Microsoft Windows XP Professional, 3rd Edition

Microsoft Windows XP Professional, 3rd Edition
www.allitebooks.com
PUBLISHED BY
Microsoft Press
A Division of Microsoft Corporation
One Microsoft Way
Redmond, Washington 98052-6399
Copyright © 2005 by Microsoft Corporation
All rights reserved. No part of the contents of this book may be reproduced or transmitted in any form or
by any means without the written permission of the publisher.
Library of Congress Control Number 2005920003
Printed and bound in the United States of America.
1 2 3 4 5 6 7 8 9
QWT
9 8 7 6 5 4
Distributed in Canada by H.B. Fenn and Company Ltd.
A CIP catalogue record for this book is available from the British Library.
Microsoft Press books are available through booksellers and distributors worldwide. For further
information about international editions, contact your local Microsoft Corporation office or contact Microsoft
Press International directly at fax (425) 936-7329. Visit our Web site at www.microsoft.com/learning/.
Send comments to [email protected]
Microsoft, Active Desktop, Active Directory, ActiveSync, ActiveX, Direct3D, DirectDraw, DirectInput,
DirectMusic, DirectPlay, DirectShow, DirectSound, DirectX, Entourage, IntelliMirror, IntelliSense,
JScript, Microsoft Press, MSDN, MS-DOS, MSN, NetMeeting, OneNote, OpenType, Outlook,
PictureIt!, PowerPoint, SharePoint, Tahoma, Visio, Visual Basic, Visual Studio, Win32, Windows,
Windows Media, Windows Mobile, Windows NT, Windows Server, and Xbox are either registered
trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.
The example companies, organizations, products, domain names, e-mail addresses, logos, people, places,
and events depicted herein are fictitious. No association with any real company, organization, product,
domain name, e-mail address, logo, person, place, or event is intended or should be inferred.
Acquisitions Editor: Martin DelRe
Project Editor: Karen Szall
Technical Editor: Mitch Tulloch
Copy Editor: Roger LeBlanc
Production: Elizabeth Hansford
Body Part No. X11-08640
www.allitebooks.com
Contents at a Glance
Part I
1
2
3
4
Part II
5
6
7
8
9
10
11
12
13
14
15
Part III
16
17
18
19
20
21
22
Deployment
Planning Deployments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Automating and Customizing Installations. . . . . . . . . . . . . . . . . . . . . . . . 47
Multilingual Solutions for Global Business . . . . . . . . . . . . . . . . . . . . . . . 131
Supporting Installations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173
Desktop Management
Managing Desktops . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201
Managing Files and Folders . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 239
Supporting Mobile Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 271
Configuring Remote Desktop . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 311
Managing Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 329
Managing Digital Media . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 397
Enabling Printing and Faxing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 431
Disk Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 473
Working with File Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 511
Backing Up and Restoring Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 583
Managing Software Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 609
Security
Understanding Logon and Authentication . . . . . . . . . . . . . . . . . . . . . . . 639
Managing Authorization and Access Control . . . . . . . . . . . . . . . . . . . . . 683
Using Encrypting File System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 747
Implementing TCP/IP Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 803
Implementing Security for Mobile Computers. . . . . . . . . . . . . . . . . . . . 839
Wireless Networking. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 855
Implementing Windows Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 873
iii
www.allitebooks.com
iv
Contents at a Glance
Part IV
23
24
25
26
Part V
27
28
29
Part VI
A
B
C
D
E
F
G
H
I
Networking
Connecting Clients to Windows Networks . . . . . . . . . . . . . . . . . . . . . . . 901
Configuring IP Addressing and Name Resolution . . . . . . . . . . . . . . . . . 943
Connecting Remote Offices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 995
Configuring Telephony and Conferencing . . . . . . . . . . . . . . . . . . . . . . 1053
System Troubleshooting
Understanding Troubleshooting. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1085
Troubleshooting Disks and File Systems . . . . . . . . . . . . . . . . . . . . . . . . 1113
Troubleshooting the Startup Process . . . . . . . . . . . . . . . . . . . . . . . . . . . 1181
Appendixes
System Files Reference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1243
User Rights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1251
Tools for Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1259
Differences with Windows XP Home Edition . . . . . . . . . . . . . . . . . . . . 1357
Differences with Windows XP Media Center Edition 2005 . . . . . . . . 1363
Differences with Windows XP Tablet PC Edition 2005 . . . . . . . . . . . . 1367
Differences with Windows XP Professional x64 Edition . . . . . . . . . . . 1373
Accessibility Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1377
Interoperability Solutions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1403
www.allitebooks.com
Table of Contents
About the Authors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxi
Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxiii
Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxv
Part I
1
Deployment
Planning Deployments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Overview of the Deployment Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Defining Project Scope and Objectives. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Assessing Your Current Environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Testing and Piloting the Deployment Plan. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Rolling Out Your Deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Mapping Windows XP Professional to Your Business Needs. . . . . . . . . . . . . . . . . . . . . . . . 6
Security Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Networking and Communications Features. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Desktop Management Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Assessing Your Current Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Hardware Requirements and Compatibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Application Compatibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Using Check Upgrade Only Mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Network Infrastructure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Planning Your Preferred Client Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Determining Desktop Management Strategies . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Determining a Client Connectivity Strategy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Determining Security Strategies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Determining Client Administration and Configuration Strategies . . . . . . . . . . 30
Planning Installations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Upgrading vs. Clean Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Choosing an Installation Method . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Determining How Many Operating Systems to Install . . . . . . . . . . . . . . . . . . . . 40
Planning for Dynamic Update . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Planning for Windows Product Activation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Additional Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
What do you think of this book?
We want to hear from you!
Microsoft is interested in hearing your feedback about this publication so we can
continually improve our books and learning resources for you. To participate in a brief
online survey, please visit: www.microsoft.com/learning/booksurvey/
v
www.allitebooks.com
vi
Table of Contents
2
Automating and Customizing Installations. . . . . . . . . . . . . . . . . . . . . . . . 47
New in Windows XP Service Pack 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Overview of Automated and Customized Installations . . . . . . . . . . . . . . . . . . . . . . . . . 48
Design an Automated and Customized Installation . . . . . . . . . . . . . . . . . . . . . 49
Windows Product Activation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Dynamic Update . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Choosing an Automated Installation and Customization Tool . . . . . . . . . . . . . . . . . . . 54
Unattended Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
System Preparation Tool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
Remote Installation Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Systems Management Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
Where to Find the Tools and Related Information . . . . . . . . . . . . . . . . . . . . . . . 61
Preparing for the Installations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
Verify Hardware and Software Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
Create a Distribution Folder. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
Customizing Unattended Installations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
Using Windows XP Professional Customization Tools . . . . . . . . . . . . . . . . . . . . 69
Creating an Answer File Manually. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
Customizing Components and Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
Installing the Operating System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
Unattended Installations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
Sysprep . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109
RIS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122
Additional Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130
3
Multilingual Solutions for Global Business . . . . . . . . . . . . . . . . . . . . . . . 131
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
New Multilingual Features in Windows XP Professional . . . . . . . . . . . . . . . . .
Multilingual Features in Windows XP Professional. . . . . . . . . . . . . . . . . . . . . . . . . . . .
Built-In Language Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Locales . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Standards and Formats (User Locales) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Input Method Editors, Input Languages, and Keyboard Layouts. . . . . . . . . .
Unicode and Code Pages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Language for Non-Unicode Programs (System Locale) . . . . . . . . . . . . . . . . .
User Interface Language Options (MUI Pack Only) . . . . . . . . . . . . . . . . . . . . .
Windows XP Professional Language Versions . . . . . . . . . . . . . . . . . . . . . . . . . .
www.allitebooks.com
131
133
135
135
136
136
137
138
139
139
139
Table of Contents
vii
Planning a Multilingual Deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142
Determining Language and Regional Requirements . . . . . . . . . . . . . . . . . . . . 142
Assessing Hardware Requirements for Multilingual Support . . . . . . . . . . . . . 143
Determining Roaming User Needs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
Upgrading from Earlier Versions of Windows . . . . . . . . . . . . . . . . . . . . . . . . . . 145
Deploying a Single Global Image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146
Creating Regional Builds . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146
Configuring Desktops . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147
Configuring Regional and Language Options . . . . . . . . . . . . . . . . . . . . . . . . . . 148
Configuring Localized Content . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150
Simplifying Multiple Language Access on Desktops . . . . . . . . . . . . . . . . . . . . 150
Entering Special Characters or Code Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151
Controlling Desktops by Using Group Policy Settings . . . . . . . . . . . . . . . . . . . 151
Using Unattended and Silent Installations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152
Creating Unattended Installations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152
Using Silent Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161
Using Windows Installer Packages for On-Demand Installations
(MUI Pack Only) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162
Supporting Multilingual Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163
Supporting World-Ready Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163
Supporting Non-Unicode Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163
Determining the Compatibility of Your Current Applications . . . . . . . . . . . . . 164
Developing Multilingual Applications. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165
Developing Multilingual Web Sites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165
Ensuring Compatibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166
Multilingual Compatibility with Active Directory Objects,
Clients, and Domain Controllers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166
Using Office XP or Office 2003 and Windows XP Professional Together . . . . 167
Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168
Tools for Troubleshooting Multilingual Issues . . . . . . . . . . . . . . . . . . . . . . . . . . 168
Problems Inputting or Displaying Multiple Languages . . . . . . . . . . . . . . . . . . 168
Verifying Application Compatibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170
Additional Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171
4
Supporting Installations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173
The Setup Process. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173
New Setup Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173
Running Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175
Support Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176
www.allitebooks.com
viii
Table of Contents
Installing Service Packs and Other Software Updates . . . . . . . . . . . . . . . . . . . . . . . . .
Service Pack and Software Update Setup Programs . . . . . . . . . . . . . . . . . . . .
Update Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Integrated Installation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Combination Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Uninstalling a Service Pack or Other Software Update . . . . . . . . . . . . . . . . . . . . . . . .
Uninstalling a Service Pack. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Uninstalling a Software Update. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Troubleshooting Windows XP Professional Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Recovery Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Additional Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Part II
5
Desktop Management
Managing Desktops . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201
Managing Desktops in Various Network Environments . . . . . . . . . . . . . . . . . . . . . . .
Managing Desktops in an Active Directory Environment . . . . . . . . . . . . . . . . . . . . . .
Implementing IntelliMirror. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Using IntelliMirror to Manage Desktops . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Using Group Policy to Manage Desktops . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Managing Desktops Without Active Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Roaming User Profiles and Logon Scripts . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
My Documents Redirection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Internet Explorer Maintenance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
System Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Local Group Policy Object . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Managing Desktops in UNIX and Novell Environments . . . . . . . . . . . . . . . . .
Creating and Managing Standard Desktop Configurations . . . . . . . . . . . . . . . . . . . .
