintenance window, click Administrative Tools.
4. In the Administrative Tools window, double-click Computer Management.
Tip
You can also access the Computer Management window by right-clicking the My Computer icon on the desktop or Start menu and clicking Manage.
5. In the console tree of the Computer Management window, click the Computer
Management plus sign (+) icon to expand the tree. Computer Management contains three folders: System Tools, Storage, and Services And Applications.
6. In the console tree, expand System Tools, and then click Local Users And Groups.
7. In the details pane, right-click Users, and then click New User.
8. Fill in the appropriate text boxes in the New User dialog box (shown in Figure 77), click Create, and then click Close.
F07us07
Figure 7-7 Create a new user.
Table 7-4 describes the user account options shown in Figure 7-8.
Lesson 3
Modifying, Creating, and Deleting User Accounts
7-19
Table 7-4
Local User Account Options
Option
Action
User Name
Type the user’s logon name. This field is required.
Full Name
Type the user’s full name. You can include the user’s first and last
names, but you can also include the middle name or initial. This field is
optional.
Description
Type descriptive text about the user account or the user. This field is
optional.
Password
Type the account password that is used to authenticate the user. For
greater security, always assign a password. As an additional security
measure, the password appears as a string of asterisks as you type it.
Confirm Password
Confirm the password by typing it a second time. This field is required
if you assign a password.
User Must Change
Password At Next
Logon
Select this check box if you want the user to change his or her password the first time that he or she logs on. This ensures that only the
user knows the password. This option is selected by default.
User Cannot
Change Password
Select this check box if more than one person uses the same user
account (such as Guest), or if you want only administrators to control
passwords. If you have selected the User Must Change Password At
Next Logon check box, this option is not available.
Password Never
Expires
Select this check box if you never want the password to change—for
example, for a domain user account that a program or a Windows XP
Professional service uses. The User Must Change Password At Next
Logon option overrides this option, so if you have selected the User
Must Change Password At Next Logon check box, this option is not
available.
Account Is Disabled Select this check box to prevent use of this account—for example, for a
new employee who has not yet started working for your organization.
Security Alert
Always require new users to change their passwords the first time they log
on. This forces them to use passwords that only they know. For added network security, use a
combination of letters and numbers to create unique initial passwords for all new user
accounts.
How to Delete a User by Using Computer Management
You can also delete users in Computer Management. To delete a user by using the
Computer Management snap-in, use these steps:
1. From the Start menu, click Control Panel.
7-20
Chapter 7
Setting Up and Managing User Accounts
2. In the Control Panel window, click Performance And Maintenance.
3. In the Performance And Maintenance window, click Administrative Tools.
4. In the Administrative Tools window, double-click Computer Management.
5. In the console tree of the Computer Management window, click the Computer
Management plus sign (+) icon to expand the tree. Computer Management contains three folders: System Tools, Storage, and Services And Applications.
6. In the console tree, expand System Tools, and then click Local Users And Groups.
7. Under Local Users And Groups, click Users.
8. In the Details pane, right-click the user you want to delete and click Delete.
Windows displays the Local Users And Groups dialog box, which warns you that
when you delete a user, all permissions and rights associated with that user
account are also lost.
9. In the Local Users And Groups dialog box, click Yes.
How to Create a Password Reset Disk
The password reset disk is a floppy disk that contains encrypted password information and allows users to change their password without knowing the old password. As
standard practice, you should encourage users to create a password reset disk and
keep it in a secure location.
To create a password reset disk for a domain-based user account, follow these steps:
1. Press CTRL+ALT+DEL, and then click Change Password.
2. In the User Name box, type the user name of the account for which you want to
create a password reset disk.
3. In the Log On To box, click ComputerName, where ComputerName is your
assigned computer name, and then click Backup.
4. Follow the steps in the Forgotten Password Wizard until the procedure is complete. Store the password reset disk in a secure place.
To create a password reset disk for a local user account, follow these steps:
1. From the Start menu, click Control Panel.
2. In Control Panel, click User Accounts.
3. If you are logged on using a Computer Administrator account, click the account
name and then, in the Related Tasks list, select Prevent A Forgotten Password. If
you are logged on using a Limited account, the Prevent A Forgotten Password
option is located on the main page of the User Accounts window. (You do not
have to click the account name first.)
Lesson 3
Modifying, Creating, and Deleting User Accounts
7-21
4. Follow the steps in the Forgotten Password Wizard until the procedure is complete. Store the password reset disk in a secure place.
Users cannot change their password and create a password reset disk at the same time.
If a user types a new password in the New Password and Confirm New Password
boxes before the user clicks Backup, the new password information is not saved.
When the wizard prompts a user for his current user account password, the user must
type the old password.
A user can change a password anytime after creating a password reset disk. The user
does not have to create a new password disk after changing a password or resetting a
password manually.
When logging on, if a user forgets the password and has previously created a password
reset disk, the user is presented with an option to reset his password by using the password reset disk. Select the option on the logon screen to launch the Password Reset
Wizard. The Password Reset Wizard asks user to create a new password and hint. Log
on with the new password and then return the password reset disk to its safe storage
place. The user does not need to make a new password reset disk.
Practice: Modifying, Creating, and Deleting Local User Accounts
In this practice, you create a new local user account and assign it a password using the
User Accounts tool. You then create a custom Microsoft Management Console (MMC)
that contains the Computer Management snap-in and use the snap-in to create two
more new user accounts. Then you test one of the newly created local user accounts.
You complete the practice by using the User Accounts tool to delete a local user
account.
After completing this practice, you will be able to accomplish the following tasks:
■
Use the User Accounts tool to create a new local user account
■
Create a customized MMC containing the Computer Management snap-in
■
Use the Computer Management snap-in to create a new local user account
Exercise 1: Creating a New Local User Account by Using the User Accounts Tool
1. Log on with a user account that is a member of the Administrators group.
2. Click Start, click Control Panel, and then click User Accounts.
3. In the User Accounts window, under Pick A Task, click Create A New Account.
4. On the Name The New Account page, in the Type A Name For The New Account
text box, type User1, and then click Next.
5. On the Pick An Account Type page, click Limited.
7-22
Chapter 7
Setting Up and Managing User Accounts
Note If your account is a limited account type, you can change or remove your password,
change the picture displayed with your account, and change your theme and other desktop
settings. You can also view files that you created and files in the shared documents folder.
6. Click Create Account.
Windows XP Professional displays the User Accounts window; User1 appears in
the list of accounts.
7. Create an account named User2 using steps 3 through 6.
Leave the User Accounts window open for the next exercise.
Exercise 2: Assigning a Password to a Local User Account by Using the User
Accounts Tool
1. In the User Accounts window, click User1.
2. Click Create A Password.
3. Type password in both the Type A New Password text box and the Type The
New Password Again To Confirm text box.
4. Type the most commonly used password in the Type A Word Or Phrase To
Use As A Password Hint text box.
5. Click Create Password.
6. What two new options appear for User1’s account? What option is no longer available?
7. Click the Home icon to return to the User Accounts window.
8. Assign User2 the password User2.
9. Close the User Accounts window and Control Panel.
Exercise 3: Creating a Customized MMC That Contains the Computer Management
Snap-In
1. Click Start, and then click Run.
2. In the Open text box, type mmc and then click OK.
The MMC starts and displays an empty console.
3. Maximize the Console1 window by clicking Maximize.
Lesson 3
Modifying, Creating, and Deleting User Accounts
7-23
4. Maximize the Console Root window by clicking Maximize.
5. On the File menu, click Add/Remove Snap-In.
The MMC displays the Add/Remove Snap-In dialog box.
6. Click Add.
The MMC displays the Add Standalone Snap-In dialog box.
7. In the Available Standalone Snap-Ins list, click Computer Management and then
click Add.
The MMC displays the Computer Management dialog box, which allows you to
specify the computer that you want to administer. The Local Computer option is
selected by default.
8. In the Computer Management dialog box, click Finish.
The MMC creates the console that contains the Computer Management snap-in for
managing the local computer.
9. In the Add Standalone Snap-In dialog box, click Close.
10. In the Add/Remove Snap-In dialog box, click OK to place the Computer Management snap-in in your customized MMC.
Computer Management (Local) now appears in the console tree.
11. On the File menu, click Save As.
The MMC displays the Save As dialog box.
12. In the File Name text box, type Computer Management Local, and then click
Save.
The title bar is now Computer Management Local. You have just created a customized MMC containing the Computer Management snap-in and have named it Computer Management Local.
Exercise 4: Creating a New Local User Account by Using the Computer
Management Snap-In
1. In the Computer Management Local window, in the console pane, click the plus
sign in front of Computer Management (Local) to expand it.
Computer Management contains three folders: System Tools, Storage, and Services
And Applications.
2. In the console pane, expand System Tools, and then click Local Users And
Groups.
3. In the details pane, right-click Users, and then select New User.
The New User dialog box appears.
7-24
Chapter 7
Setting Up and Managing User Accounts
4. In the User Name text box, type User3.
5. In the Full Name text box, type User Three.
Do not assign a password to the user account.
6. Confirm that the User Must Change Password At Next Logon check box is
selected.
7. Click Create to create the new user, and then click Close.
8. Click Start, click Control Panel, and then click User Accounts.
The User Accounts window appears.
9. What type of account is User3? (Get answer.)
The account type for User3 is Limited Account.
10. Close the User Accounts window, and then close Control Panel.
11. In the Computer Management Local window, in the details pane, right-click Users,
and then click New User.
12. In the User Name text box, type User4.
13. In the Full Name text box, type User Four.
14. In the Password and Confirm Password text boxes, type User4.
15. How does the password appear on the screen? Why?
Security Alert
In high-security environments, assign initial passwords to user accounts
and then require users to change their passwords the next time they log on. This accomplishes two goals: it prevents a user account from existing without a password and ensures
that only the user knows the password. The password assigned in this exercise was for ease
of use in the exercise. The passwords you assign should be difficult to guess and should
include both uppercase and lowercase letters, numerals, and valid nonalphanumeric characters. For information about valid characters for creating user accounts, see Table 7-2.
16. Confirm that the User Must Change Password At Next Logon check box is
selected, and then click Create.
17. Close the New User dialog box.
18. In the Computer Management console, on the File menu, click Exit to close the
Computer Management custom MMC.
The Microsoft Management Console dialog box appears, in which you indicate
whether you want to save Console settings to Computer Management.
Lesson 3
Modifying, Creating, and Deleting User Accounts
7-25
Note
If you click Yes, the next time you open the Computer Management console, it
appears as it does now. If you click No, Windows XP Professional does not save the settings.
19. Click Yes to save the console settings.
20. Click Start, and then click Log Off.
Windows XP Professional displays a Log Off Windows dialog box telling you to
click Switch User if you want to leave programs running and switch to another
user. Your other options are to click Log Off or Cancel.
21. In the Log Off Windows dialog box, click Log Off.
22. On the Welcome screen, click User Three.
23. What happens?
24. Click OK. The Change Password dialog box appears.
25. Leave the Old Password text box blank, and in the New Password and Confirm
New Password text boxes, type User3, and then click OK.
Windows XP Professional displays a Change Password dialog box indicating that
the password has been changed.
26. Click OK to close the Change Password dialog box.
The User3 user account that you created using the Computer Management snapin allowed you to log on. Because you left the default check box, User Must
Change Password At Next Logon, selected when you created the account, you
were prompted to change passwords when you logged on as User3. You confirmed that the User3 user account was created with a blank password when you
left the Old Password box blank and successfully changed the password to User3.
27. Log off the computer.
Exercise 5: Deleting a Local User Account
1. Log on with a user account that is a member of the Administrators group.
2. In the Control Panel, click User Accounts.
3. Click User Three.
Windows XP Professional displays the What Do You Want To Change About User
Three’s Account window.
4. Click Delete The Account.
Windows XP Professional displays the Do You Want To Keep User Three’s Files
window.
7-26
!
Chapter 7
Setting Up and Managing User Accounts
Exam Tip
After you delete a user account, there is no way to recover the rights and permissions associated with that user account. A better practice than deleting user accounts is to
disable them until you are sure they are no longer needed.
5. Click Delete Files.
Windows XP Professional displays the Are You Sure You Want To Delete User
Three’s Account window.
6. Click Delete Account.
Windows XP Professional displays the User Accounts window. Notice that the
User3 account is no longer listed under Or Pick An Account To Change.
7. Close the User Accounts tool, and then close the Control Panel.
8. Log off the computer.
Lesson Review
Use the following questions to help determine whether you have learned enough to
move on to the next lesson. If you have difficulty answering these questions, review
the material in this lesson before beginning the next lesson. You can find answers to
these questions in the “Questions and Answers” section at the end of this chapter.
1. Which of the following statements about the Windows XP Professional User
Accounts tool are correct? (Choose all that apply.)
a. The User Accounts tool allows you to remotely create, modify, and delete user
accounts on all computers in the network running Windows XP Professional.
b. The User Accounts tool allows you to view and modify all accounts on the
computer.
c. The tasks you can perform with the User Accounts tool depend on the type
of account you use to log on to the local computer.
d. The User Accounts tool allows users to delete, create, or remove their individual passwords.
2. Which of the following tasks can both account types (Computer Administrator and
Limited) perform? (Choose all that apply.)
a. Change your picture
b. Change your account type
c. Create, change, or remove your password
d. Change your account name
Lesson 3
Modifying, Creating, and Deleting User Accounts
7-27
3. Which of the following statements about logging on or logging off a computer
running Windows XP Professional are true? (Choose all that apply.)
a. When you use the Welcome screen to log on the local computer, you can
quickly switch to another user account without logging off and closing all
programs that you are running.
b. The User Accounts tool allows you to disable a local user account to prevent
users from using the disabled account to log on.
c. When you use the Welcome screen to log on the local computer, you can log
on using only one of the accounts displayed on the Welcome screen.
d. The User Accounts tool allows you to replace the Welcome screen with a
logon prompt that requires users to type their individual user names and
passwords.
4. When you use the Computer Management snap-in to create a new user account,
which check box do you select to prevent a new employee from using the new
account until the employee starts working for the company?
Lesson Summary
■
The User Accounts tool allows administrators to create a new user account,
change an existing account, and change the way a user logs on or logs off. The
two check boxes that control the way users log on and log off the computer, Use
The Welcome Screen and Use Fast User Switching, are available only on computers that are workgroup members and apply to all users. You cannot configure
them for individual local user accounts.
■
The Computer Management snap-in allows you to create, modify, and delete user
accounts for the local computer on which you are working. If your computer is
part of a network, you can use the Computer Management snap-in on a remote
computer. The Computer Management snap-in provides all the functionality of the
User Accounts tool and additional functionality, including the ability to view all
accounts in the local security database and to disable accounts.
7-28
Chapter 7
Setting Up and Managing User Accounts
Lesson 4: Configuring Properties for User Accounts
Windows XP Professional creates a set of default account properties for each local user
account. After you create a local user account, you can configure the account properties by using the Computer Management snap-in. The account properties are grouped
under three tabs in the Properties dialog box for a user account: General, Member Of,
and Profile.
After this lesson, you will be able to
■ Configure general properties for user accounts by using the General tab
■ Add a user account to groups by using the Members tab
■ Configure a user profile by using the Profile tab
Estimated lesson time: 30 minutes
The General Tab
The General tab in the Properties dialog box for a user account (shown in Figure 7-8)
allows you to configure or edit all the fields from the New User dialog box except User
Name, Password, and Confirm Password. In addition, it provides an Account Is Locked
Out check box.
F07us08
Figure 7-8 Configure basic user properties by using the General tab of the Properties dialog box for
a user account.
If the account is active and is not locked out of the system, the Account Is Locked Out
check box is unavailable. The system locks out a user who exceeds the limit for the
number of failed logon attempts. This security feature makes it more difficult for an
unauthorized user to break into the system by guessing passwords. If the system locks
Lesson 4
Configuring Properties for User Accounts
7-29
out an account, the Account Is Locked Out check box becomes available, and an
administrator can clear the check box to allow user access. You will learn more about
account lockout in Chapter 16.
The Member Of Tab
The Member Of tab in the Properties dialog box for a user account allows you to add
the user account to or remove the user account from a group. For information about
groups, see Lesson 5, “Implementing Groups.”
The Profile Tab
The Profile tab in the Properties dialog box for a user account allows you to enter a
path for the user profile, the logon script, and home folder (shown in Figure 7-9).
F07us09
Figure 7-9
Configure user profiles, logon scripts, and home folders by using the Profile tab.
User Profile
A user profile is a collection of folders and data that stores your current desktop environment, application settings, and personal data. It also contains all the network connections that are established when you log on to a computer, such as Start menu items
and drives mapped to network servers. The user profile maintains consistency by providing the same desktop environment every time you log on to the computer.
Windows XP Professional creates a user profile the first time you log on to a computer
and stores it on that computer. This user profile is also known as a local user profile.
User profiles on client computers running Windows XP Professional operate in the following way:
7-30
Chapter 7
Setting Up and Managing User Accounts
■
User profiles are stored locally in a subfolder of the Documents And Settings
folder. The subfolder has the same name as the user account and contains important user folders, such as My Documents, Favorites, and Desktop. The user profile
folder also stores application data and Windows settings pertinent to the user.
■
When you log on the client computer, you always receive your desktop settings
and connections, regardless of how many users share the same client computer.
■
The first time you log on to the client computer, Windows XP Professional creates
a default user profile for you. The default user profile is stored in the
system_partition_root\Documents and Settings\user_logon_name folder (typically
C:\Documents and Settings\user_logon_name), where user_logon_name is the
name you enter when logging on to the system.
■
The user profile contains the My Documents folder, which provides a place to
store personal files. My Documents is the default location for the File Open and
Save As commands. My Documents appears on the Start menu, which makes it
easier to locate personal documents.
Important
Users can store their documents in My Documents or in home folders, such as a
home directory that is located on a network server. Home folders are covered later in this lesson. Windows XP Professional automatically sets up My Documents as the default location for
storing data for Microsoft applications. If there is adequate room on drive C or the drive where
Windows XP Professional was installed, users can store their documents in My Documents.
However, using My Documents to store personal data greatly increases the amount of space
required on a hard disk for installing Windows XP Professional well beyond the minimum.
■
You can change your user profile by changing desktop settings. For example, if
you make a new network connection or add a file to My Documents, Windows XP
Professional incorporates the changes into your user profile when you log off. The
next time you log on, the new network connection and the file are present.
Logon Script
A logon script is a file that you can create and assign to a user account to configure the
user’s working environment. For example, you can use a logon script to establish network connections or start applications. Each time a user logs on, the assigned logon
script is run.
Home Folder
In addition to the My Documents folder, Windows XP Professional allows you to create
home folders for users to store their personal documents. You can store a home folder
on a client computer, in a shared folder on a file server, or in a central location on a
network server.
Lesson 4
Configuring Properties for User Accounts
7-31
Storing all home folders on a file server provides the following advantages:
■
Users can access their home folders from any client computer on the network.
■
You can centralize backing up and administering user documents by moving the
responsibility for backing up and managing the documents out of the hands of the
users and into the hands of one of the network backup operators or network
administrators.
Note
The home folders are accessible from a client computer running any Microsoft operating system, including MS-DOS, Windows 95, Windows 98, Windows 2000 Professional, and
Windows XP Professional.
Important
Store home folders on an NTFS volume so that you can use NTFS permissions
to control access to user documents. If you store home folders on a file allocation table (FAT)
volume, you can restrict home folder access only by using shared folder permissions.
To create a home folder on a network file server, complete the following steps:
1. Create and share a folder for storing all users’ home folders on a network server.
The home folder for each user will reside in this shared folder.
2. For the shared folder, remove the default Full Control permission from the Everyone group and assign Full Control to the Users group.
This ensures that only users with domain user accounts can access the shared
folder.
3. In the Properties dialog box for the user account, on the Profile tab, click Connect
and select or type a drive letter with which to connect to the user account home
folder on the network.
4. In the To text box, type a Universal Naming Convention (UNC) name (\\server_
name\shared_folder_name\user_logon_name).
Type the username variable as the user’s logon name to automatically give each
user’s home folder the user logon name (for example, \\server_name\Users\
%username%). Naming a folder on an NTFS volume with the username variable
assigns the NTFS Full Control permission to the user and removes all other permissions for the folder, including those for the Administrator account.
To configure User Account properties, complete the following steps:
7-32
Chapter 7
Setting Up and Managing User Accounts
1. Click Start, point to All Programs, point to Administrative Tools, and click Computer Management.
2. Under System Tools, expand Local Users And Groups, and then click Users.
3. In the details pane, right-click the appropriate user account and then click Properties.
4. Click the appropriate tab for the properties that you want to configure or modify,
and then enter a value for each property.
Practice: Modifying User Account Properties
This practice presents exercises that allow you to modify user account properties and
test them.
1. Log on with a user account that is a member of the Administrators group.
2. Click Start, click Run, type mmc and then click OK.
The MMC starts and displays an empty console.
3. On the File menu, click Computer Management Local.
4. Expand Local Users And Groups, and then click Users.
The MMC displays the user accounts in the details pane.
5. Right-click User1, and then click Properties.
6. In the User1 Properties dialog box, on the General tab, select User Cannot Change
Password, and then clear all other check boxes.
Tip
When you select the User Cannot Change Password check box, the User Must Change
Password At Next Logon option is unavailable.
7. Click OK to close the User1 Properties dialog box.
8. Right-click User2, and then click Properties.
9. In the User2 Properties dialog box, on the General tab, select the Account Is Disabled check box and clear all other check boxes.
10. Click OK to close the User2 Properties dialog box.
11. Close the Computer Management window, and if you are prompted about saving
the console settings, click No.
12. Log off the computer.
Lesson 4
Configuring Properties for User Accounts
7-33
13. On the Welcome screen, click User1.
14. In the Type Your Password dialog box, click the question mark icon for your password hint.
Windows XP Professional displays the password hint you entered.
15. In the Type Your Password text box, type password and then press ENTER.
16. In the Control Panel, click User Accounts.
Windows XP Professional starts the User Accounts tool.
17. Click Change My Password.
18. In the Type Your Current Password text box, type password.
19. In the Type A New Password and Type The New Password Again To Confirm text
boxes, Type User1.
20. Click Change Password.
21. What happens? Why?
22. Log off as User1.
Notice that disabled accounts such as User2 do not appear on the Welcome
screen.
Lesson Review
Use the following questions to help determine whether you have learned enough to
move on to the next lesson. If you have difficulty answering these questions, review
the material in this lesson before beginning the next lesson. You can find answers to
these questions in the “Questions and Answers” section at the end of this chapter.
1. When can you select the Account Is Locked Out check box for a user and why?
7-34
Chapter 7
Setting Up and Managing User Accounts
2. Which of the following statements about local user account properties are correct?
(Choose all that apply.)
a. You can configure all of the default properties associated with each local user
account using the User Accounts tool located in the Control Panel.
b. In Computer Management, the General tab in a user account’s Properties dialog box allows you to disable the account.
c. In Computer Management, the General tab in a user account’s Properties dialog box allows you to select the Account Is Locked Out check box to prevent
the user from logging on to the computer.
d. You can use the Computer Management snap-in to configure all of the default
properties associated with each local user account.
3. Which of the following statements about user profiles are correct? (Choose all that
apply.)
a. A user profile is a collection of folders and data that stores the user’s current
desktop environment, application settings, and personal data.
b. A user profile contains all the network connections that are established when
a user logs on to a computer.
c. Windows XP Professional creates a user profile when you create a new local
user account.
d. You must create each user profile by copying and modifying an existing user
profile.
4. Which of the following statements about user profiles are correct? (Choose all that
apply.)
a. Users should store their documents in home directories rather than in their
My Documents folders.
b. The Profile tab in the account-name Properties dialog box for a user account
allows you to create a path for the user profile, logon script, and home folder.
c. A user profile contains the My Documents folder, which provides a place for
users to store personal files.
d. When users change their desktop settings, the changes are reflected in their
user profiles.
Lesson 4
Configuring Properties for User Accounts
7-35
5. What three tasks must you perform to create a home folder on a network server?
Lesson Summary
■
The General tab in a user account’s Properties dialog box allows you to configure
or edit all the fields from the New User dialog box except for User Name, Password, and Confirm Password. In addition, it provides an Account Is Locked Out
check box.
■
The Member Of tab in a user account’s Properties dialog box allows you to add
the user account to or remove the user account from a group.
■
The Profile tab in a user account’s Properties dialog box for a user account allows
you to create a path for the user profile, logon script, and home folder.
7-36
Chapter 7
Setting Up and Managing User Accounts
Lesson 5: Implementing Groups
In this lesson, you will learn what groups are and how you can use them to simplify
user account administration. You will also learn about built-in groups, which have a
predetermined set of user rights and group membership, and about special groups,
which you cannot add members to yourself but for which Windows creates memberships dynamically. Windows XP Professional has two categories of built-in groups,
local and system, which it creates for you to simplify the process of assigning rights and
permissions for commonly used functions.
After this lesson, you will be able to
■ Explain the purpose of a group
■ Identify guidelines for using local groups
■ Create a local group
■ Add members to a local group
■ Delete a local group
■ Identify the built-in local groups
■ Identify the built-in system groups
Estimated lesson time: 40 minutes
What Is a Group?
A group is a collection of user accounts. Groups simplify administration by allowing
you to assign permissions and rights to a group of users rather than to each user
account individually (shown in Figure 7-10).
Permissions control what users can do with a resource such as a folder, a file, or a
printer. When you assign permissions, you allow users to gain access to a resource and
you define the type of access that they have. For example, if several users need to read
the same file, you can add their user accounts to a group and then give the group permission to read the file. Rights allow users to perform system tasks, such as changing
the time on a computer and backing up or restoring files.
See Also
For more information about permissions, see Chapter 8, “Securing Resources
with NTFS Permissions.” For more information about rights, see Chapter 16.
Lesson 5
Assign permissions
once for a group
- instead of -
Implementing Groups
7-37
Assign permissions for
each user account
permissions
permissions
User
Group
Resources
permissions
User
permissions
User
• Groups are collections of user accounts.
• Members receive permissions given to groups.
• Users can be members of multiple groups.
• Groups can be members of other groups.
F07us10
Figure 7-10
Groups simplify administration.
Guidelines for Using Local Groups
A local group is a collection of user accounts on a computer. Use local groups to assign
permissions to resources residing on the computer on which the local group is created.
Windows XP Professional creates local groups in the local security database.
Guidelines for using local groups include the following:
■
Before creating a new group, determine whether a built-in group (or other existing group) fits your needs. For example, if all users need access to a resource, use
the built-in Users group.
■
Use local groups on computers that do not belong to a domain. You can use local
groups only on the computer on which you create them. Although local groups
are available on member servers and domain computers running Windows 2000
Server or later, do not use local groups on computers that are part of a domain.
Using local groups on domain computers prevents you from centralizing group
administration. Local groups do not appear in the Active Directory service, and
you must administer them separately for each computer.
■
You can assign permissions to local groups to access only the resources on the
computer on which you create the local groups.
Note You cannot create local groups on domain controllers because domain controllers
cannot have a security database that is independent of the database in Active Directory.
7-38
Chapter 7
Setting Up and Managing User Accounts
Membership rules for local groups include the following:
■
Local groups can contain local user accounts from the computer on which you
create the local groups.
■
Local groups cannot belong to any other group.
How to Create Local Groups
Use the Computer Management snap-in to create local groups in the Groups folder.
To create a local group, complete the following steps:
1. In Computer Management, expand Local Users And Groups.
2. Right-click Groups, and then click New Group.
The MMC displays the New Group dialog box (shown in Figure 7-11). Table 7-5
describes the available options.
F07us11
Figure 7-11 Create a new group using the Computer Management snap-in.
3. Enter the appropriate information, and then click Create.
Table 7-5
New Local Group Options
Option
Description
Group Name
Requires a unique name for the local group. This is the only required
entry. Use any character except for the backslash (\). The name can
contain up to 256 characters, but very long names might not display in
some windows.
Description
Describes the group.
Lesson 5
Table 7-5
Implementing Groups
7-39
New Local Group Options
Option
Description
Members
Lists the user accounts belonging to the group.
Add
Adds a user to the list of members.
Remove
Removes a user from the list of members.
Create
Creates the group.
Close
Closes the New Group dialog box.
How to Add Members to a Local Group
You can add members to a local group when you create the group by clicking Add in
the New Group dialog box. In addition, Windows XP Professional provides two methods for adding members to a group that has already been created: by using the Properties dialog box of the group or by using the Member Of tab in the Properties dialog
box for a user account.
To add members to a group by using the Properties dialog box of the group, follow
these steps:
1. Start the Computer Management snap-in.
2. Expand Local Users And Groups, and then click Groups.
3. In the details pane, right-click the appropriate group and then click Properties.
Computer Management displays Properties dialog box for the group.
4. Click Add.
Computer Management displays the Select Users dialog box, as shown in Figure 7-12.
F07us12
Figure 7-12
Type a user name in the Select Users dialog box.
7-40
Chapter 7
Setting Up and Managing User Accounts
5. In the From This Location text box, ensure that the computer on which you created the group is selected.
6. In the Select Users dialog box, in the Enter The Object Names To Select text box,
type the user account names that you want to add to the group, separated by
semicolons, and then click OK.
Tip
The Member Of tab in Properties dialog box of a user account allows you to add a user
account to multiple groups. Use this method to quickly add the same user account to multiple
groups.
How to Delete Local Groups
Use the Computer Management snap-in to delete local groups. Each group that you
create has a unique identifier that cannot be used again. Windows XP Professional uses
this value to identify the group and its assigned permissions. When you delete a group,
Windows XP Professional does not use the identifier again, even if you create a new
group with the same name as the group that you deleted. Therefore, you cannot
restore access to resources by re-creating the group.
When you delete a group, you remove only the group and its associated permissions
and rights. Deleting a group does not delete the user accounts that are members of the
group. To delete a group, right-click the group name in the Computer Management
snap-in and then click Delete.
Built-In Local Groups
All computers running Windows XP Professional have built-in local groups. These
groups give rights to perform system tasks on a single computer, such as backing up
and restoring files, changing the system time, and administering system resources. Windows XP Professional places the built-in local groups in the Groups folder in Computer
Management.
Table 7-6 lists the most commonly used built-in local groups and describes their capabilities. Except where noted, these groups do not include initial members.
Lesson 5
Table 7-6
Implementing Groups
7-41
Built-In Local Group Capabilities
Local Group
Description
Administrators
Members can perform all administrative tasks on the computer. By default,
the built-in Administrator account is a member. When a member server or
a computer running Windows XP Professional joins a domain, the domain
controller adds the Domain Admins group to the local Administrators
group.
Backup Operators
Members can use Windows Backup to back up and restore the computer.
Guests
Members can do the following:
Perform only the tasks for which they have been specifically
granted rights
■ Access only those resources for which they have assigned
permissions
■
Members cannot make permanent changes to their desktop environment.
By default, the built-in Guest account is a member. When a member
server or a computer running Windows XP Professional joins a domain,
the domain controller adds the Domain Guests group to the local Guests
group.
Power Users
Members can create and modify local user accounts on the computer and
share resources.
Replicator
Supports file replication in a domain.
Users
Members can do the following:
Perform only the tasks for which they have been specifically
granted rights
■ Access only those resources for which they have assigned permissions
■
By default, Windows XP Professional adds to the Users group all local
user accounts that an administrator creates on the computer. When a
member server or a computer running Windows XP Professional joins a
domain, the domain controller adds the Domain Users group to the local
Users group.
7-42
Chapter 7
Setting Up and Managing User Accounts
Built-In System Groups
Built-in system groups exist on all computers running Windows XP Professional. System groups do not have specific memberships that you can modify; instead, they represent different users at different times, depending on how a user gains access to a
computer or resource. You do not see system groups when you administer groups, but
they are available when you assign rights and permissions to resources. Windows XP
Professional bases system group membership on how the computer is accessed, not on
who uses the computer. Table 7-7 lists the most commonly used built-in system groups
and describes their capabilities.
Table 7-7
Built-In System Group Capabilities
System Group
Description
Everyone
All users who access the computer. By default, when you format a volume
with NTFS, the Full Control permission is assigned to the Everyone group.
This presented a problem in earlier versions of Windows, including Windows
2000. In Windows XP Professional, the Anonymous Logon is no longer
included in the Everyone group. When a Windows 2000 Professional system
is upgraded to a Windows XP Professional system, resources with permission
entries for the Everyone group and not explicitly for the Anonymous Logon
group are no longer available to the Anonymous Logon group.
Authenticated
Users
All users with valid user accounts on the computer. (If your computer is part
of a domain, it includes all users in Active Directory.)
Creator Owner
The user account for the user who created or took ownership of a resource.
If a member of the Administrators group creates a resource, the Administrators group owns the resource.
Network
Any user with a current connection from another computer on the network
to a shared resource on the computer.
Interactive
The user account for the user who is logged on at the computer. Members of
the Interactive group can access resources on the computer at which they are
physically located. They log on and access resources by “interacting” with the
computer.
Anonymous
Logon
Any user account that Windows XP Professional cannot authenticate.
Dialup
Any user who currently has a dial-up connection.
Practice: Creating and Managing Local Groups
In this practice, you create two local groups, and then add members to the local groups
after you create them. You delete a member from one of the groups, and then delete
one of the local groups that you created.
Lesson 5
Implementing Groups
7-43
Exercise 1: Creating Local Groups
In this exercise, you create two local groups, Accounting and Marketing.
1. Log on with a user account that is a member of the Administrators group.
2. Click Start, point to All Programs, point to Administrative Tools, and then click
Computer Management.
Windows XP Professional starts Computer Management.
3. Under System Tools, if necessary, expand Local Users And Groups, right-click
Groups, and then click New Group.
4. In the New Group dialog box, in the Group Name text box, type Accounting.
5. In the Description text box, type Access to Accounts Receivable Files.
6. Click Add.
7. In the Select Users dialog box, in the Name text box, type User1; User2; User4
and then click OK.
User1, User2, and User4 appear in the Members list in the New Group dialog box.
8. Click Create.
Windows XP Professional creates the group and adds it to the list of groups in the
details pane. Notice that the New Group dialog box is still open and might block
your view of the list of groups.
9. Repeat steps 4 through 8 to create a group named Marketing with a description of
Access To Mailing Lists and User2 and User4 as group members.
10. When you finish creating both the Accounting and the Marketing groups, click
Close to close the New Group dialog box.
The Accounting and the Marketing groups now appear in the details pane.
Exercise 2: Adding and Removing Members
In this exercise, you add members to both groups that you created in the previous
exercise. You add a member to the existing Marketing group, and then remove a member from the Marketing group.
1. In the details pane of the Computer Management window, double-click Marketing.
The Marketing Properties dialog box displays the properties of the group. Notice
that User2 and User4 are in the Members list.
2. To add a member to the group, click Add.
Computer Management displays the Select Users dialog box.
7-44
Chapter 7
Setting Up and Managing User Accounts
3. In the Name text box, type User1, and then click OK.
The Marketing Properties dialog box now displays User1, User2, and User4 in the
Members list.
4. Select User4, and then click Remove.
Notice that User4 is no longer in the Members list. User4 still exists as a local user
account, but it is no longer a member of the Marketing group.
5. Click OK.
Exercise 3: Deleting a Local Group
1. In the details pane of the Computer Management window, right-click Marketing,
and then click Delete.
Computer Management displays a Local Users And Groups dialog box asking
whether you are sure that you want to delete the group.
2. Click Yes.
Marketing is no longer listed in the details pane indicating that the Marketing
group was successfully deleted.
3. In the console pane of the Computer Management window, click Users.
User1 and User2 are still listed in the details pane indicating that the group was
deleted, but the members of the group were not deleted from the Users folder.
4. Close Computer Management.
Lesson Review
Use the following questions to help determine whether you have learned enough to
move on to the next lesson. If you have difficulty answering these questions, review
the material in this lesson before beginning the next lesson. You can find answers to
these questions in the “Questions and Answers” section at the end of this chapter.
1. What are groups, and why do you use them?
2. An administrator or owner of a resource uses __________________ to control what
users can do with a resource such as a folder, a file, or a printer.
3. You use local groups to assign permissions to resources residing _______________
_____________________________________.
Lesson 5
Implementing Groups
7-45
4. Which of the following statements about deleting local groups are correct?
(Choose all that apply.)
a. Each group that you create has a unique identifier that cannot be reused.
b. You can restore access to resources by re-creating the group.
c. When you delete a group, you also remove the permissions and rights associated with it.
d. Deleting a group deletes the user accounts that are members of the group.
5. What is the difference between built-in system groups and built-in local groups
found on computers running Windows XP Professional? Give at least two examples of each type of group.
Lesson Summary
■
Groups simplify administration by allowing you to assign permissions and rights
to a group of users rather than to individual user accounts. Permissions control
what users can do with a resource such as a folder, file, or printer. Rights allow
users to perform system tasks, such as changing the time on a computer and backing up or restoring files.
■
Windows XP Professional creates local groups in the local security database, so
you can use local groups only on the computer on which you create them.
■
You can use the Computer Management snap-in to create, add members to, and
delete local groups.
■
All computers running Windows XP Professional have built-in local groups that
give rights to perform system tasks on a single computer.
■
Computers running Windows XP Professional also have built-in system groups
whose membership is determined dynamically.
7-46
Chapter 7
Setting Up and Managing User Accounts
Case Scenario Exercise
In this exercise, you will read a scenario about creating users and groups and then
answer the questions that follow. If you have difficulty completing this work, review
the material in this chapter before beginning the next chapter. You can find answers to
these questions in the “Questions and Answers” section at the end of this chapter.
Scenario
You are an administrator working for the Baldwin Museum of Science. The museum
has hired a number of temporary workers that will be researching information for a
new exhibit on the history of coal use in northern Europe. Each of these workers has
been assigned a workstation in a small workgroup that the museum has set up in the
exhibit room. One computer in the workgroup is acting as a file server where the
workers will store their research files. All workstations and the file server are running
Windows XP Professional.
The temporary researchers’ names are as follows:
■
Cat Francis
■
David Jaffe
■
Mary North
■
Jeff Teper
■
Bernhard Tham
Questions
1. Your first task is to create a naming convention for these workers. The museum
management would like the user names to reflect that these are temporary workers, but not require too complicated a user name for the workers to type. Use the
following table to create names for the workers.
Full Name
Cat Francis
David Jaffe
Mary North
Jeff Teper
Bernhard Tham
User Account Name
Troubleshooting Lab
7-47
2. Where should you create these user names?
3. The file server in the workgroup contains a folder named Coal Research, to which
each of the workers needs access. You would like to minimize the number of
times you have to assign permissions to the Research folder. How would you do
this?
4. When creating passwords for the users on their workstations, what must you
ensure so that the users can access the file server?
Troubleshooting Lab
You are working as an administrator for Tailspin Toys, a manufacturer of remote-controlled airplanes. Raymond, one of your junior administrators, tells you that he received
a call from Martin, a user in the Sales department, who shares a workstation with two
other users. Martin complained to Raymond that he had forgotten the password for his
local user account and could not log on to his computer. Raymond intended to use Computer Management to reset Martin’s password, but accidentally deleted the user account
instead. He says that he clicked Yes in the dialog box that warned him about the deletion, thinking that the message was warning him about resetting the password instead.
7-48
Chapter 7
Setting Up and Managing User Accounts
1. Martin’s user account was assigned permissions to access a number of resources on
the computer and Raymond is not sure exactly what permissions were assigned. He
wants to recover the deleted user account. Can he do this? If so, how?
2. If you really mean to delete the user account, what is often a better way to handle
the situation than simply deleting the user account?
3. To prevent a situation like the one that happened with Raymond (in which rights and
permissions to resources were assigned directly to Martin’s user account and were
thus difficult to reconstruct), what is a better way to assign rights and permissions?
4. Soon after creating a new user account for Martin, Raymond contacts you and tells
you that Martin has forgotten his new password. Can you reset his password? How?
5. What should you tell Martin to do so that he can recover his own password should
this happen again?
Exam Highlights
7-49
Chapter Summary
■
Local user accounts allow users to log on at and access resources on only the computer on which you create the local user account. Domain user accounts allow
users to log on to the domain and access resources anywhere on the network.
■
Local user account names must be unique on the computer on which you create
the account, and domain user accounts must be unique to the directory. Passwords can be up to 128 characters long; a minimum of 8 characters is recommended. Use a mixture of uppercase and lowercase letters, numerals, and valid
nonalphanumeric characters in creating passwords.
■
You can administer local user accounts using the following two tools:
❑
The User Accounts tool allows administrators to create a new user account,
change an existing account, and change the way a user logs on or logs off.
❑
The Computer Management snap-in allows you to create, modify, and delete
user accounts for the local computer on which you are working. If your computer is part of a network, you can use the Computer Management snap-in on
a remote computer.
■
After creating a user account, you can modify the properties for the account by
using the Properties dialog box for the user account in Computer Management.
■
Groups simplify administration by allowing you to assign permissions and rights
to a group of users rather than to individual user accounts. Windows XP Professional creates local groups in the local security database, so you can use local
groups only on the computer on which you create them.
Exam Highlights
Before taking the exam, review the key points and terms that are presented in this
chapter. You need to know this information.
Key Points
■
A domain does not recognize local user accounts, so do not create local user
accounts on computers running Windows XP Professional that are part of a
domain. Doing so restricts users from accessing resources in the domain and prevents the domain administrator from administering the local user account properties or assigning access permissions for domain resources.
■
Allow Guest access only in low-security workgroups, and always assign a password to the Guest account. You can rename the Guest account, but you cannot
delete it.
7-50
Chapter 7
Setting Up and Managing User Accounts
■
You should understand the guidelines for creating strong passwords. In particular,
remember that a password should be a minimum of eight characters and should
include a mix of uppercase and lowercase letters, numbers, and symbols.
■
After you delete a user account, there is no way to recover the rights and permissions associated with that user account. A better practice than deleting user
accounts is to disable them until you are sure they are no longer needed.
Key Terms
Computer Management A console that provides access to a number of management utilities for administering a computer, including the ability to create, manage,
and monitor shared folders.
domain user account An account that allows you to log on to a domain to access
network resources.
group A collection of user accounts. Groups simplify administration by allowing you
to assign permissions and rights to a group of users rather than to each user
account individually.
local security database A database on a computer running Windows XP Professional that holds local user accounts and groups.
local user account An account that allows you to log on to a specific computer to
access resources on that computer.
naming convention
An organization’s established standard for identifying users.
password reset disk A floppy disk that contains encrypted password information
and allows users to change their password without knowing the old password.
Permissions Permissions control what users can do with a resource such as a folder,
a file, or a printer.
Rights Rights allow users to perform system tasks, such as changing the time on a
computer and backing up or restoring files.
user profile A collection of folders and data that stores your current desktop environment, application settings, and personal data.
Questions and Answers
7-51
Questions and Answers
Lesson 1 Review
Page
7-7
1. Where do local user accounts allow users to log on and gain access to resources?
Only on the computer on which the local user account is created.
2. Where should you create user accounts for computers running Windows XP Professional that are part of a domain?
You should create it on one of the domain controllers. You should not use local user accounts
on Windows XP Professional computers that are part of a domain.
3. Which of the following statements about domain user accounts are correct?
(Choose all that apply.)
a. Domain user accounts allow users to log on to the domain and gain access to
resources anywhere on the network, as long as the users have the required
access permissions.
b. If at least one computer on the network is configured as a domain controller,
you should use domain user accounts only.
c. The domain controller replicates the new user account information to all
other computers in the domain.
d. A new domain user account is established in the local security database on
the domain controller on which you created the account.
The correct answers are A and B. C is not correct because the domain controller replicates user
account information only to other domain controllers in a domain—not to every computer. D is
not correct because a domain user account is established in Active Directory, not in the local
security database. A local user account is established in the local security database.
4. Which of the following statements about built-in accounts are correct? (Choose all
that apply.)
a. You can delete the Guest account.
b. You cannot delete the Administrator account.
c. You cannot rename the Guest account.
d. You can rename the Administrator account.
The correct answers are B and D. A is not correct because you cannot delete the Guest account
(or any built-in local user accounts, for that matter). C is not correct because you can rename
the Guest account.
7-52
Chapter 7
Setting Up and Managing User Accounts
5. How do you disable the Guest account?
Click Start, click Control Panel, and then click User Accounts. In the User Accounts window,
click the Guest icon. In the What Do You Want To Change About The Guest Account window,
click Turn Off The Guest Account. The Guest Account is now disabled.
Lesson 2 Review
Page
7-12
1. The maximum number of characters that Windows XP Professional recognizes in
a local user account name is __________.
20
2. When are duplicate local user accounts valid in a network of computers running
Windows XP Professional?
They are valid as long as they are not on the same computer. In fact, in a workgroup, you must
create the same user account on each computer in the workgroup that you want the user to be
able to access.
3. Passwords can be up to ______ characters long with a minimum length of ______
characters recommended.
128, 8
Page
7-22
Lesson 3 Practice: Exercise 2
6. What two new options appear for User1’s account? What option is no longer available?
The list of changes you can make to the user’s account includes two new options: Change The
Password and Remove The Password. The Create A Password option is gone.
Lesson 3 Practice: Exercise 4
Page
7-23
1. What type of account is User3? (Get answer.)
The account type for User3 is Limited Account.
15. How does the password appear on the screen? Why?
The password is displayed as large dots as you type. This prevents others from viewing the
password as you type it.
23. What happens?
A Logon Message dialog box appears, informing you that you are required to change your password at first logon.
Lesson 3 Review
Page
7-26
1. Which of the following statements about the Windows XP Professional User
Accounts tool are correct? (Choose all that apply.)
Questions and Answers
7-53
a. The User Accounts tool allows you to remotely create, modify, and delete
user accounts on all computers in the network running Windows XP Professional.
b. The User Accounts tool allows you to view and modify all accounts on the
computer.
c. The tasks you can perform with the User Accounts tool depend on the type
of account you use to log on to the local computer.
d. The User Accounts tool allows users to delete, create, or remove their individual passwords.
The correct answers are C and D. A is not correct because you cannot use the User Accounts
tool to administer a remote computer. B is not correct because the User Accounts tool does not
allow you to administer certain built-in accounts.
2. Which of the following tasks can both account types (Computer Administrator and
Limited) perform? (Choose all that apply.)
a. Change your picture
b. Change your account type
c. Create, change, or remove your password
d. Change your account name
The correct answers are A and C. B and D are not correct because only computer administrators can change the account type and account name.
3. Which of the following statements about logging on or logging off a computer
running Windows XP Professional are true? (Choose all that apply.)
a. When you use the Welcome screen to log on the local computer, you can
quickly switch to another user account without logging off and closing all
programs that you are running.
b. The User Accounts tool allows you to disable a local user account to prevent
users from using the disabled account to log on.
c. When you use the Welcome screen to log on the local computer, you can log
on using only one of the accounts displayed on the Welcome screen.
d. The User Accounts tool allows you to replace the Welcome screen with a
logon prompt that requires users to type their individual user names and
passwords.
The correct answers are A and D. B is not correct because the User Accounts tool allows you
to disable the Guest account, but not to disable other user accounts. C is not correct because
you can press CTRL+ALT+DELETE at the Welcome screen to access the traditional logon dialog
box, which allows you to type in a user name.
7-54
Chapter 7
Setting Up and Managing User Accounts
4. When you use the Computer Management snap-in to create a new user account,
which check box do you select to prevent a new employee from using the new
account until the employee starts working for the company?
Account Disabled
Lesson 4 Practice: Modifying User Account Properties
Page
7-32
1. What happens? Why?
A User Accounts dialog box appears with the message Windows Cannot Change The Password.
This happens because you enabled the User Cannot Change Password option for User1.
Lesson 4 Review
Page
7-33
1. When can you select the Account Is Locked Out check box for a user and why?
Never because the Account Is Locked Out check box is unavailable when the account is active
and is not locked out of the system. The system locks out a user if the user exceeds the limit
for the number of failed logon attempts.
2. Which of the following statements about local user account properties are correct?
(Choose all that apply.)
a. You can configure all of the default properties associated with each local user
account using the User Accounts tool located in Control Panel.
b. In Computer Management, the General tab in a user account’s Properties dialog box allows you to disable the account.
c. In Computer Management, the General tab in a user account’s Properties dialog box allows you to select the Account Is Locked Out check box to prevent
the user from logging on to the computer.
d. You can use the Computer Management snap-in to configure all of the default
properties associated with each local user account.
The correct answers are B and D. A is not correct because the User Accounts tool only provides
a limited subset of the available options for a user account. You must use the Computer Management snap-in to access all options for a user account. C is not correct because you cannot
select the Account Is Locked Out check box manually. This check box is selected automatically
when an account is locked out.
3. Which of the following statements about user profiles are correct? (Choose all that
apply.)
a. A user profile is a collection of folders and data that stores the user’s current
desktop environment, application settings, and personal data.
b. A user profile contains all the network connections that are established when
a user logs on to a computer.
Questions and Answers
7-55
c. Windows XP Professional creates a user profile when you create a new local
user account.
d. You must create each user profile by copying and modifying an existing user
profile.
The correct answers are A and B. C is not correct because Windows XP does not create a user
profile when you create a user account, but rather the first time someone logs on using that
user account. D is not correct because a user profile is created automatically the first time a
person logs on with a user account.
4. Which of the following statements about user profiles are correct? (Choose all that
apply.)
a. Users should store their documents in home directories rather than in their
My Documents folders.
b. The Profile tab in the account-name Properties dialog box for a user account
allows you to create a path for the user profile, logon script, and home folder.
c. A user profile contains the My Documents folder, which provides a place for
users to store personal files.
d. When users change their desktop settings, the changes are reflected in their
user profiles.
The correct answers are B, C, and D. A is not correct because the My Documents folder is
located within a user’s home directory automatically when a home directory is created. Users
do not need to go looking for their home directory.
5. What three tasks must you perform to create a home folder on a network server?
First, create and share a folder in which to store all home folders on a network server. Second,
for the shared folder, remove the default Full Control permission from the Everyone group and
assign Full Control to the Users group for users that will reside in this shared folder. Third, provide the path to the user’s home folder in the shared home directory folder on the Profile tab of
the Properties dialog box for the user account.
Lesson 5 Review
Page
7-44
1. What are groups, and why do you use them?
A group is a collection of user accounts. A group simplifies administration by allowing you to
assign permissions and rights to a group of users rather than to each individual user account.
2. An administrator or owner of a resource uses __________________ to control what
users can do with a resource such as a folder, a file, or a printer.
Permissions
3. You use local groups to assign permissions to resources residing ______________
________________________________________.
On the computer on which the local group is created
7-56
Chapter 7
Setting Up and Managing User Accounts
4. Which of the following statements about deleting local groups are correct?
(Choose all that apply.)
a. Each group that you create has a unique identifier that cannot be reused.
b. You can restore access to resources by re-creating the group.
c. When you delete a group, you also remove the permissions and rights associated with it.
d. Deleting a group deletes the user accounts that are members of the group.
The correct answers are A and C. B is not correct because re-creating a group does not re-create the membership of that group or any of the rights or permissions associated with that
group. D is not correct because deleting a group does not delete the user accounts that are
members of the group. Deleting a group does remove any rights and permissions that were
extended to the members of the group by virtue of their membership.
5. What is the difference between built-in system groups and built-in local groups
found on computers running Windows XP Professional? Give at least two examples of each type of group.
Built-in local groups give rights to perform system tasks on a single computer, such as backing
up and restoring files, changing the system time, and administering system resources. Some
examples of built-in local groups are Administrators, Backup Operators, Guests, Power Users,
Replicator, and Users. Built-in system groups do not have specific memberships that you can
modify, but they can represent different users at different times, depending on how a user
gains access to a computer or resource. You do not see system groups when you administer
groups, but they are available for use when you assign rights and permissions to resources.
Some examples of built-in system groups are Everyone, Authenticated Users, Creator Owner,
Network, Interactive, Anonymous Logon, and Dialup.
Case Scenario Exercise
Page
7-46
1. Your first task is to create a naming convention for these workers. The museum
management would like the user names to reflect that these are temporary workers, but not require too complicated a user name for the workers to type. Use the
following table to create names for the workers.
Full Name
Cat Francis
David Jaffe
Mary North
Jeff Teper
Bernhard Tham
User Account Name
Questions and Answers
7-57
There are a number of ways you could create these user names. One way would be to use the
first initial and last name of each person to create the user name and then to prepend each
user name with a T to indicate the workers’ temporary status. This could give you the following
user names:
❑
T_cfrancis
❑
T_djaffe
❑
T_mnorth
❑
T_jteper
❑
T_btham
2. Where should you create these user names?
You must create a local user name for each user on the user’s workstation. You must also create a local user name for each user on the file server so that you can assign permissions.
3. The file server in the workgroup contains a folder named Coal Research, to which
each of the workers needs access. You would like to minimize the number of
times you have to assign permissions to the Research folder. How would you do
this?
You should create a local group on the file server. You should name the group something simple
like Coal Researchers and then add each of the workers’ user names to that group. You can
then assign permissions to the group for the Coal Research folder rather than assigning permissions to each user name.
4. When creating passwords for the users on their workstations, what must you
ensure so that the users can access the file server?
You must not create blank passwords for the users on their workstations. Although blank passwords would allow the users to log on to their workstations and access local resources, the
default security configuration on the file server is to enable the Accounts: Limit Local Account
Use Of Blank Passwords To Console Logon Only security setting, which would prevent users
with blank passwords from being able to access resources on the file server remotely.
Troubleshooting Lab
Page
7-47
1. Martin’s user account was assigned permissions to access a number of resources
on the computer and Raymond is not sure exactly what permissions were
assigned. He wants to recover the deleted user account. Can he do this? If so,
how?
After a user account is deleted, it cannot be recovered. All permissions and rights assigned to
the user account are lost.
7-58
Chapter 7
Setting Up and Managing User Accounts
2. If you really mean to delete the user account, what is often a better way to handle
the situation than simply deleting the user account?
It is usually better to disable the account instead of deleting it. When an account is disabled,
no user can log on by using it. If the account is needed again, you can re-enable it, and all rights
and permissions are retained. When you are sure that you no longer need a disabled account,
you can then delete it.
3. To prevent a situation like the one that happened with Raymond (in which rights and
permissions to resources were assigned directly to Martin’s user account and were
thus difficult to reconstruct), what is a better way to assign rights and permissions?
You should assign rights and permissions to local groups rather than directly to local user
accounts. You should then make the user accounts members of the appropriate groups. This
way, if a user account is accidentally deleted, you can create a new user account and place it
in the appropriate groups again, rather than having to reconstruct rights and permissions on
the user account. Using groups also helps to manage rights and permissions better in other situations, such as when a user no longer needs access to particular resources or when a new
user joins the company.
4. Soon after creating a new user account for Martin, Raymond contacts you and tells
you that Martin has forgotten his new password. Can you reset his password?
How?
Yes. You must log on to Martin’s computer and use the Computer Management snap-in (or use
the Computer Management snap-in remotely) to reset the password. You should also configure
Martin’s user account so that he must change the password the next time he logs on, so that
the password is known only to him.
5. What should you tell Martin to do so that he can recover his own password should
this happen again?
You should show Martin how to create a password reset disk.
8 Securing Resources with
NTFS Permissions
Exam Objectives in this Chapter:
■
Monitor, manage, and troubleshoot access to files and folders.
❑
Control access to files and folders by using permissions.
Why This Chapter Matters
This chapter introduces you to NT file system (NTFS) folder and file permissions
for Windows XP Professional. You will learn how to assign NTFS folder and file
permissions to user accounts and groups, and you will see how moving or copying files and folders affects NTFS file and folder permissions. You will also learn
how to troubleshoot common resource access problems.
Lessons in this Chapter:
■
Lesson 1: Introduction to NTFS Permissions . . . . . . . . . . . . . . . . . . . . . . . . . .8-2
■
Lesson 2: Assigning NTFS Permissions and Special Permissions . . . . . . . . . . . .8-8
■
Lesson 3: Supporting NTFS Permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . .8-23
Before You Begin
To complete this chapter, you must have a computer that meets the minimum hardware requirements listed in the preface, “About This Book.” You must also have
Microsoft Windows XP Professional installed on the computer.
8-1
8-2
Chapter 8
Securing Resources with NTFS Permissions
Lesson 1: Introduction to NTFS Permissions
You use NTFS permissions to specify which users and groups can access files and
folders and what they can do with the contents of the files or folders. NTFS permissions
are available only on NTFS volumes; they are not available on volumes formatted with
file allocation table (FAT) or FAT32 file systems. NTFS security is effective whether a
user accesses the file or folder at the local computer or over the network.
The permissions you assign for folders are different from the permissions you assign for
files. Administrators, the owners of files or folders, and users with Full Control permission
can assign NTFS permissions to users and groups to control access to files and folders.
After this lesson, you will be able to
■ Identify the standard NTFS folder permissions
■ Identify the standard NTFS file permissions
■ Describe how Windows XP Professional uses access control lists (ACLs)
■ Explain how effective permissions are calculated when multiple sets of NTFS permis-
sions are in effect
■ Explain how permissions inheritance is controlled
Estimated lesson time: 30 minutes
Standard NTFS Folder Permissions
You assign folder permissions to control the access that users have to folders and to the
files and subfolders that are contained within the folders. Table 8-1 lists the standard
NTFS folder permissions that you can assign and the type of access that each provides.
Table 8-1
NTFS Folder Permissions
This NTFS Folder
Permission
Allows the User To
Read
See files and subfolders in the folder and view folder permissions, and
attributes (such as Read-Only, Hidden, Archive, and System)
Write
Create new files and subfolders within the folder, change folder
attributes, and view folder ownership and permissions
List Folder Contents
See the names of files and subfolders in the folder
Read & Execute
Move through folders to reach other files and folders, even if the users
do not have permission for those folders, and perform actions permitted by the Read permission and the List Folder Contents permission
Modify
Delete the folder plus perform actions permitted by the Write
permission and the Read & Execute permission
Full Control
Change permissions, take ownership, and delete subfolders and files;
plus perform actions permitted by all other NTFS folder permissions
Lesson 1
Introduction to NTFS Permissions
8-3
You can deny permission to a user account or group. To deny all access to a user
account or group for a folder, deny the Full Control permission.
Standard NTFS File Permissions
You assign file permissions to control the access that users have to files. Table 8-2 lists
the standard NTFS file permissions that you can assign and the type of access that each
provides.
Table 8-2
NTFS File Permissions
This NTFS File
Permission
Allows the User to
Read
Read the file and view file attributes, ownership, and permissions
Write
Overwrite the file, change file attributes, and view file ownership and
permissions
Read & Execute
Run applications, plus perform the actions permitted by the Read
permission
Modify
Modify and delete the file, plus perform the actions permitted by the Write
permission and the Read & Execute permission
Full Control
Change permissions and take ownership, plus perform the actions
permitted by all other NTFS file permissions
How Windows XP Professional Uses Access Control Lists
NTFS stores an access control list (ACL) with every file and folder on an NTFS volume. The ACL contains a list of all user accounts and groups that have been assigned
permissions for the file or folder, as well as the permissions that they have been
assigned. When a user attempts to gain access to a resource, the ACL must contain an
entry, called an access control entry (ACE), for the user account or a group to which
the user belongs. The entry must allow the type of access that is requested (for example, Read access) for the user to gain access. If no ACE exists in the ACL, the user cannot access the resource.