Additional Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
6
178
179
184
190
192
195
195
196
196
197
198
202
203
204
206
211
221
222
222
222
222
227
228
230
238
Managing Files and Folders . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 239
Overview of Managing Files and Folders. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Managing Documents with Folder Redirection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Selecting Folders for Redirection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Tools for Configuring Folder Redirection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Using Offline Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Implementing Offline Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Reconnecting to the Network Resource. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Synchronizing Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
www.allitebooks.com
239
240
241
243
244
244
247
248
Table of Contents
ix
Deleting Files and Folders. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250
Group Policy Settings That Affect Offline Files . . . . . . . . . . . . . . . . . . . . . . . . . 251
Sharing Files and Folders. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 254
Configuring Shared Folder Permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255
Simple Sharing and ForceGuest . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257
Searching for Files, Folders, and Network Resources . . . . . . . . . . . . . . . . . . . . . . . . . . 259
Connecting to Network Shares . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260
Using Indexing Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260
Searching for Network Resources in an Active Directory Environment. . . . . 261
Troubleshooting Files and Folders Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263
Additional Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 270
7
Supporting Mobile Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 271
Overview of Windows XP Professional Support for Mobile Users . . . . . . . . . . . . . . . 272
Setting Up a Portable Computer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274
Check BIOS Compatibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274
Grant Installation and Configuration Rights . . . . . . . . . . . . . . . . . . . . . . . . . . . 275
Verify Hardware Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 275
Configure Power Management Options. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 276
Install Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 276
Configure Offline File Storing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 276
Configure Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 276
Configure Roaming User Profiles and Folder Redirection . . . . . . . . . . . . . . . . 277
Managing Hardware on Portable Computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 277
Hardware Profile Creation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 277
Dynamic Device Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278
Docking and Undocking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278
Configuring Power Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279
ACPI Power Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279
APM Power Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 281
Power Management Schemes and Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . 284
Configuring Roaming User Profiles and Folder Redirection . . . . . . . . . . . . . . . . . . . . 290
Roaming User Profiles in Windows XP Professional . . . . . . . . . . . . . . . . . . . . . 291
Combining Folder Redirection with Roaming User Profiles. . . . . . . . . . . . . . . 293
Configuring Offline Files for Portable Computers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 295
Configuring Files on a Network Share for Offline Use . . . . . . . . . . . . . . . . . . . 296
Configuring Synchronization for Offline Files . . . . . . . . . . . . . . . . . . . . . . . . . . 297
Securing Offline Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 301
Managing the Offline Files Folder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 302
www.allitebooks.com
x
Table of Contents
Securing Portable Computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Securely Undocking Portable Computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Windows XP Professional BIOS Security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Using Infrared Hardware and Video Devices with Portable Computers . . . . . . . . . .
Using Infrared Devices with Portable Computers. . . . . . . . . . . . . . . . . . . . . . .
Using Video Devices with Portable Computers . . . . . . . . . . . . . . . . . . . . . . . .
Wireless Networking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
WPAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Additional Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
8
Configuring Remote Desktop . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 311
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Remote Desktop Components. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Remote Desktop Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Deploying Remote Desktop . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Enabling Remote Desktop on a Computer Running
Windows XP Professional . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Adding Users to the Remote Desktop Users Group . . . . . . . . . . . . . . . . . . . . .
Installing Client Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Establishing a Remote Desktop Session . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Security and Encryption in Remote Desktop. . . . . . . . . . . . . . . . . . . . . . . . . . .
Using Group Policy with Remote Desktop. . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Troubleshooting Remote Desktop. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Server Name Not Found Error Message . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
A Specified Program Will Not Open. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Cannot Log On to the Remote Computer . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Session Ends with a Data-Encryption Error Message . . . . . . . . . . . . . . . . . . . .
Additional Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
9
303
303
304
305
305
306
307
307
310
311
312
314
316
316
316
317
320
323
324
326
326
326
327
327
327
Managing Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 329
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Device Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Plug and Play Device Detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Allocating System Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Safe Removal of Plug and Play Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Device Drivers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Driver Signing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Windows Update . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Enterprise-Wide Driver Update Using Windows Update . . . . . . . . . . . . . . . .
Driver Ranking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
www.allitebooks.com
330
332
336
337
339
341
341
342
344
344
Table of Contents
xi
Windows Driver Protection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 345
Driver Search Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 346
Device Drivers in the Driver.cab File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 346
Supported Hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 347
Universal Serial Bus . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 348
IEEE 1394 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 353
Other Bus Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 355
Other Hardware Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 356
Device Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 368
Installing a Device in Windows XP Professional . . . . . . . . . . . . . . . . . . . . . . . . 368
Installing Drivers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 369
Setting Plug and Play BIOS Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 370
Configuring Device Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 371
Using Hardware Profiles for Alternate Configurations . . . . . . . . . . . . . . . . . . . 372
Changing Hardware Acceleration Settings for Digital Audio . . . . . . . . . . . . . 373
Configuring the Display . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 374
Using Multiple Monitors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 378
Configuring Communications Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 380
Configuring Scanners and Cameras . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 381
Power Management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 382
Power Management Features. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 383
Power Policy Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 384
Using the Power Management Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 385
Hardware Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 385
Troubleshooting Hardware by Using Device Manager. . . . . . . . . . . . . . . . . . . 385
Troubleshooting Network and Other Internal Adapters . . . . . . . . . . . . . . . . . 386
Troubleshooting Modems. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 387
Troubleshooting Video Adapters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 389
Troubleshooting a Universal Serial Bus Device . . . . . . . . . . . . . . . . . . . . . . . . . 390
Troubleshooting IEEE 1394 Bus Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 393
Additional Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 394
10
Managing Digital Media . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 397
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 397
DirectX 9.0 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 397
DVD Formats and Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 399
Windows Media Technologies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 406
Accelerated Graphics Port. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 410
xii
Table of Contents
Optimizing Workstations for Digital Media. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Configuring Sound Events and Sound Schemes. . . . . . . . . . . . . . . . . . . . . . . .
Configuring Preferred Playback and Recording Devices . . . . . . . . . . . . . . . . .
Configuring Audio Performance Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Configuring CD and DVD Playback Options . . . . . . . . . . . . . . . . . . . . . . . . . . .
Configuring Animations, Sounds, and Videos in Internet Explorer . . . . . . . .
Configuring Digital Media Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Using Digital Media . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Playing Digital Media . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Creating Digital Media . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Troubleshooting Digital Media . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Common Problems with Playing Digital Media . . . . . . . . . . . . . . . . . . . . . . . .
Troubleshooting Playback of WAV Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Troubleshooting MIDI Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Troubleshooting DVD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Troubleshooting an Audio CD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Troubleshooting CD Recording . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Additional Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
11
410
411
411
412
412
413
413
414
414
416
422
423
425
425
426
427
428
430
Enabling Printing and Faxing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 431
New to Enabling Printing and Faxing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Using Active Directory to Find Printers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Searching Active Directory Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Searching Active Directory Locations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Installing Printers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Installing Network and Internet Printers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Installing Local Printers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Printer Installation Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Printing from Other Operating Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Setting Printing Preferences. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Print Queue Security Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Scheduling Printing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Spooler Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Creating and Sending Print Jobs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Modifications to the Print Dialog Box . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Printer Drivers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Image Color Management 2.0. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Methods of Sending Print Jobs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
432
432
433
434
436
436
438
440
441
443
443
444
447
447
448
448
449
449
Table of Contents
xiii
Monitoring and Managing Internet Print Jobs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 453
Printing Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 454
Printer Pooling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 454
Printing Processes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 455
Printer Components. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 456
Printing over the Internet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 460
Print Job Formats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 462
Troubleshooting Printing Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 462
Common Printing Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 462
Troubleshooting the Printing Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 465
Troubleshooting Printing from an Operating System Other
Than Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 466
Troubleshooting Font-Related Printing Problems . . . . . . . . . . . . . . . . . . . . . . . 467
Faxing in Windows XP Professional . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 468
Configuring Fax Service. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 468
Additional Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 471
12
Disk Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 473
New in Disk Management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 474
Disk Management Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 475
Basic and Dynamic Disks and Volumes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 477
Basic Disks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 478
Basic Volumes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 478
Dynamic Disks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 479
Dynamic Volumes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 480
Converting Basic Disks to Dynamic Disks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 482
How to Convert a Basic Disk to Dynamic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 487
Managing Volumes During Windows XP Professional Setup . . . . . . . . . . . . . . . . . . . 488
Preparing Multidisk Volumes for Windows XP Professional . . . . . . . . . . . . . . 489
Creating Volumes During Windows XP Professional Setup . . . . . . . . . . . . . . . 490
Installing Windows XP Professional on Dynamic Disks . . . . . . . . . . . . . . . . . . 492
Adding, Moving, and Importing Disks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 493
Adding New Disks to a Computer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 494
Moving Disks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 494
Importing Foreign Disks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 497
Managing GPT Disks in 64-Bit Computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 500
Required Partitions on GPT Disks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 501
xiv
Table of Contents
Remote Disk and Command-Line Disk Management . . . . . . . . . . . . . . . . . . . . . . . . .
Managing Disks on Remote Computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Managing Disks from the Command Line by Using DiskPart . . . . . . . . . . . .
Managing Disks from the Command Line by Using Fsutil . . . . . . . . . . . . . . .
Guidelines for Maintaining Disks and Volumes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Additional Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
13
503
503
504
508
508
509
Working with File Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 511
New in File Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Advantages of Using NTFS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
When to Use FAT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Cluster Size . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Size Limitations in NTFS and FAT File Systems . . . . . . . . . . . . . . . . . . . . . . . . .
Formatting a Volume . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Using the NTFS File System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Features Available on NTFS Systems. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Converting Volumes to NTFS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Defragmenting NTFS Volumes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Optimizing NTFS Performance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
NTFS Compatibility with Windows NT 4.0. . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Cleanup Operations on Windows NT Volumes. . . . . . . . . . . . . . . . . . . . . . . . .
NTFS Recoverability. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
NTFS Data Structures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
MS-DOS-Readable File Names on NTFS Volumes . . . . . . . . . . . . . . . . . . . . . .
Comparing FAT File Systems. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Comparing FAT File Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
FAT16 File System. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
FAT32 File System. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
File Names on FAT Volumes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Compact Disc File System. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Universal Disk Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Using File System Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
File Naming in Windows XP Professional. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Additional Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
512
513
514
515
517
518
520
522
522
549
555
556
560
561
561
564
569
569
570
571
574
574
576
577
578
579
581
Table of Contents
14
xv
Backing Up and Restoring Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 583
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 583
Backup Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 584
Storage and Media. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 585
Security Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 586
Establishing a Backup Plan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 588
Stand-Alone Computer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 589
LAN Workgroups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 590
Documenting Backup-and-Restore Procedures . . . . . . . . . . . . . . . . . . . . . . . . 592
Verify Operations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 593
Backing Up System State Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 593
Boot and System Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 594
Using the Backup Tool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 595
Files Skipped During Backup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 597
Volume Shadow Copy Technology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 597
Automated System Recovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 598
Removable Storage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 600
Basic Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 602
Available Backup Media . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 604
Encrypted Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 605
Backing Up Files on Your Local Computer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 605
Backing Up Files on Remote Computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 606
Restoring Data. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 606
Restoring System State Data. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 606
Files from Third-Party Backup Programs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 607
File Security Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 607
Additional Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 607
15
Managing Software Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 609
Overview of Managing Software Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 609
The Need for Software Updates. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 610
Designing a Software Update Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 610
Ensuring Success. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 611
Choosing a Software Update Management Application . . . . . . . . . . . . . . . . . . . . . . . 612
Assess Phase . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 617
Creating a Hardware and Software Inventory . . . . . . . . . . . . . . . . . . . . . . . . . . 617
Prioritizing Computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 620
Creating Baseline Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 620
xvi
Table of Contents
Identify Phase . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Finding New Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Evaluating Software Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Evaluate and Plan Phase . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Creating an Implementation Plan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Testing Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Deploy Phase . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Communicating Deployment Plans . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Preparing for Deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Deploying Software Updates Using SUS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Checking for Missing Updates Using MBSA . . . . . . . . . . . . . . . . . . . . . . . . . . .
Troubleshooting Failed Software Update Deployments . . . . . . . . . . . . . . . . . . . . . . .
Additional Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Part III
16
621
621
622
623
623
624
625
625
626
626
632
635
636
Security
Understanding Logon and Authentication . . . . . . . . . . . . . . . . . . . . . . . 639
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
New in Windows XP Professional . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
New In Windows XP Service Pack 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Credentials and Validation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Security Principals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Security Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Types of Logon. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Using RunAs to Start a Program . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Working with Authentication Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Protocol Selection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
NTLM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Kerberos V5 Authentication Protocol. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Managing Credentials . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Blank Password Restrictions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Password Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Smart Cards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Automating Logon . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Setting Authentication Policy Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Account Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Local Policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Auditing and Troubleshooting Logon and Authentication . . . . . . . . . . . . . . . . . . . . .