How Effective Permissions Are Calculated When Multiple Sets of NTFS
Permissions Are in Effect
It is possible for multiple sets of NTFS permissions to apply to a user for a particular
resource. For example, a user might be a member of two different groups, each of
which is assigned different permissions to access a resource. To assign permissions
effectively, you must understand the rules and priorities by which NTFS assigns and
combines multiple permissions and NTFS permissions inheritance.
8-4
Chapter 8
Securing Resources with NTFS Permissions
What Are Effective Permissions?
A user’s effective permissions for a resource are the sum of the NTFS permissions
that you assign to the individual user account and to all the groups to which the user
belongs. If a user is granted Read permission for a folder and is a member of a group
with Write permission for the same folder, the user has both Read and Write permissions for that folder.
!
Exam Tip To manually calculate effective NTFS permissions, first combine all allow permissions from all sources. Next, determine any deny permissions the user has. Deny permissions override allow permissions. The result is the user’s effective permissions for the
resource.
How File Permissions Override Folder Permissions
NTFS permissions assigned to files take priority over NTFS permissions assigned to the
folder that contains the file. If you have access to a file, you can access the file if you
have the Bypass Traverse Checking security permission—even if you do not have
access to the folder containing the file. You can access the files for which you have permissions by using the full Universal Naming Convention (UNC) or local path to open
the file from its respective application, even if you have no permission to access the
folder that contains the file. In other words, if you do not have permission to access the
folder containing the file you want to access, you must have the Bypass Traverse
Checking security permission and you have to know the full path to the file to access
it. Without permission to access the folder, you cannot see the folder, so you cannot
browse for the file.
See Also The Bypass Traverse Checking security permission is described further in Lesson 2,
“Assigning NTFS Permissions and Special Permissions.”
How Deny Permissions Override Allow Permissions
In addition to granting a permission, you can also specifically deny a permission
(although this is not the recommended method of controlling access to resources).
Denying a permission overrides all instances in which that permission is allowed. Even
if a user has permission to access a file or folder as a member of a group, denying permission to the user blocks any other permissions the user might have (see Figure 8-1).
In Figure 8-1, User1 has Read permission for FolderA and is a member of Group A and
Group B. Group B has Write permission for FolderA. Group A has been denied Write
permission for File2.
Lesson 1
Group B
Introduction to NTFS Permissions
8-5
NTFS volume
Folder A
Write
R/W
File 1
User1
Read
File 2
Group A
Deny Write to File2
• NTFS permissions are cumulative.
• File permissions override folder permissions.
• Deny overrides other permissions.
F08us01
Figure 8-1
You must be able to calculate effective NTFS permissions.
The user can read and write to File1. The user can also read File2, but cannot write to
File2 because she is a member of Group A, which has been denied Write permission
for File2.
How NTFS Permissions Inheritance Is Controlled
By default, permissions that you assign to the parent folder are inherited by and propagated to the subfolders and files contained in the parent folder. However, you can
prevent permissions inheritance, as shown in Figure 8-2.
NTFS volume
R/W
Folder A
File A
Access to FileA
Inherit permissions
NTFS volume
R/W
Folder A
No access to FileA
File A
Prevent inheritance
F08us02
Figure 8-2
Files and folders inherit permissions from their parent folder.
8-6
Chapter 8
Securing Resources with NTFS Permissions
By default, whatever permissions you assign to the parent folder also apply to subfolders
and files contained within the parent folder. When you assign NTFS permissions to give
access to a folder, you assign permissions for the folder and for any existing files and subfolders, as well as for any new files and subfolders that are created in the folder.
You can prevent permissions that are assigned to a parent folder from being inherited
by subfolders and files that are contained within the folder. That is, you can change the
default inheritance behavior and cause subfolders and files to not inherit permissions
that have been assigned to the parent folder containing them.
The folder for which you prevent permissions inheritance becomes the new parent
folder. The subfolders and files contained within this new parent folder inherit the permissions assigned to it.
Lesson Review
Use the following questions to help determine whether you have learned enough to
move on to the next lesson. If you have difficulty answering these questions, review
the material in this lesson before beginning the next lesson. You can find answers to
these questions in the “Questions and Answers” section at the end of this chapter.
1. Which of the following statements correctly describe NTFS file and folder permissions? Choose all that apply.
a. NTFS security is effective only when a user gains access to the file or folder
over the network.
b. NTFS security is effective when a user gains access to the file or folder on the
local computer.
c. NTFS permissions specify which users and groups can gain access to files and
folders and what they can do with the contents of the file or folder.
d. NTFS permissions can be used on all file systems available with Windows XP
Professional.
2. Which of the following NTFS folder permissions allow you to delete the folder?
Choose the correct answer.
a. Read
b. Read & Execute
c. Modify
d. Administer
3. Which of the NTFS file permissions should you assign to a file if you want to allow
users to delete the file but do not want to allow users to take ownership of a file?
Lesson 1
Introduction to NTFS Permissions
8-7
4. What is an access control list (ACL), and what is the difference between an ACL
and an access control entry (ACE)?
5. What are a user’s effective permissions for a resource?
6. By default, what inherits the permissions that you assign to the parent folder?
Lesson Summary
■
NTFS folder permissions are Read, Write, List Folder Contents, Read & Execute,
Modify, and Full Control.
■
The NTFS file permissions are Read, Write, Read & Execute, Modify, and Full Control.
■
NTFS stores an ACL, which contains a list of all user accounts and groups that have
been granted access to the file or folder, as well as the type of access that they
have been granted, with every file and folder on an NTFS volume.
■
It is possible for multiple sets of NTFS permissions to apply to a user for a particular resource. A user’s effective permissions for a resource are the sum of the
NTFS permissions that you assign to the individual user account and to all the
groups to which the user belongs.
■
By default, permissions that you assign to the parent folder are inherited by and
propagated to the subfolders and files contained in the parent folder. However,
you can prevent permissions inheritance.
8-8
Chapter 8
Securing Resources with NTFS Permissions
Lesson 2: Assigning NTFS Permissions and Special
Permissions
You should follow certain guidelines for assigning NTFS permissions. Assign permissions according to group and user needs, which include allowing or preventing permissions to be inherited from parent folders to subfolders and files that are contained
in the parent folder.
After this lesson, you will be able to
■ Assign or modify NTFS folder and file permissions to user accounts and groups
■ Grant or deny special permissions
■ Take ownership of files and folders
■ Prevent permissions inheritance
■ Identify guidelines for planning NTFS permissions
Estimated lesson time: 70 minutes
How to Assign or Modify Permissions
Administrators, users with the Full Control permission, and owners of files and folders
can assign permissions to user accounts and groups.
To assign or modify NTFS permissions for a file or a folder, in the Security tab of the
Properties dialog box for the file or folder, configure the options that are shown in Figure 8-3 and described in Table 8-3.
Table 8-3
Security Tab Options
Option
Description
Group Or User Names
Allows you to select the user account or group for which you want to
change permissions or that you want to remove from the list.
Permissions For group
or user name
Allows and denies permissions. Select the Allow check box to allow a
permission. Select the Deny check box to deny a permission.
Add
Opens the Select Users Or Groups dialog box, which you use to
select user accounts and groups to add to the Group Or User Names
list (see Figure 8-4).
Remove
Removes the selected user account or group and the associated permissions for the file or folder.
Advanced
Opens the Advanced Security Settings dialog box for the selected folder
so that you can grant or deny special permissions (see Figure 8-5).
Lesson 2
Figure 8-3
Assigning NTFS Permissions and Special Permissions
8-9
Use the Security tab of the Properties dialog box for a folder to set NTFS permissions.
Clicking the Add button on the Security tab of a file or folder’s Properties dialog box
displays the Select Users Or Groups dialog box (see Figure 8-4). Use this dialog box to
add users or groups so that you can assign them permissions for accessing a folder or
file. The options available in the Select Users Or Groups dialog box are described in
Table 8-4.
F08us04
Figure 8-4
Table 8-4
Use the Select Users or Groups dialog box to add additional users and groups.
Select Users Or Groups Dialog Box Options
Option
Description
Select This Object
Type
Allows you to select the types of objects you want to look for, such as
built-in user accounts, groups, and computer accounts.
From This Location
Indicates where you are currently looking; for example, in the domain
or on the local computer.
Locations
Allows you to select where you want to look; for example, in the
domain or on the local computer.
8-10
Chapter 8
Table 8-4
Securing Resources with NTFS Permissions
Select Users Or Groups Dialog Box Options
Option
Description
Enter The Object
Names To Select
Allows you to type in a list of built-in users or groups to be added.
Check Names
Verifies the selected list of built-in users or groups to be added.
Advanced
Allows you access to advanced search features, including the ability to
search for deleted accounts, accounts with passwords that do not
expire, and accounts that have not logged on for a certain number of
days.
How to Grant or Deny Special Permissions
Click the Advanced button on the Security tab of a file or folder’s Properties dialog box
to display the Advanced Security Settings dialog box (shown in Figure 8-5), which lists
the users and groups and the permissions they have on this object. The Permissions
Entries box also shows where the permissions were inherited from and where they are
applied.
F08us05
Figure 8-5 Assign special permissions using the Permissions tab of the Advanced Security Settings dialog box.
You can use the Advanced Security Settings dialog box to change the permissions set
for a user or group. To change the permissions set for a user or group, select a user and
click Edit to display the Permission Entry For dialog box (see Figure 8-6). You can then
select or clear the specific permissions, explained in Table 8-5, that you want to
change.
Lesson 2
Assigning NTFS Permissions and Special Permissions
8-11
F08us06
Figure 8-6
Table 8-5
Select special permissions by using the Permission Entry For dialog box.
Special Permissions
Permission
Description
Full Control
Full Control applies all permissions to the user or group.
Traverse Folder/
Execute File
Traverse Folder is applied only to folders and allows a user to move (or
denies a user from moving) through folders even when the user has no permissions set on the traversed folder (the folder that the user is moving
through). For example, a user might not have permissions set on a folder
named Sales, but might have permission to access a subfolder named Brochures that is in the Sales folder. If allowed the Traverse Folder permission,
the user could access the Brochures folder. The Traverse Folder permission
has no affect on users for whom the Bypass Traverse Checking user right is
assigned.
Execute File is applied only to files and allows or denies running executable
files (application files). Execute File applies only to files.
List Folder/Read
Data
List Folder allows or denies viewing file names and subfolder names within
the folder. List Folder applies only to folders.
Read Data allows or denies viewing the contents of a file. Read Data applies
only to files.
Read Attributes
Read Attributes allows or denies the viewing of the attributes of a file or
folder. These attributes are defined by NTFS.
Read Extended
Attributes
Read Extended Attributes allows or denies the viewing of extended
attributes of a file or a folder. These attributes are defined by programs.
Create Files/
Write Data
Create Files allows or denies the creation of files within a folder. Create
Files applies to folders only.
Write Data allows or denies the making of changes to a file and the overwriting of existing content. Write Data applies to files only.
8-12
Chapter 8
Table 8-5
Securing Resources with NTFS Permissions
Special Permissions
Permission
Description
Create Folders/
Append Data
Create Folders allows or denies the creation of folders within the folder.
Create Folders applies only to folders.
Append Data allows or denies making changes to the end of the file, but
not changing, deleting, or overwriting existing data. Append Data applies to
files only.
Write Attributes
Write Attributes allows or denies the changing of the attributes of a file or
folder. These attributes are defined by NTFS.
Write Extended
Attributes
Write Extended Attributes allows or denies the changing of the extended
attributes of a file or a folder. These attributes are defined by programs.
Delete Subfolders Delete Subfolders And Files allows or denies the deletion of subfolders or
And Files
files within a folder, even if the Delete permission has not been granted on
the particular subfolder or file.
Delete
Delete allows or denies the deletion of a file or folder. A user can delete a
file or folder even without having the Delete permission granted on that file
or folder, if the Delete Subfolder And Files permission has been granted to
the user on the parent folder.
Read Permissions Read Permissions allows or denies the reading of the permissions assigned
to the file or folder.
Change Permissions
Change Permissions allows or denies the changing of the permissions
assigned to the file or folder. You can give other administrators and users
the ability to change permissions for a file or folder without giving them the
Full Control permission over the file or folder. In this way, the administrator
or user cannot delete or write to the file or folder, but can assign permissions to the file or folder.
Take Ownership Take Ownership allows or denies taking ownership of the file or folder. The
owner of a file can always change permissions on a file or folder, regardless
of the permissions set to protect the file or folder.
Synchronize
!
Exam Tip
Synchronize allows or denies different threads in a multithreaded program
to synchronize with one another. A multithreaded program performs multiple actions simultaneously by using both processors in a dual-processor
computer. This permission is not assigned to users, but instead applies only
to multithreaded programs.
When you grant permissions, grant users the minimum permissions that they
need to get their job done. This is referred to as the principle of least privilege.
Lesson 2
Assigning NTFS Permissions and Special Permissions
8-13
How to Take Ownership of Files and Folders
Every object (file or folder) on an NTFS volume has an owner who controls how permissions are set on the object and to whom permissions are granted. When a user creates an object, that user automatically becomes the object’s owner.
You can transfer ownership of files and folders from one user account or group to
another. You can give someone the ability to take ownership and, as an administrator,
you can take ownership of a file or folder.
The following rules apply for taking ownership of a file or folder:
■
The current owner or any user with Full Control permission can assign the Full
Control standard permission or the Take Ownership special access permission to
another user account or group, allowing the user account or any member of the
group to take ownership.
■
An administrator can take ownership of a folder or file, regardless of assigned permissions. If an administrator takes ownership, the Administrators group becomes
the owner, and any member of the Administrators group can change the permissions for the file or folder and assign the Take Ownership permission to another
user account or group.
For example, if an employee leaves the company, an administrator can take ownership
of the employee’s files and assign the Take Ownership permission to another
employee, and then that employee can take ownership of the former employee’s files.
Note
You cannot assign anyone ownership of a file or folder. The owner of a file, an administrator, or anyone with Full Control permission can assign Take Ownership permission to a
user account or group, allowing them to take ownership. To become the owner of a file or
folder, a user or group member with Take Ownership permission must explicitly take ownership of the file or folder.
To take ownership of a file or folder, the user or a group member with Take Ownership permission must explicitly take ownership of the file or folder, as follows:
1. In the Security tab of the Properties dialog box for the file or folder, click
Advanced.
2. In the Advanced Security Settings dialog box, in the Owner tab, in the Change
Owner To list, select your name.
3. Select the Replace Owner On Subcontainers And Objects check box to take ownership of all subfolders and files that are contained within the folder, and then
click OK.
8-14
Chapter 8
Securing Resources with NTFS Permissions
How to Prevent Permissions Inheritance
By default, subfolders and files inherit permissions that you assign to their parent
folder. This is indicated in the Advanced Security Settings dialog box (refer to Figure 85) when the Inherit From Parent The Permission Entries That Apply To Child Objects
check box is selected. To prevent a subfolder or file from inheriting permissions from
a parent folder, clear the check box. You are then prompted to select one of the
options described in Table 8-6.
Table 8-6
Preventing Permissions Inheritance Options
Option
Description
Copy
Copy the permission entries that were previously applied from the parent to the
child and then deny subsequent permissions inheritance from the parent folder.
Remove
Remove the permission entries that were previously applied from the parent to
the child and retain only the permissions that you explicitly assign here. Clicking
this button removes all permissions from the file or folder; if you do not grant
yourself permissions immediately afterward, you could lose access to the file. To
recover access to the file, you would need to take ownership.
Cancel
Cancel the dialog box.
Guidelines for Planning NTFS Permissions
If you take the time to plan your NTFS permissions and follow a few guidelines, you
will find that permissions are more straightforward to manage than you might imagine.
Use the following guidelines when you assign NTFS permissions:
■
To simplify administration, organize files into folders so that you can assign permissions to folders instead of directly to files.
■
Allow users only the level of access that they require. If a user only needs to read
a file, assign the Read permission to his or her user account for the file. This
reduces the possibility of users accidentally modifying or deleting important documents and application files.
■
Create groups according to the access that the group members require for
resources, and then assign the appropriate permissions to the group. Assign permissions to individual user accounts only when necessary.
■
When you assign permissions to application folders, assign the Read & Execute
permission to the Users group and the Administrators group. This prevents application files from being accidentally deleted or damaged by users or viruses.
■
When you assign permissions for public data folders, assign the Read & Execute
permission and the Write permission to the Users group and the Full Control permission to the CREATOR OWNER. By default, the user who creates a file is also
Lesson 2
Assigning NTFS Permissions and Special Permissions
8-15
the owner of the file. The owner of a file can grant another user permission to take
ownership of the file. This grants users the ability to read and modify documents
that other users create (and the ability to read, modify, and delete the files and
folders that they create).
■
Do not make denying permissions a part of your permissions plan. Deny permissions only when it is essential to deny specific access to a specific user account or
group.
■
Encourage users to assign permissions to the files and folders that they create and
teach them how to do so.
Real World Managing Permissions Structures
The availability of so many different permissions often lures administrators into
creating permission structures that are much more complicated than necessary. In
addition to following the guidelines set out in this chapter (such as applying permissions to folders instead of files, and assigning permissions to groups instead of
user accounts), you can make a permissions structure more manageable by doing
the following:
■
For most companies, you will want to err on the side of being too secure.
Make it a practice to lock everything down with permissions and then grant
access only to those that need it. Also, grant only the level of permission that
users need. It is often tempting to grant Full Control to users just to avoid
complaints from those users about not being able to perform tasks, but avoid
that temptation. On smaller networks, you might want to take an opposite
approach—one in which you allow access to everything and then secure
only those resources that need to be secured.
■
Document your security decisions and encourage users to do so, as well.
You should record which folders and files have which permissions, and
make notes on why you made the decision. Although it seems an extra burden (and does require more work upfront), this documentation is invaluable
when the time comes to change or troubleshoot the permissions structure.
Practice: Planning and Assigning NTFS Permissions
In this practice, you will plan NTFS permissions for folders and files based on a business scenario. Then you will apply NTFS permissions for folders and files on your computer running Windows XP Professional in a workgroup environment, based on a
second scenario. Finally, you will test the NTFS permissions that you set up to make
sure that they are working properly.
8-16
Chapter 8
Securing Resources with NTFS Permissions
Complete the following six exercises, and answer any questions that are asked. You
can find answers to these questions in the “Questions and Answers” section at the end
of this chapter.
Exercise 1: Preparing for This Practice
To prepare for subsequent exercises, log on with an account that is a member of the
Administrators group and create the Limited users listed in the following table.
User Account
Type
User81
Limited
User82
Limited
User83
Limited
User84
Limited
Create the following folders:
■
C:\Public
■
C:\Public\Library
Exercise 2: Determining the Default NTFS Permissions for a Folder
In this exercise, you determine the default NTFS permissions for the newly created
Public folder located on a computer running Windows XP Professional in a workgroup
environment.
1. Log on with a user account that is a member of the Administrators group.
2. On the Start menu, right-click My Computer, and then click Explore.
3. Expand Local Disk (C:), right-click the Public folder, and then click Properties.
4. In the Public Properties dialog box, on the Security tab, note the default groups
and users that have permissions for the Public folder.
Tip
If you do not see a Security tab, there are two things to check: Is your partition formatted as NTFS or FAT? Only NTFS partitions use NTFS permissions, so only NTFS partitions have
a Security tab. Are you using Simple File Sharing? Click Cancel to close the Public Properties
dialog box. On the Tools menu, click Folder Options. In the Folder Options dialog box, click
View. Under Advanced Settings, clear the Use Simple File Sharing (Recommended) check box
and click OK. Repeat Steps 3 and 4 and continue with this practice.
5. Click each user and group in the Group Or User Names list, noting the default permissions assigned to each.
Lesson 2
Assigning NTFS Permissions and Special Permissions
8-17
6. What are the existing folder permissions?
7. Click OK to close the Public Properties dialog box.
8. Close Windows Explorer and log off.
Exercise 3: Testing the Folder Permissions for the Public Folder
1. Log on as User81, and then start Windows Explorer.
2. Expand the Public folder.
3. In the Public folder, create a text document named USER81 and type in the following text: The first four letters in the alphabet are a, b, c, and d.
Tip
With the Public folder selected in the folder tree (the left pane), on the File menu, click
New, and then click Text Document to create the text document.
4. Were you successful? Why or why not?
5. Attempt to perform the following tasks for the file that you just created:
❑
Open the file
❑
Modify the file
❑
Delete the file
6. Were you able to complete all of these tasks and why?
7. In the Public folder, re-create the text file named User81.
8. Log off Windows XP Professional.
8-18
Chapter 8
Securing Resources with NTFS Permissions
9. Log on as User82 and attempt to perform the following tasks on the USER81 text
document:
❑
Open the file
❑
Modify the file
❑
Delete the file
10. Which tasks were you able to perform and why?
Exercise 4: Assigning NTFS Permissions
In this exercise, you assign NTFS permissions for the Public folder.
The permissions that you assign are to be based on the following criteria:
■
All users should be able to read documents and files in the Public folder.
■
All users should be able to create documents in the Public folder.
■
All users should be able to modify the contents, properties, and permissions of the
documents that they create in the Public folder.
■
User82 is responsible for maintaining the Public folder and should be able to modify and delete all files in the Public folder.
1. Based on what you learned in Exercise 1, what changes in permission assignments
do you need to make to meet each of these four criteria? Why?
Lesson 2
Assigning NTFS Permissions and Special Permissions
8-19
2. You are currently logged on as User82. Can you change the permissions assigned
to User82 while logged on as User82? Why or why not?
3. Log on with a user account that is a member of the Administrators group, and then
start Windows Explorer.
4. Expand the Public folder.
5. Right-click the Public folder, and then click Properties.
6. In the Properties dialog box for the folder, on the Security tab, click Add.
7. In the Select Users Or Groups dialog box, in the Enter The Object Names To Select
text box, type User82, and then click Check Names.
8. Computer_name\User82 should now appear in the Enter The Object Names To
Select text box, indicating that Windows XP Professional located User82 on the
computer and it is a valid user account. Click OK to close the Select Users Or
Groups dialog box.
9. User82 now appears in the Group Or User Name box in the Public Properties dialog box. Click User82 and note the assigned permissions.
10. Which permissions are assigned to User82?
11. Click Advanced.
12. In the Advanced Security Settings For Public dialog box, ensure that User82 is
selected, and then click Edit.
13. In the Permission Entry For Public dialog box (with User82 displayed in the Name
text box), in the Allow column, click Full Control.
14. Click OK to close the Permission Entry For Public dialog box.
15. Click OK to close the Advanced Security Settings For Public dialog box.
16. Click OK to close the Public Properties dialog box.
17. Close Explorer and log off Windows XP Professional.
8-20
Chapter 8
Securing Resources with NTFS Permissions
Exercise 5: Testing the New NTFS Permissions for the Folder
1. Log on as User82.
2. Start Windows Explorer.
3. Expand Local Disk (C:), and then expand the Public folder.
4. Attempt to perform the following tasks on the USER81 text document:
❑
Modify the file
❑
Delete the file
5. Which tasks were you able to record and why?
6. Close Windows Explorer and then log off Windows XP Professional.
Exercise 6: Testing NTFS Permissions
In this exercise, you create a file in a subfolder and test how NTFS permissions are
inherited through a folder hierarchy.
1. Log on as User81, and then start Windows Explorer.
2. In Windows Explorer, expand the Public\Library folder.
3. Create a text document named USER81 in the Library folder.
4. Log off Windows XP Professional.
5. Log on as User82, and then start Windows Explorer.
6. Expand the Public\Library folder.
7. Attempt to perform the following tasks on the USER81 file:
❑
Open the file
❑
Modify the file
❑
Delete the file
8. Which tasks were you able to perform and why?
9. Log off Windows XP Professional.
Lesson 2
Assigning NTFS Permissions and Special Permissions
8-21
Lesson Review
Use the following questions to help determine whether you have learned enough to
move on to the next lesson. If you have difficulty answering these questions, review
the material in this lesson before beginning the next lesson. You can find answers to
these questions in the “Questions and Answers” section at the end of this chapter.
1. By default, when you format a volume with NTFS, the ______________________
permission is assigned to the Everyone group. Fill in the blank.
2. When you assign permissions for public data folders, it is recommended that you
assign the ______________________ permission and the ____________________
permission to the Users group, and the ______________________ permission to
the CREATOR OWNER user. Fill in the blanks.
3. Which of the following users or groups can assign permissions to user accounts
and groups? Choose all that apply.
a. Administrators
b. Power Users
c. Users with the Full Control permission
d. Owners of files and folders
4. Which of the following tabs in the Properties dialog box for the file or folder do
you use to assign or modify NTFS permissions for a file or a folder? Choose the
correct answer.
a. Advanced
b. Permissions
c. Security
d. General
5. What is the purpose of the Traverse Folder/Execute File special permission?
6. What is the difference between the Delete permission and Delete Subfolder And
Files permission?
8-22
Chapter 8
Securing Resources with NTFS Permissions
Lesson Summary
■
To assign or modify NTFS permissions for a file or a folder, you use the Security
tab of the Properties dialog box for the file or folder.
■
You can use the Advanced Security Settings dialog box to configure specific permissions for a user or group.
■
The current owner or any user with Full Control permission can assign the Full
Control standard permission or the Take Ownership special access permission to
another user account or group, allowing the user account or a member of the
group to take ownership. You cannot assign anyone ownership of a file or folder;
you can only give them permission to take ownership.
■
By default, subfolders and files inherit permissions that you assign to their parent
folder. To stop subfolders and files from inheriting permissions that you assign to
their parent folder, clear the Inherit From Parent The Permission Entries That
Apply To Child Objects check box in the Advanced Security Settings dialog box.
■
Take the time to properly plan NTFS permissions following best-practice guidelines. A well-planned permission structure is easier to administer and causes fewer
problems.
Lesson 3
Supporting NTFS Permissions
8-23
Lesson 3: Supporting NTFS Permissions
When you assign or modify NTFS permissions to files and folders, problems might
arise. When you copy or move files and folders, the permissions you set on the files or
folders might change. Specific rules control how and when permissions change.
Understanding these rules helps you solve permissions problems. Troubleshooting
these problems is important to keep resources available for the appropriate users and
protected from unauthorized users.
After this lesson, you will be able to
■ Describe the effect on NTFS file and folder permissions when files and folders are copied
■ Describe the effect on NTFS file and folder permissions when files and folders are moved
■ Troubleshoot resource access problems
Estimated lesson time: 40 minutes
Effect on NTFS File and Folder Permissions When Files and Folders Are
Copied
When you copy files or folders from one folder to another or from one volume to
another, permissions change (as shown in Figure 8-7).
Copy
Permissions =
Full Control
Permissions =
Destination folder
C:/
NTFS volume
D:/
NTFS volume
Permissions =
Full Control
Copy
Permissions =
Destination folder
Copy
FAT volume
Write permission
Permissions
are lost.
F08us07
Figure 8-7
Copy files or folders between folders or volumes.
8-24
Chapter 8
Securing Resources with NTFS Permissions
When you copy a file within a single NTFS volume or between NTFS volumes, note the
following:
■
Windows XP Professional treats it as a new file. As a new file, it takes on the permissions of the destination folder.
■
You must have Write permission for the destination folder to copy files and folders.
■
You become the creator and owner.
Security Alert
When you copy files or folders to FAT volumes, the folders and files lose
their NTFS permissions because FAT volumes do not support NTFS permissions.
Effect on NTFS File and Folder Permissions When Files and Folders Are
Moved
When you move a file or folder, permissions might or might not change, depending on
where you move the file or folder (see Figure 8-8).
Move
Permissions =
Full Control
Permissions =
Full Control
C:/
NTFS volume
Permissions =
Full Control
D:/
NTFS volume
Move
Permissions =
Destination folder
Move
FAT volume
Write, Modify permissions
Permissions
are lost.
F08us08
Figure 8-8 Move files or folders between folders or volumes.
Facts to Know About Moving Within a Single NTFS Volume
When you move a file or folder within a single NTFS volume, note the following
things:
Lesson 3
Supporting NTFS Permissions
8-25
■
The file or folder retains the original permissions.
■
You must have the Write permission for the destination folder to move files and
folders into it.
■
You must have the Modify permission for the source file or folder. The Modify permission is required to move a file or folder because Windows 2000 deletes the file
or folder from the source folder after it is copied to the destination folder.
■
You become the creator and owner.
Facts to Know About Moving Between NTFS Volumes
When you move a file or folder between NTFS volumes, note the following:
■
The file or folder inherits the permissions of the destination folder.
■
You must have the Write permission for the destination folder to move files and
folders into it.
■
You must have the Modify permission for the source file or folder. The Modify permission is required to move a file or folder because Windows XP Professional
deletes the file or folder from the source folder after it is copied to the destination
folder.
■
You become the creator and owner.
!
Security Alert
!
Exam Tip
When you move files or folders to FAT volumes, the folders and files lose
their NTFS permissions because FAT volumes do not support NTFS permissions.
When you move files or folders within an NTFS volume, permissions that have
been directly assigned to the file or folder carry over to the new location. In all other cases of
moving and copying, existing permissions are lost, and the object will inherit permissions
from the new parent. When moving to a FAT volume, permissions are lost entirely.
How to Troubleshoot Common Permissions Problems
Table 8-7 describes some common permissions problems that you might encounter
and provides solutions that you can use to try to resolve these problems.
8-26
Chapter 8
Securing Resources with NTFS Permissions
Table 8-7
Permissions Problems and Troubleshooting Solutions
Problem
Solution
A user cannot gain access to a
file or folder.