Security Options. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Audit Policy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Security Event Messages. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Additional Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
640
640
641
643
644
646
646
648
650
651
652
654
659
660
661
666
668
670
671
673
679
679
679
680
681
Table of Contents
17
xvii
Managing Authorization and Access Control . . . . . . . . . . . . . . . . . . . . . 683
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 684
Important Terms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 684
Key Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 686
Planning for Effective Access Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 689
User Accounts and Security Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 691
User Account Creation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 691
Types of Security Groups. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 692
Managing Permissions by Nesting Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . 702
Using Access Control Lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 704
Access Control Entries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 707
How Access Control Is Applied to New Objects . . . . . . . . . . . . . . . . . . . . . . . . 708
Default Permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 710
Using CACLS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 714
Managing User Rights by Using Security Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 715
Security Group Upgrade from Windows NT 4.0 . . . . . . . . . . . . . . . . . . . . . . . . 715
Security Group Creation in a Clean Installation. . . . . . . . . . . . . . . . . . . . . . . . . 715
Managing Anonymous Logons . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 717
Managing Network Authentication. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 718
Using Security Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 720
Software Restriction Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 722
Security Templates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 724
Working with Local Security Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 728
Auditing and Analyzing Access Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 735
Enabling Auditing Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 735
Using the Event Viewer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 739
Using the Security Configuration and Analysis Snap-In. . . . . . . . . . . . . . . . . . 740
Configuring and Analyzing Operations by Using Secedit.exe. . . . . . . . . . . . . 744
Additional Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 745
18
Using Encrypting File System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 747
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 747
Benefits of EFS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 748
How EFS Works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 748
New for Windows XP Professional. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 749
Components of EFS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 750
EFS Service. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 751
EFS Driver. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 751
CryptoAPI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 751
xviii
Table of Contents
Cryptographic Service Provider. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Data Protection API. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
EFS FSRTL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Win32 API . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Encrypting and Decrypting by Using EFS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
What Can Be Encrypted . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
How Files Are Encrypted. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Working with Encryption and Decryption. . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Remote EFS Operations on File Shares and Web Folders . . . . . . . . . . . . . . . . . . . . . .
Remote EFS Operations in a File Share Environment. . . . . . . . . . . . . . . . . . . .
Remote EFS Operations in a Web Folder Environment . . . . . . . . . . . . . . . . . .
Delivering EFS Certificates to Users. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
How EFS Uses Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Determining Whether an EFS Certificate Exists. . . . . . . . . . . . . . . . . . . . . . . . .
Obtaining an EFS Certificate in a Stand-Alone Environment . . . . . . . . . . . . .
Using Enterprise Certification Authorities to Issue Certificates . . . . . . . . . . .
Renewing Certificates and Keys. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Replacing Self-Signed Certificates with CA-Issued Certificates . . . . . . . . . . .
Authorizing Multiuser Access to Encrypted Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
How Users Are Authorized for Access to Encrypted Files . . . . . . . . . . . . . . . .
Considerations for Sharing Encrypted Files. . . . . . . . . . . . . . . . . . . . . . . . . . . .
Sharing Encrypted Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Taking Recovery Precautions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Data Recovery and Data Recovery Agents . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Configuring Data Recovery Policy in a Stand-Alone Environment . . . . . . . .
Exporting and Importing EFS and DRA Certificates and Private Keys. . . . . .
Backing Up and Restoring Encrypted Files or Folders . . . . . . . . . . . . . . . . . . .
Recovering Encrypted Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Strengthening Key and File Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Certificate and Public Key Storage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Private Key Storage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Master Key Storage and Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Enabling the Startup Key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Enabling 3DES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Increasing Security for Open Encrypted Files . . . . . . . . . . . . . . . . . . . . . . . . . .
Disabling EFS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Disabling EFS for an Individual File. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Disabling EFS for a File Folder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Disabling EFS for a Stand-Alone Computer. . . . . . . . . . . . . . . . . . . . . . . . . . . .
751
752
752
753
753
753
753
758
763
763
768
770
770
771
771
771
773
773
774
774
777
777
778
779
782
783
786
786
786
787
787
788
790
791
793
794
794
795
795
Table of Contents
xix
Tips for Implementing EFS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 796
Troubleshooting EFS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 797
Unable to Encrypt Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 797
Unable to Decrypt Remote Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 798
Unable to Open Encrypted Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 798
Encrypted File Is Unencrypted When Copied or Moved . . . . . . . . . . . . . . . . . 801
Virus Check Program Cannot Check All Files. . . . . . . . . . . . . . . . . . . . . . . . . . . 801
Common Error Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 801
Additional Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 802
19
Implementing TCP/IP Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 803
Securing TCP/IP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 803
Understanding Internet Layer Protocols. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 804
Understanding Transport Layer Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 807
Common Threats to TCP/IP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 809
Configuring TCP/IP Security in Windows Server 2003, Windows 2000, and Windows XP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 812
Using IPSec . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 822
Securing Data Transmission with IPSec Protocols . . . . . . . . . . . . . . . . . . . . . . . 823
Choosing Between IPSec Modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 825
Selecting an IPSec Authentication Method . . . . . . . . . . . . . . . . . . . . . . . . . . . . 826
Creating IPSec Policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 827
How IPSec Works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 830
Monitoring IPSec . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 833
Best Practices. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 836
Additional Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 837
20
Implementing Security for Mobile Computers. . . . . . . . . . . . . . . . . . . . 839
Understanding Mobile Computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 839
Increase in the Possibility of Being Lost or Stolen . . . . . . . . . . . . . . . . . . . . . . . 840
Difficulty in Applying Security Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 841
Exposure to Untrusted Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 842
Eavesdropping on Wireless Connectivity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 843
Implementing Additional Security for Laptop Computers. . . . . . . . . . . . . . . . . . . . . . 843
Hardware Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 844
Boot Protection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 845
Data Protection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 847
User Education . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 849
xx
Table of Contents
Securing Wireless Networking in Windows XP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Using Wireless Zero Configuration in Windows XP . . . . . . . . . . . . . . . . . . . . .
Configuring Security for 802.11 Wireless Network Connectivity . . . . . . . . . .
Best Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Additional Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
21
849
849
851
853
854
Wireless Networking. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 855
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Understanding 802.11 Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
802.11 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
802.11b . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
802.11a . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
802.11g . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
802.11h . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
802.11i . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
802.11e . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
802.11n . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Wi-Fi. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Wireless Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Risk Assessment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Risk Tolerance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Using Wired Equivalent Privacy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Using Wi-Fi Protected Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Using 802.1x for Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Configuring Wireless Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Infrastructure Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Ad Hoc Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Wireless Network Adapter Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Connecting to Public Hotspots . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
The WPS Infrastructure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
WPS Connection Sequence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Non-WPS Hotspots . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Best Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Troubleshooting Wireless Networking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Authentication Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Access Point Issues. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Client Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Additional Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
www.allitebooks.com
855
856
856
856
856
857
857
857
857
857
857
858
858
859
859
860
860
861
861
863
863
867
868
869
869
870
871
871
871
872
872
Table of Contents
22
xxi
Implementing Windows Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 873
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 873
Boot-Time Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 874
Enabling and Disabling Windows Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 874
Configuring Exceptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 875
Application Exceptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 875
Port Exceptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 879
Local Subnet Exceptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 880
Restore Defaults . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 881
Using Logging. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 881
ICMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 882
Deploying Firewall Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 883
Deploying Settings with Group Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 883
Group Policy Settings for Windows Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . 885
Deploying Settings without Group Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 889
Netsh Command Syntax for Windows Firewall Settings . . . . . . . . . . . . . . . . . 889
Additional Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 898
Part IV
23
Networking
Connecting Clients to Windows Networks . . . . . . . . . . . . . . . . . . . . . . . 901
Microsoft Networking Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 902
New in Microsoft Networking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 902
Fundamental Configuration Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 903
Microsoft Network Environments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 905
Peer-to-Peer Network Environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 905
Windows Domain Environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 907
Account Authentication. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 912
Authentication Methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 913
Logon Names . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 913
TCP/IP and Other Network Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 914
Benefits of TCP/IP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 914
Configuring the Protocol Binding Order . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 915
Locating Resources by Publishing Objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 916
Computer Browser and Browsing Roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 917
Logon Scripts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 921
Group Policy and System Policy Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 921
System Policy and Group Policy Coexistence. . . . . . . . . . . . . . . . . . . . . . . . . . . 923
Checking Local and Domain Policy Compatibility . . . . . . . . . . . . . . . . . . . . . . 925
Group Policy Settings for Network Connections. . . . . . . . . . . . . . . . . . . . . . . . 925
xxii
Table of Contents
Joining the Network Environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Network Identification Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Changing Windows Workgroup Membership . . . . . . . . . . . . . . . . . . . . . . . . .
Manually Joining a Windows Domain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Confirming Domain and Workgroup Membership . . . . . . . . . . . . . . . . . . . . . . . . . . .
Testing a Workgroup User Account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Testing a Domain User Account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Establishing a Secure Channel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Troubleshooting Microsoft Networking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Tools for Troubleshooting. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Troubleshooting Joining Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Troubleshooting Logon Problems. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Troubleshooting Group Policy and System Policy . . . . . . . . . . . . . . . . . . . . . .
Troubleshooting My Network Places . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Additional Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
24
930
930
931
931
932
932
932
933
934
934
937
939
940
940
941
Configuring IP Addressing and Name Resolution . . . . . . . . . . . . . . . . . 943
Overview of Addressing and Name Resolution. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Types of IP Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Types of IP Address Assignment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Types of TCP/IP Name Resolution. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Enabling IP Address Assignment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Choosing an IP Address Assignment Method. . . . . . . . . . . . . . . . . . . . . . . . . .
Configuring DHCP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Configuring APIPA. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Configuring an IP Address Manually . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Configuring Multiple IP Addresses on a Network Adapter. . . . . . . . . . . . . . .
Configuring an Alternate IP Address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Configuring TCP/IP Name Resolution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Choosing a Name Resolution Method . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Configuring DNS to Resolve Host Names and Domain Names . . . . . . . . . . .
Configuring Dynamic Update . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Editing Hosts Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Configuring NetBIOS Name Resolution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Troubleshooting Name Resolution and Addressing. . . . . . . . . . . . . . . . . . . . . . . . . . .
Checking NetBIOS Name Resolution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Checking Hosts Files and DNS Name Resolution . . . . . . . . . . . . . . . . . . . . . . .