If the file or folder was copied or moved to another NTFS
volume, the permissions might have changed.
Check the permissions that are assigned to the user
account and to groups to which the user belongs. The user
might not have permission, or might be denied access
either individually or as a member of a group.
You add a user account to a
group to give that user access to a
file or folder, but the user still
cannot gain access.
For access permissions to be updated to include the new
group to which you have added the user account, the user
must either log off and then log on again, or close all network connections to the computer on which the file or
folder resides, and then make new connections.
A user with Full Control permission to a folder deletes a file in
the folder, although that user
does not have permission to
delete the file itself. You want to
stop the user from being able to
delete more files.
You have to clear the special access permission, the Delete
Subfolders And Files check box, for that folder to prevent
users with Full Control of the folder from being able to
delete files in it.
Practice: Managing NTFS Permissions
In this practice, you will observe the effects of taking ownership of a file. Then you will
determine the effects of permission and ownership when you copy or move files.
Finally, you will determine what happens when a user with Full Control permission to
a folder has been denied all access to a file in that folder but attempts to delete the file.
Complete the following two exercises, and answer any questions that are asked. You
can find answers to these questions in the “Questions and Answers” section at the end
of this chapter.
Important
To successfully complete this practice, you must have completed all exercises
in the Lesson 2 practice.
Exercise 1: Taking Ownership of a File
In this exercise, you observe the effects of taking ownership of a file. To do this, you
must determine permissions for a file, assign the Take Ownership permission to a user
account, and then take ownership as that user.
Lesson 3
Supporting NTFS Permissions
8-27
To determine the permissions for a file
1. Log on with a user account that is a member of the Administrators group, and then
start Windows Explorer.
2. In the Public folder, create a text document named OWNER.
3. Right-click OWNER, and then click Properties.
4. In the Owner Properties dialog box, click the Security tab. Note the permissions
for the OWNER file.
5. Click Advanced.
6. In the Advanced Security Settings For Owner dialog box, on the Owner tab, note
the current owner of the file.
7. Who is the current owner of the OWNER file?
To assign permission to a user to take ownership
1. In the Advanced Security Settings For Owner dialog box, on the Permissions tab,
click Add.
2. In the Select User Or Group dialog box, in the Enter The Object Names To Select
text box, type User81, and then click Check Names.
3. User81 should now appear in the Enter The Object Names To Select text box, indicating that Windows XP Professional located User81 on the computer and it is a
valid user account. Click OK.
4. In the Permission Entry For Owner dialog box, notice that all the permission
entries for User81 are blank.
5. Under Permissions, select the Allow check box next to Take Ownership, and then
click OK.
6. In the Advanced Security Settings For Owner dialog box, click OK to return to the
Owner Properties dialog box.
7. Click OK to apply your changes and close the Owner Properties dialog box.
8. Close Windows Explorer, and then log off Windows XP Professional.
To take ownership of a file
1. Log on as User81, and then start Windows Explorer.
2. Select the Public folder.
3. Right-click OWNER, and then click Properties.
8-28
Chapter 8
Securing Resources with NTFS Permissions
4. In the Owner Properties dialog box, on the Security tab, notice the permissions for
the OWNER folder. Click Advanced.
5. In the Advanced Security Settings For Owner dialog box, on the Owner tab, in the
Change Owner To list, select User81, and then click Apply.
6. Who is now the owner of the OWNER file?
7. Click OK to close the Advanced Security Settings For Owner dialog box.
8. Click OK to close the Owner Properties dialog box.
To test permissions for a file as the owner
1. While you are logged on as User81, assign User81 the Full Control permission for
the OWNER text document and click Apply.
2. Click Advanced and clear the Inherit From Parent The Permission Entries That
Apply To Child Objects check box.
3. In the Security dialog box, click Remove.
4. Click OK to close the Advanced Security Settings For Owner dialog box.
5. Click OK to close the Owner Properties dialog box.
6. Delete the OWNER text document.
Exercise 2: Copying and Moving Folders
In this exercise, you see the effects of permissions and ownership when you copy and
move folders.
To create a folder while logged on as a user
1. While you are logged on as User81, in Windows Explorer, in the root folder of
drive C, create a folder named Temp1.
2. What are the permissions that are assigned to the folder?
User or Group
Permissions
Lesson 3
Supporting NTFS Permissions
8-29
3. Who is the owner? Why?
4. Close all applications, and then log off Windows XP Professional.
To create a folder while logged on as a member of the Administrators group
1. Log on as Administrator, or as a user account that is a member of the Administrators group, and then start Windows Explorer.
2. In the root folder of drive C, create the folders Temp2 and Temp3.
3. What are the permissions for the Temp2 and Temp3 folders that you just created?
User or Group
Permissions
4. Who is the owner of the Temp2 and Temp3 folders? Why?
5. Assign the following permissions to the Temp2 and Temp3 folders. Clear the
Inherit From Parent The Permission Entries That Apply To Child Objects check
box. When prompted, click Remove to remove all permissions except those
explicitly set.
Folder
Assign These Permissions
Temp2
Administrators: Full Control
Users: Read & Execute
Temp3
Administrators: Full Control
Backup Operators: Read & Execute
Users: Full Control
8-30
Chapter 8
Securing Resources with NTFS Permissions
To copy a folder to another folder within a Windows XP Professional NTFS volume
1. While logged on with an account that is a member of the Administrators group, in
Windows Explorer, copy C:\Temp2 to C:\Temp1 by selecting C:\Temp2, holding
down CTRL, and then dragging C:\Temp2 to C:\Temp1.
!
Note
Because this is a copy, C:\Temp2 and C:\Temp1\Temp2 should both exist.
2. Select C:\Temp1\Temp2, and then compare its permissions and ownership with
those of C:\Temp2.
3. Who is the owner of C:\Temp1\Temp2 and what are the permissions? Why?
To move a folder within the same NTFS volume
1. Log on as User81.
2. In Windows Explorer, select C:\Temp3, and then move it to C:\Temp1.
3. What happens to the permissions and ownership for C:\Temp1\Temp3? Why?
4. Close all windows and log off.
Lesson Review
Use the following questions to help determine whether you have learned enough to
move on to the next lesson. If you have difficulty answering these questions, review
the material in this lesson before beginning the next lesson. You can find answers to
these questions in the “Questions and Answers” section at the end of this chapter.
1. Which of the following statements about copying a file or folder are correct?
Choose all that apply.
a. When you copy a file from one folder to another folder on the same volume,
the permissions on the file do not change.
b. When you copy a file from a folder on an NTFS volume to a folder on a FAT
volume, the permissions on the file do not change.
c. When you copy a file from a folder on an NTFS volume to a folder on another
NTFS volume, the permissions on the file match those of the destination folder.
d. When you copy a file from a folder on an NTFS volume to a folder on a FAT
volume, the permissions are lost.
Lesson 3
Supporting NTFS Permissions
8-31
2. Which of the following statements about moving a file or folder are correct?
Choose all answers that are correct.
a. When you move a file from one folder to another folder on the same volume,
the permissions on the file do not change.
b. When you move a file from a folder on an NTFS volume to a folder on a FAT
volume, the permissions on the file do not change.
c. When you move a file from a folder on an NTFS volume to a folder on
another NTFS volume, the permissions on the file match those of the destination folder.
d. When you move a file from a folder on an NTFS volume to a folder on the
same volume, the permissions on the file match those of the destination
folder.
3. When you assign NTFS permissions you should assign the _____________________
(least/most) restrictive permissions. Fill in the blank.
4. If you do not want a user or group to gain access to a particular folder or file,
should you deny access permissions to that folder or file?
Lesson Summary
■
When you copy or move files and folders, the permissions you set on the files or
folders might change. When you copy files or folders from one folder to another
or from one volume to another, the object takes on the permissions of the destination folder. You must have Write permission for the destination folder to copy
files and folders. When you copy a file, you become the creator and owner of the
file.
■
When you move a file or folder within a single NTFS volume, the file or folder
retains its original permissions. When you move a file or folder between NTFS volumes, the file or folder inherits the permissions of the destination folder.
■
There are a number of common problems associated with NTFS permissions that
you should learn to troubleshoot. In particular, you should make sure that the permissions are configured the way you think they are (particularly if the object has
been moved or copied). Also, if you have recently assigned permissions, a user
must log off and back on for the permissions to become effective.
8-32
Chapter 8
Securing Resources with NTFS Permissions
Case Scenario Exercise
In this exercise, you will read a scenario about applying NTFS permissions to folders
and files, and then answer the questions that follow. If you have difficulty completing
this work, review the material in this chapter before beginning the next chapter. You
can find answers to these questions in the “Questions and Answers” section at the end
of this chapter.
Scenario
You are an administrator working for a company named Fabrikam, Inc., a regional
advertising company with a headquarters office in Memphis, TN, and several branch
locations throughout the Southeast. Members of the company’s Accounting department, which is located in the main office, keep accounting information for the company’s clients on a file server located within the department. On that file server is a
folder named Client Accounts, to which all members of the Accounting department
need access. Due to confidentiality agreements, there are certain documents within the
Client Accounts folder that should be accessible only by employees, not by temporary
or contract workers.
You have configured the Client Accounts folder in the following manner:
■
You removed the Everyone group entirely.
■
You added the Users group and assigned that group Full Control.
In addition, you have performed the following actions:
■
You made all part-time employees members of a group named Part Time.
■
You made all contract workers members of a group named Contractors.
■
You assigned the Deny Full Control permission to the Part Time And Contractors
groups for the files that are protected by the confidentiality agreement.
Questions
1. Will users in the Part Time And Contractors group be able to open the files protected by the confidentiality agreement?
Troubleshooting Lab
8-33
2. Even if users of the Part Time And Contractors groups cannot access the file, there
is a risk that they will delete the file. Why?
3. How could you solve this problem by changing permissions on the Client
Accounts folder?
4. What would have been a better way to approach this problem from the beginning?
Troubleshooting Lab
Read the following troubleshooting scenario and then answer the questions that follow. You can use this lab to help determine whether you have learned enough to move
on to the next chapter. If you have difficulty completing this work, review the material
in this chapter before beginning the next chapter. You can find the answers to these
questions in the “Questions and Answers” section at the end of this chapter.
Scenario
You are an administrator for a company named Contoso, Ltd., and are working with
the Sales, Marketing, and Accounting departments to help set up permissions for folders that all departments use.
Both the Sales and Marketing departments access the Brochures folder. A group named
Sales contains users that are in the Sales department, and a group named Marketing
contains users that are in the Marketing department. Your boss gives you the following
tables. The first table shows the permissions assigned to the Sales group for the Brochures folder. The second table shows the permissions assigned to the Marketing
group for the Brochures folder. A user named David is a member of both the Sales and
Marketing groups.
8-34
Chapter 8
Securing Resources with NTFS Permissions
Permissions Assignments for Sales Group
Permission
Allow
Deny
Full Control
Modify
Read & Execute
X
List Folder Contents
X
Read
X
Write
Permissions Assignments for Marketing Group
Permission
Allow
Deny
Full Control
Modify
Read & Execute
List Folder Contents
Read
X
Write
Questions
1. Based on the information in tables that your boss gave you, what are David’s
effective permissions on the Brochures folder?
2. Your boss stops by and says, “Whoops, here is the other table I meant to give
you.” The table shows the permissions assigned to the Accounting group for the
Brochures folder. A user named Yvette is a member the Sales, Marketing, and
Accounting groups.
Permissions Assignments for Accounting Group
Permission
Allow
Deny
Full Control
Modify
Read & Execute
List Folder Contents
Read
Write
X
X
X
Chapter Summary
8-35
Based on the information in all the tables that you received, what are Yvette’s
effective permissions on the Brochures folder?
Chapter Summary
■
You use NTFS permissions to specify which users and groups can access files and
folders, and what they can do with the contents of the files or folders. NTFS permissions are available only on NTFS volumes. It is possible for multiple sets of
NTFS permissions to apply to a user for a particular resource. A user’s effective
permissions for a resource are the sum of the NTFS permissions that you assign to
the individual user account and to all of the groups to which the user belongs.
■
To assign or modify NTFS permissions for a file or a folder, you use the Security
tab of the Properties dialog box for the file or folder. You can use the Advanced
Security Settings dialog box to configure specific permissions for a user or group.
You should also note the following:
■
❑
You cannot assign a user ownership of a file or folder; you can only give a
user permission to take ownership.
❑
By default, subfolders and files inherit permissions that you assign to their
parent folder. You can prevent a folder from propagating permissions to subfolders and items in the folder. You can also prevent a file or subfolder from
inheriting permissions from its parent folder.
You should be aware of the following behaviors when you copy or move files and
folders to which NTFS permissions are applied:
❑
When you copy files or folders from one folder to another or from one volume to another, the object takes on the permissions of the destination folder.
❑
When you move a file or folder within a single NTFS volume, the file or folder
retains its original permissions.
❑
When you move a file or folder between NTFS volumes, the file or folder
inherits the permissions of the destination folder.
8-36
Chapter 8
Securing Resources with NTFS Permissions
Exam Highlights
Before taking the exam, review the key points and terms that are presented in this
chapter. You need to know this information.
Key Points
■
To calculate effective NTFS permissions, first combine all allow permissions from
all sources. Next, determine any deny permissions the user has. Deny permissions
override allow permissions. The result is the user’s effective permissions for the
resource.
■
When you grant permissions, grant users the minimum permissions that they need
to get their jobs done. This is referred to as the principle of least privilege.
■
When you move files or folders within an NTFS volume, permissions that have
been directly assigned to the file or folder carry over to the new location. In all
other cases of moving and copying, existing permissions are lost, and the object
will inherit permissions from the new parent. When moving to a FAT volume, permissions are lost entirely.
Key Terms
access control entry (ACE) A specific entry on the ACL that grants or denies a user
or group access to a resource.
access control list (ACL) A list of all user accounts and groups that have been
assigned permissions for the file or folder, as well as the permissions that they
have been assigned.
effective permissions The permissions level that a user actually has, taking all permission sources into account.
NTFS permissions Assignments that specify which users and groups can access files
and folders and what they can do with the contents of the files or folders. NTFS
permissions are available only on NTFS volumes.
owner The user who created a file, folder, or printer.
permissions inheritance The process of a file or folder receiving permissions
based on the permissions assigned to the object’s parent folder.
Traverse Folder A permission that allows or denies moving through folders to
access other files or folders, even when the user has no permissions for the traversed folder (the folder that the user is moving through).
Questions and Answers
8-37
Questions and Answers
Lesson 1 Review
Page
8-6
1. Which of the following statements correctly describe NTFS file and folder permissions? Choose all that apply.
a. NTFS security is effective only when a user gains access to the file or folder
over the network.
b. NTFS security is effective when a user gains access to the file or folder on the
local computer.
c. NTFS permissions specify which users and groups can gain access to files and
folders and what they can do with the contents of the file or folder.
d. NTFS permissions can be used on all file systems available with Windows XP
Professional.
The correct answers are B and C. NTFS security is locally based and so affects all users
accessing a resource, whether those users are logged on locally or accessing the resource
from the network. A is not correct because NTFS security does not only apply to network users.
D is not correct because NTFS permissions can be used only on partitions formatted with
NTFS.
2. Which of the following NTFS folder permissions allow you to delete the folder?
Choose the correct answer.
a. Read
b. Read & Execute
c. Modify
d. Administer
The correct answer is C. A and B are not correct because these permissions do not allow you
to delete a folder. D is not correct because Administer is not a valid permission.
3. Which of the NTFS file permissions should you assign to a file if you want to allow
users to delete the file but do not want to allow users to take ownership of a file?
Modify
4. What is an access control list (ACL), and what is the difference between an ACL
and an access control entry (ACE)?
An ACL, which is stored with every file and folder on an NTFS volume, contains a list of all user
accounts or groups that have been assigned permissions to that file or folder. An ACE is an
entry in an ACL that contains the operations that a user or group is allowed or specifically
denied to perform on that file or folder.
8-38
Chapter 8
Securing Resources with NTFS Permissions
5. What are a user’s effective permissions for a resource?
A user’s effective permissions for a resource are the sum of the NTFS permissions assigned to
the individual user account and to all of the groups to which the user belongs. If there are any
Deny permissions set, they override all instances in which that permission is allowed and must
be removed from the user’s effective permissions.
6. By default, what inherits the permissions that you assign to the parent folder?
By default, the permissions that you assign to the parent folder are inherited by and propagated
to the subfolders and files that are contained in the parent folder.
Lesson 2 Practice: Planning and Assigning NTFS Permissions
Page
8-15
Exercise 2: Determining the Default NTFS Permissions for a Folder
6. What are the existing folder permissions?
The Administrators group has Full Control. The CREATOR OWNER has special permissions, Full
Control. The account that created the folder has special permissions, Full Control of subfolders
and files only. SYSTEM has Full Control. The Users group has Read & Execute, List Folder Contents, Read, and special permissions of Create Files/Write Data and Create Folders/Append
Data.
Exercise 3: Testing the Folder Permissions for the Public Folder
4. Were you successful? Why or why not?
Yes, because the Users group is assigned the special permissions of Create Files/Write Data
and Create Folders/Append Data for the Public folder.
6. Were you able to complete all of these tasks and why?
Yes, because the Users group is assigned the special permissions of Create Files/Write Data
and Create Folders/Append Data for the Public folder.
10. Which tasks were you able to perform and why?
You can open the file because the Users group has Read permission for the Public folder. When
you attempt to modify the file, you get an error message. You cannot modify the file because
the Users group does not have either Full Control or Modify permissions for the Public folder.
Users can create files and folders in the Public folders, and they have Full Control permission
for the file and folders that they created, but they cannot modify files and folders for which they
are not the creator or owner. You cannot delete the file because only the owner of a file and
members of the Administrators group have Full Control of the file by default.
Questions and Answers
8-39
Exercise 4: Assigning NTFS Permissions
1. Based on what you learned in Exercise 1, what changes in permission assignments
do you need to make to meet each of these four criteria? Why?
The first three criteria are met by the default permission assignments. To allow User82 the ability to modify or delete all files in the Public folder, you could change the special permission
assigned to User82 to Full Control.
2. You are currently logged on as User82. Can you change the permissions assigned
to User82 while logged on as User82? Why or why not?
No, you cannot change the permissions assigned User82 while logged on as User82 because
User82 is not a member of the Administrators group, is not the owner of the Public folder, and
does not have the Full Control permission for the Public folder. Only Administrators, the owners
of files or folders, and users with Full Control permission can assign NTFS permissions to
users and groups to control access to files and folders.
10. Which permissions are assigned to User82?
Read & Execute, List Folder Contents, and Read
Exercise 5: Testing the New NTFS Permissions for the Folder
5. Which tasks were you able to record and why?
User82 can open, modify, and delete the file because User82 has been assigned the Full Control permission for the Public folder.
Exercise 6: Testing NTFS Permissions
8. Which tasks were you able to perform and why?
User82 can open, modify, and delete the file because User82 has been assigned the Full Control permission for the Library folder. The Inherit From Parent The Permission Entries That Apply
To Child Objects check box is selected by default. Therefore, the Full Control permission was
inherited by the Library folder from the Public folder.
Lesson 2 Review
Page
8-21
1. By default, when you format a volume with NTFS, the ______________________
permission is assigned to the Everyone group. Fill in the blank.
Full Control
2. When you assign permissions for public data folders, it is recommended that you
assign the ______________________ permission and the ____________________
permission to the Users group, and the ______________________ permission to
the CREATOR OWNER user. Fill in the blanks.
Read & Execute; Write; Full Control
8-40
Chapter 8
Securing Resources with NTFS Permissions
3. Which of the following users can assign permissions to user accounts and groups?
Choose all that apply.
a. Administrators
b. Power users
c. Users with the Full Control permission
d. Owners of files and folders
The correct answers are A, C, and D. B is not correct because members of the Power users
group cannot assign permissions.
4. Which of the following tabs in the Properties dialog box for the file or folder do
you use to assign or modify NTFS permissions for a file or a folder? Choose the
correct answer.
a. Advanced
b. Permissions
c. Security
d. General
The correct answer is C. A, B, and D are incorrect because you use the Security tab to modify
NTFS permissions.
5. What is the purpose of the Traverse Folder/Execute File special permission?
Traverse Folder allows or denies moving through folders to access other files or folders, even
when the user has no permissions for the traversed folder. Execute File allows or denies running executable files (application files).
6. What is the difference between the Delete permission and Delete Subfolder And
Files permission?
Delete allows or denies the deleting of a file or folder. Even if a user does not have the Delete
permission for a file or folder, the user can still delete the file or folder if the Delete Subfolder
And Files permission has been granted to the user on the parent folder.
Lesson 3 Practice: Managing NTFS Permissions
Page
8-26
Exercise 1: Taking Ownership of a File
To determine the permissions for a file
7. Who is the current owner of the OWNER file?
The user account you used to log on to Windows XP.
To take ownership of a file
6. Who is now the owner of the OWNER file?
User81
Questions and Answers
8-41
Exercise 2: Copying and Moving Folders
To create a folder while logged on as a user
2. What are the permissions that are assigned to the folder?
User or Group
Permissions
Creator Owner
Special Permissions: Full control for subfolders and files only
System
Full Control
User81
Full Control
Users
Special Permissions: Traverse Folder/Execute File, List Folder/Read
Data, Read Attributes, Read Extended Attributes, Read Permissions,
Create Files/Write Data, and Create Folders/Append Data
3. Who is the owner? Why?
User81 is the owner because the person who creates a folder or file is the owner.
To create a folder while logged on as a member of the Administrators group
3. What are the permissions for the Temp2 and Temp3 folders that you just created?
User or Group
Permissions
Administrators
Full Control
Creator Owner
Special Permissions: Full control for subfolders and files
only
System
Full Control
the name of the user account
you used to create the folders
Special Permissions: Full control for this folder only
Users
Special Permissions: Traverse Folder/Execute File, List
Folder/Read Data, Read Attributes, Read Extended
Attributes, Read Permissions, Create Files/Write Data and
Create Folders/Append Data
4. Who is the owner of the Temp2 and Temp3 folders? Why?
The Administrators group or the name of the user account you used to create the folders (if you
did not log on as Administrator) is the owner because the person who creates a folder or file is
the owner. If the person is a member of the Administrators group, the Administrators group is
the owner.
To copy a folder to another folder within a Windows XP Professional NTFS volume
3. Who is the owner of C:\Temp1\Temp2 and what are the permissions? Why?
The owner of C:\Temp1\Temp2 is the user account that performed the copy. The permissions
for C:\Temp1\Temp2 are now the same as the permissions of Temp1. When you copy a folder
or file into another folder, the permissions assigned to it are always the same as the permissions on the destination folder.
8-42
Chapter 8
Securing Resources with NTFS Permissions
To move a folder within the same NTFS volume
3. What happens to the permissions and ownership for C:\Temp1\Temp3? Why?
Nothing; they do not change.
Lesson 3 Review
Page
8-30
1. Which of the following statements about copying a file or folder are correct?
Choose all that apply.
a. When you copy a file from one folder to another folder on the same volume,
the permissions on the file do not change.
b. When you copy a file from a folder on an NTFS volume to a folder on a FAT
volume, the permissions on the file do not change.
c. When you copy a file from a folder on an NTFS volume to a folder on another
NTFS volume, the permissions on the file match those of the destination
folder.
d. When you copy a file from a folder on an NTFS volume to a folder on a FAT
volume, the permissions are lost.
The correct answers are C and D. A is not correct because when you copy a file to a folder on
the same volume, the file inherits the permissions assigned to the target folder. B is not correct
because when you copy a file to a FAT volume, permissions are lost.
2. Which of the following statements about moving a file or folder are correct?
Choose all answers that are correct.
a. When you move a file from one folder to another folder on the same volume,
the permissions on the file do not change.
b. When you move a file from a folder on an NTFS volume to a folder on a FAT
volume, the permissions on the file do not change.
c. When you move a file from a folder on an NTFS volume to a folder on
another NTFS volume, the permissions on the file match those of the destination folder.
d. When you move a file from a folder on an NTFS volume to a folder on the
same volume, the permissions on the file match those of the destination
folder.
The correct answers are A and C. B is not correct because when you move a file to a FAT partition, all permissions are lost. D is not correct because when you move a file to a folder on the
same volume, the original permissions are retained.
3. When you assign NTFS permissions you should assign the _____________________
(least/most) restrictive permissions. Fill in the blank.
Most
Questions and Answers
8-43
4. If you do not want a user or group to gain access to a particular folder or file,
should you deny access permissions to that folder or file?
You should assign permissions to the folder or file rather than deny permission to access the
folder or file. Denying permissions should be an exception, not common practice.
Case Scenario Exercise
Page
8-32
1. Will users in the Part Time And Contractors group be able to open the files protected by the confidentiality agreement?
No. The Deny Full Control permission will prevent users from being able to access the file.
2. Even if users of the Part Time And Contractors groups cannot access the file, there
is a risk that they will delete the file. Why?
Full Control includes the Delete Subfolders And Files special permission for POSIX compliance.
This special permission allows a user to delete files in the root of a folder to which the user has
been assigned Full Control permission. This permission overrides the file permissions.
3. How could you solve this problem by changing permissions on the Client
Accounts folder?
Allow users all of the individual permissions, and then deny users the Delete Subfolders And
Files special permission.
4. What would have been a better way to approach this problem from the beginning?
It is better to not use Deny permissions unless absolutely necessary. The simplest and most
secure way to approach this problem would be to put the files that are protected by a confidentiality agreement into a separate folder from the Client Accounts folder. You could then grant
permissions on the separate folder only to users that need permissions.
Troubleshooting Lab
Page
8-33
1. Based on the information in tables that your boss gave you, what are David’s
effective permissions on the Brochures folder?
To determine David’s effective permissions, you must combine all the permissions that have
been assigned. Thus, David’s effective permissions on the Brochures folder are Read & Execute, List Folder Contents, and Read.
2. Your boss stops by and says, “Whoops, here is the other table I meant to give
you.” The table shows the permissions assigned to the Accounting group for the
Brochures folder. A user named Yvette is a member the Sales, Marketing, and
Accounting groups.
8-44
Chapter 8
Securing Resources with NTFS Permissions
Permissions Assignments for Accounting Group
Permission
Allow
Deny
Full Control
Modify
Read & Execute
List Folder Contents
Read
Write
X
X
X
Based on the information in all the tables that you received, what are Yvette’s
effective permissions on the Brochures folder?
To determine Yvette’s effective permissions, you must combine all the permissions that have
been granted. Yvette’s cumulative granted permissions are Read & Execute, List Folder Contents, and Read. You must then apply any denied permissions. Based on membership in the
Accounting group, Yvette is denied the List Folder Contents and Write permissions. Denying the
List Folder Contents permission effectively denies the Read & Execute permission (because
Read & Execute depends on List Folder Contents). This results in effective permissions of Read
for Yvette.
9 Administering Shared
Folders
Exam Objectives in this Chapter:
■
Manage and troubleshoot access to shared folders.
❑
Create and remove shared folders.
❑
Control access to shared folders by using permissions.
Why This Chapter Matters
In Chapter 8, “Securing Resources with NTFS Permissions,” you learned about
NTFS File System permissions for Microsoft Windows XP Professional. You use
NTFS permissions to specify which users and groups are allowed to access files
and folders and how NTFS permissions control what users are allowed to do with
the contents of the file or folder. Remember that NTFS permissions are available
only on NTFS volumes and that NTFS security is in effect whether a user gains
access to the file or folder at the local computer or over the network.
In this chapter, you will learn how to share folders and make the folders accessible over the network. You access a computer’s folders and their contents by first
sharing the folders, and then accessing the folders across the network from a
remote computer. Shared folders provide a way to restrict access to file resources
that are located on file allocation table (FAT) or FAT32 partitions. In this chapter,
you will learn how to share folders and how to restrict access to shared folders
by using permissions.
Lessons in this Chapter:
■
Lesson 1: Introduction to Shared Folders . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-2
■
Lesson 2: Combining Shared Folder Permissions and NTFS Permissions. . . . .9-20
Before You Begin
To complete this chapter, you must have a computer that meets the minimum hardware requirements listed in the preface, “About This Book.” You must also have Windows XP Professional installed on the computer.
9-1
9-2
Chapter 9
Administering Shared Folders
Lesson 1: Introduction to Shared Folders
You use shared folders to provide network users with access to file resources. When a
folder is shared, users with appropriate permissions can access the folder over the network.
After this lesson, you will be able to
■ Explain Simple File Sharing
■ Identify shared folder permissions
■ Identify the requirements for sharing a folder
■ Identify the characteristics of shared folder permissions
■ Share a folder
■ Assign shared folder permissions
■ Create multiple share names for a shared folder
■ Modify a shared folder
■ Connect to a shared folder
■ Explain the use of administrative shares
■ Manage shared folders by using the Computer Management utility
■ Explain guidelines for assigning shared folder permissions
Estimated lesson time: 60 minutes
Simple File Sharing
Simple File Sharing, as its name implies, is a simplified sharing model that allows
users to easily share folders and files with other local users on the same computer or
with users in a workgroup without configuring NTFS permissions and standard shared
folders. On computers running Windows XP Professional that are members of a workgroup, you can use Simple File Sharing or you can disable Simple File Sharing and use
shared folder permissions. On computers running Windows XP Professional that are
members of a domain, Simple File Sharing is not available.
!
Exam Tip
If you are not able to access the Security tab of a file or folder’s Properties dialog box or if you cannot assign shared folder permissions to a folder, Simple File Sharing is
probably enabled.
When Simple File Sharing is enabled, users have only one choice to make—whether a
folder is shared or not. When a user shares a folder, that folder is accessible to all network users. Also, with Simple File Sharing, the user cannot assign shared folder per-
Lesson 1
Introduction to Shared Folders
9-3
missions. To enable or disable Simple File Sharing, in any open folder, click Tools and
then click Folder Options. In the Folder Options dialog box, on the View tab, in the
Advanced Settings list, select or clear the Use Simple File Sharing (Recommended)
check box.
Note
The remainder of this chapter assumes that you are not using Simple File Sharing.
Shared Folder Permissions
When Simple File Sharing is disabled, you can control how users gain access to a
shared folder by assigning shared folder permissions. Shared folder permissions are
simpler than NTFS permissions. Table 9-1 explains what each of the shared folder permissions allows a user to do, presented from most restrictive to least restrictive.
Table 9-1
Shared Folder Permissions
This Shared Folder
Permission
Allows the User to
Read
Display folder names, file names, file data, and attributes; run program
files; and change folders within the shared folder
Change
Create folders, add files to folders, change data in files, append data to
files, change file attributes, and delete folders and files; also allows the
user to perform actions that are permitted by the Read permission
Full Control
Change file permissions, take ownership of files, and perform all tasks
that are permitted by the Change permission
You grant or deny shared folder permissions. Generally, it is best to grant permissions
to a group rather than to individual users. You should deny permissions only when it
is necessary to override permissions that are otherwise applied, for example, when it
is necessary to deny permission to a specific user who belongs to a group to which you
have granted the permission. If you deny a shared folder permission to a user, the user
will not have that permission. For example, to deny all remote access to a shared
folder, deny the Full Control permission.
Requirements for Sharing a Folder
To create shared folders on a computer running Windows XP Professional, you must
be a member of the Administrators or Power Users groups. Also, users who are granted
the Create Permanent Shared Objects user right are allowed to share folders. You can
share only folders; you cannot share individual files. If you need to provide users network access to files, you must share the folder that contains the files.
9-4
Chapter 9
!
Administering Shared Folders
Exam Tip
Users of the Administrators or Power Users groups can share a folder. Users
who have been assigned the Create Permanent Shared Objects user right can also share
folders.
Characteristics of Shared Folder Permissions
You can share any folder on a computer so that network users can access the folder.
The following are characteristics of shared folder permissions:
■
Shared folder permissions apply to folders, not individual files. Because you can
apply shared folder permissions only to the entire shared folder and not to individual files or subfolders in the shared folder, shared folder permissions provide
less detailed security than NTFS permissions.
■
Shared folder permissions do not restrict users who access the folder locally by
logging on to the computer. They apply only to users who connect to the folder
over the network.
■
Shared folder permissions are the only way to secure network resources on a FAT
volume, because NTFS permissions are not available on FAT volumes.
■
The default shared folder permission is Read, and it is assigned to the Everyone
group when you share the folder.
Security Alert
If you share a folder and do not change the default shared folder permissions (where the Everyone group is assigned the Read permission), the shared folder is effectively not protected from people reading the contents of the folder across the network. In this
case, restriction from reading the folder depends entirely on local NTFS permissions.
How to Share a Folder
When you share a folder, you can give it a share name, provide comments to describe
the folder and its content, control the number of users who have access to the folder,
assign permissions, and create multiple share names for the folder.
To share a folder, complete the following steps:
1. Log on with a user account that is able to share folders.
2. Right-click the folder that you want to share, and then click Properties.
3. On the Sharing tab of the Properties dialog box, click Share This Folder and configure the options shown in Figure 9-1 and described in Table 9-2.
Lesson 1
Introduction to Shared Folders
9-5
F09us01
Figure 9-1
Table 9-2
Use the Sharing tab of a folder’s Properties dialog box to share a folder.
Sharing Tab Options
Option
Description
Share Name
The name that users from remote locations use to connect to the shared folder.
You must enter a share name. By default, this is the same name as the folder.
You can type in a different name up to 80 characters long.
Comment
An optional description for the share name. The comment appears in addition
to the share name when users at client computers browse the server for shared
folders. This comment can be used to identify contents of the shared folder.
User Limit
The number of users who can concurrently connect to the shared folder. If
you click Maximum Allowed as the user limit, Windows XP Professional supports up to 10 connections.
Permissions
The shared folder permissions that apply only when the folder is accessed over
the network. By default, the Everyone group is assigned Read for all new
shared folders.
Caching
The settings to configure offline access to this shared folder. This feature is covered in Chapter 10, “Managing Data Storage.”
New Share
The settings to configure more than one share name and set of permissions for
this folder. This button appears only when the folder has already been shared.
You will learn how to create multiple shares in the section “How to Create Multiple Share Names for a Shared Folder.”
How to Assign Shared Folder Permissions
After you share a folder, the next step is to specify which users have access to the
shared folder by assigning shared folder permissions to selected user accounts and
9-6
Chapter 9
Administering Shared Folders
groups. To assign permissions to user accounts and groups for a shared folder, use the
following steps:
1. On the Sharing tab of the Properties dialog box of the shared folder, click Permissions.
2. In the Permissions dialog box for the folder, ensure that the Everyone group is
selected and then click Remove.
3. In the Permissions dialog box, click Add.
4. In the Select Users Or Groups dialog box (shown in Figure 9-2), in the Enter The
Object Names To Select text box, type the name of the user or group to which you
want to assign permissions. Repeat this step for all user accounts and groups to
which you want to assign permissions.
Tip
If you want to enter more than one user account or group at a time, separate the names
by a semicolon. If you want to ensure the names are correct, click Check Names.
F09us02
Figure 9-2 Select a user or a group to which to assign permissions.
5. Click OK.
6. In the Permissions dialog box for the shared folder, click the user account or
group, and then, under Permissions, select the Allow check box or the Deny
check box for the appropriate permissions for the user account or group.
How to Create Multiple Share Names for a Shared Folder
You might want to grant different permissions on a shared folder. You can create multiple share names for the same folder and assign each a different set of permissions. To
share a folder with multiple share names, open the folder’s Properties dialog box and
then click New Share. In the New Share dialog box (shown in Figure 9-3), you assign
a new share name, limit the number of connections to the share, and click Permissions
to grant the permissions for the shared folder.
Lesson 1
Introduction to Shared Folders
9-7
F09us03
Figure 9-3
Create an additional share name for a shared folder.
How to Modify a Shared Folder
For existing shared folders, you can stop sharing the folder, modify the share name,
and modify shared folder permissions.
To modify a shared folder, complete the following steps:
1. In the Properties dialog box of the shared folder, click the Sharing tab.
2. To complete the appropriate task, use the steps in Table 9-3.
Table 9-3
Steps to Modify a Shared Folder
To
Do This
Stop sharing a folder
Click Do Not Share This Folder.
Modify the share name
Click Do Not Share This Folder to stop sharing the folder, and
click Apply. Then click Share This Folder, and type the new
share name in the Share Name text box.
Modify shared folder
permissions
Click Permissions. In the Permissions dialog box, click Add to
add a user account or group so that you can specify permissions for a specific user or group, or click Remove to remove
a user account or group. In the Select Users, Computers, Or
Groups dialog box, click the user account or the group whose
permissions you want to modify, and then select Allow or
Deny for the appropriate permissions.
Caution If you stop sharing a folder while a user has a file open, the user might lose data.
If you click Do Not Share This Folder and a user has an open connection to the shared folder,
Windows XP Professional displays a dialog box notifying you of that fact.
How to Connect to a Shared Folder
You can access a shared folder on another computer by using My Network Places, the
Add Network Place Wizard, or the Run command.
To connect to a shared folder using My Network Places, complete the following steps:
9-8
Chapter 9
Administering Shared Folders
1. Click Start, and then click Control Panel.
Note When you first use My Network Places, Windows XP Professional adds it to your Start
menu. If My Network Places is listed on your Start menu, click it and proceed to step 4.
2. In the Control Panel window, click Network And Internet Connections.
3. In the Network And Internet Connections window, under See Also, click My Network Places.
4. Double-click the share you want to access.
Note
If the share you want to connect to is listed, when you double-click it, you are connected. If the share that you want to connect to is not listed, go to step 5.
5. If the share you want to connect to is not listed, click Add A Network Place.
The Welcome To The Add Network Place Wizard page is displayed.
6. Click Next.
7. On the Where Do You Want To Create This Network Place page, select Choose
Another Network Location, and then click Next.
8. On the What Is The Address Of This Network Place page, shown in Figure 9-4,
you can type a Universal Naming Convention (UNC) path to the folder (for example, \\computer_name\sharedfolder_name) and click Next.
F09us04
Figure 9-4 Type the UNC for the share that you want to access.
Tip
You can also use the Other Locations On Your Network page to make a network connection shortcut to a Web share (http://Webserver/share) or a File Transfer Protocol (FTP) site
(ftp://ftp.microsoft.com).
Lesson 1
Introduction to Shared Folders
9-9
9. On the What Do You Want To Name This Place page, type a friendly name for this
page and then click Next.
10. In the Completing The Add Network Place Wizard, click Finish.
To connect to a shared folder using the Run command, complete the following steps:
1. Click Start, click Run, type \\computer_name in the Open text box, and then
click OK.
Windows XP Professional displays shared folders for the computer.
2. Double-click the shared folder to which you want to connect.
What Are Administrative Shares?
Windows XP Professional automatically shares some folders for administrative purposes. These administrative shares are marked with a dollar sign ($) at the end of
the share name. Administrative shares are hidden from users who browse the computer. The root of each volume, the system root folder, and the location of the printer
drivers are hidden shared folders that you can access across the network by typing in
the exact name of the share.
Table 9-4 describes the purpose of the administrative shared folders that Windows XP
Professional automatically provides.
Table 9-4
Windows XP Professional Administrative Shared Folders
Share
Purpose
C$, D$, E$,
and so on
The root of each volume on a hard disk is automatically shared, and the share
name is the drive letter with a dollar sign ($). When you connect to this folder,
you have access to the entire volume. You use the administrative shares to
remotely connect to the computer to perform administrative tasks. Windows XP
Professional assigns the Full Control permission to the Administrators group.
Admin$
The system root folder, which is C:\Windows by default, is shared as Admin$.
Administrators can access this shared folder to administer Windows XP Professional without knowing in which folder it is installed. Only members of the
Administrators group have access to this share. Windows XP Professional assigns
the Full Control permission to the Administrators group.
Print$
When you install the first shared printer, the %systemroot%\System32\
Spool\Drivers folder is shared as Print$. This folder provides access to printer
driver files for clients. Only members of the Administrators and Power Users
groups have the Full Control permission. The Everyone group has the Read permission.
9-10
Chapter 9
Administering Shared Folders
Hidden shared folders are not limited to those that the system automatically creates.
You can share an additional hidden share by simple adding a dollar sign to the end
of the share name. Only users who know the folder name can access it if they also possess the proper permissions.
!
Exam Tip
You often can use the built-in administrative shares to access resources on a
computer when you cannot otherwise gain access. In particular, the Admin$ share is useful
because it allows you to access the system root folder of a computer. You can also type the
drive letter followed by a dollar sign (for example, C$) to access a particular drive.
How to Manage Shared Folders by Using Computer Management
You can also manage shared folders by using the Computer Management utility.
Available shared folder management options are as follows:
■
View a list of all folders that are currently shared
■
Create additional shared folders
■
View and edit the properties of shared folders
■
Stop sharing a folder
■
Manage users that are connected to shared folders
■
Remotely manage shared folders on other computers
How to View a List of Shared Folders in Computer Management
You can view all folders that are currently shared in a single location within Computer
Management. To view shared folders, follow these steps:
1. Start Computer Management, either by right-clicking My Computer and selecting
Manage, or from the Administrative Tools folder in Control Panel.
2. Expand the System Tools node.
3. Under the System Tools node, expand the Shared Folders node, and then select
the Shares folder. Shared folders are displayed in the details pane, as shown in Figure 9-5.
Lesson 1
Introduction to Shared Folders
9-11
F09us05
Figure 9-5 View shared folders in Computer Management.
How to Create Additional Shared Folders by Using Computer Management
You can easily share folders by using Computer Management. To share a folder, complete the following steps:
1. In Computer Management, right-click the Shares folder (in the Shared Folders
node) and select New File Share.
The Create A Shared Folder Wizard appears.
2. Click Next.
3. On the Set Up A Shared Folder page, type the path to be shared, the share name,
and the share description. Click Next to continue.
4. If the folder to be shared does not exist, Windows opens a dialog box asking
whether or not you want to create the folder. Click Yes to create the folder and
continue.
5. On the Shared Folder Permissions page, select the appropriate permissions option
and click Next.
6. Finally, click Finish to create the shared folder.
9-12
Chapter 9
Administering Shared Folders
View and Edit the Properties of Shared Folders by Using Computer Management
You can view and edit the properties of any shared folder through Computer Management by right-clicking the shared folder and selecting Properties. Figure 9-6 shows the
Properties dialog box of a shared folder named Public Files. On the Security tab of new
shares that you create, you can also manage the NTFS permissions of the folder.
F09us06
Figure 9-6 Use Computer Management to modify the properties of a shared folder.
How to Stop Sharing a Folder
You can also use Computer Management to stop sharing a folder (or a particular share
name for a folder). To stop sharing a folder in Computer Management, use the following steps:
1. Start Computer Management, either by right-clicking My Computer and selecting
Manage, or from the Administrative Tools folder in Control Panel.
2. Expand the System Tools node.
3. Under the System Tools node, expand the Shared Folders node, and then select
the Shares folder.
4. In the Details pane, right-click the share that you want to stop, and then click Stop
Sharing.
This action does not delete the folder; it merely stops sharing the folder under the
particular share name.
Lesson 1
Introduction to Shared Folders
9-13
Manage Users That Are Connected to Shared Folders
To view the users that are connected to the server, expand the Shared Folders node in
Computer Management and then select the Sessions folder. Occasionally, you might
need to disconnect users from the computer so that you can perform maintenance
tasks on hardware or software. To disconnect users from the server, do one of the following:
■
To disconnect a single user, right-click the user name in the Sessions folder, and
then select the Close Session option from the action menu.
■
To disconnect all users from the server, right-click the Sessions folder, and then
select the Disconnect All Sessions option from the action menu.
To view users that have shared files and folders open, under Shared Files, select the
Open Files option. The details pane displays the files and folders that are currently in
use on the server. This information is valuable if you are trying to work with a shared
folder or file and need to know who is currently accessing the resource so that you can
ask that person to disconnect.
Guidelines for Shared Folder Permissions
The following list provides some general guidelines for managing your shared folders
and assigning shared folder permissions:
■
Determine which groups need access to each resource and the level of access that
they require. Document the groups and their permissions for each resource.
■
Assign permissions to groups instead of user accounts to simplify access administration.
■
Assign to a resource the most restrictive permissions that still allow users to perform required tasks. This practice is known as the principle of least privilege.
For example, if users only need to read information in a folder and they will never
delete or create files, assign the Read permission.
■
Organize resources so that folders with the same security requirements are located
within a folder. For example, if users require Read permission for several application folders, store those folders within the same folder. Then share this folder
instead of sharing each individual application folder.
■
Use intuitive share names so that users can easily recognize and locate resources.
For example, for the Application folder, use Apps for the share name. You should
also use share names that all client operating systems can use.
Table 9-5 describes share and folder naming conventions for different client computer
operating systems.
9-14
Chapter 9
Table 9-5
Administering Shared Folders
Client Computer Operating Systems and Share Name Length
Operating System
Share Name Length
Windows 2000 and later
80 characters
Windows NT, Windows 98, and Windows 95
12 characters
MS-DOS, Windows 3.x, and Windows for Workgroups
8.3 characters
Windows XP Professional provides 8.3-character equivalent names, but the resulting
names might not be intuitive to users. For example, a Windows XP Professional folder
named Accountants Database would appear as Accoun~1 on client computers running
MS-DOS, Windows 3.x, and Windows for Workgroups.
Real World
Shared Folder Permissions on Large Networks
On small networks, you are likely to find that either Simple File Sharing or shared
folder permissions are used to control access to files and folders on the network.
Even when drives are formatted with the NTFS file system, most people on small
networks just do not use NTFS permissions.
On large company networks, you find just the opposite. Administrators typically
rely on NTFS permissions and leave the default shared folder permissions (or
remove the Everyone group and provide the Users group full access) in place
because NTFS permissions do a much better job of securing data. Because of the
way that shared folder permissions and NTFS permissions interact, NTFS permissions secure data for both local and network access. Adding shared folder permissions is really unnecessary and in fact complicates the permissions that
administrators must work with. The exception to this is on computers running
older versions of Windows (for example, Windows 98 or Windows Me) that do not
support the NTFS file system; these systems must use shared folder permissions if
their data is to be shared on the network.
Practice: Managing Shared Folders
In this practice, you will determine the effective shared permissions of users, share a
folder, create an additional share name for a shared folder, and stop the sharing of a
folder.
Exercise 1: Calculate Effective Shared Permissions
In the following exercise, User101 has been assigned permissions to access resources
as an individual and as a member of a group, as shown in Figure 9-7.
Lesson 1
1
Introduction to Shared Folders
9-15
FolderA
Group1
R
Group2
CP
?
User101
Group3
FC
2
FolderB
Full Control
Managers
CP
?
User102
Sales
FC
F09us07
Figure 9-7
Identify effective permissions.
Determine which effective permissions are assigned for User101 and User102.
1. User101 is a member of Group1, Group2, and Group3. Group1 has Read permission. Group2 has Full Control permission for FolderA, and Group3 has change
permissions assigned for FolderA. What are User101’s effective permissions for
FolderA?
2. User102 has been granted the Full Control shared folder permission for FolderB as
an individual user. User102 is a member of the Managers group, which has been
granted Change permission for FolderB, and a member of the Sales group, which
has been denied all access to FolderB. What are User102’s effective permissions
for FolderB?
9-16
Chapter 9
Administering Shared Folders
Exercise 2: Create a Shared Folder
1. Click Start, and then click My Documents.
2. In the My Documents window, click the File menu, point to New, and then click
Folder.
3. The new folder appears in the window with the name highlighted. Type Public
Files for the name of the folder.
4. Right-click the Public Files folder, and click Sharing and Security.
5. In the Public Files Properties dialog box, on the Sharing tab, click Share This
Folder, and then click Apply.
6. What new button appears on the dialog box after you click Apply?
7. Click Permissions.
8. In the Permissions for Public Files dialog box, in the Group Or User Names list,
click Everyone and then click Remove.
9. Click Add.
10. In the Select Users Or Groups dialog box, type Users and then click OK.
11. In the Permissions for Public Files dialog box, in the Group Or User Names list,
click Users.
12. In the Permissions for Users list, in the Allow column, select the Change check
box.
13. Click OK, and leave the Public Files dialog box open for the next exercise.
Exercise 3: Create an Additional Share Name for a Folder
1. In the Public Files dialog box, click New Share.
2. In the New Share dialog box, in the Share Name text box, type Public Files 2.
3. In the Comment text box, type Power Users.
4. Click Permissions.
5. In the Permissions for Public Files 2 dialog box, in the Group Or User Names list,
click Everyone and then click Remove.
6. Click Add.
7. In the Select Users Or Groups dialog box, type Power Users and then click OK.
Lesson 1
Introduction to Shared Folders
9-17
8. In the Permissions for Public Files dialog box, in the Group Or User Names list,
click Power Users.
9. In the Permissions for Users list, in the Allow column, select the Full Control check
box, and then click OK.
10. In the New Share dialog box, click OK.
11. What new button is added to the Public Files Properties dialog box?
12. Click OK.
Lesson Review
Use the following questions to help determine whether you have learned enough to
move on to the next lesson. If you have difficulty answering these questions, review
the material in this lesson before beginning the next lesson. You can find answers to
these questions in the “Questions and Answers” section at the end of this chapter.
1. Because you use NTFS permissions to specify which users and groups can access
files and folders and what these permissions allow users to do with the contents
of the file or folder, why do you need to share a folder or use shared folder permissions?
2. Which of the following permissions are shared folder permissions? (Choose all
that apply.)
a. Read
b. Write
c. Modify
d. Full Control
3. ______________________ (Denied /Allowed) permissions take precedence over
____________ (denied /allowed) permissions on a shared folder.
9-18
Chapter 9
Administering Shared Folders
4. When you copy a shared folder, the original folder is ___________________ (no
longer shared /still shared) and the copy is ______________________ (not shared /
shared).
5. When you move a shared folder, the folder is ______________________ (no longer
shared /still shared).
6. When you rename a shared folder, the folder is ______________________ (no
longer shared /still shared).
7. Windows XP Professional automatically shares folders for administrative purposes.
These shares are marked with a __________________, which hides them from
users who browse the computer.
8. The system root folder, which is C:\Windows by default, is shared as
____________. Administrators can access this shared folder to administer Windows
XP Professional without knowing in which folder it is installed. Only members of
the Administrators group have access to this share. Windows XP Professional
assigns the Full Control permission to the Administrators group.
Lesson Summary
■
Simple File Sharing is a simplified sharing model that allows users to share or not
share a folder instead of applying NTFS and shared folder permissions. Simple File
Sharing is enabled by default on computers running Windows XP Professional that
are members of a workgroup. Simple File Sharing is not available on computers
that are members of a domain.
■
The three shared folder permissions are Read, Change, and Full Control.
■
To share a folder, you must be a member of the Administrators or Power Users
groups, or have the Create Permanent Shared Objects user right assigned to your
account.
■
The characteristics of shared folder permissions include:
■
❑
Shared folder permissions apply to folders, not individual files.
❑
Shared folder permissions apply only to users who connect to the folder over
the network.
❑
Using shared folder permissions is the only way to secure file resources on
FAT volumes.
❑
The default shared folder permission is Read, and it is assigned to the Everyone group when you share the folder.
When you share a folder, you can give it a share name, provide comments to
describe the folder and its content, control the number of users who have access
to the folder, assign permissions, and share the same folder multiple times.
Lesson 1
Introduction to Shared Folders
9-19
■
After sharing a folder, control access to that folder by assigning shared folder permissions.
■
You can create multiple share names for a single folder and assign different permissions to each share name.
■
For existing shared folders, you can stop sharing the folder, modify the share
name, and modify shared folder permissions.
■
You can connect to a shared folder by using My Network Places, My Computer, or
the Run dialog box.
■
Windows XP Professional automatically shares folders for administrative purposes.
These shares are marked with a dollar sign ($), which hides them from users who
browse the computer.
■
You can use Computer Management to view, create, and modify shared folders, as
well as to view users that are connected to each share. You can also use Computer
Management to remotely manage shared folders on other computers.
■
You should practice the principle of least privilege when assigning shared folder
permissions by allowing users only the access they need to do their job. You
should grant permissions to groups rather than users. You should also try to
arrange folders so that resources with the same security requirements are grouped.
9-20
Chapter 9
Administering Shared Folders
Lesson 2: Combining Shared Folder Permissions and NTFS
Permissions
You share folders to provide network users with access to resources. If you are using
a FAT volume, the shared folder permissions are the only resource available to provide
security for the folders that you have shared and the folders and files they contain. If
you are using an NTFS volume, you can assign NTFS permissions to individual users
and groups to better control access to the files and subfolders in the shared folders.
When you combine shared folder permissions and NTFS permissions, the more restrictive permission is always the overriding permission.
After this lesson, you will be able to
■ Calculate effective permissions for folders that have shared folder and NTFS permis-
sions
■ Explain the rules when combining shared folder permissions and NTFS permissions
■ Combine shared folder permissions and NTFS permissions
Estimated lesson time: 15 minutes
How to Calculate Effective Permissions for Folders That Have Shared
Folder and NTFS Permissions
When users connect to shared folders that are located on NTFS volumes, share permissions and NTFS permissions will combine to control the actions that a user can perform. Determining effective permissions can be somewhat difficult when both NTFS
and shared permissions are involved.
Calculating effective permissions for resources within a shared folder on an NTFS partition is a three-step process.
1. Calculate the NTFS effective permissions for the user.
2. Calculate the shared folder effective permissions for the user.
3. Analyze the results of steps 1 and 2, and select the result that is the more restrictive
of the two. This will be the user’s effective permission for the shared folder.
Rules When Combining Shared Folder Permissions and
NTFS Permissions
When you use shared folder permissions on an NTFS volume, the following rules
apply:
Lesson 2
Combining Shared Folder Permissions and NTFS Permissions
9-21
■
You can apply NTFS permissions to files and subfolders in the shared folder. You
can apply different NTFS permissions to each file and subfolder contained in a
shared folder.
■
In addition to shared folder permissions, users must have NTFS permissions for
the files and subfolders contained in shared folders to access those files and subfolders. This is in contrast to FAT volumes, in which permissions for a shared
folder are the only permissions protecting files and subfolders in the shared folder.
■
When you combine shared folder permissions and NTFS permissions, the more
restrictive permission is always the overriding permission.
In Figure 9-8, the Users group has the shared folder Full Control permission for the
Public folder and the NTFS Read permission for FileA. The Everyone group’s effective
permission for FileA is the more restrictive Read permission. The effective permission
for FileB is Full Control because both the shared folder permission and the NTFS permission allow this level of access.
Public
FC
NTFS permission
Users
File A
R
NTFS permission
File B
CP
NTFS volume
• Apply NTFS permissions to files and subfolders.
• The most restrictive permission is the effective permission.
F09us08
Figure 9-8
Combine shared folder permissions and NTFS permissions.
Practice: Combining Permissions
Figure 9-9 shows examples of shared folders on NTFS volumes. These shared folders
contain subfolders that have also been assigned NTFS permissions. Determine a user’s
effective permissions for each example.
9-22
Chapter 9
1
Administering Shared Folders
Sales Group
Data
R
NTFS permission
Sales
FC
NTFS volume
2
Users Group
Users
FC
NTFS permission
User1
FC
NTFS permission
User2
User1
User2
FC
NTFS volume
F09us9
Figure 9-9 Combine permissions for each group.
1. In the first example, the Data folder is shared. The Sales group has the shared
folder Read permission for the Data folder and the NTFS Full Control permission
for the Sales subfolder. What are the Sales group’s effective permissions for the
Sales subfolder when they gain access to the Sales subfolder by making a connection to the Data shared folder?
2. In the second example, the Users folder contains user home folders. Each user
home folder contains data accessible only to the user for whom the folder is
named. The Users folder has been shared, and the Users group has the shared
folder Full Control permission for the Users folder. User1 and User2 have the NTFS
Full Control permission for their home folder only and no NTFS permissions for
other folders. These users are all members of the Users group. What permissions
does User1 have when he or she accesses the User1 subfolder by making a con-
Lesson 2
Combining Shared Folder Permissions and NTFS Permissions
9-23
nection to the Users shared folder? What are User1’s permissions for the User2
subfolder?
Lesson Review
Use the following questions to help determine whether you have learned enough to
move on to the next lesson. If you have difficulty answering these questions, review
the material in this lesson before beginning the next lesson. You can find answers to
these questions in the “Questions and Answers” section at the end of this chapter.
1. If you are using both shared folder and NTFS permissions, the ______________
(least/most) restrictive permission is always the overriding permission.
2. Which of the following statements about combining shared folder permissions and
NTFS permissions are true? (Choose all that apply.)
a. You can use shared folder permissions on all shared folders.
b. The Change shared folder permission is more restrictive than the Read NTFS
permission.
c. You can use NTFS permissions on all shared folders.
d. The Read NTFS permission is more restrictive than the Change shared folder
permission.
3. Which of the following statements about shared folder permissions and NTFS permissions are true? (Choose all that apply.)
a. NTFS permissions apply only when the resource is accessed over the network.
b. NTFS permissions apply whether the resource is accessed locally or over the
network.
c. Shared folder permissions apply only when the resource is accessed over the
network.
d. Shared folder permissions apply whether the resource is accessed locally or
over the network.
4. If needed, you can apply different ______________________ permissions to each
folder, file, and subfolder.
9-24
Chapter 9
Administering Shared Folders
Lesson Summary
■
To combine shared folder and NTFS permissions, you should take the following
steps:
a. Calculate the NTFS effective permissions for the user.
b. Calculate the shared folder effective permissions for the user.
c. Analyze the results of steps 1 and 2, and select the result that is the more
restrictive of the two. This will be the user’s effective permission for the
shared folder.
■
On a FAT volume, the shared folder permissions are the only available way to provide security for the folders you have shared and for the folders and files they contain. On an NTFS volume, you can assign NTFS permissions to individual users
and groups to better control access to the files and subfolders in the shared folders. On an NTFS volume, you can apply different NTFS permissions to each file
and subfolder in a shared folder.
Case Scenario Exercise
In this exercise, you will read a scenario about planning shared folders and then
answer the questions that follow. If you have difficulty completing this work, review
the material in this chapter before beginning the next chapter. You can find answers to
these questions in the “Questions and Answers” section at the end of this chapter.
Scenario
You are an administrator working for a company named Contoso, Ltd., a manufacturer
of telephone systems used in airplanes. You are planning how to share resources on
servers in the company’s main office. Record your decisions in the table at the end of
this exercise. Figure 9-10 illustrates a partial folder structure for the servers at the manufacturing company.
Lesson 2
Combining Shared Folder Permissions and NTFS Permissions
Server1
Server2
C:
C:
Users
9-25
Data
User_name
Customer service
Server3
Public
D:
D:
Applications
Spreadsheet
Word processing
Database
Customers
Management guidelines
Project management
F09us10
Figure 9-10
A partial folder structure for the servers at a manufacturing company
You need to make resources on these servers available to network users. To do this,
determine which folders to share and which permissions to assign to groups, including
the appropriate built-in groups. Base your planning decisions on the following criteria:
■
Members of the Managers group need to read and revise documents in the Management Guidelines folder. Nobody else should have access to this folder.
■
Administrators need complete access to all shared folders, except for Management
Guidelines.