Troubleshooting IP Addressing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Additional Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
943
944
945
945
946
946
947
950
951
952
953
954
955
957
976
979
979
988
989
991
992
993
Table of Contents
25
xxiii
Connecting Remote Offices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 995
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 995
Local Connections in a Remote Office . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 996
Remote Connections to a Private Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . 996
Connecting to the Internet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 997
What’s New . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 997
Understanding Connection Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 997
Remote Access Connection Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 998
VPN Connection Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1000
Local Connection Types. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1001
Direct Cable Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1003
Wide Area Network Connection Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1005
Incoming Connection Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1007
Connection-Defined Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1007
Managing Outgoing Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1008
Using the New Connection Wizard to Choose Connection Types . . . . . . . . 1009
What Can I Configure? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1011
Configuring Remote Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1012
Configuring Advanced Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1012
Deploying Connection Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1017
Accessing Network Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1019
Managing Incoming Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1020
Configuring Home Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1021
Home Network Hardware Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1022
Home Network Configuration Instructions . . . . . . . . . . . . . . . . . . . . . . . . . . . 1023
Managing Home and Small Office Local Connections. . . . . . . . . . . . . . . . . . . . . . . . 1024
Clients, Services, and Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1025
Local Area Connection Status. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1025
WAN Adapters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1026
The Network Bridge. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1027
Securing the Remote Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1027
Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1028
Authentication Protocols. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1029
Data Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1033
Sharing an Internet Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1035
Using DHCP with ICS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1036
ICS Scenario: Connecting Your Branch Office’s Intranet to the Internet . . . 1038
Using the Windows Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1043
xxiv
Table of Contents
Troubleshooting Remote Network Connections. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1043
Troubleshooting Tools. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1043
Troubleshooting Common Local Area Configuration Problems . . . . . . . . . 1045
Troubleshooting Common Remote Access Configuration Problems . . . . . 1045
Troubleshooting Common Internet Access Configuration Problems . . . . . 1050
Additional Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1052
26
Configuring Telephony and Conferencing . . . . . . . . . . . . . . . . . . . . . . 1053
Overview of Telephony and Conferencing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1054
Telephony Environments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1054
TAPI 3.1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1060
Quality of Service. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1063
Setting Up Telephony and Conferencing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1064
Configuring Modems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1064
Configuring ISDN Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1071
Configuring Client/Server Telephony Support . . . . . . . . . . . . . . . . . . . . . . . . 1073
Configuring TAPI IP Telephony . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1074
Troubleshooting Telephony and Conferencing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1076
Troubleshooting Modems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1076
Troubleshooting PSTN Telephony . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1078
Troubleshooting Conferencing Applications. . . . . . . . . . . . . . . . . . . . . . . . . . 1079
Additional Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1082
Part V
27
System Troubleshooting
Understanding Troubleshooting. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1085
Troubleshooting Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1085
Troubleshooting Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1087
Identify Problem Symptoms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1087
Check Technical Information Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1089
Review Your System’s History. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1092
Check Firmware Versions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1094
Troubleshooting Strategies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1097
Isolate and Resolve Hardware Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1098
Isolate and Resolve Software Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1099
Avoid Common Pitfalls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1099
Document and Evaluate the Results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1105
Take Proactive Measures. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1107
Establishing a Troubleshooting Checklist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1109
Additional Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1111
Table of Contents
28
xxv
Troubleshooting Disks and File Systems . . . . . . . . . . . . . . . . . . . . . . . . 1113
New in Troubleshooting Disks and File Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1114
Maintenance and Troubleshooting Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1115
Chkdsk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1115
Disk Defragmenter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1128
Recovery Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1134
Automated System Recovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1135
DiskProbe. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1135
Dmdiag . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1136
Disk and Volume Status Descriptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1137
Disk Status Descriptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1138
Volume Status Descriptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1140
Viruses That Affect the MBR and Boot Sectors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1142
MBR Viruses. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1142
Boot Sector Viruses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1143
How MBR and Boot Sector Viruses Affect Windows XP Professional . . . . . 1143
Guidelines for Avoiding Viruses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1144
Treating an MBR or Boot Sector Virus Infection . . . . . . . . . . . . . . . . . . . . . . . 1145
Repairing Damaged MBRs and Boot Sectors in x86-Based Computers. . . . . . . . . . 1146
Restoring the MBR . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1147
Replacing the Boot Sector. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1149
Stop Messages for Disks and File Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1151
Other Disk Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1152
Disk Sectors Critical to Startup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1153
Disk Sectors on MBR Disks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1154
Disk Sectors on GPT Disks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1175
Additional Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1180
29
Troubleshooting the Startup Process . . . . . . . . . . . . . . . . . . . . . . . . . . . 1181
Understanding the Startup Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1181
Startup Phases. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1182
Following a Process for Startup and Recovery. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1195
Restoring to the Last Known Good Configuration . . . . . . . . . . . . . . . . . . . . . 1196
Starting in Safe Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1197
Rolling Back Drivers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1198
Using System Restore to Undo Changes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1199
Temporarily Disabling Applications and Processes . . . . . . . . . . . . . . . . . . . . . 1200
Temporarily Disabling Services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1207
Uninstalling Software. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1214
xxvi
Table of Contents
Using Recovery Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1214
Reviewing and Correcting Boot.ini Settings . . . . . . . . . . . . . . . . . . . . . . . . . . 1218
Performing a Parallel Windows XP Professional Installation. . . . . . . . . . . . . 1227
Saving System Files and Settings by Using Automated System
Recovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1227
Recovering from Hardware-Related Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1228
Checking Your Hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1228
Simplifying Your Hardware Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . 1231
Checking the Operating System Configuration . . . . . . . . . . . . . . . . . . . . . . . 1232
Diagnosing Disk-Related Problems. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1233
Resolving Shutdown Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1234
Resolving Power Management Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1235
Additional Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1239
Part VI
A
Appendixes
System Files Reference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1243
System Files. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1243
Startup Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1244
Folders on the Local Disk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1245
Windows Folder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1245
System32 Folder. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1247
Extracting Files from the Operating System CD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1248
Using the Copy Command in Recovery Console . . . . . . . . . . . . . . . . . . . . . . 1249
Using the Expand Command in Recovery Console . . . . . . . . . . . . . . . . . . . . 1249
Additional Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1250
B
User Rights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1251
Logon Rights. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1251
Privileges . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1253
C
Tools for Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1259
Using This Appendix . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1259
Installing and Running Troubleshooting Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1260
Installing Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1260
Tool Interface Types. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1262
Help and Support Center . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1264
Disaster Recovery Tools. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1265
Last Known Good Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1267
Using Safe Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1269
Device Driver Roll Back . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1271
Table of Contents
xxvii
System Restore . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1272
Using System Restore. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1275
Add or Remove Programs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1281
Recovery Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1281
Backup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1298
Automated System Recovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1299
Application and Service Tools. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1300
Bootcfg. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1303
Boot Logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1303
Dependency Walker. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1304
Device Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1304
DirectX Diagnostic Tool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1305
Dr. Watson . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1307
Error Reporting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1308
Event Query. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1309
Event Triggers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1309
Event Viewer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1310
Global Flags Editor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1310
Group Policy Snap-In . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1311
Group Policy Results. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1311
Group Policy Update . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1312
Kernel Debugger . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1312
Memory Pool Monitor. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1313
Online Crash Analysis Web Site . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1313
OpenFiles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1313
Performance Snap-In . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1313
Process and Thread Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1314
Program Compatibility Wizard. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1314
Registry Editor. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1315
Resultant Set of Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1317
RunAs (Command-Line Tool) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1318
RunAs (GUI Feature). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1318
SC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1318
Services Snap-In . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1319
Shutdown Event Tracker . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1319
System Configuration Utility. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1321
Systeminfo . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1324
System Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1324
xxviii
Table of Contents
Task Kill . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1327
Task List . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1328
Task Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1328
Uninstall Windows XP Professional. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1329
Remote Management Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1330
Computer Management Tool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1331
Remote Desktop . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1332
Remote Assistance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1334
Telnet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1339
Disk and Maintenance Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1339
Chkdsk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1340
Disk Cleanup. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1341
Disk Defragmenter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1342
Disk Management and DiskPart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1342
Fsutil.exe . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1343
My Computer Information in Help and Support Center. . . . . . . . . . . . . . . . 1343
Windows Update . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1344
System File Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1344
Driver Signing and Digital Signatures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1345
Driver Query . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1348
Windows File Protection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1349
Networking Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1350
GetMac . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1352
IP Config . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1352
IP Security Monitor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1352
Netsh . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1353
Netstat. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1354
Network Connectivity Tester . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1354
Network Diagnostics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1354
Network Monitor Capture Utility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1355
NSLookup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1355
PathPing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1355
Additional Resources. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1356
D
Differences with Windows XP Home Edition . . . . . . . . . . . . . . . . . . . . 1357
Windows XP Home Edition Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1357
Comparing Windows XP Home Edition and Windows XP Professional
Feature Differences . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1358
Corporate Management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1359
Corporate Security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1359
Table of Contents
xxix
Networking Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1361
File System Features. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1361
User Interface Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1361
Advanced or Power-User Features. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1362
Additional Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1362
E
Differences with Windows XP Media Center Edition 2005 . . . . . . . . 1363
Not Quite a Superset of Windows XP Professional . . . . . . . . . . . . . . . . . . . . . . . . . . . 1363
Availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1363
Language Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1364
Hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1364
Applications. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1365
F
Differences with Windows XP Tablet PC Edition 2005 . . . . . . . . . . . . 1367
Superset of Windows XP Professional . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1367
Availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1367
Language Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1368
Tablet Input Panel. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1368
Applications. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1370
Sticky Notes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1370
Windows Journal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1371
Office Integration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1372
G
Differences with Windows XP Professional x64 Edition . . . . . . . . . . . 1373
Overview of Windows XP Professional x64 Edition. . . . . . . . . . . . . . . . . . . . . . . . . . . 1373
Feature Parity in Windows XP Professional x64 Edition . . . . . . . . . . . . . . . . . . . . . . . 1375
Windows XP Professional x64 Edition Requirements . . . . . . . . . . . . . . . . . . . . . . . . . 1376
System Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1376
Additional Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1376
H
Accessibility Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1377
Customizing for Accessibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1377
Windows Installer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1378
Group Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1378
User Profiles. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1378
Customizing the Desktop . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1379
Utility Manager. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1380
Configuring Accessibility Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1380
xxx
Table of Contents
Setting Accessibility Options by Type of Disability . . . . . . . . . . . . . . . . . . . . . . . . . . . 1381
Options for Users with Vision Impairments . . . . . . . . . . . . . . . . . . . . . . . . . . . 1382
Options for Users with Mobility Impairments . . . . . . . . . . . . . . . . . . . . . . . . . 1387
Options for Users with Hearing Impairments . . . . . . . . . . . . . . . . . . . . . . . . . 1396
Options for Users with Cognitive Disabilities . . . . . . . . . . . . . . . . . . . . . . . . . 1397
Options for Users Who Experience Seizures . . . . . . . . . . . . . . . . . . . . . . . . . . 1399
Adding Assistive Technology Products . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1399
Add-On Assistive Technology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1400
Finding Compatible Hardware and Software . . . . . . . . . . . . . . . . . . . . . . . . . 1400
Using SerialKeys for Add-On Hardware and Software. . . . . . . . . . . . . . . . . . 1401
Additional Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1401
I
Interoperability Solutions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1403
Overview of Microsoft Interoperability Solutions for Windows XP
Professional. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1404
Interoperability with UNIX and Linux . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1406
Interoperability with Novell NetWare. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1408
Interoperability with IBM Host Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1409
Microsoft Host Integration Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1409
Host Integration Server Client Software Components. . . . . . . . . . . . . . . . . . 1410
Interoperability with Apple Macintosh Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1411
Windows Server 2003 Services for Macintosh . . . . . . . . . . . . . . . . . . . . . . . . 1411
Microsoft Office for Apple Macintosh Operating Systems . . . . . . . . . . . . . . 1412
Microsoft Internet Applications for Apple Macintosh Computers. . . . . . . . 1412
Glossary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1413
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1465
What do you think of this book?
We want to hear from you!
Microsoft is interested in hearing your feedback about this publication so we can
continually improve our books and learning resources for you. To participate in a brief
online survey, please visit: www.microsoft.com/learning/booksurvey/
www.allitebooks.com
About the Authors
Charlie Russel is a chemist by education, an electrician by trade, a UNIX sysadmin and an
Oracle DBA because he raised his hand when he should have known better, an IT director and
consultant by default, and a writer by choice. Charlie is the co-author of more than two dozen
computer books on operating systems and enterprise environments, including Microsoft
Windows Server 2003 Administrator’s Companion (Microsoft Press), Microsoft Windows Small
Business Server 2003 Administrator’s Companion (Microsoft Press), and Oracle DBA Backup and
Recovery Quick Reference (Prentice-Hall PTR). He has also written numerous white papers and
case studies for Microsoft.com and is a regular columnist for the Windows XP Expert Zone.
Sharon Crawford yields to no one in the checkered-past department. A former electrician for
the New York City subways, she’s also done stints as a cab driver, editor, bookkeeper, gift
wrapper, and insurance adjustor. She stumbled into the world of computers twenty years ago
and has been eternally grateful—if crankier—ever since. She’s written or collaborated on a couple of dozen books with her brilliant and long-suffering spouse, Charlie Russel. Their most
recent books are Microsoft Windows Server 2003 Administrator’s Companion and Microsoft
Windows Small Business Server 2003 Administrator’s Companion, both published by Microsoft
Press. She now lives in beautiful British Columbia, which has lowered her level of crankiness
considerably.
xxxi
Thank you to those who contributed to this book:
Microsoft Windows XP Professional Resource Kit, Third Edition
Book Writing Lead for the Microsoft Windows Team: Paulette McKay
Resource Kit Tools Program Managers: Majdi Badarin and Clark Gilder
Resource Kit Tools Software Development and Test Team: Sameer Garde, Sunil Gummalla, Venu
Somineni, Kendra Yourtee, Scott Smith, and John Turner
Technical Writing Leads: Cheryl Jenkins, Randy McLaughlin, and Andrea Weiss
Writers: Jason Gerend, Ben Aguiluz, Fred Ahrends, Jim Bevan, Ross Carter, Martin DelRe,
Kumud Dwivedi, Suzanne Girardot, Douglas Goodwin, Clifton Hall, Merrilee McDonald,
Chris McKitterick, Jerry Santos, Ben Smith, Mark Wilkinson, Roland Winkler, Roger Yap,
Larry Yurdin, and Jill Zoeller
Book Editing Leads: Karen Szall, Scott Turnbull, and Paula Younkin
Editing Leads: Sandra Faucett, Anika Nelson, and Scott Somohano
Editors: Sandra Faucett, Laura Graham, Justin Hall, Joan Kleps, Roger LeBlanc, Sandi Resnick,
Susan F. Sarrafan, Fredrika Sprengle, Dee Teodoro, Thelma Warren, and Mitch Tulloch
Glossary Coordinator: Scott Somohano
Production Leads: Elizabeth Hansford and Jason Hershey
Production Specialists: Barbara Arend, Heather Klauber, Elizabeth Hansford, Tess McMillan,
Barbara Norfleet, William Teel, and Charlotte Bowden
Documentation Tools Software Developers: Jason Hershey and Cornel Moiceanu
Indexing Leads: David Pearlstein and Patricia Masserman
Indexers: Seth Maislin, Lee Ross, and Tony Ross
Lead Graphic Designers: Gabriel Varela and Joel Panchot
Designers: Chris Blanton and Rochelle Parry
Art Production: Jon Billow, Joel Panchot, Amy Shear, and Gabriel Varela
Test Managers: Eric Camplin and Jonathan Fricke
Test Lead: Richard Min
Testers: Keith Horton, Michael Howe, Tim Kim, Gino Sega, and Matt Winberry
Windows Lab Administrators: Dave Meyer and Robert Thingwold
Lab Partners: Cisco Systems, Inc. and Compaq, Inc.
Department Manager: Ken Western
Documentation Manager: Pilar Ackerman
Editing Manager: Kate O’Leary
Release Managers: Daretha Hodges, Neil Orint, and Karla van der Hoeven
xxxiii
xxxiv
Acknowledgments
A special recognition to the following technical experts for their exceptional contributions: Ben
Christenbury, Bob Fruth, Jeff Nemecek, and George Vordenbaum
A special thanks to the following technical experts who contributed to and supported this effort:
Randy Abrams, Maximillian Aigner, Brian Andrew, Gabriel Aul, Brian Aust, Kai Axford, Arun
Ayyagari, Ed Baisa, David Bakin, Smaranda Balasiu, Dan Baldo, David Baldridge, Terry
Barcroft, Karl Barrus, Brad Benefield, Fred Bhesania, Susan Boher, Richard Bond, Trudy
Brassell, John Brezak, Ryan Burkhardt, Franc Camara, Robert Cameron, Greg Campbell,
Craig Carlston, Karen Carncross, Mira Chahine, Daniel Chan, Frank Chidsey, Jason Clark,
Curtis Clay III, Jason Cobb, Shy Cohen, Joseph Conway, David Cross, Brennan Crowe, Nat
Crum, Bill Curtis, Joseph Dadzie, Paul Darcy, Joseph Davies, Scott Deans, Craig Delthony,
Pasquale DeMaio, Clint Denham, Michael Dennis, Dominique Domet-DeMont, Tony
Donno, Bo Downey, Simon Earnshaw, Tarak Elabbady, Lisa Epstein, Levon Esibov, Brian
Esposito, Glenn Evans, David Everett, Gregory Finch, Eric Fitzgerald, Zeb Fitzsimmons,
Dennis Flanagan, Bob Fruth, Jason Fulenchek, Lee Fuquay, Mark Galioto, Randall
Galloway, Praerit Garg, Vincent Geglia, Clark Gilder, Sunni Goeller, David Golds, Darrell
Gorter, Timothy Green, Robert Griswold, Jim Groves, Bill Gruber, Robert Gu, Brian
Guarraci, Keith Hageman, Jeff Hamblin, Mu Han, Bobbie Harder, Dennis Harding, William
Harding, Matthew Hendel, Scott Hetzel, Emily Hill, Mike Hillberg, Mary Hillman, Greg
Hinkel, Anne Hopkins, Vic Horne, Terence Hosken, Jin Huang, Ben Hutz, LaDeana Huyler,
Robert Ingman, Shaun Ivory, Michael Jacquet, Raj Jhanwar, Tom Jolly, Deborah Jones, Nate
Keyes, Carsten Kinder, Kristin King, Richard Knowles, Igor Kostic, Vishwa Kumbalimutt,
Norbert Kusters, Justin Kwak, Michael Lai, John Lamb, John Lambert, David Lee, Thomas
Lee, Benjamin Leis, Raymond Leury, Bjorn Levidow, Matt Lichtenberg, Steve Light, YungShin Lin, Huisheng Liu, Daniel Lovinger, Don Lundman, Pankaj Lunia, Erik Lustig, Craig
Marl, Allen Marshall, Craig Marshall, Aaron Massey, Michael Maston, Mark Maszak, Marcus
Matthias, Phillippe Maurent, Greg McConel, Michael McConnell, Everett McKay, Charleta
McKoy, Lonny McMichael, Joy Miller, Wes Miller, Daniel Millet, Joseph Minckler, Derek
Moore, David Morehouse, Alan Morris, Jennifer Moser, Gary Moulton, David Mowers, Elliot
Munger, Anand Namasivayam, Debbie Newman, Thomas Nielsen, Steve Olsson, Robert
Osborne, Darwin Ou-Yang, Emanuel Paleologu, Bharti Pardasani, Cooper Partin, Annie
Pearson, Daryl Pecelj, Nathan Pettigrew, Worapon Pitayaphongpat, Glenn Pittaway, Steven
Poling, Jason Popp, Houman Pournasseh, Steve Powers, Jose Luis Montero Real, Cyra
Richardson, Andrew Ritz, Cynda Rochester, Carmen Myriam Rodero-Scardelis, Russell Dee
Rolfe, Robert Ross, Vic Rozumny, Vlad Sadovsky, Mohammed Samji, Clark Satter, John
Schwartz, Joseph Seifert, Heide Shriver-Thatcher, Andy Simonds, Scott Sipe, Guy Smith,
Jonathan V. Smith, Robert Smith, Bob Snead, Kirk Soluk, Sundar Srinivasan, David Stern,
Christina Storm, Hakon Strande, Guhan Suriyanarayanan, Heather Swayne, Scott
Tembreull, Cristian Teodorescu, Vishal Thakkar, Jim Thatcher, Mandy Tidwell, Albert Ting,
Eric Torgeson, Mike Tricker, Jim Travis, Jim Truher, Mike Truitt, Gabriel Usmani, Eugene
Valley, Cliff Van Dyke, Catharine van Ingen, Tonu Vanatalu, Don Velliquette, Son Voba,
Stephen Walli, Charles West, BJ Whalen, Ethan Wilansky, Robert Wilhelm, Roy Williams,
Jon Wojan, A-Zu Wu, Wei Wu, Edward Ye, Shuling Yu, Jason Zions, and Ethan Zoller
Introduction
Welcome to Microsoft Windows XP Professional Resource Kit, Third Edition.
Microsoft Windows XP Professional Resource Kit, Third Edition, is a comprehensive technical
resource for installing, configuring, and supporting Microsoft Windows XP Professional Service Pack 2 in networks that use Microsoft Windows Server operating systems and other
server systems. All versions of Windows XP Professional are covered, with an emphasis on
Windows XP Service Pack 2. Feature and functionality differences among Windows XP Professional, Windows XP Professional x64 Edition, Windows XP Media Center Edition 2005, Windows XP Tablet PC Edition 2005, and Microsoft Windows XP Home Edition are also
discussed. The book provides support information for Microsoft Windows XP Professional
x64 Edition in an enterprise. You’ll find task-based information on how to automate installations and customize Windows XP Professional to meet your needs. Also included is in-depth
coverage of security and networking in Windows XP Professional, plus information for wireless networks. You’ll also find extensive troubleshooting information, including a comprehensive list of the most useful troubleshooting tools and troubleshooting-specific technologies.
This update to Microsoft Windows XP Professional Resource Kit Documentation includes more
than 120 powerful tools for administering Windows clients and servers, new security chapters
from the Microsoft Security Team, complete coverage of the new Windows Firewall,
expanded coverage of wireless networking, and a complete bonus electronic version (eBook),
Automating and Customizing Installations from the Microsoft Windows Server 2003 Deployment
Kit, on the companion CD. The CD also includes a fully searchable eBook of this book.
Document Conventions
The next sections describe the conventions used in this book.
Reader Alert Conventions
details.
Reader alerts are used throughout the book to point out useful
Reader Alert
Meaning
Tip
A helpful bit of inside information on specific tasks or functions
Note
Alerts you to supplementary information
xxxv
xxxvi
Introduction
Reader Alert
Meaning
Caution
Important information about possible data loss, breaches of security, or
other serious problems
Warning
Information essential to completing a task, or notification of potential harm
Command-line Examples The following style conventions are used in documenting
command-line tasks throughout this guide.
Element
Meaning
Bold font
Characters that you type exactly as shown, including commands and
parameters. User interface elements also appear in boldface type.
Italic font
Variables for which you supply a specific value. For example, Filename.ext can refer to any valid file name.
Monospace font
Code samples.
%SystemRoot%
Environment variable.
Resource Kit Companion CD The companion CD includes tools for administering Windows clients and servers, including:
Checks Group Policy object stability and consistency and
monitors policy replication
■
Group Policy Verification
■
Policy Spy Allows users to view and refresh Group Policy settings applied to the current user account and local computer
■
Monitors key statistics and status about members of a file replication service
replica set, including traffic level, backlogs, and free space
■
Uddiconfig.exe Enables you to adjust the configuration settings exposed by the UDDI
Services MMC snap-in
Sonar.exe
You can find additional documentation about the tools on the companion CD in the Windows Resource Kit Tools Help and Windows Resource Kit Tools Release Notes (Readme.htm).
The CD also includes four complete eBooks: Automating and Customizing Installations from the
Microsoft Windows Server 2003 Deployment Kit, a fully searchable electronic version of the
Microsoft Windows XP Professional Resource Kit, Third Edition, the Microsoft Encyclopedia of Networking, Second Edition, and the Microsoft Encyclopedia of Security.
Introduction
xxxvii
Resource Kit Support Policy
Microsoft does not support the tools supplied on the Microsoft Windows XP Professional
Resource Kit, Third Edition CD. Microsoft does not guarantee the performance of the tools, or
any bug fixes for these tools. However, Microsoft Press provides a way for customers who purchase Microsoft Windows XP Professional Resource Kit, Third Edition, to report any problems
with the software and receive feedback for such issues. To report any issues or problems, send
an e-mail message to [email protected] This e-mail address is only for issues related to
Microsoft Windows XP Professional Resource Kit, Third Edition. Microsoft Press also provides corrections for books and companion CDs through the World Wide Web at http://
www.microsoft.com/learning/support/. To connect directly to the Microsoft Knowledge Base
and enter a query regarding a question or issue you have, go to http://support.microsoft.com.
For issues related to the Windows XP operating system, please refer to the support information included with your product.
Part I
Deployment
In this part:
Chapter 1: Planning Deployments. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Chapter 2: Automating and Customizing Installations . . . . . . . . . . . . . . . 47
Chapter 3: Multilingual Solutions for Global Business. . . . . . . . . . . . . . . 131
Chapter 4: Supporting Installations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173
Before you can begin using Microsoft Windows XP Professional in your organization, you
need to determine how to customize it to best meet your needs and then determine the
most effective way of rolling it out to your users. The chapters in this part help you plan,
implement, and troubleshoot your deployment of Windows XP Professional.
www.allitebooks.com
Chapter 1
Planning Deployments
Microsoft® Windows® XP Professional is designed to meet your organization’s business
needs. This chapter helps you determine the best way to deploy the operating system in
your organization. Deploying Windows XP Professional requires careful planning. Before
you install Windows XP Professional on your desktop computers, you must determine
whether you need to upgrade your hardware and applications. Then you must decide which
features to install, how much centralized control to maintain over users’ computers, and
which installation methods to use.