■
The customer service department needs its own network location to store working
files. All customer service representatives are members of the Customer Service
group.
9-26
Chapter 9
Administering Shared Folders
■
All employees need a network location to share information with each other.
■
All employees need to use the spreadsheet, database, and word processing software.
■
Only members of the Managers group should have access to the project management software.
■
Members of the CustomerDBFull group need to read and update the customer
database.
■
Members of the CustomerDBRead group need to read only the customer database.
■
Each user needs a private network location to store files, which must be accessible
only to that user.
■
Share names must be accessible from computers running Windows 95 and later, as
well as from non-Windows-based platforms.
Questions
Record your answers in this table.
Folder Name and Location
Shared Name
Groups and Permissions
Example:
Management Guidelines
MgmtGd
Managers: Full Control
Troubleshooting Lab
You are an administrator for a company named Contoso, Ltd., which is a distributor of
high-end fabrics sold at custom furniture retailers across the United States. You are
working with Sandra, a manager in the Sales department. Sandra is trying to work with
a file named Winter Products, which is located in a shared folder named Brochures.
She can access the file in a shared folder, but cannot save the file after making changes.
Lesson 2
Combining Shared Folder Permissions and NTFS Permissions
9-27
Sandra is a member of the following groups:
■
Sales
■
Users
■
Sales Managers
NTFS permissions are configured as shown in Figure 9-11.Shared folder permissions
are configured as shown in Figure 9-12.
F09us11
Figure 9-11
Examine the NTFS permissions for the Brochures folder.
Figure 9-12
Examine the shared folder permissions for the Brochures folder.
F09us12
9-28
Chapter 9
Administering Shared Folders
Why can Sandra open the file but not save it in the shared folder? How would you
solve the problem?
Chapter Summary
■
■
Sharing a folder makes the folder available to users on the network. You should
understand the following points about shared folders:
❑
Simple File Sharing is enabled by default on computers running Windows XP
Professional that are members of a workgroup. Simple File Sharing is not
available on computers that are members of a domain.
❑
The three shared folder permissions are Read, Change, and Full Control.
❑
To share a folder, you must be a member of the Administrators or Power
Users groups, or have the Create Permanent Shared Objects user right
assigned to your account.
❑
You can share folders, but not individual files.
❑
You can share folders on NTFS or FAT volumes.
❑
You can create multiple share names for a single folder.
❑
Windows XP Professional automatically shares folders for administrative purposes. These shares are marked with a dollar sign ($), which hides them from
users who browse the computer.
❑
You can use Computer Management to view, create, and modify shared folders,
as well as to view users that are connected to each share. You can also use Computer Management to remotely manage shared folders on other computers.
When shared folder permissions and NTFS permissions exist on a folder, you can
calculate the overall effective permissions by calculating the effective shared
folder permissions, then calculating the effective NTFS permissions, and then
applying the more restrictive of those two.
Exam Highlights
9-29
Exam Highlights
Before taking the exam, review the key points and terms that are presented in this
chapter. You need to know this information.
Key Points
■
If you cannot access the Security tab of a file or folder’s Properties dialog box or
if you cannot assign shared folder permissions to a folder, Simple File Sharing is
probably enabled.
■
Users of the Administrators or Power Users groups can share a folder. Users who
have been assigned the Create Permanent Shared Objects user right can also share
folders.
■
You often can use the built-in administrative shares to access resources on a computer when you cannot otherwise gain access. In particular, the Admin$ share is
useful because it allows you to access the system root folder of a computer. You
can also type the drive letter followed by a dollar sign (for example, C$) to access
a particular drive.
Key Terms
administrative share Hidden shares that Windows XP Professional creates automatically so that administrators can access resources on a computer.
Computer Management A console that provides access to a number of management utilities for administering a computer, including the ability to create, manage,
and monitor shared folders.
effective permissions The permissions level that a user actually has, taking all permission sources into account.
hidden share A method of preventing users who are browsing the network from
viewing the share. If you append the dollar sign ($) to a share name, it becomes
hidden. Built-in administrative shares are examples of hidden shares.
shared folder permissions Permissions assigned to shared folders that control
access to the folder over the network. Shared folder permissions include Read,
Change, and Full Control.
shared folders
Folders made accessible to users on the network.
Simple File Sharing A type of sharing that is used when a Windows XP computer
has not joined a domain or is running Windows XP Home Edition.
9-30
Chapter 9
Administering Shared Folders
Questions and Answers
Lesson 1 Practice: Exercise 1
Page
9-14
1. User101 is a member of Group1, Group2, and Group3. Group1 has Read permission. Group2 has Full Control permission for FolderA, and Group3 has change
permissions assigned for FolderA. What are User101’s effective permissions for
FolderA?
Because User101 is a member of Group1, Group2, and Group3, User101’s effective permission is Full Control, which includes all capabilities of the Read permission and the Change permission.
2. User102 has been granted the Full Control shared folder permission for FolderB as
an individual user. User102 is a member of the Managers group, which has been
granted Change permission for FolderB, and a member of the Sales group, which
has been denied all access to FolderB. What are User102’s effective permissions
for FolderB?
User102 has been granted Full Control to FolderB, but because User102 is a member of the
Managers group and the Sales group, User102’s effective permission is denied Full Control
access to FolderB. Denied permission overrides all other permissions.
Lesson 1 Practice: Exercise 2
Page
9-16
1. What new button appears on the dialog box after you click Apply?
A button named New Share appears in the Properties dialog box for a folder after you share the
folder for the first time. This button allows you to create additional shares.
Lesson 1 Practice: Exercise 3
Page
9-16
1. What new button is added to the Public Files Properties dialog box?
After creating an additional share, a button named Remove Share is added to the dialog box.
You can use this button to remove the additional share name.
Lesson 1 Review
Page
9-17
1. Because you use NTFS permissions to specify which users and groups can access
files and folders and what these permissions allow users to do with the contents
of the file or folder, why do you need to share a folder or use shared folder permissions?
Although NTFS security is effective whether a user gains access to the file or folder at the computer or over the network, NTFS permissions do not make folders available over the network.
Sharing folders is the only way to make folders and their contents available over the network.
Shared folder permissions provide another way to secure file resources. They can be used on
FAT or FAT32 partitions, as well as NTFS partitions, whereas NTFS permissions are available
only on NTFS volumes.
Questions and Answers
9-31
2. Which of the following permissions are shared folder permissions? (Choose all
that apply.)
a. Read
b. Write
c. Modify
d. Full Control
The correct answers are A and D. The available shared folder permissions are Read, Change,
and Full Control. B and C are not correct because Write and Modify are not valid shared folder
permissions.
3. ______________________ (Denied /Allowed) permissions take precedence over
____________ (denied /allowed) permissions on a shared folder.
Denied permissions take precedence over allowed permissions on a shared folder.
4. When you copy a shared folder, the original folder is ___________________ (no
longer shared /still shared) and the copy is ______________________ (not shared /
shared).
When you copy a folder, the original folder is still shared and the copy is not shared.
5. When you move a shared folder, the folder is ______________________ (no longer
shared /still shared).
When you move a shared folder, the folder is no longer shared.
6. When you rename a shared folder, the folder is ______________________ (no
longer shared /still shared).
When you rename a shared folder, the folder is no longer shared.
7. Windows XP Professional automatically shares folders for administrative purposes.
These shares are marked with a __________________, which hides them from
users who browse the computer.
Dollar sign ($)
8. The system root folder, which is C:\Windows by default, is shared as
____________. Administrators can access this shared folder to administer Windows
XP Professional without knowing in which folder it is installed. Only members of
the Administrators group have access to this share. Windows XP Professional
assigns the Full Control permission to the Administrators group.
Admin$
9-32
Chapter 9
Administering Shared Folders
Lesson 2 Practice: Combining Permissions
Page
9-21
1. In the first example, the Data folder is shared. The Sales group has the shared
folder Read permission for the Data folder and the NTFS Full Control permission
for the Sales subfolder. What are the Sales group’s effective permissions for the
Sales subfolder when they gain access to the Sales subfolder by making a connection to the Data shared folder?
The Sales group has the Read permission for the Sales subfolder because when shared folder
permissions are combined with NTFS permissions, the more restrictive permission applies.
2. In the second example, the Users folder contains user home folders. Each user
home folder contains data accessible only to the user for whom the folder is
named. The Users folder has been shared, and the Users group has the shared
folder Full Control permission for the Users folder. User1 and User2 have the NTFS
Full Control permission for their home folder only and no NTFS permissions for
other folders. These users are all members of the Users group. What permissions
does User1 have when he or she accesses the User1 subfolder by making a connection to the Users shared folder? What are User1’s permissions for the User2
subfolder?
User1 has the Full Control permission for the User1 subfolder because both the shared folder
permission and the NTFS permission allow Full Control. User1 cannot access the User2 subfolder because she or he has no NTFS permission to gain access to it.
Lesson 2 Review
Page
9-23
1. If you are using both shared folder and NTFS permissions, the ______________
(least/most) restrictive permission is always the overriding permission.
Most
2. Which of the following statements about combining shared folder permissions and
NTFS permissions are true? (Choose all that apply.)
a. You can use shared folder permissions on all shared folders.
b. The Change shared folder permission is more restrictive than the Read NTFS
permission.
c. You can use NTFS permissions on all shared folders.
d. The Read NTFS permission is more restrictive than the Change shared folder
permission.
The correct answers are A and D. B is not correct because the Read NTFS permission is more
restrictive than the Change shared folder permission. C is not correct because you can use
NTFS permissions only on volumes formatted with NTFS, whereas you can use shared folder
permissions on volumes formatted with NTFS or FAT.
Questions and Answers
9-33
3. Which of the following statements about shared folder permissions and NTFS permissions are true? (Choose all that apply.)
a. NTFS permissions apply only when the resource is accessed over the network.
b. NTFS permissions apply whether the resource is accessed locally or over the
network.
c. Shared folder permissions apply only when the resource is accessed over the
network.
d. Shared folder permissions apply whether the resource is accessed locally or
over the network.
The correct answers are B and C. A is not correct because NTFS permissions apply whether the
resource is accessed locally or over the network. D is not correct because shared folder permissions are applied only when a folder is accessed remotely over the network.
4. If needed, you can apply different ______________________ permissions to each
folder, file, and subfolder.
NTFS
Case Scenario Exercise Questions
Page
9-24
Folder Name and Location
Shared Name
Groups and Permissions
Example:
Management Guidelines
MgmtGd
Managers: Full Control
You have two choices for permissions: you can rely entirely on NTFS permissions and assign
Full Control for all shared folders to the Everyone group, or you can use shared folder permissions according to resource needs. The following suggested shared folders include required
permissions if you decide to assign shared folder permissions.
■
Share Management Guidelines as MgmtGd. Assign the Full Control permission to the Managers group.
■
Share Data as Data. Assign the Full Control permission to the Administrators built-in group.
9-34
Chapter 9
Administering Shared Folders
■
Share Data\Customer Service as CustServ. Assign the Change permission to the Customer
Service group.
■
Share Data\Public as Public. Assign the Change permission to the Users built-in group.
■
Share Applications as Apps. Assign the Read permission to the Users built-in group and the Full
Control permission to the Administrators built-in group.
■
Share Project Management as ProjMan. Assign the Change permission to the Managers group
and the Full Control permission to the Administrators built-in group.
■
Share Database\Customers as CustDB. Assign the Change permission to the CustomerDBFull
group, the Read permission to the CustomerDBRead group, and the Full Control permission to
the Administrators built-in group.
■
Share Users as Users. Create a folder for every employee below this folder. Assign the Full Control permission to each employee for his or her own folder. Preferably, have Windows XP Professional create the folder and assign permission automatically when you create each user
account
Troubleshooting Lab
Page
9-26
Why can Sandra open the file but cannot save it in the shared folder? How would you
solve the problem?
Sandra has the effective NTFS permissions necessary to open and save the file. The Sales
group has the Read & Execute, List Folder Contents, and Read permissions. The Sales Managers group has these permissions plus the Modify and Write permissions. To determine effective
NTFS permissions, combine permissions from all sources.
For shared folder permissions, both the Sales and Sales Managers groups have only the Read
permission. Because you choose the most restrictive permission when combining NTFS and
shared folder permissions, Sandra ends up being able to read—but not change—files in the
Brochures folder. To solve this problem, you should select the Change check box in the Allow
column of the Permissions for Sales Managers list (see Figure 9-12).
10 Managing Data Storage
Exam Objectives in this Chapter:
■
Monitor, manage, and troubleshoot access to files and folders
❑
Configure, manage, and troubleshoot file compression
❑
Optimize access to files and folders
■
Manage and troubleshoot access to and synchronization of offline files
■
Implement, manage, and troubleshoot disk devices
■
❑
Install, configure, and manage DVD and CD-ROM devices
❑
Monitor and configure disks
❑
Monitor, configure, and troubleshoot volumes
❑
Monitor and configure removable media, such as tape drives
Configure, manage, and troubleshoot the Encrypting File System (EFS)
Why This Chapter Matters
This chapter introduces data storage management on different types of volumes.
You will learn about the different types of disk devices and volumes, as well as
how to manage and troubleshoot them in Windows XP Professional. You will
learn about compression, which allows you to store more data on a disk, and you
will learn about disk quotas, which allow you to control how much space a user
can use on a disk. You will learn how you can increase the security of files and
folders on your computer by using the Microsoft Encrypting File System (EFS).
You will also learn about defragmenting a disk, which allows your system to
access and save files and folders more efficiently.
Lessons in this Chapter:
■
Lesson 1: Managing and Troubleshooting Disks and Volumes . . . . . . . . . . . .10-3
■
Lesson 2: Managing Compression. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-28
■
Lesson 3: Managing Disk Quotas . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-39
■
Lesson 4: Increasing Security by Using EFS. . . . . . . . . . . . . . . . . . . . . . . . . 10-49
■
Lesson 5: Maintaining Disks with Disk Defragmenter,
Check Disk, and Disk Cleanup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-57
■
Lesson 6: Configuring Offline Folders and Files . . . . . . . . . . . . . . . . . . . . . 10-69
10-1
10-2
Chapter 10
Managing Data Storage
Before You Begin
To complete this chapter, you must have a computer that meets the minimum hardware requirements listed in the preface, “About This Book.” You must also have Windows XP Professional installed on the computer.
Lesson 1
Managing and Troubleshooting Disks and Volumes
10-3
Lesson 1: Managing and Troubleshooting Disks and
Volumes
Hard disks are fixed storage devices that are connected to a computer by Integrated
Device Electronics (IDE) or Small Computer System Interface (SCSI) controllers. Portable hard disks are also available, and they can be connected with universal serial bus
(USB) and Institute of Electrical and Electronics Engineers (IEEE) 1394 (also known as
FireWire) interfaces. Windows typically treats portable hard disks, CD-ROM drives, and
DVDs as removable storage devices. This lesson focuses on configuring and troubleshooting hard disks in Windows XP. You should also be able to use the tools that Windows XP provides for managing, maintaining, and troubleshooting hard disks.
After this lesson, you will be able to
■ Explain the use of basic and dynamic disks.
■ Manage hard disks by using the Disk Management tool.
■ Manage hard disks on a remote computer in Computer Management.
■ Manage disks from the command line by using the Diskpart command.
■ Troubleshoot disks and volumes.
■ Work with removable media.
Estimated lesson time: 70 minutes
Overview of Basic and Dynamic Disks
Windows XP Professional supports two types of hard disk storage on desktop computers: basic disks and dynamic disks. (You cannot use dynamic disks on portable computers.)
Basic Disks
Basic disks are the traditional type of storage that is available in earlier versions of
Microsoft Windows. Basic disks are also the default storage type in Windows XP, so all
hard disks begin as basic disks. Windows XP recognizes all disks as basic by default,
including all new installations and upgrades from previous versions of Windows. To
use a dynamic disk, you must convert a basic disk to a dynamic disk.
On a basic disk, you must create one or more partitions (also called basic volumes).
Partitions were covered in detail in Chapter 2, “Installing Windows XP Professional,”
but a brief review is in order.
You must configure a basic disk with at least one partition. In fact, most computers that
you will encounter have a single hard disk with one partition that takes up all the phys-
10-4
Chapter 10
Managing Data Storage
ical space on the disk. You can also divide a hard disk into multiple partitions for the
purpose of organizing file storage or supporting multiple operating systems on a single
computer. You can create the following three types of partitions on a basic hard disk:
Primary You can configure up to four primary partitions on a computer running
a Windows operating system (three partitions if you also have an extended partition on the disk). You can configure any primary partition as the active (or bootable) drive, but only one primary partition is active at a time. Other primary drives
are typically hidden from the operating system and are not assigned a drive letter.
Extended An extended partition provides a way to exceed the four primary partition limit. You cannot format an extended partition with any file system. Rather,
extended partitions serve as a shell in which you can create any number of logical
partitions.
Logical You can create any number of logical partitions inside an extended partition. Logical partitions are normally used for organizing files. All logical partitions
are visible, no matter which operating system is started.
Windows stores partition information for basic disks in the partition table, which is not
part of any operating system (it is an area of the drive that is accessible by all operating
systems). Other configuration options, such as drive letter assignments, are controlled
by the operating system and are stored in the Windows Registry.
Dynamic Disks
Windows XP Professional supports dynamic disks (except on portable computers).
Dynamic disks offer several advantages over basic disks:
■
You can divide a dynamic disk into many volumes. The basic disk concept of primary and extended partitions does not exist when using dynamic disks.
■
Windows stores configuration information for dynamic disks entirely on the disk.
If there are multiple dynamic disks, Windows replicates information to all other
disks so that each disk has a copy of the configuration information. This information is stored in the last 1 MB of the disk.
■
You can extend dynamic volumes by using contiguous or noncontiguous disk
space. Dynamic volumes can also be made up of areas of disk space on more than
one disk.
Lesson 1
Managing and Troubleshooting Disks and Volumes
10-5
Windows XP supports the following types of dynamic volumes
Simple volume A simple volume can contain disk space from a single disk and can
be extended if necessary.
Spanned volume A spanned volume can contain disk space from 2 or more (up to
a maximum of 32) disks. The amount of disk space from each disk can vary. You
will most often use spanned volumes when a simple volume is running low on
disk space and you need to extend the volume by using space on another hard
disk. You can continue to extend spanned volumes to include areas from additional hard disks as necessary. When Windows writes data to a spanned volume,
it writes data to the area on the first disk until the area is filled, and then writes
data to the area on the second disk, and so on. There is no fault tolerance in
spanned volumes. If any of the disks containing the spanned volume fail, you lose
all data in the entire spanned volume.
Striped volume A striped volume can contain disk space from 2 or more (up to a
maximum of 32) disks. Unlike spanned volumes, striped volumes require that you
use an identical amount of disk space from each disk. When Windows writes data
to a striped volume, it divides the data into 64 KB chunks and writes to the disks
in a fixed order. Thus, Windows will split a 128 KB file into two 64 KB chunks,
and then stores each chunk on a separate disk. Striped volumes provide increased
performance because it is faster to read or write two smaller pieces of a file on two
drives than to read or write the entire file on a single drive. However, you cannot
extend striped volumes, and they provide no fault tolerance. If any of the disks
that contain the striped volume fail, you lose all data on the volume. Striped volumes are also referred to as RAID-0.
!
Exam Tip
Windows XP Professional does not support fault-tolerant disk configurations.
Spanned volumes simply allow you to use different amounts of disk space from multiple hard
disks in a single volume. Striped volumes allow you use an identical amount of disk space
from multiple hard disks. The advantage of using striped volumes is that Windows can write
information to the disk more quickly.
10-6
Chapter 10
Managing Data Storage
Real World
Supporting Multiple Operating Systems
Basic disks are generally sufficient for a computer with a single hard disk. There
are really two situations in which you might want to use a dynamic disk. The first
is if you need to extend a volume to contain unallocated disk space that is not
contiguous (for example, if you have extra free space on the same disk, but not
directly adjacent to the volume you need to extend, or if you have free space on
another disk). The second reason is if you want to configure a striped volume to
increase read/write speed.
If you plan to use multiple operating systems on the same computer, your choice
of disk types will be limited by the operating systems you want to install.
Although multibooting is not used as much as it used to be, it continues to be a
useful feature if you are using Windows XP but occasionally need to replicate
older computing environments. (You will probably find an alternate solution such
as Microsoft Virtual PC more efficient and easy to configure.) If you decide to use
multibooting, you are limited in the following ways:
■
If you need to install Windows XP Professional along with any operating system other than Windows 2000 Professional, you must use a basic disk. You
should create a primary disk partition for each operating system.
■
If you have a single dynamic disk, you can install only one operating system:
Windows XP Professional or Windows 2000 Professional (the only desktop
operating systems that support dynamic disks).
■
If you have two or more hard disks installed in your computer, each dynamic
disk can contain one installation of Windows XP Professional or Windows
2000. No other operating systems can start from a dynamic disk. Windows
XP Home Edition does not support dynamic disks.
Managing Hard Disks by Using the Disk Management Tool
You will use the Disk Management tool to create and manage volumes on fixed and
removable disks. You access Disk Management from within the Computer Management window, as shown in Figure 10-1. You can access Computer Management by
using the Administrative Tools icon in Control Panel or by right-clicking My Computer
and selecting Manage.
Lesson 1
Managing and Troubleshooting Disks and Volumes
10-7
F10us01
Figure 10-1
Use the Disk Management tool to manage fixed and removable storage.
Working with Basic Disks
You make unallocated space on basic disks available to the operating system by creating a partition and then formatting that partition with the file system of your choice.
How to Create a Primary Partition
To create a primary partition, follow these steps:
1. Click Start, and then click Control Panel.
2. In the Control Panel window, click Performance And Maintenance.
3. In the Performance And Maintenance window, click Administrative Tools.
4. In the Administrative Tools menu, double-click Computer Management.
Tip
You can also open Computer Management by right-clicking the My Computer icon on the
desktop or Start menu, and then clicking Manage.
5. In the Computer Management window, expand the Storage container, and then
click Disk Management.
6. In Disk Management, right-click the unallocated space in which you want to create the primary partition, as shown in Figure 10-2, and then select New Partition.
10-8
Chapter 10
Managing Data Storage
F10us02fg
Figure 10-2
Create a partition on a basic disk.
7. On the Welcome page for the New Partition Wizard, click Next.
8. On the Select Partition Type page, shown in Figure 10-3, click Primary Partition
and click Next.
F10us03
Figure 10-3
Select a partition type on the basic disk.
9. On the Specify Partition Size page, enter the amount of disk space in megabytes
(MB) that you want to use for this partition, and then click Next.
10. On the Assign Drive Letter Or Path page, choose an available drive letter or a path
for a volume mount point, and then click Next.
Lesson 1
Managing and Troubleshooting Disks and Volumes
10-9
11. On the Format Partition page, click Format This Partition, select a file system, and
then assign a volume label. Click Next.
12. On the Completion page, click Finish to create and format the partition. Be
patient: Windows must perform a number of functions, which can take several
minutes.
How to Create Extended Partitions
steps:
To create an extended partition, follow these
1. In Disk Management, right-click the unallocated space in which you want to create the extended partition and select New Partition.
2. On the Welcome page for the Create Partition Wizard, click Next.
3. On the Select Partition Type page, click Extended Partition, and then click Next.
4. On the Specify Partition Size page, enter the amount of disk space in MB that you
want to use for this partition, and then click Next.
5. On the Completion page, click Finish to create the extended partition.
You are not prompted to assign a drive letter or to format an extended partition
because the extended partition serves only as a shell to contain logical drives. You will
format and assign drive letters to logical drives.
How to Create Logical Drives
follow these steps:
To create a logical drive inside an extended partition,
1. In Disk Management, right-click the free space in the extended partition in which
you want to create the logical drive, and then click New Logical Drive.
2. On the Welcome page for the Create Partition Wizard, click Next.
3. On the Select Partition Type page, click Logical Drive, and then click Next.
4. On the Specify Partition Size page, enter the amount of disk space in MB that you
want to use for this logical drive, and then click Next.
5. On the Assign Drive Letter Or Path page, choose an available drive letter, and then
click Next.
6. On the Format Partition page, click Format This Partition, select a file system, and
then assign a volume label. Click Next.
7. On the completion page, click Finish to create and format the logical drive.
10-10
Chapter 10
Managing Data Storage
Figure 10-4 shows an extended partition on Disk 1 that contains a 502 MB logical drive
and 612 MB of remaining free space.
F10us04
Figure 10-4
Viewing extended and logical partitions in Disk Management.
Formatting Volumes
Formatting a basic or dynamic volume with a file system prepares the volume to
accept data. Unformatted volumes contain no file system and are not accessible by
using Windows Explorer or any other application.
You can format volumes in the following ways:
■
By using Disk Management and formatting the new volume as it is being created
■
By using Disk Management, right-clicking an existing volume, and then selecting
Format
■
By using Windows Explorer, right-clicking the drive letter, and then selecting Format
■
By using a command prompt, using the Format.exe command, and selecting the
appropriate parameters
If you format an existing volume that contains data, all data is lost. Windows XP protects itself by preventing you from formatting the system and boot partition for the
operating system by using any of the built-in Windows utilities.
Formatting options, shown in Figure 10-5, include the following:
Volume Label The character name for a volume of up to 11 characters. This is the
name that is displayed in Disk Management and Windows Explorer. You should
choose a label that describes the type of information that is stored on the volume,
such as System for the volume that contains the operating system or Documents
for a volume that contains user documents.
Lesson 1
Managing and Troubleshooting Disks and Volumes 10-11
File System Allows you choose from the FAT (for FAT16), FAT32, or NTFS file systems (see Chapter 2 for more information on file systems).
Allocation Unit Size Allows you change the default cluster size for any of the file
systems. Microsoft recommends leaving this value at its default setting.
Perform A Quick Format Specifies that you want to format the drive without having Windows perform an exhaustive scan of the drive to check for bad sectors.
Select this option only if you have previously performed a full format and are certain that the disk is not damaged.
Enable File And Folder Compression Specifies that all files placed on the disk will
be compressed by default. Compression is always available on an NTFS volume,
and you can enable or disable it at any time through the properties of the files and
folders on the volume. File And Folder Compression is available only when you
format a volume with NTFS. Read Lesson 2, “Managing Compression,” for more
information.
F10us05
Figure 10-5 You can format a partition by using the Disk Management tool.
Drive Letters
When you create a basic or dynamic volume, you assign it a drive letter, such as C or
D. The drive letter is used to access the volume through Windows Explorer and other
applications. Floppy drives, CD-ROM and DVD drives, removable drives, and tape
devices are also assigned drive letters.
To change the currently assigned drive letter for a volume, right-click the volume in
Disk Management, select Change Drive Letter And Paths from the Action menu, and
then click Change. Note that you can change a volume only to a drive letter that is not
already being used.
Note
Windows XP Professional does not allow you to modify the drive letter for the system
and boot partitions.
10-12
Chapter 10
Managing Data Storage
Volume Mount Points
Windows XP also allows you to mount a volume by using a path instead of assigning
a drive letter. For example, you could create a folder named C:\Files. You could then
assign the C:\Files path to a new volume labeled Files. When you open the C:\Files
folder within Windows Explorer, you would actually see the information that is stored
on the Files volume. This type of volume is referred to as a mounted volume, and the
folder that the mounted volume is attached to is referred to as a volume mount point.
You can create multiple volume mount points for a single volume. You can dismount
and move a mounted volume to another volume mount point if necessary.
Mounted volumes provide a method of extending the perceived available space on an
existing volume without extending the volume’s actual size. Technically, a mounted
volume is a separate volume, but in the user’s eyes it appears to be an extension of an
existing volume. Therefore, you can use mounted volumes to increase the amount of
disk space that is available on a basic volume to include disk space on another hard
disk (remember that you cannot actually extend a basic volume to include space on
another disk). Also, mounted volumes provide a method for managing multiple volumes of information from the same drive letter.
Volume mount points are supported on NTFS volumes only. The volume that is being
mounted can be formatted with any supported file system.
To add a mounted volume to an existing volume, follow these steps:
1. In Windows Explorer, create a folder on an NTFS volume to serve as the volume
mount point.
2. In Disk Management, locate the volume for which you want to modify the drive
letter or path information.
3. Right-click the volume and select Change Drive Letter And Path from the Action
menu.
4. In the Change Drive Letter And Paths For New Volume dialog box, click Add to
create a new mounted volume.
5. In the Add Drive Letter Or Path dialog box, click Mount In The Following Empty
NTFS Folder and enter the path to the volume mount point, as shown in Figure 10-6.
F10us06
Figure 10-6
A mounted volume is actually a path on an existing volume.
Lesson 1
Managing and Troubleshooting Disks and Volumes 10-13
6. Click OK.
Mounted volume paths have a different icon in Windows Explorer, as shown in Figure
10-7, and are represented by the <JUNCTION> identifier when viewed at a command
prompt, as shown in Figure 10-8.
F10us07
Figure 10-7
Volume mount points look like drives in Windows Explorer.
Figure 10-8
Volume mount points are labeled <JUNCTION> at a command prompt.
F10us08
The following list contains some additional information about drive letters and paths:
■
You cannot assign multiple drive letters to a single volume.
■
You cannot assign the same drive letter to multiple volumes on the same computer.
■
You can mount a volume into multiple paths simultaneously.
■
A volume can exist without a drive letter or mount path assigned; however, the
volume will not be accessible by applications.
10-14
Chapter 10
Managing Data Storage
How to Convert a Basic Disk to a Dynamic Disk
All disks are basic disks by default. When you need to take advantage of the functionality that dynamic disks provide, you must convert the basic disks to dynamic disks.
You can convert a basic disk to a dynamic disk without losing existing data.
For the conversion to be successful, there must be at least 1 MB of free unpartitioned
space available on the basic disk. This 1 MB is necessary to store the dynamic disk
database, which tracks the configuration of all dynamic disks in the computer. If Windows XP Professional created the existing partitions, it will have automatically reserved
the 1 MB of space required for the conversion. If another operating system or a thirdparty utility program created the partitions prior to upgrading, there is a chance that no
free space is available. In that case, you will likely have to repartition the drive so that
1 MB of space is reserved as blank space.
During the conversion, all primary and extended partitions become simple dynamic
volumes, and the disk will join the local disk group and receive a copy of the dynamic
disk database.
To convert a basic disk to a dynamic disk, follow these steps:
1. In Disk Management, right-click the basic disk that you want to convert and select
Convert To Dynamic Disk, as shown in Figure 10-9. Make sure that you right-click
the actual disk (to the left of the partitions where the Disk number is located), not
one of the partitions on the disk.
F10us09
Figure 10-9
Use Disk Management to convert a basic disk to a dynamic disk.
2. In the Convert To Dynamic Disk box dialog box, verify the disks that you want to
convert, and then click OK.
3. In the Disks To Convert dialog box, click Convert, and then click Yes to confirm.
If you are warned that the file system must be dismounted, click Yes again.
Lesson 1
Managing and Troubleshooting Disks and Volumes 10-15
Windows returns you to the Disk Management tool and begins the conversion.
!
Note If the disk contains the system or boot volume or any part of the paging file, you will
have to restart the computer to complete the conversion process.
You can verify that Windows completed the conversion by viewing the disk type in
Disk Management, as shown in Figure 10-10.
F10us10
Figure 10-10
The dynamic disk type is displayed in Disk Management.
If you right-click the disk and do not see the Convert To Dynamic Disk option, one of
the following conditions might exist:
■
The disk has already been converted to dynamic.
■
You have right-clicked a volume instead of the disk.
■
The disk is in a portable computer. Portable computers do not support dynamic
disks.
■
There is not 1 MB of available space at the end of the disk to hold the dynamic
disk database.
■
The disk is a removable disk, such as a Zip disk or a detachable USB disk device.
Dynamic disks are not supported on removable disks.
■
The sector size on the disk is larger than 512 bytes. Windows XP Professional supports dynamic disks only on disks with a sector size of 512 bytes. The vast majority
of hard disks use this sector size.
How to Revert from a Dynamic Disk to a Basic Disk
To make a dynamic disk locally accessible by an operating system other than Windows
XP Professional (for example, to allow a computer running Windows 98 to access the
10-16
Chapter 10
Managing Data Storage
hard disk when you install the hard disk in that computer), you must convert the
dynamic disk back to a basic disk. Data is not preserved when reverting to a basic disk;
the downgrade process requires that all data be removed from the disk.
Note
Whether a disk is dynamic or basic has no effect on whether clients running any operating system can connect to shared folders on that disk remotely over the network. Computers running previous versions of Windows cannot locally access a dynamic disk when you
install the disk into the computer.
To revert from a dynamic disk back to a basic disk, follow these steps:
1. Back up all files and folders on the entire disk.
2. In Disk Management, delete all the volumes from the disk.
3. Right-click the dynamic disk you want to convert and select Convert To Basic
Disk.
4. Follow the on-screen instructions.
5. Create an appropriate partition scheme on the disk and format the newly created
drives.
6. Restore data as necessary.
!
Exam Tip When you convert a basic disk to a dynamic disk, data on the disk is preserved.
When you revert a dynamic disk to a basic disk, data on the disk is lost.
How to Create a Simple Dynamic Volume
A simple dynamic volume contains space on a single disk. Although similar to a primary basic volume, there are no limits to how many simple volumes you can create on
a single disk.
To create a simple volume, follow these steps:
1. In Disk Management, right-click the unallocated space on which you want to create the simple volume, and then select New Volume.
2. On the New Volume Wizard welcome page, click Next.
3. On the Select Volume Type page, click Simple, and then click Next.
4. On the Select Disks page, enter the desired size in MB, and then click Next.
Lesson 1
Managing and Troubleshooting Disks and Volumes 10-17
5. On the Assign A Drive Letter Or Path page, select a drive letter or enter a path for
a mounted volume, and then click Next.
6. On the Format Volume page, select the file system and enter a volume label. Click
Next.
7. On the Completion page, click Finish to create the volume.
How to Create a Striped Dynamic Volume
Striped volumes can contain from 2 to 32 disks. Data is written to and read from multiple disks simultaneously, increasing disk performance. Data is written (striped) in 64
KB blocks. Striped volumes do not provide any fault tolerance. If one or more of the
disks in a striped volume fails, all data on the entire volume is lost. Striped volumes are
also known as RAID 0.
To create a striped volume, complete the following steps:
1. In Disk Management, right-click the unallocated space on one of the disks on
which you want to create the striped volume, and then select New Volume.
2. On the New Volume Wizard welcome page, click Next.
3. On the Select Volume Type page, click Striped, and then click Next. Note that you
must have multiple dynamic disks with unallocated space for Striped to be an
option.
4. On the Select Disks page, select the disks to be included in the striped volume.
Adjust the size of the striped volume accordingly, and then click Next.
5. On the Assign Drive Letter Or Path page, select a drive letter or enter a path for a
mounted volume, and then click Next.
6. On the Format Volume page, select the file system and enter a volume label. Click
Next.
7. On the Completion page, click Finish to create the volume.
The amount of disk space that is consumed on each disk in the striped volume must be
equal. The disk with the smallest amount of available space limits the maximum
amount of space available on a striped volume. For example, assume that you have the
following drive configuration on your computer:
■
Disk 0—No space available
■
Disk 1—2 GB available
■
Disk 2—2 GB available
■
Disk 3—1 GB available
10-18
Chapter 10
Managing Data Storage
If you attempt to create a striped volume with Disks 1, 2, and 3, the maximum volume
size that you can create is 3 GB. Because Disk 3 has only 1 GB of space available, you
are limited to using only 1 GB from each of the disks in the set. However, if you create
a striped volume using only Disks 1 and 2, the maximum volume size you can create
is 4 GB because both disks have 2 GB of available space.
Extending Volumes
Windows XP Professional supports extending volumes on both basic and dynamic
disks. You extend volumes on basic disks by using the Diskpart command-line utility.
You can extend volumes on dynamic disks by using either the Disk Management utility
or the Diskpart command-line utility.
Extending Volumes on Basic Disks You can extend primary partitions and logical
drives on basic disks if the following conditions are met:
■
The volume to be extended is formatted with the NTFS file system.
■
The volume is extended into contiguous unallocated space (adjacent free space)
that follows the existing volume (as opposed to coming before it).
■
The volume is extended on the same hard disk. Volumes on basic disks cannot be
extended to include disk space on another hard disk.
■
The volume is not the system or boot volume. The system or boot volumes cannot
be extended.
You extend volumes by running the Diskpart utility from the command line, selecting
the appropriate volume, and then executing the following command:
extend [size=n] [noerr]
See Also
For further information on the use of Diskpart, refer to the section entitled “How
to Manage Disks from the Command Line by Using Diskpart” later in this chapter.
Extending Volumes on Dynamic Disks You can extend a simple volume as long as it
has been formatted with NTFS. You do this by attaching additional unallocated space
from the same disk, or from a different disk, to an existing simple volume. Disk space
that is used to extend a simple volume does not have to be contiguous. If the additional space comes from a different disk, the volume becomes a spanned volume.
Spanned volumes can contain disk space from 2 to 32 disks.
If the volume is not formatted with NTFS, you must convert the volume to NTFS before
you can extend it.
Lesson 1
Managing and Troubleshooting Disks and Volumes 10-19
You extend simple volumes by using Disk Management or the Diskpart command-line
utility. Perform extensions of simple volumes with Diskpart the same way that you perform extensions of basic volumes.
To extend a simple volume using Disk Management, follow these steps:
1. In Disk Management, right-click the simple volume that you want to extend, and
then click Extend Volume.
2. On the Extend Volume Wizard welcome page, click Next.
3. On the Select Disks page, select the disk(s) that contain free space that you want
to attach to this volume, enter the amount of space for each disk, and then click
Next.
4. On the Completion page, click Finish to extend the volume.
Figure 10-11 shows the Select Disks page on a single-drive system. In this case, the
maximum available space on the selected disk that you can use to extend the volume
is 2048 MB.
F10us11
Figure 10-11
Extend a simple dynamic volume in Disk Management.
You are not prompted for any information concerning drive lettering or formatting
because the added space assumes the same properties as the existing volume.
Moving Disks to Another Computer
If a computer fails but the hard disks are still functional, you can install the disks into
another computer to ensure that the data is still accessible. However, you need to consider the following issues that are associated with moving disks:
10-20
Chapter 10
Managing Data Storage
■
You cannot move dynamic disks to computers running Windows 95, Windows 98,
Windows Millennium Edition (Windows Me), Windows NT 4.0 or earlier, or Windows XP Home Edition because these operating systems do not support dynamic
disks. To move a disk to these operating systems, you must first convert it to a
basic disk.
■
When moving spanned or striped volumes, move all disks that are associated with
the volume at the same time. If one disk is missing from a spanned or striped volume, none of the data on the entire volume is accessible.
■
Windows XP Professional does not support volume sets or stripe sets that were
created in Windows NT 4.0. You must back up the data, delete the volumes, install
the disks into the Windows XP Professional computer, create new volumes, and
then restore the data. Alternatively, you can install the disks into a computer running Windows 2000 (which does support Windows NT volume and stripe sets),
convert the disks to dynamic disks (which converts volume sets to spanned volumes and stripe sets to striped volumes), and then install the disks into a computer
running Windows XP Professional.
After moving disks, the disks appear in Disk Management on the new computer. Basic
disks are immediately accessible. Dynamic disks initially appear as foreign disks and
need to be imported before you can access them.
How to Import Foreign Disks
All dynamic disks on a computer running Windows XP Professional are members of
the same disk group. Each disk in the group contains the dynamic disk database for the
entire group stored in the 1 MB reserved disk area at the end of the disk. When you
move a dynamic disk from one computer to another, Windows displays it as a foreign
disk because it does not belong to the local disk group. You must import foreign disks,
which merge the disk’s information into the dynamic disk database on the new computer and place a copy of the database on the newly installed disk.
To import a foreign disk, follow these steps:
1. In Disk Management, right-click the disk that is marked Foreign and click Import
Foreign Disks from the Action menu.
2. Select the disk group that you want to import. (There might be more than one foreign disk group if you have moved multiple disks from different computers into
the same computer running Windows XP Professional.)
3. In the Foreign Disk Volumes dialog box, review the information to ensure that
the condition for the volumes in the disk group being imported is displayed as
OK. If all the disks for a spanned or striped volume are not present, the condition
Lesson 1
Managing and Troubleshooting Disks and Volumes 10-21
is displayed as incomplete. You should resolve incomplete volume conditions
before continuing with the import.
4. If you are satisfied with the information that is in the Foreign Disk Volumes dialog
box, click OK to import the disks.
Removing Disks from the Dynamic Disk Database
If you remove a dynamic disk from a computer running Windows XP, Disk Management displays the disk as either Offline or Missing because the disk’s configuration is
still present in the dynamic disk database stored on the other disks on the computer.
You can remove the missing disk’s configuration from the dynamic disk database by
right-clicking the disk and selecting Remove Disk.
How to Manage Disks Remotely By Using Computer Management
You can perform disk functions on a remote computer by connecting to that computer
through Computer Management. To connect to a remote computer in Computer Management, follow these steps:
1. From the Start menu, right-click My Computer and select Manage to open the
Computer Management window.
2. In the Computer Management window, right-click Computer Management and
select Connect To Another Computer from the Action menu.
3. In the Select Computer dialog box, select the computer that you want to manage
remotely, and then click OK. Computer Management displays the remote computer’s information, and you can manage the disks on that computer by using the
Disk Management tool.
How to Manage Disks from the Command Line by Using Diskpart
You can use the Diskpart.exe command to execute disk-management tasks from a
command prompt and to create scripts for automating those tasks that you need to perform frequently or on multiple computers.
Executing Diskpart from a command prompt opens the Diskpart command interpreter.
When you are in the Diskpart command interpreter, the command prompt changes to
DISKPART>. You can view available commands for the Diskpart tool by typing commands at the Diskpart command prompt, as shown in Figure 10-12. Note that you type
exit to close the Diskpart command interpreter and return to the normal command
prompt.
10-22
Chapter 10
Managing Data Storage
F10us12
Figure 10-12
Viewing Diskpart command options.
One feature that is not available in Diskpart is the capability to format volumes. To format volumes, you must use the format.exe command from the standard command
prompt.
How to Troubleshoot Disks and Volumes
Disk Management displays the status of each disk and volume. If you refer to Figure
10-1, you notice that all disks are online and all volumes are showing the desired status
of Healthy.
Disk status types are as follows:
Online Displayed by basic and dynamic disks. The disk is accessible. No user action
is required.
Online (Errors) Displayed by dynamic disks only. The disk is accessible, but input/
output (I/O) errors have been detected. If the I/O errors are intermittent, rightclick the disk and select Reactivate Disk. This normally returns the disk to Online
status.
Offline Or Missing Displayed by dynamic disks only. This disk is not accessible.
Attempt to rescan the disks on the computer by selecting Rescan Disks from the
Action menu in Disk Management. If the scan is unsuccessful, look for a physical
reason for the drive failure (cables disconnected, no power to disk, failed disk). If
you must replace a failed drive, first delete all volumes on the disk, right-click the
disk, and select Remove Disk.
Foreign Displayed by dynamic disks only. The disk has been moved to this computer from another computer. Right-click the disk, and then select Import Foreign
Disk. If you do not want to keep the information on the disk, you can select Convert To Basic Disk, and all information on the disk will be lost.
Unreadable Displayed by basic and dynamic disks. The disk is not accessible. Disks
might show this status while they are initializing. If a disk continues to show this
Lesson 1
Managing and Troubleshooting Disks and Volumes 10-23
status, the disk might have failed entirely. Restart the computer to determine
whether the disk will become accessible. If it is a dynamic disk, attempt to repair
the disk by right-clicking it and selecting Rescan Disks.
Unrecognized
The disk is an unknown type, and Windows XP cannot recognize it.
No Media This status is on drives with removable media, such as a CD-ROM drive,
when the drive is empty.
Volume status types and the recommended action (if required) are as follows:
Healthy
The volume is accessible and has no detected problems.
Healthy (At Risk) If the disk status is Online (Errors), the volumes will be accessible,
but all volumes will display this status. Restoring the disk to Online will clear this
status from the volume.
Initializing The volume is in the process of initializing. No action is required. After
the initialization is complete, the volume should show a status of Healthy.
Removable Media
Windows XP contains built-in support for both CD-ROM and DVD-ROM devices. Windows XP also supports a number of other removable media types, such as tape drives
and memory storage. This section covers the monitoring and troubleshooting of
removable media.
CD-ROM and DVD Devices
Most CD-ROM and DVD-ROM devices are Plug and Play–compliant and therefore
require little configuration. To view the status and configuration of these types of
devices, access the device’s Properties dialog box through Device Manager. The General tab of the device’s Properties dialog box indicates whether the device is functioning properly within Windows.
If Device Manager indicates that the device is installed and functioning, yet the
device does not appear to be working properly, there might be a physical problem
with the device installation, or the device itself might be faulty. If the disk tray does
not eject properly, or if the power/usage light-emitting diode (LED) indicators are
not illuminated, open the computer and verify that all connections have been properly established.
If a CD or DVD device appears to read data correctly but does not play back audio,
there is most likely a device driver problem, or additional required components are not
currently configured. Always verify that the device is listed in the Windows Catalog.
Also, make sure that the latest version of the device driver and associated software is
installed.
10-24
Chapter 10
Managing Data Storage
To troubleshoot an audio playback problem, take the following additional steps:
■
Verify that the sound card is properly configured and functional.
■
Verify that the speakers are plugged in and turned on.
■
Verify that the sound has not been muted.
■
Verify that the audio cables connecting the CD/DVD to the sound card are properly connected.
■
Make sure that the CD is clean.
If the CD device supports it, you can enable the digital CD playback feature in the
drive’s Properties dialog box in Device Manager. On the Properties tab, select the
Enable Digital CD Audio For This CD-ROM Device check box. Digital CD playback
requires that CD devices support digital audio extraction (DAE), which older devices
might not support. When digital CD playback is enabled, the CD-ROM drive does not
have to be connected to the sound card, and audio output from the headphone jack on
the CD-ROM drive is disabled.
Removable Storage Media
Removable storage media consist of devices such as disks, tape, and optical media,
which are stored either online in the form of information libraries or offline on a shelf
or in a file drawer. These media are used primarily for backup of applications and data.
They are also used to archive data that is not accessed frequently.
Previous versions of Windows (pre–Windows 2000) did not provide strong support for
removable devices. Each application that required access to a removable device
needed a custom solution for accessing and managing removable storage media. Windows XP centralizes the management of these devices with Removable Storage technology. Removable Storage allows the operating system to manage removable media
centrally, and applications gain access to removable devices through the Removable
Storage interface. Devices with drivers that have been written to take advantage of
Removable Storage are easily accessible and sharable by both the operating system and
applications.
Removable Storage uses the concept of media pools to organize removable media.
Media pools group media by usage, allow media to be shared by multiple applications,
control media access, and provide for tracking of media usage. Other concepts of
removable storage include the following:
Media units The actual devices that store information, such as a CD-ROM, tape cartridge, or removable disk.
Lesson 1
Managing and Troubleshooting Disks and Volumes 10-25
Media libraries Encompass both online libraries and offline media physical locations. Online libraries, which include robotic libraries and stand-alone drives, are
data-storage devices that provide a method of reading and writing to media when
necessary. Offline media physical locations are holding places for media units that
are cataloged by Removable Storage, but are not currently immediately available
through an online library.
Work queues Hold library requests until resources become available. For example, a
robotic tape library has a fixed number of tape drives to access media. A request
submitted to the library is held in a work queue until a tape drive becomes available and the requested tape is mounted.
Operator (administrator) requests Hold requests for offline media. The operator
must make the media available before processing can continue. Other situations
that generate operator requests include the failure of a device or a device needing
to be cleaned when no cleaner cartridge is available. After a request is satisfied,
the administrator must inform Removable Storage so that processing can continue.
Note
Removable storage devices can contain primary partitions only, and those partitions
cannot be marked as active.
The Removable Storage Utility
You perform initial installation, configuration, and troubleshooting of removable storage devices by using the Add Hardware Wizard and Device Manager. After being recognized by the operating system, removable storage devices are available for
management through the Removable Storage utility. Access Removable Storage by
expanding the Storage node in the Computer Management window.
By using the Removable Storage utility, you can insert and eject removable media, control access to media, and manage the use of media by applications. Systems with standard, stand-alone, removable devices (such as a CD-ROM or DVD-ROM drive, Zip
drive, or tape drive) do not require management and configuration by using Removable Storage. Removable Storage is required for computers with more complex configurations, which can include tape or optical disk libraries, especially if multiple
applications will access those devices. You should always consult the documentation
for the removable device to determine how it is best managed.
See Also
Removable Storage devices that require management through the Remote Storage utility are most likely attached to Windows servers in a network environment. Further discussion of Removable Storage management is beyond the scope of this text. For more
information, see http://www.microsoft.com and search for “Removable Storage.”
10-26
Chapter 10
Managing Data Storage
Practice: Managing Hard Disks
In this practice, you will check the status of existing volumes on your computer by
using Disk Management and also change the drive letter for a volume.
Exercise 1: Check the status of existing volumes
1. From the Start menu, right-click My Computer, and then select Manage.
2. In the Computer Management window, click Disk Management.
3. After the Disk Management display initializes, record the description in the Status
column for each volume on your computer.
Exercise 2: Change the drive letter for a volume
1. From the Start menu, right-click My Computer, and then select Manage.
2. In the Computer Management window, click Disk Management.
3. Right-click a volume in the Disk Management display and select Change Drive Letter And Paths.
4. In the Change Drive Letter And Paths dialog box, click Change.
5. In the Change Drive Letter Or Path dialog box, select a new drive letter from the
Assign The Following Drive letter drop-down list, and then click OK.
6. When prompted to confirm, click Yes.
Lesson Review
Use the following questions to help determine whether you have learned enough to
move on to the next lesson. If you have difficulty answering these questions, review
the material in this lesson before beginning the next lesson. You can find answers to
these questions in the “Questions and Answers” section at the end of this chapter.
1. On which types of computers can you use dynamic disks?
2. What actions must you take to revert from a dynamic disk to a basic disk? What
limitations does this process impose?
Lesson 1
Managing and Troubleshooting Disks and Volumes 10-27
Lesson Summary
■
Windows XP Professional supports two types of disk storage: basic disks and
dynamic disks. Portable computers support only basic disks. All disks are basic
disks by default. When you need to take advantage of the functionality that
dynamic disks provide, you must upgrade the basic disks to dynamic disks
(remember that this feature is available only in Windows XP Professional and Windows 2000 Professional). You can perform this operation with no loss of data.
■
Windows XP Professional provides the Disk Management utility to configure,
manage, and monitor hard disks and volumes. Using this utility, you can accomplish tasks such as the creation and formatting of volumes, moving disks from one
computer to another, and remote disk management.
■
You can manage disks on a remote computer by using Computer Management to
connect to that computer. After connecting to the remote computer, you can use
the Disk Management tool in the same way as on a local computer.
■
You can manage disks from the command line by using the Diskpart command.
■
Disk Management displays the status of disks and volumes. Using this status display, you can quickly determine whether disks are healthy, have errors, or are
offline or missing.
10-28
Chapter 10
Managing Data Storage
Lesson 2: Managing Compression
Windows XP Professional supports two types of compression: NTFS compression
and the Compressed Folders feature. NTFS compression enables you to compress
files, folders, or an entire drive. NTFS compressed files and folders occupy less space
on an NTFS-formatted volume, which enables you to store more data. Each file and
folder on an NTFS volume has a compression state, which is either compressed or
uncompressed. The Compressed Folders feature allows you to create a compressed
folder so that all files you store in that folder are automatically compressed.
After this lesson, you will be able to
■ Explain the purpose of compressed folders.
■ Compress files, folders, or volumes by using NTFS compression.
Estimated lesson time: 60 minutes
What Is the Compressed Folders Feature?
The Compressed Folders feature is new in Windows XP Professional and allows you to
compress folders, while retaining the ability to view and work with their contents.
To create a compressed folder, start Windows Explorer, click File, click New, and then
click Compressed (Zipped) Folder. This creates a compressed folder in the current folder.
You can drag and drop files into the compressed folder and the files are automatically
compressed. If you copy a file from the compressed folder to another that is not compressed, that file will no longer be compressed. A zipper icon is shown, marking compressed folders (see Figure 10-13), and these folders are labeled Compressed Folder.
Benefits of using compressed folders generated with the Compressed Folders feature
include the following:
■
You can create and use compressed files and folders on both file allocation table
(FAT) and NTFS volumes.
■
You can open files directly from the compressed folders and you can run some
programs directly from compressed folders.
■
You can move these compressed files and folders to any drive or folder on your
computer, the Internet, or your network and they are compatible with other zip
programs.
■
You can encrypt compressed folders that you created using this feature.
■
You can compress folders without decreasing performance.
■
You can compress individual files only by storing them in a compressed folder. If you
move or extract the files into an uncompressed folder, they will be uncompressed.
Lesson 2
Managing Compression 10-29
F10us13
Figure 10-13
Compressed folders are labeled with a zipper icon.
How to Compress Files, Folders, or Volumes by Using NTFS
Compression
Unlike compressed folders, NTFS compression is a function of the NTFS file system
and as such is available only on volumes formatted with NTFS. Files compressed with
NTFS compression can be read and written to by any Windows-based or MS-DOS–
based application without first being uncompressed by another program. When an
application or an operating system command requests access to a compressed file,
NTFS automatically uncompresses the file before making it available. When you close
or explicitly save a file, NTFS compresses it again.
Note
NTFS allocates disk space based on uncompressed file size. If you copy a compressed file to an NTFS volume with enough space for the compressed file, but not enough
space for the uncompressed file, you might get an error message stating that there is not
enough disk space for the file, and the file will not be copied to the volume.
How to Compress a Folder or File
You will use Windows Explorer to set the compression state of folders and files. To set
the compression state of a folder or file, right-click the folder or file in Windows
Explorer, click Properties, and then click Advanced. In the Advanced Attributes dialog
box, shown in Figure 10-14, select the Compress Contents To Save Disk Space check
box. Click OK, and then click Apply in the Properties dialog box.
10-30
Chapter 10
Managing Data Storage
Note NTFS encryption and compression are mutually exclusive. For that reason, if you select
the Encrypt Contents To Secure Data check box, you cannot compress the folder or file.
F10us14
Figure 10-14
Use the Advanced Attributes dialog box to compress a file or folder.
Important
To change the compression state for a file or folder, you must have Write permission for that file or folder.
The compression state for a folder does not reflect the compression state of the files
and subfolders in that folder. A folder can be compressed, yet all the files in that folder
can be uncompressed. Alternatively, an uncompressed folder can contain compressed
files. When you compress a folder that contains one or more files, folders, or both,
Windows XP Professional displays the Confirm Attribute Changes dialog box, shown in
Figure 10-15.
F10us15
Figure 10-15 Use the Confirm Attribute Changes dialog box to control what happens to files and
subfolders inside a folder you are compressing.
Lesson 2
Managing Compression 10-31
The Confirm Attribute Changes dialog box has the two additional options explained in
Table 10-1.
Table 10-1
Confirm Attribute Changes Dialog Box Options
Option
Description
Apply Changes To This Folder Only
Compresses only the folder that you have selected
Apply Changes To This Folder,
Subfolders, And Files
Compresses the folder and all subfolders and files that
are contained within it and subsequently added to it
How to Compress a Drive or Volume
You can also set the compression state of an entire NTFS drive or volume. To do so, in
Windows Explorer, right-click the drive or volume, and then click Properties. In the
Properties dialog box, select the Compress Drive To Save Disk Space check box, as
shown in Figure 10-16, and then click OK.
F10us16
Figure 10-16 Use the Properties dialog box of a drive or volume to apply compression to the entire
drive or volume.
How to Control Whether Windows Displays NTFS Compressed Files and Folders in
a Different Color
Windows Explorer makes it easy for you to see whether a file or folder is compressed.
By default, Windows displays the names of compressed files and folders in blue to distinguish them from those that are uncompressed.
To control whether Windows display compressed files and folders in a different color,
use the following steps:
10-32
Chapter 10
Managing Data Storage
1. In Windows Explorer, click the Tools menu, and then click Folder Options.
2. In the Folder Options dialog box, on the View tab, clear or select the Show
Encrypted Or Compressed Files In Color check box.
Note
When you clear the Show Encrypted Or Compressed Files In Color check box, Windows will no longer show compressed or encrypted files in color. There is no way to disable
the color display of just-compressed or just-encrypted files.
Copying and Moving NTFS Compressed Files and Folders
There are rules that determine whether the compression state of files and folders is
retained when you copy or move them within and between NTFS and FAT volumes.
The following list describes how Windows XP Professional treats the compression state
of a file or folder when you copy or move a compressed file or folder within or
between NTFS volumes or between NTFS and FAT volumes.
Copying a file within an NTFS volume When you copy a file within an NTFS volume (shown as A in Figure 10-17), the file inherits the compression state of the target folder. For example, if you copy a compressed file to an uncompressed folder,
the file is automatically uncompressed.
Moving a file or folder within an NTFS volume When you move a file or folder
within an NTFS volume (shown as B in Figure 10-17), the file or folder retains its
original compression state. For example, if you move a compressed file to an
uncompressed folder, the file remains compressed.
Copying a file or folder between NTFS volumes When you copy a file or folder
between NTFS volumes (shown as C in Figure 10-17), the file or folder inherits the
compression state of the target folder.
Moving a file or folder between NTFS volumes When you move a file or folder
between NTFS volumes (shown as C in Figure 10-17), the file or folder inherits the
compression state of the target folder. Because Windows XP Professional treats a
move as a copy and a delete, the files inherit the compression state of the target
folder.
Moving or copying a file or folder to a FAT volume Windows XP Professional
supports compression only for NTFS files, so when you move or copy a compressed NTFS file or folder to a FAT volume, Windows XP Professional automatically uncompresses the file or folder.
Moving or copying a compressed file or folder to a floppy disk When you
move or copy a compressed NTFS file or folder to a floppy disk, Windows XP Professional automatically uncompresses the file or folder.
Lesson 2
A
Managing Compression 10-33
B
Copy
Move
Inherits
Retains
NTFS volume
NTFS volume
C
Move
Copy
NTFS volume
Inherits
NTFS volume
F10us17
Figure 10-17 Copying and moving compressed folders and files have different results.
Note
When you copy a compressed NTFS file, Windows XP Professional uncompresses the
file, copies the file, and then compresses the file again as a new file. This might take considerable time.
NTFS Compression Guidelines
The following list provides best practices for using compression on NTFS volumes:
■
Because some file types compress more than others, select file types to compress
based on the anticipated resulting file size. For example, because Windows bitmap files contain more redundant data than application executable files, this file
type compresses to a smaller size. Bitmaps often compress to less than 50 percent
of the original file size, whereas application files rarely compress to less than 75
percent of the original size.
■
Do not store compressed files, such as PKZIP files, in a compressed folder. Windows XP Professional will attempt to compress the file, wasting system time and
yielding no additional disk space.
■
Compress static data rather than data that changes frequently. Compressing and
uncompressing files incurs some system overhead. By choosing to compress files
that are infrequently accessed, you minimize the amount of system time dedicated
to compression and uncompression activities.