In this chapter:
Overview of the Deployment Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Mapping Windows XP Professional to Your Business Needs. . . . . . . . . . . . . . . . . . . 6
Assessing Your Current Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Planning Your Preferred Client Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Planning Installations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Additional Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Related Information
■
For more information about installing Windows XP Professional, see Chapter 2, “Automating and Customizing Installations,” and Chapter 4, “Supporting Installations.”
Overview of the Deployment Process
The first step in the deployment process is to assess your business needs so that you can
define the project scope and objectives. Next, decide how best to use Windows XP Professional to meet those needs. Then, assess your current network and desktop configurations,
determine whether you need to upgrade your hardware or software, and choose the tools for
your deployment.
Having made these decisions, you are ready to plan your deployment. An effective plan typically includes the following:
3
4
Part I:
Deployment
■
All the details for customizing Windows XP Professional
■
A schedule for the deployment
■
An assessment of your current configuration (including information about your users,
organizational structure, network infrastructure, and hardware and software needs)
■
Test and pilot plans
■
A rollout plan
Create a test environment in which you can deploy Windows XP Professional by using the features and options in your plan. Have your test environment mirror, as closely as possible, your
users’ network, including hardware, network architecture, and business applications.
When you are satisfied with the results in your test environment, roll out your deployment to
a specific group of users to test the results in a controlled production environment (a pilot).
Finally, roll out Windows XP Professional to your entire organization.
Creating the deployment plan is a cyclic process. As you move through each phase, modify the
plan based on your experiences.
Defining Project Scope and Objectives
The scope is the baseline for creating a functional specification for your deployment project.
The scope of your deployment project is defined largely by your answers to the following
questions:
■
What business needs do you want to address with Windows XP Professional?
■
What are the long-term IT goals for the deployment project?
■
How will your Windows XP Professional client computers interact with your IT infrastructure?
Assessing Your Current Environment
Document your computing environment, looking at your organizational structure and how it
supports your users. Use this assessment to determine your readiness for desktop deployment of Windows XP Professional. The three major areas of your computing environment to
assess include your hardware, software, and network.
Hardware Do your desktop and mobile computers meet the minimum hardware requirements for Windows XP Professional? In addition to meeting these requirements, all hardware
devices must be compatible with Windows XP Professional.
Chapter 1:
Planning Deployments
5
Software Are your applications compatible with Windows XP Professional? Make sure that
all your applications, including custom-designed software, work with computers running
Windows XP Professional.
Note The changes introduced in Windows XP Service Pack 2 (SP2) can cause application
incompatibilities or require additional application configuration changes as a result of the new
default configuration of Windows Firewall. When verifying application compatibility, ensure
you verify against at least SP2.
Network Document your network architecture, including topology, size, and traffic patterns.
Also, determine which users need access to various applications and data, and describe how
they obtain access.
Where appropriate, create diagrams to include in your project plan.
Testing and Piloting the Deployment Plan
Before rolling out your deployment project, you need to test it for functionality in a controlled
environment. Before you begin testing your deployment project, create a test plan that
describes the tests you will run, the expected results, a schedule for performing tests, and who
will run each test. The test plan must specify the criteria and priority for each test. Prioritizing
your tests can help you avoid slowing down your deployment because of minor failures that
can be easily corrected later; it can also help you identify larger problems that might require
redesigning your deployment plan.
The testing phase is essential because a single error condition can be duplicated to all computers in your environment if it is not corrected before you deploy the image. It is recommended
that you roll out the deployment to a small group of users after you test the project. Piloting
the installation allows you to assess the success of the deployment project in a production
environment before rolling it out to all users.
Create a test lab that is not connected to your network but mirrors, as closely as possible, your
organization’s network and hardware configurations. Set up your hardware, software, and network services as they are in your users’ environment.
Perform comprehensive testing on each hardware platform, testing both application installation and operation. This can greatly increase the confidence of the project teams and the business-decision makers, resulting in a higher quality deployment.
To pilot the project, roll out the deployment to a small group of users. The primary purpose of
pilot projects is not to test Windows XP Professional. Instead, the aim of your early pilots is to
get user feedback for the project team. This feedback is used to further determine the features
that you need to enable or disable in Windows XP Professional. This is particularly relevant if
you upgrade from Microsoft Windows 98 or Microsoft Windows Millennium Edition (Me),
6
Part I:
Deployment
which do not include features such as domain-based computer accounts, local security, and
file system security. For pilots, you might choose a user population that represents a cross-section of your business in terms of job function and computer proficiency. Install pilot systems
by using the same method that you plan to use for the final rollout.
The pilot process provides a small-scale test of the eventual full-scale rollout, so you can use
the results of the pilot, including any problems encountered, to finalize your rollout plan.
Compile the pilot results and use the data to estimate upgrade times, the number of concurrent upgrades you can sustain, and peak loads on the user support functions.
Rolling Out Your Deployment
After you thoroughly test your deployment plan and pilot the deployment to smaller groups
of users, and you are satisfied with the results, begin rolling out Windows XP Professional to
the rest of your organization.
To finalize the rollout plan, you need to determine the following:
■
The number of computers to be included in each phase of the rollout
■
The time needed to upgrade or perform a clean installation for each computer to be
included
■
The personnel and other resources needed to complete the rollout
■
The time frame during which you plan to roll out the installations to different groups
■
Training needed for users throughout the organization
Throughout the rollout, gather feedback from users and modify the deployment plan as
appropriate.
For more information about performing upgrades or clean installations, see Chapter 2, “Automating and Customizing Installations.”
Mapping Windows XP Professional to Your Business Needs
Some features are available only if you deploy Windows XP Professional in a domain that uses
Active Directory®. Other features are available to any computer running Windows XP Professional, using any server. After you identify your business needs, you can map desktop management, security, and networking features in Windows XP Professional to those needs.
Security Features
Windows XP Professional includes features (shown in Table 1-1) to help you secure your network and computers by controlling user authentication and access to resources and by
Chapter 1:
Planning Deployments
7
encrypting data stored on computers. Also included are preconfigured Security Templates for
various security scenarios.
Table 1-1
Security Features in Windows XP Professional
Feature
Description
Benefit
Security Templates
Four preconfigured combinations of security policy settings
that represent different organizational security needs: basic,
secure, highly secure, and compatible.
Allow you to implement the appropriate templates without modifications or use them as the base for
customized security configurations.
Security groups
User groupings, used to administer security, that are defined by
their scope, their purpose, their
rights, or their role.
Allow you to control users’ rights on
the system. By adding or removing
users or resources from the appropriate groups as your organization
changes, you can change ACLs less
frequently.
Access control lists
(ACLs)
Ordered lists of access control
entries (ACEs) that collectively
define the protections that apply to an object and its properties.
In combination with security groups,
configuring ACLs on resources
makes user permissions easier to
control and audit.
Kerberos
The authentication protocol for
computers running Microsoft
Windows 2000 Professional and
Windows XP Professional in Active Directory domains.
Provides more efficient and secure
authentication than NTLM.
NTLM
The default authentication protocol in Microsoft Windows
NT® version 4.0, Windows 2000
Professional, and Windows XP
Professional.
Allows Windows XP Professional
computers to establish connections
to Windows NT–based networks.
Windows stored
user names and
passwords
A technology that can supply
users with different credentials
for different resources.
Can increase security on a per-resource basis by allowing users to
store and manage credentials.
Smart card support
An integrated circuit card (ICC)
that can store certificates and
private keys, and perform public
key cryptography operations
such as authentication, digital
signing, and key exchange.
Provides tamper-resistant storage
for private keys and other forms of
personal identification. Isolates critical security computations involving
authentication, digital signatures,
and key exchange. Enables credentials and other private information
to be moved among computers.
Encrypting File System
A feature of NTFS that uses symmetric key encryption and public-key technology to protect
files.
Allows administrators and users to
encrypt data to keep it secure. This is
particularly beneficial to mobile users.
8
Part I:
Deployment
Table 1-1
Security Features in Windows XP Professional
Feature
Description
Benefit
Enhanced Browser
Security (SP2)
New Pop-Up Blocker, download
monitoring, Information Bar,
and Add-On Manager.
Enhances default security of Internet
Explorer, and provides additional information and prompts before user
commits potentially insecure actions.
Windows Security
Center (SP2)
A single location to manage
security settings and view their
status.
Simplifies setting and managing security.
Windows Firewall
(SP2)
Helps protect against viruses,
worms, and other security
threats that can spread over the
Internet.
Enabled by default, Windows Firewall adds protection during startup
and shutdown.
Automatic Updates
Helps you automatically stay upto-date with the latest updates.
Enables users to ensure they have all
the latest critical updates automatically downloaded and installed, and
has improved support for dial-up
connections.
Networking and Communications Features
Computers that run Windows XP Professional can be configured to participate in a variety of
network environments, including networks based on Microsoft Windows, Novell NetWare,
UNIX, and IBM Host Systems. Windows XP Professional can also be configured to connect
directly to the Internet without being part of a network environment. Windows XP Professional includes several features, such as Zero Configuration, that simplify the process of connecting to a network and that allow mobile users to access network resources without
physically reconnecting cables each time they move to a new location. Table 1-2 describes several features in Windows XP Professional that provide remote and local access to resources
and support for communication solutions.
Table 1-2
Networking Features in Windows XP Professional
Feature
Description
Benefit
TCP/IP
The standard transport protocol
in Windows XP Professional.
Provides communication across networks that use diverse hardware architectures and various operating systems,
including computers running Windows
XP Professional, devices using other
Microsoft networking products, and
non-Microsoft operating systems such
as UNIX.
Chapter 1:
Table 1-2
Planning Deployments
9
Networking Features in Windows XP Professional
Feature
Description
Benefit
Dynamic Host
Configuration
Protocol (DHCP)
A protocol that allows computers
and devices on a network to be
dynamically assigned IP addresses and other network configuration information.
Eliminates the need to manually configure Internet Protocol (IP) addresses
and other IP settings, reducing potential conflicts and administrative overhead caused by static configurations.
Telephony and
Conferencing
A service that abstracts the details
of the underlying telecommunications network, allowing applications and devices to use a
single command set.
Allows data, voice, and video communications to travel over the same IPbased network infrastructure.
Remote access
A connection between the local
network and a remote or home
office, established by dial-up modem, virtual private network
(VPN), X.25, Integrated Services
Digital Network (ISDN), or Pointto-Point Protocol (PPP).
Allows users to access the network
from home or remote offices or in transit.
Client Service for
NetWare
A feature that allows Windows XP
Professional clients to transmit
Network Core Protocol (NCP)
packets to NetWare servers.
Allows Windows XP Professional client
computers to connect to NetWare file
and print servers.
Secure home
networking
Includes Internet Connection
Sharing, bridging, personal firewall, and Universal Plug and Play.
Provides easy connectivity for various
devices within the home and from a
home to a corporate network, along
with safe access to the Internet and
multiple-user accessibility over a single
Internet connection.
Wireless connectivity
Protocols that are supported by
Windows XP Professional to provide local area network (LAN) and
wide area network (WAN) connectivity, including security
mechanisms that can make the
wireless connection as secure as a
cabled connection.
Provides ease of mobility by allowing
users to access network resources and
the Internet without using connection
cables. Enhanced for SP2, including
built-in support for Wi-Fi® Protected
Access (WPA™).
Zero configuration
A mechanism in which a client
computer goes through a list of
possible network configurations
and chooses the one that applies
to the current situation.
Allows the administrator to set up the
initial configuration options so that users do not need to know which connection configuration to use. Enhanced for
SP2.
Bluetooth
A low-power protocol that enables devices to connect to each
other.
Users can easily connect to the latest
Bluetooth-enabled hardware devices
such as keyboards, cell phones, and
Personal Digital Assistants (PDAs).