■
NTFS compression can cause performance degradation when you copy and move
files. When a compressed file is copied, it is uncompressed, copied, and then
compressed again as a new file. Compress data that is not copied or moved frequently.
10-34
Chapter 10
Managing Data Storage
Practice: Managing Compression
In this practice, you use NTFS compression to compress files and folders. You uncompress a file and test the effects that copying and moving files have on compression. In
the last portion of the practice, you create a compressed folder using the Compressed
Folders feature.
Important
In this practice, it is assumed that you installed Windows XP Professional on
the C drive, and that the C drive is formatted with NTFS. If you installed Windows XP Professional on a different partition and that partition is formatted with NTFS, use that drive letter
when the practice refers to drive C.
Exercise 1: Create Compressed Folders by Using the Compressed Folders Feature
1. Click Start, point to All Programs, point to Accessories, and then click Windows
Explorer.
2. In Windows Explorer, click File and then point to New.
Compressed Folder is an option on the New menu.
3. Click Compressed Folder.
4. Name the compressed folder My Compressed Files.
You have just created a compressed folder. Notice the zipper icon that identifies
compressed folders. You can drag and drop files into the compressed folder, and
they will automatically be compressed. If you copy a file from the compressed
folder to another that is not compressed, the file will no longer be compressed.
5. Close Windows Explorer.
Exercise 2: Compress a Folder by Using NTFS Compression
1. Click Start, point to All Programs, point to Accessories, and then click Windows
Explorer.
2. In Windows Explorer, click Local Disk (C:). If necessary, click Show The Contents
Of This Folder.
3. In Windows Explorer, click File, point to New, and then click Folder.
Windows creates a new folder and selects the name automatically so that you can
simply start typing to rename the folder
4. Type Compressed for the name of the new folder and press ENTER.
5. Double-click the Compressed folder to open it.
6. In the Compressed folder, create a new folder and name it Compressed2.
Lesson 2
Managing Compression 10-35
7. Click the Up button on the toolbar to return to viewing the C drive.
8. Right-click the Compressed folder, and then click Properties.
Windows XP Professional displays the Compressed Properties dialog box with the
General tab active.
9. On the General tab, click Advanced.
Windows XP Professional displays the Advanced Attributes dialog box.
10. Select the Compress Contents To Save Disk Space check box.
11. Click OK to return to the Compressed Properties dialog box.
12. Click Apply to apply your settings.
Windows XP Professional displays the Confirm Attribute Changes dialog box,
prompting you to specify whether to compress only this folder or this folder and
all subfolders.
13. Select the Apply Changes To This Folder, Subfolders, And Files check box, and
then click OK.
Windows XP Professional displays the Applying Attributes message box, indicating the progress of the operation, and the paths and names of folders and files as
they are compressed. Because there is no data in the folder, compression will
likely complete too quickly for you to view this dialog box.
14. Click OK to close the Properties dialog box.
15. What color is the name of the Compressed folder?
Exercise 3: Remove Compression from a Folder
1. In Windows Explorer, double-click the Compressed folder to open it.
2. Is the Compressed2 folder compressed or not compressed? Why?
3. Right-click the Compressed2 folder, and then click Properties.
Windows XP Professional displays the Compressed2 Properties dialog box with
the General tab active.
4. On the General tab, click Advanced.
Windows XP Professional displays the Advanced Attributes dialog box.
10-36
Chapter 10
Managing Data Storage
5. Clear the Compress Contents To Save Disk Space check box, and then click OK to
return to the Compressed2 Properties dialog box.
6. Click OK to apply settings and close the Compressed2 Properties dialog box.
Because the Compressed2 folder is empty, Windows XP Professional does not display the Confirm Attributes Changes dialog box that asks you to specify whether
to uncompress only this folder or this folder and all subfolders.
7. What indication do you have that the Compressed2 folder is no longer compressed?
Exercise 4: Copy and Move Files
In this exercise, you see the effects that copying and moving files has on compressed
files.
To create a compressed file
1. In Windows Explorer, double-click the Compressed folder to open it.
2. On the File menu, click New, and then click Text Document.
3. Type Text1.txt, and then press ENTER.
4. How can you verify that the Text1.txt file is compressed?
To copy a compressed file to an uncompressed folder
1. Copy (hold down CTRL and drag the file) the Text1.txt file to the Compressed2
folder.
2. Double-click the Compressed2 folder to open it.
3. Is the Text1.txt file in the Compressed2 folder compressed or uncompressed?
Why?
4. Delete the Text1.txt file in the Compressed2 folder by right-clicking it and then
clicking Delete.
To move a compressed file to an uncompressed folder
1. Click the Up button on the toolbar to return to the Compressed folder.
2. Is the Text1.txt file in the Compressed folder compressed or uncompressed?
Lesson 2
Managing Compression 10-37
3. Move Text1.txt to the Compressed2 folder by dragging it there.
4. Double-click the Compressed2 folder to open it.
5. Is the Text1.txt file in the Compressed2 folder compressed or uncompressed?
Why?
Lesson Review
Use the following questions to help determine whether you have learned enough to
move on to the next lesson. If you have difficulty answering these questions, review
the material in this lesson before beginning the next lesson. You can find answers to
these questions in the “Questions and Answers” section at the end of this chapter.
1. When Sandra tried to copy a compressed file from one NTFS volume to another,
the file was not copied, and she got an error message stating that there was not
enough disk space for the file. Before she attempted to copy the file, Sandra verified that there was enough room for the compressed bitmap on the destination
volume. Why did she get the error message?
2. When you move a file between NTFS volumes, does the file retain the compression state of the source folder, or does the file inherit the compression state of the
target folder? Why?
3. What does Windows XP Professional do when you try to copy a compressed file
to a floppy disk? Why?
10-38
Chapter 10
Managing Data Storage
4. Which of the following types of files or data are good candidates for NTFS compression? (Choose all that apply.)
a. Encrypted data
b. Frequently updated data
c. Bitmaps
d. Static data
Lesson Summary
■
A compressed folder created by the Compressed Folders feature appears in Windows Explorer as an icon of a zipper across a folder. You can drag and drop files
into a compressed folder created by using the Compressed Folders feature, and
the files are automatically compressed.
■
NTFS compression is a function of the NTFS file system that allows you to compress files, folders, or an entire volume. You cannot apply both compression and
encryption to a file or folder at the same time.
Lesson 3
Managing Disk Quotas 10-39
Lesson 3: Managing Disk Quotas
You use disk quotas to manage storage growth in distributed environments. Disk quotas allow you to allocate disk space to users based on the files and folders that they
own. You can set disk quotas, quota thresholds, and quota limits for all users and for
individual users. You can also monitor the amount of hard disk space that users have
used and the amount that they have left against their quota.
After this lesson, you will be able to
■ Describe the purpose of disk quotas
■ Set disk quotas for users
■ Determine the status of disk quotas
■ Monitor disk quotas
■ Identify guidelines for using disk quotas
Estimated lesson time: 30 minutes
Overview of Disk Quotas
Windows XP Professional tracks disk quotas and controls disk usage on a per-user, pervolume basis. Windows XP Professional tracks disk quotas for each volume, even if the
volumes are on the same hard disk. Because quotas are tracked on a per-user basis,
every user’s disk space is tracked regardless of the folder in which the user stores files.
Disk quotas can be applied only to Windows XP Professional NTFS volumes.
Table 10-2 describes the characteristics of Windows XP Professional disk quotas.
Table 10-2
Disk Quota Characteristics and Descriptions
Characteristic
Description
Disk usage is based on
file and folder ownership.
Windows XP Professional calculates disk space usage for users
based on the files and folders that they own. When a user copies
or saves a new file to an NTFS volume or takes ownership of a
file on an NTFS volume, Windows XP Professional charges the
disk space for the file against the user’s quota limit.
Disk quotas do not use
compression.
Windows XP Professional ignores compression when it calculates
hard disk space usage. Users are charged for each uncompressed
byte, regardless of how much hard disk space is actually used.
This is done partially because file compression produces different
degrees of compression for different types of files. Different
uncompressed file types that are the same size might end up
being very different sizes when they are compressed.
Free space for applications
is based on quota limit.
When you enable disk quotas, the free space that Windows XP
Professional reports to applications for the volume is the amount
of space remaining within the user’s disk quota limit.
10-40
Chapter 10
Managing Data Storage
You use disk quotas to monitor and control hard disk space usage. System administrators can do the following:
■
Set a disk quota limit to specify the amount of disk space for each user.
■
Set a disk quota warning to specify when Windows XP Professional should log an
event, indicating that the user is nearing his or her limit.
■
Enforce disk quota limits and deny users access if they exceed their limit, or allow
them continued access.
■
Log an event when a user exceeds a specified disk space threshold. The threshold
could be when users exceed their quota limit or when they exceed their warning
level.
After you enable disk quotas for a volume, Windows XP Professional collects disk
usage data for all users who own files and folders on the volume, which allows you to
monitor volume usage on a per-user basis. Even if you do not limit the disk space available to users, disk quotas provide an effective means of monitoring the disk space consumed by users.
By default, only members of the Administrators group can view and change quota settings. However, you can allow users to view quota settings.
How to Set Disk Quotas
You can enable disk quotas and enforce disk quota warnings and limits for all users
or for individual users. If you want to enable disk quotas, open the Properties dialog
box for a disk, click the Quota tab, and configure the options that are described in
Table 10-3 and displayed in Figure 10-18.
Table 10-3
Quota Tab Options
Option
Description
Enable Quota Management
Select this check box to enable disk quota management.
Deny Disk Space To Users
Exceeding Quota Limit
Select this check box so that when users exceed their hard disk
space allocation, they receive an Out Of Disk Space message
and cannot write to the volume.
Do Not Limit Disk Usage
Click this option when you do not want to limit the amount of
hard disk space for users.
Limit Disk Space To
Configure the amount of disk space that users can use.
Set Warning Level To
Configure the amount of disk space that users can fill before
Windows XP Professional logs an event, indicating that a user is
nearing his or her limit.
Lesson 3
Table 10-3
Managing Disk Quotas 10-41
Quota Tab Options
Option
Description
Log Event When A User
Exceeds Their Quota Limit
Select this option if you want Windows XP Professional to log
an event in the Security log every time a user exceeds his or her
quota limit.
Log Event When A User
Select this option if you want Windows XP Professional to log
Exceeds Their Warning Level an event in the Security log every time a user exceeds the warning level.
Quota Entries
Click this button to open the Quota Entries For window, in
which you can add a new entry, delete an entry, and view the
per-user quota information.
F10us18
Figure 10-18
Use the Quota tab of the Properties dialog box for a disk to set disk quotas for users.
To enforce identical quota limits for all users, follow these steps:
1. In Windows Explorer, right-click the volume on which you want to set disk quotas, and then click Properties.
Windows opens the Properties dialog box for the volume.
2. Click the Quota tab.
3. Select the Enable Quota Management check box.
4. Select the Deny Disk Space To Users Exceeding Quota Limit check box.
Windows XP Professional will monitor usage and will not allow users to create
files or folders on the volume when they exceed the limit.
10-42
Chapter 10
Managing Data Storage
5. Click Limit Disk Space To. In the Limit Disk Space To text box and in the Set Warning Level To text box, enter the values for the limit and warning levels that you
want to set.
6. Click OK.
To enforce different quota limits for one or more specific users, use these steps:
1. In Windows Explorer, right-click the volume on which you want to set disk quotas, and then click Properties.
Windows opens the Properties dialog box for the volume.
2. Click the Quota tab.
3. Select the Enable Quota Management check box.
4. Select the Deny Disk Space To Users Exceeding Quota Limit check box.
5. Click Quota Entries.
6. In the Quota Entries For window shown in Figure 10-19, click the Quota menu,
and then click New Quota Entry.
F10us19
Figure 10-19
Use the Quota Entries For dialog box to enter quotas for specific users.
7. In the Select Users dialog box, type the name of the user for which you want to
set a quota, and then click OK. (You can also click Advanced to search for a user.)
8. In the Add New Quota Entry dialog box shown in Figure 10-20, click Limit Disk
Space To, enter the limit and warning levels, and then click OK.
F10us20
Figure 10-20
Use the Add New Quota Entry dialog box to specify limits for a user.
Lesson 3
Managing Disk Quotas 10-43
How to Determine the Status of Disk Quotas
You can determine the status of disk quotas in the Properties dialog box for a disk by
checking status message to the right of the traffic light icon (refer to Figure 10-18). The
color shown on the traffic light icon indicates the status of disk quotas as follows:
■
A red traffic light indicates that disk quotas are disabled.
■
A yellow traffic light indicates that Windows XP Professional is rebuilding disk
quota information.
■
A green traffic light indicates that the disk quota system is active.
How to Monitor Disk Quotas
You use the Quota Entries For dialog box (refer to Figure 10-19) to monitor usage for
all users who have copied, saved, or taken ownership of files and folders on the volume. Windows XP Professional scans the volume and monitors the amount of disk
space in use by each user. Use the Quota Entries For dialog box to view the following:
■
The amount of hard disk space that each user uses
■
Users who are over their quota warning threshold, signified by a yellow triangle
■
Users who are over their quota limit, signified by a red circle
■
The warning threshold and the disk quota limit for each user
Guidelines for Using Disk Quotas
Use the following guidelines for using disk quotas:
■
If you enable disk quota settings on the volume where Windows XP Professional
is installed, and your user account has a disk quota limit, log on as Administrator
to install additional Windows XP Professional components and applications. In
this way, Windows XP Professional will not charge the disk space that you use to
install applications against the disk quota allowance for your user account.
■
You can monitor hard disk usage and generate hard disk usage information without preventing users from saving data. To do so, clear the Deny Disk Space To
Users Exceeding Quota Limit check box when you enable disk quotas.
■
Set more-restrictive default limits for all user accounts, and then modify the limits
to allow more disk space to users who work with large files.
■
If multiple users share computers running Windows XP Professional, set disk
quota limits on computer volumes so that disk space is shared by all users who
share the computer.
10-44
Chapter 10
Managing Data Storage
■
Generally, you should set disk quotas on shared volumes to limit storage for users.
Set disk quotas on public folders and network servers to ensure that users share
hard disk space appropriately. When storage resources are scarce, you might want
to set disk quotas on all shared hard disk space.
■
Delete disk quota entries for users who no longer store files on a volume. You can
delete quota entries for a user account only after all files that the user owns have
been removed from the volume or after another user has taken ownership of the
files.
Practice: Managing Disk Quotas
In this practice, you configure default quota management settings to limit the amount
of data users can store on drive C (their hard disk drive). Next, you configure a custom
quota setting for a user account. You increase the amount of data the user can store on
drive C to 10 MB with a warning level set to 6 MB. Finally, you turn off quota management for drive C.
!
Note
If you did not install Windows XP Professional on drive C, substitute the NTFS partition on which you did install Windows XP Professional whenever drive C is referred to in the
practice.
Exercise 1: Configure Quota Management Settings
In this exercise, you configure the quota management settings for drive C to limit the
data that users can store on the volume. You then configure custom quota settings for
a user account.
To configure default quota management settings
1. Log on with an account that is a member of the Administrators group.
2. Use the User Accounts tool in Control Panel to create a user account named User5
and assign it a Limited account type.
3. In Windows Explorer, right-click the drive C icon, and then click Properties.
Windows XP Professional displays the Local Disk (C:) Properties dialog box with
the General tab active.
4. Click the Quota tab.
Notice that disk quotas are disabled by default.
5. In the Quota tab, select the Enable Quota Management check box.
Notice that by default, the Do Not Limit Disk Usage option is selected.
Lesson 3
Managing Disk Quotas 10-45
6. Click Limit Disk Usage To.
7. What is the default disk space limit for new users?
8. Click Do Not Limit Disk Usage.
If you want to place the same quota limit on all users of this computer, you use the
Limit Disk Usage To option.
9. Select the Deny Disk Space To Users Exceeding Quota Limit check box.
10. Select the Log Event When A User Exceeds Their Quota Limit and Log Event When
A User Exceeds Their Warning Limit check boxes, and then click Apply.
Windows XP Professional displays the Disk Quota dialog box, telling you that you
should enable the quota system only if you will use quotas on this disk volume
and warning you that the volume will be rescanned to update disk usage statistics
if you enable quotas.
11. Click OK to enable disk quotas.
12. What happens to the quota status indicator?
To configure quota management settings for a user
1. In the Quota tab of the Local Disk (C:) Properties dialog box, click Quota Entries.
Windows XP Professional displays the Quota Entries For Local Disk (C:) dialog
box.
2. Are any user accounts listed? Why or why not?
3. On the Quota menu, click New Quota Entry.
Windows XP Professional displays the Select Users dialog box.
4. In the Name text box, type User5, and then click OK.
Windows XP Professional displays the Add New Quota Entry dialog box.
5. Click Limit Disk Space To. What are the default settings for the user you just set a
quota limit for?
10-46
Chapter 10
Managing Data Storage
6. Increase the amount of data that the user can store on drive C by changing the
Limit Disk Space To setting to 10 MB and the Set Warning Level To setting to 6 MB.
7. Click OK to return to the Quota Entries For Local Disk (C:) window.
8. Close the Quota Entries For Local Disk (C:) window.
9. Click OK to close the Local Disk (C:) Properties dialog box.
10. Log off.
11. Log on as User5.
12. Start Windows Explorer and create a User5 folder on drive C.
13. Insert the CD-ROM you used to install Windows XP Professional into your CDROM drive.
14. If a dialog box appears as a result of inserting the CD-ROM, close it.
15. Copy the i386 folder from your CD-ROM to the User5 folder.
Windows XP Professional begins copying files from the i386 folder on the CDROM to a new i386 folder in the User5 folder on drive C. After copying some files,
Windows XP Professional displays the Error Copying File Or Folder dialog box,
indicating that there is not enough room on the disk.
16. Why did you get this error message?
17. Click OK to close the dialog box.
18. Right-click the User5 folder, and then click Properties.
Notice that the Size On Disk value is slightly less than your quota limit of 10 MB.
19. Delete the User5 folder.
20. Close all open windows and log off.
Exercise 2: Disable Quota Management
1. Log on with an account that is a member of the Administrators group.
2. Start Windows Explorer.
3. Right-click the drive C icon, and then click Properties.
Windows XP Professional displays the Local Disk (C:) Properties dialog box with
the General tab active.
4. Click the Quota tab.
Lesson 3
Managing Disk Quotas 10-47
5. In the Quota tab, clear the Enable Quota Management check box.
All quota settings for drive C are no longer available.
6. Click Apply.
Windows XP Professional displays the Disk Quota dialog box, warning you that if
you disable quotas, the volume will be rescanned if you enable them later.
7. Click OK to close the Disk Quota dialog box.
8. Click OK to close the Local Disk (C:) Properties dialog box.
9. Close all windows and log off Windows XP Professional.
Lesson Review
Use the following questions to help determine whether you have learned enough to
move on to the next lesson. If you have difficulty answering these questions, review
the material in this lesson before beginning the next lesson. You can find answers to
these questions in the “Questions and Answers” section at the end of this chapter.
1. What is the purpose of disk quotas?
2. Which of the following statements about disk quotas in Windows XP Professional
is correct? (Choose the correct answer.)
a. Disk quotas track and control disk usage on a per-user, per-disk basis.
b. Disk quotas track and control disk usage on a per-group, per-volume basis.
c. Disk quotas track and control disk usage on a per-user, per-volume basis.
d. Disk quotas track and control disk usage on a per-group, per-disk basis.
3. Which of the following statements about disk quotas in Windows XP Professional
is correct? (Choose all that apply.)
a. Disk quotas can be applied only to Windows XP Professional NTFS volumes.
b. Disk quotas can be applied to any Windows XP Professional volume.
c. You must be logged on with the Administrator user account to configure
default quota management settings.
d. Members of the Administrators and Power Users groups can configure quota
management settings.
10-48
Chapter 10
Managing Data Storage
4. You get a call from an administrator who cannot delete a quota entry for a user
account. What would you tell the administrator to check?
Lesson Summary
■
Use Windows XP Professional disk quotas to allocate disk space usage to users.
Windows XP Professional disk quotas track and control disk usage on a per-user,
per-volume basis. You can set disk quotas, quota thresholds, and quota limits for
all users and for individual users. You can apply disk quotas only to Windows XP
Professional NTFS volumes.
■
You can set identical quotas for all users or you can configure different quotas for
individual users.
■
You can determine the basic status of the quota management system by looking at
the traffic light indicator and the status text display on the Quota tab of a volume’s
Properties dialog box.
■
You can monitor disk quotas by using the Quota Entries For dialog box, which
you access by clicking Quota Entries on the Quota tab of a volume’s Properties
dialog box.
■
There are a number of guidelines you should follow when using disk quotas. The
most important guideline is that installing applications can use up disk quotas rapidly, so you should log on as an administrator without quota limits to install applications.
Lesson 4
Increasing Security by Using EFS 10-49
Lesson 4: Increasing Security by Using EFS
Encryption is the process of making information indecipherable to protect it from unauthorized viewing or use. A key is required to decode the information. The Encrypting
File System (EFS) provides encryption for data in NTFS files stored on disk. This encryption is public key–based and runs as an integrated system service, making it easy to manage, difficult to attack, and transparent to the file owner. If a user who attempts to access
an encrypted NTFS file has the private key to that file (which is assigned when the user
logs on), the file can be decrypted so that the user can open the file and work with it
transparently as a normal document. A user without the private key is denied access.
Windows XP Professional also includes the Cipher command, which provides the
capability to encrypt and decrypt files and folders from a command prompt. Windows
XP Professional also provides a recovery agent, a specially designated user account
that can still recover encrypted files if the owner loses the private key.
After this lesson, you will be able to
■ Describe EFS.
■ Encrypt folders and files.
■ Decrypt folders and files.
■ Control encryption from the command line by using the Cipher command.
■ Create an EFS recovery agent.
Estimated lesson time: 40 minutes
Overview of EFS
EFS allows users to encrypt NTFS files by using a strong public key–based cryptographic scheme that encrypts all files in a folder. Users with roaming profiles can use
the same key with trusted remote systems. No administrative effort is needed to begin,
and most operations are transparent. Backups and copies of encrypted files are also
encrypted if they are in NTFS volumes. Files remain encrypted if you move or rename
them, and temporary files created during editing and left unencrypted in the paging file
or in a temporary file do not defeat encryption.
You can set policies to recover EFS-encrypted data when necessary. The recovery policy is integrated with overall Windows XP Professional security policy (see Chapter 16,
“Configuring Security Settings and Internet Options,” for more on security policy). Control of this policy can be delegated to individuals with recovery authority, and different
recovery policies can be configured for different parts of the enterprise. Data recovery
discloses only the recovered data, not the key that was used to encrypt the file. Several
protections ensure that data recovery is possible and that no data is lost in the case of
total system failure.
10-50
Chapter 10
Managing Data Storage
EFS is configured either from Windows Explorer or from the command line. It can be
enabled or disabled for a computer, domain, or organizational unit (OU) by resetting
recovery policy in the Group Policy console in Microsoft Management Console (MMC).
You can use EFS to encrypt and decrypt files on remote file servers but not to encrypt
data that is transferred over the network. Windows XP Professional provides network
protocols, such as Secure Sockets Layer (SSL) authentication, to encrypt data over the
network.
Table 10-4 lists the key features provided by Windows XP Professional EFS.
Table 10-4
EFS Features
Feature
Description
Transparent encryption In EFS, file encryption does not require the file owner to decrypt and
re-encrypt the file on each use. Decryption and encryption happen
transparently on file reads and writes to disk.
Strong protection of
encryption keys
Public key encryption resists all but the most sophisticated methods of
attack. Therefore, in EFS, the file encryption keys are encrypted by
using a public key from the user’s certificate. (Note that Windows XP
Professional and Windows 2000 use X.509 v3 certificates.) The list of
encrypted file encryption keys is stored with the encrypted file and is
unique to it. To decrypt the file encryption keys, the file owner supplies a private key, which only he or she has.
Integral data-recovery
system
If the owner’s private key is unavailable, the recovery agent can open
the file using his or her own private key. There can be more than one
recovery agent, each with a different public key, but at least one public recovery key must be present on the system to encrypt a file.
Secure temporary and
paging files
Many applications create temporary files while you edit a document,
and these temporary files can be left unencrypted on the disk. On
computers running Windows XP Professional, EFS can be implemented at the folder level, so any temporary copies of an encrypted
file are also encrypted, provided that all files are on NTFS volumes.
EFS resides in the Windows operating system kernel and uses the
nonpaged pool to store file encryption keys, ensuring that they are
never copied to the paging file.
Security Alert
Even when you encrypt files, an intruder who accesses your computer can
access those files if your user account is still logged on to the computer. Be sure to lock your
console when you are not using the computer, or configure a screensaver to require a password when the computer is activated. If the computer is configured to go to standby mode
when it is idle, you should require a password to bring the computer out of standby. These
precautions are particularly important on portable computers, which people are more likely to
leave unattended while the user is logged on.
Lesson 4
Increasing Security by Using EFS 10-51
How to Encrypt a Folder
The recommended method to encrypt files is to create an encrypted folder and place
files in that folder. To encrypt a folder, use these steps:
1. In Windows Explorer, right-click the folder and click Properties.
2. In the Properties dialog box for the folder, on the General tab, click Advanced.
3. In the Advanced Attributes dialog box (refer to Figure 10-14), select the Encrypt
Contents To Secure Data check box, and then click OK.
4. Click OK to close the Properties dialog box for the folder.
The folder is now marked for encryption, and all files placed in the folder are
encrypted. Folders that are marked for encryption are not actually encrypted; only the
files within the folder are encrypted.
!
Exam Tip Compressed files cannot be encrypted, and encrypted files cannot be compressed with NTFS compression.
After you encrypt the folder, when you save a file in that folder, the file is encrypted
using file encryption keys, which are fast symmetric keys designed for bulk encryption.
The file is encrypted in blocks, with a different file encryption key for each block. All
the file encryption keys are stored and encrypted in the Data Decryption field (DDF)
and the Data Recovery field (DRF) in the file header.
Caution
If an administrator removes the password on a user account, the user account will
lose all EFS-encrypted files, personal certificates, and stored passwords for Web sites or network resources. Each user should make a password reset disk to avoid this situation. To create a password floppy disk, open User Accounts and, under Related Tasks, click Prevent A
Forgotten Password. The Forgotten Password Wizard steps you through creating the password
reset disk.
How to Decrypt a Folder
Decrypting a folder or file refers to clearing the Encrypt Contents To Secure Data check
box in a folder’s or file’s Advanced Attributes dialog box, which you access from the
folder’s or file’s Properties dialog box. Once decrypted, the file remains decrypted until
you select the Encrypt Contents To Secure Data check box. The only reason you might
want to decrypt a file is if other people need access to the folder or file—for example,
if you want to share the folder or make the file available across the network.
10-52
Chapter 10
Managing Data Storage
How to Control Encryption From the Command Line by Using the Cipher
Command
The Cipher command provides the capability to encrypt and decrypt files and folders
from a command prompt. The following example shows the available switches for the
Cipher command, which are described in Table 10-5:
cipher [/e | /d] [/s:folder_name] [/a] [/i] [/f] [/q] [/h] [/k] [file_name [...]]
Table 10-5
Cipher Command Switches
Switch
Description
/e
Encrypts the specified folders. Folders are marked so any files that are added later
are encrypted.
/d
Decrypts the specified folders. Folders are marked so any files that are added later
are not encrypted.
/s
Performs the specified operation on files in the given folder and all subfolders.
/a
Performs the specified operation on files as well as folders. Encrypted files could
be decrypted when modified if the parent folder is not encrypted. Encrypt the file
and the parent folder to avoid problems.
/i
Continues performing the specified operation even after errors have occurred. By
default, Cipher stops when an error is encountered.
/f
Forces the encryption operation on all specified files, even those that are already
encrypted. Files that are already encrypted are skipped by default.
/q
Reports only the most essential information.
/h
Displays files with the hidden or system attributes, which are not shown by
default.
/k
Creates a new file encryption key for the user running the Cipher command. Using
this option causes the Cipher command to ignore all other options.
file_name
Specifies a pattern, file, or folder.
If you run the Cipher command without parameters, it displays the encryption state of
the current folder and any files that it contains. You can specify multiple file names and
use wildcards. You must put spaces between multiple parameters.
How to Create an EFS Recovery Agent
If you lose your file encryption certificate and associated private key through disk failure or for any other reason, a user account designated as the recovery agent can open
the file using his or her own certificate and associated private key. If the recovery agent
is on another computer in the network, send the file to the recovery agent.
Lesson 4
Increasing Security by Using EFS 10-53
Security Alert
The recovery agent can bring his or her private key to the owner’s computer,
but it is never a good security practice to copy a private key onto another computer.
It is a good security practice to rotate recovery agents. However, if the agent designation changes, access to the file is denied. For this reason, you should keep recovery
certificates and private keys until all files that are encrypted with them have been
updated.
The person designated as the recovery agent has a special certificate and associated
private key that allow data recovery. To recover an encrypted file, the recovery agent
does the following:
■
Uses Backup or another backup tool to restore a user’s backup version of the
encrypted file or folder to the computer where his or her file recovery certificate
is located.
■
In Windows Explorer, opens the Properties dialog box for the file or folder, and in
the General tab, clicks Advanced.
■
Clears the Encrypt Contents To Secure Data check box.
■
Makes a backup version of the decrypted file or folder and returns the backup version to the user.
Practice: Increasing Security by Using EFS
In this practice, you log on as an administrator and encrypt a folder and its files. You
then log on using a different user account, and attempt to open an encrypted file and
disable encryption on the encrypted file.
1. In Windows Explorer, create a folder named Secret on the C drive.
2. In the Secret folder, create a text file named SecretFile.txt.
3. Right-click the Secr