10
Part I:
Deployment
Desktop Management Features
Desktop management features allow you to reduce the total cost of ownership (TCO) in your
organization by making it easier to install, configure, and manage clients. These features are
also designed as tools to make computers easier to use. Table 1-3 describes desktop management features in Windows XP Professional that increase user productivity.
Table 1-3
Desktop Management Features in Windows XP Professional
Feature
Description
Benefit
Group Policy
Administrative
Templates
Files that you can use to configure
Group Policy settings to govern the
behavior of services, applications,
and operating system components.
Allows you to configure registrybased policy settings for domains,
computers, and users.
Software Installation and
Maintenance
An IntelliMirror feature that you can
use to assign or publish software to
users according to their job needs.
Allows you to centrally manage software installation and to repair installations by using Windows Installer.
Roaming User
Profiles
A feature that ensures that the data
and settings in a user’s profile are
copied to a network server when
the user logs off and are available to
the user anywhere on the network.
Provides a transparent way to back up
the user’s profile to a network server,
protecting this information in case the
user’s computer fails. This is also useful for users who roam throughout the
network.
Folder Redirection
An IntelliMirror feature that you can
use to redirect certain folders, such
as My Documents, from the user’s
desktop to a server.
Provides improved protection for user
data by ensuring that local data is also
redirected or copied to a network
share, providing a central location for
administrator-managed backups.
Speeds up the logon process when using Roaming User Profiles by preventing large data transfers over the
network.
Offline Files
and Folders
A feature that you can use to make
files that reside on a network share
available to a local computer when
it is disconnected from the server.
Allows users without constant network access, such as remote and mobile users, to continue working on
their files even when they are not connected to the network. Users can also
have their file synchronized with the
network copy when they reconnect.
Multilingual
Options
Multilanguage support in Windows
XP Professional lets users edit and
print documents in almost any language.
Lets administrators customize desktop computers in their organization
with the language and regional support that best meets their users’
needs.
Chapter 1:
Planning Deployments
11
Assessing Your Current Configuration
Your deployment plan must include an assessment of your current infrastructure. The
answers to the following questions can help you determine what you must do to prepare the
computers in your organization for Windows XP Professional:
■
Are the computers and other devices in your network compatible with Windows XP Professional?
■
What applications does your organization use? Are they compatible with Windows XP
Professional, or do you need to upgrade to newer versions of the software before
upgrading users’ computers?
■
Are all of your users connecting locally, or do some of them use remote access to connect to your network?
To determine whether your computers and peripheral devices are compatible with Windows
XP Professional, see the Hardware section of Windows Catalog at http://www.microsoft.com
/windows/catalog. For more information about application compatibility, see the Software
section of Windows Catalog.
Note The Windows Catalog at http://www.microsoft.com/windows/catalog/ is replacing
the older Hardware Compatibility List (HCL) but you can still access text-only versions of
the HCL for different Windows versions from Windows Hardware and Driver Central at
http://winqual.microsoft.com/download/Default.asp.
Before you can upgrade your users to Windows XP Professional, you must upgrade other software and your hardware as needed. Be sure to upgrade devices, remote access services, and
your organization’s applications first.
Hardware Requirements and Compatibility
Make sure that your hardware is compatible with Windows XP Professional, and that all the
computers on which you plan to install the operating system are capable of supporting the
installation. Table 1-4 shows the minimum and recommended hardware requirements for
installing Windows XP Professional.
Table 1-4
Windows XP Professional Hardware Requirements
Minimum Requirements
Recommended Requirements
Intel Pentium (or compatible) 233megahertz (MHz) or higher processor
Intel Pentium II (or compatible) 300-MHz or higher
processor
64 megabytes (MB) of RAM
128 MB (4 GB maximum) of RAM
12
Part I:
Deployment
Table 1-4
Windows XP Professional Hardware Requirements
Minimum Requirements
Recommended Requirements
2-gigabyte (GB) hard disk with 650 MB of
free disk space (additional disk space required if installing over a network)
2 GB of free disk space
Video graphics adapter (VGA) or higher
display adapter
Super VGA (SVGA) display adapter and Plug and Play
monitor
Keyboard, mouse, or other pointing device
Keyboard, mouse, or other pointing device
Compact disc read-only memory (CDROM) or digital video disc read-only
memory (DVD-ROM) drive (required for
CD installations)
CD-ROM or DVD-ROM drive (12x or faster)
Network adapter (required for network
installation)
Network adapter (required for network installation)
For more information about the hardware requirements for installing Windows XP Professional, see the Windows XP home page at http://www.microsoft.com/windowsxp on the
Microsoft Web site.
Note
Windows XP Professional supports single and dual central processing unit (CPU)
systems.
Checking the BIOS
Before upgrading to Windows XP Professional, check that the computer’s BIOS is the latest
available version and that it is compatible with Windows XP Professional. You can obtain an
updated BIOS from the manufacturer.
If the computer does not have Advanced Configuration and Power Interface (ACPI) functionality, you might need to update the BIOS. To get ACPI functionality after Windows XP Professional is installed, you are required to do an in-place upgrade of your current installation.
Warning Microsoft does not provide technical support for BIOS upgrades. Contact the
manufacturer for BIOS upgrade instructions.
Windows Catalog
The Hardware section of Windows Catalog (http://www.microsoft.com/windows/catalog) is
a list of hardware products recommended for use with Windows XP. Hardware products that
are marked Designed for Windows XP comply with the Designed for Windows XP Logo Program requirements and were specifically designed to take advantage of the new features of
www.allitebooks.com
Chapter 1:
Planning Deployments
13
Windows XP. Hardware marked Compatible with Windows XP are considered by Microsoft
or the manufacturer to work with Windows XP but do not necessarily take full advantage of
the platform’s new features. Installing Windows XP Professional on a computer that has hardware that is not listed on Windows Catalog might cause the installation to fail, or it might
cause problems after installation. For more information on the Designed for Windows XP
Logo Program, see http://www.microsoft.com/winlogo.
Warning
A device that is not listed on Windows Catalog might function but not be supported by Windows XP Professional. For devices that do not function when the computer is
running Windows XP Professional, contact the device manufacturer for a Windows XP Professional–compatible driver. If you have a program that uses 16-bit drivers, you need to install 32bit Windows XP Professional–compatible drivers from the device manufacturer to ensure functionality with Windows XP Professional.
Hardware Compatibility with Windows Me, Windows 98, Windows 95,
and Windows 3.x
Many updated drivers ship with the Microsoft Windows XP Professional operating system CD.
However, when critical device drivers, such as hard-drive controllers, are not compatible with
Windows XP Professional or cannot be found, Setup might halt the upgrade until updated
drivers are obtained.
Note
You cannot upgrade from Microsoft Windows 95 or Microsoft Windows 3.x to Windows XP Professional. If you are migrating from either of these operating systems, you must do
a clean installation of the operating system, and then install device drivers that are compatible
with Windows XP Professional.
The 16-bit device drivers for Windows Me, Windows 98, Windows 95, and Windows 3.x were
based on the virtual device driver (VxD) model. The VxD model is not supported in Windows
XP Professional.
An upgrade does not migrate drivers from Windows Me or Windows 98 to Windows XP Professional. If the driver for a particular device does not exist in Windows XP Professional, you
might need to download an updated driver from the device manufacturer.
Hardware Compatibility with Windows NT Workstation 4.0
Some hardware devices that are supported by Microsoft Windows NT® Workstation
version 4.0 also work on Windows XP Professional; however, it is best to run Setup in Check
Upgrade Only mode to check for driver compatibility issues before upgrading the operating
system. Windows XP Professional does not support drivers, including third-party drivers, that
14
Part I:
Deployment
worked on Windows NT Workstation 4.0. You need to obtain an updated driver for Windows
XP Professional from the device manufacturer.
Typically, you can address issues concerning deployment or upgrade of Windows NT Workstation 4.0 during the test phase of deployment.
Note
To access an NTFS volume that has been upgraded for Microsoft Windows XP, you
need to be running Windows NT 4.0 Service Pack 4 or later.
Application Compatibility
Because there are new technologies in Windows XP Professional, you need to test your business applications for compatibility with the new operating system. Even if you currently use
Windows NT 4.0 or Windows 2000 Professional, you need to test applications to make sure
that they work as well on Windows XP Professional as they do in your existing environment.
Also, enhancements included in Windows XP Professional, such as improved security features, might not be supported by some applications.
Identify all applications that your organization currently uses, including custom software. As
you identify applications, prioritize them and note which ones are required for each business
unit in your organization. Remember to include operational and administrative tools, including antivirus, compression, backup, and remote-control programs.
The Software section of Windows Catalog (http://www.microsoft.com/windows/catalog) is a
list of software products recommended for use with Windows XP. Software products that are
marked Designed for Windows XP comply with the Designed for Windows XP Logo Program requirements and were specifically designed to take advantage of the new features of
Windows XP. Software marked Compatible with Windows XP are considered by Microsoft
or the manufacturer to work with XP but do not necessarily take full advantage of the platform’s new features. For more information on the Designed for Windows XP Logo Program
see http://www.microsoft.com/winlogo.
Application Compatibility—Migrating from Windows Me or Windows 98
System tools in Windows 98, such as ScanDisk and DriveSpace, cannot be upgraded to Windows XP Professional. Also, client software for other networks cannot be upgraded to Windows XP Professional, so you must acquire new versions of these clients to complete the
upgrade.
Note Novell has included an upgrade for their Client32 on the Windows XP Professional
operating system CD. The upgrade detects and automatically upgrades a previous version of
Client32 during the upgrade to Windows XP Professional. For the latest Client32 upgrade, contact Novell.
Chapter 1:
Planning Deployments
15
Some applications written for Windows 98 or Windows Me might not run properly on Windows XP Professional without modification. For example, applications might do any of the
following:
■
Maintain registry data in different locations. Windows 95, Windows 98, and Windows
Me store this data in different locations than Windows XP Professional or Windows NT
4.0 and earlier.
■
Make calls to Windows 95–, Windows 98–, or Windows Me–specific application programming interfaces.
■
Install different files when installed on Windows XP Professional than when installed
on Windows 98 or Windows Me.
There are four ways to address problems with applications that do not run properly on Windows XP Professional:
■
Reinstall the applications after the upgrade if the applications are compatible with Windows XP Professional.
■
Create a new Windows XP Professional–based standard configuration with compatible
versions of the applications.
■
Use migration dynamic-link libraries (DLLs) for each application that is not migrated
during the upgrade.
■
Run the application in Compatibility mode by right-clicking the application, selecting
Properties, and then clicking the Compatibility tab.
For more information about the Compatibility mode tool, see Chapter 17, “Managing Authorization and Access Control.”
Software vendors and corporate developers can use migration DLLs that move registry subkeys and entries, install new versions of files, or move files within the file system. These migration DLLs are used by Windows XP Professional Setup to resolve incompatibilities. Setup calls
these DLLs to update the application installation. For more information about migration
DLLs, see the Software Development Kit (SDK) information in the MSDN® library link on the
Web Resources page at: http://www.microsoft.com/windows/reskits/webresources.
Application Compatibility—Migrating from Windows NT Workstation
4.0 or Windows NT Workstation 3.51
Because Windows NT Workstation 4.0 and Microsoft Windows NT Workstation version 3.51
share common attributes with Windows XP Professional, almost all applications that run on
Windows NT Workstation versions 4.0 and 3.51 run without modification on Windows XP
Professional. However, a few applications are affected by the differences between Windows
NT Workstation 4.0 and Windows XP Professional.
16
Part I:
Deployment
One example is antivirus software. As a result of changes between the version of NTFS
included with Windows NT 4.0 and the version of NTFS included with Windows XP Professional, file-system filters used by antivirus software no longer function between the two file
systems. Another example is third-party networking software (such as TCP/IP or IPX/SPX
protocol stacks) written for Windows NT Workstation 4.0. The following features and applications cannot be properly upgraded to Windows XP Professional:
■
Applications that depend on file-system filters. For example antivirus software, disk
tools, and disk quota software.
■
Custom power-management solutions and tools. Windows XP Professional support for
Advanced Configuration and Power Interface (ACPI) and Advanced Power Management
(APM) replaces these. Remove all such custom solutions and tools before upgrading.
■
Custom Plug and Play solutions. These are no longer necessary, because Windows XP
Professional provides full Plug and Play support. Remove all custom Plug and Play solutions before upgrading.
■
Fault-tolerant options such as disk mirrors.
■
Third-party network clients and services.
■
Virus scanners.
■
Uninterruptible power supplies.
Warning
You must remove virus scanners, third-party network services, and third-party
client software before starting the Windows XP Professional Setup program.
Testing Commercial Applications
You can run Windows XP Professional Setup in Check Upgrade Only mode to test commercial applications for compatibility. As Setup runs, it checks installed software against a list of
applications that are known to be incompatible with Windows XP Professional and logs any
that it finds.
Note Running Setup in Check Upgrade Only mode can alert you to known incompatibility
problems with applications installed on the computer that you are checking. However, the fact
that an application does not generate a log entry does not mean that the application is
compatible.
For more information about Check Upgrade Only mode, see “Using Check Upgrade Only
Mode” later in this chapter.
Chapter 1:
Planning Deployments
17
Test application installation and removal, as well as functionality. Use the features, configurations, and application suites normally used by your business to access, edit, and print data
files. The following are some useful tests you might do:
■
Terminate application installation before it is complete.
■
Try all the installation options used in your business.
■
Test the installation by logging on as an Administrator and as a Power User.
■
Log on as several members of the Users group to test the features most important to
your end users.
■
Apply Group Policy to users and computers.
■
Test combinations of applications, such as standard desktop configurations.
■
Run several applications for several days or weeks without quitting them.
■
Test automated tasks that use Microsoft Visual Basic® for Applications.
■
Test to verify that long file names are consistently supported.
■
Manipulate large graphics files.
■
Perform rapid development sequences of edit, compile, edit, compile.
■
Test object linking and embedding (OLE) custom controls.
■
Test with hardware, such as scanners and other Plug and Play devices.
■
Test the applications on a Terminal Services server. Test with multiple users running the
same and different applications and with user-specific settings.
■
Test concurrent use of a database, including simultaneous access and update of a
record, and perform complex queries.
Testing Custom Applications
For custom applications, you need a more extensive testing strategy than for pretested commercial applications.
The Windows Application Compatibility Toolkit can help you develop a test plan, even for
applications that were not developed internally. The test plan offers ideas about functional
areas to test. To download the latest version of the Windows Application Compatibility Toolkit, see http://www.microsoft.com/windows/appcompatibility. This site also contains information about testing, such as white papers about exploratory testing and the methods that
independent testing organizations use to test applications that vendors submit for certification.
18
Part I:
Deployment
Using Check Upgrade Only Mode
Windows XP Professional Setup includes a Check Upgrade Only mode, which can be used to
test the upgrade process before you do an actual upgrade. Check Upgrade Only mode produces a report that flags potential problems that might be encountered during the actual
upgrade, such as hardware compatibility issues or software that might not be migrated during
the upgrade. To run Setup in Check Upgrade Only mode, select Check system compatibility
from the menu displayed when you insert the installation CD.
You can also run Setup in Check Upgrade Only mode by running Winnt32.exe, from the i386
folder, with the command-line parameter -checkupgradeonly.
If you don’t have a Windows XP Professional product CD, you can still determine whether
your systems are capable of being upgraded to Windows XP by downloading and running the
Windows XP Upgrade Advisor, which you can obtain from http://www.microsoft.com/
windowsxp/pro/upgrading/advisor.mspx.
When you use any of the preceding methods to test a system to see whether it can be
upgraded to Windows XP, a Report System Compatibility window opens displaying any possible issues that could affect your plan to upgrade. These issues are of two types:
■
Blocking issues are displayed with a red stop sign and indicate problems that unless
resolved will cause your upgrade to fail. An example would be insufficient disk space on
your system partition.
■
Warnings are displayed with a yellow caution sign and indicate issues that might cause
applications or devices to fail after the operating system has been upgraded. An example
would be a printer whose current device driver is incompatible with Windows XP.
By selecting an issue and clicking Details, you can obtain more information concerning the
issue.
In addition, an Upgrade Report (Upgrade.txt) is created in the %Windir% directory so that
you can review any potential upgrade issues later at your convenience. Depending on whether
you are only testing upgrade compatibility or are actually performing the upgrade, one or
more of the following entries might be present in the report:
MS-DOS configuration This includes entries in Autoexec.bat and Config.sys that are incompatible with Windows XP Professional. These entries might be associated with older hardware
and software that is incompatible with Windows XP Professional. It also suggests that more
technical information is provided in the Setupact.log file located in the Windows folder.
Unsupported hardware This includes hardware that might not be supported by Windows
XP Professional without additional files.
Software that must be permanently removed This includes upgrade packs that are required
for some programs because they do not support Windows XP Professional, or because they
Chapter 1:
Planning Deployments
19
can introduce problems with Windows XP Professional Control Panel. Before upgrading to
Windows XP Professional, gain disk space by using Add or Remove Programs in Control
Panel to remove programs not being used.
Software that must be temporarily removed This includes antivirus software and upgrade
packs that are recommended for programs because they use different files and settings in
Windows XP Professional. If an upgrade cannot be obtained, remove the program before
upgrading by using Add or Remove Programs in Control Panel. After upgrading to Windows
XP Professional, reinstall or upgrade the program.
Installation requirements This includes how much additional disk space or memory is
required to install Windows XP Professional, and whether the computer contains operating
systems that cannot be upgraded to Windows XP Professional.
The Upgrade Report also displays links to Microsoft Windows XP Professional Web sites, as
well as to Add or Remove Programs in Control Panel where appropriate.
If you have applications that have been identified as incompatible while running in Check
Upgrade Only mode, you must remove the conflicting applications before installing Windows
XP Professional.
When upgrading from Microsoft Windows NT Workstation, most applications can migrate.
Certain proprietary applications, such as applications that were custom-made for your business, might not migrate. For more information on testing for compatibility of such programs,
see “Application Compatibility” in this chapter.
Blocking issues If an incompatibility prevents the upgrade from continuing, a wizard
appears to inform the user. You can view details about the incompatibility, if available. Unless
you can fix the problem by supplying a missing file (by clicking the Have Disk button), you
must quit Setup and fix the problem before rerunning Winnt32.exe.
Warnings If the incompatibility does not prevent a successful upgrade to Windows XP Professional, you are warned that this application might not function correctly with Windows XP
Professional. At this point, you can choose to quit or to continue the upgrade. The Have Disk
button is also supported in this case.
Helpful information The Upgrade Report also lists issues discovered by Check Upgrade Only
mode that do not prevent a successful upgrade, but which might be useful for the user to know.
This might include information about incompatible hardware accessories or applications that
might need to be updated or are replaced by Windows XP functionality, as well as program
notes. A General Information section lists information you need to be aware of before upgrading, such as files found on the computer (which might include backup files that need to be saved
to a different location so that they are not removed by Setup), excluded or inaccessible drives,
configurations that might be lost during the upgrade process, and other reference information.
20
Part I:
Deployment
Network Infrastructure
Assess your network infrastructure by identifying existing network protocols, network bandwidth, and the network hardware. Table 1-5 describes how these issues affect your deployment plan.
Table 1-5
Basic Attributes for Assessing Your Network Infrastructure
Attribute
Effect on Project Plan
Network
protocols
Network protocols determine how you customize several of the networking sections of answer files, such as [NetAdapter], [NetProtocols], and
[NetServices]. For more information about creating and customizing answer
files, see Chapter 2, “Automating and Customizing Installations.”
Network
bandwidth
Network bandwidth affects which method of installation to use. For example,
in low-bandwidth networks or on computers that are not part of a network,
you might need to use a local installation method. For high-bandwidth network connections, you might choose to install Windows XP Professional by
using a remote-boot CD-ROM or a network-based disk image.
Network servers
The servers you have in your network affect the installation tools available to
you. If you have an existing Microsoft Windows 2000 Server infrastructure in
place, you can use a wider range of tools to automate and customize client
installations, including Remote Installation Services (RIS).
Next, collect information about both the hardware and software in your network infrastructure. This should include the logical organization of your network, name- and address-resolution methods, naming conventions, and network services in use. Documenting the location of
network sites and the available bandwidth between them can help you decide which installation method to use.
Document the structure of your network, including server operating systems, file and print
servers, directory services, domain and tree structures, server protocols, and file structure.
You should also include information about network administration procedures, including
backup and recovery strategies, antivirus measures, and data storage and access policies. If
you use multiple server operating systems, note how you manage security and users’ access to
resources.
Network security measures should also be included in your assessment of the network.
Include information about how you manage client authentication, user and group access to
resources, and Internet security. Document firewall and proxy configurations.
Create physical and logical diagrams of your network to organize the information you gather.
The physical network diagram should include the following information:
■
Physical communication links, including cables, and the paths of analog and digital lines.
■
Server names, IP addresses, and domain membership.
■
Location of printers, hubs, switches, routers, bridges, proxy servers, and other network
devices.
Chapter 1:
■
Planning Deployments
21
Wide area network (WAN) communication links, their speed, and available bandwidth
between sites. If you have slow or heavily used connections, it is important to note them.
The logical network diagram can include the following information:
■
Domain architecture
■
Server roles, including primary and backup domain controllers, and Windows Internet
Name Service (WINS) and DNS servers
■
Trust relationships and any policy restrictions that might affect your deployment
Planning Your Preferred Client Configuration
After you identify your business needs and decide which features of Windows XP Professional
to use, determine how to implement these features to simplify the management of users and
computers in your organization. An important means to simplification is standardization.
Standardizing desktop configurations makes it easier to install, update, manage, support, and
replace computers that run Windows XP Professional. Standardizing users’ configuration settings, software, hardware, and preferences makes it easier to deploy operating system and
application upgrades, and configuration changes can be guaranteed to work on all computers.
When users install their own operating system upgrades, applications, device drivers, settings, preferences, and hardware devices, a simple problem can become complex. Establishing
standards for desktop configurations prevents many problems and makes it easier for support
personnel to identify and resolve problems. Having a standard configuration that you can
install on any computer minimizes downtime by ensuring that user settings, applications,
drivers, and preferences are the same as before the problem occurred.
Determining Desktop Management Strategies
By running Windows XP Professional in a Windows 2000 Server domain, you can specify the
level of control exercised over users of these computers. For example, by using Active Directory and Group Policy, you can manage desktops as follows:
■
Prevent users from installing applications that are not required for their jobs
■
Make new or updated software available to users without visiting their workstations
■
Customize desktop features or prevent users from making changes to their desktop
settings
■
Refresh policy settings from the server without requiring the user to log off or restart the
computer
22
Part I:
Deployment
Table 1-6 describes how you can use the desktop management features to manage computer
and user settings.
Table 1-6
Desktop Management Tasks and Features
Task
Feature
Configure registry-based policy settings
for computers and users
Group Policy Administrative Templates
Manage local, domain, and network
security
Security Settings
Manage, install, upgrade, repair, or
remove software
Software Installation and Maintenance
Manage Internet Explorer configuration
settings
Internet Explorer Maintenance, MMC, Group Policy
settings
Apply scripts during user logon/logoff
and computer startup/shutdown
Group Policy–based scripts
Manage users’ folders and files on the
network
Folder Redirection
Manage user profiles
Roaming User Profiles
Make shared files and folders available
offline
Offline Files and Folders (in conjunction with Folder
Redirection)
If you deploy Windows XP Professional desktops in a domain that does not include Active Directory, you can still take advantage of some management features. For example, you can manage
Windows XP Professional desktops locally by implementing the following IntelliMirror® features:
■
Roaming User Profiles
■
Logon Scripts
■
Folder Redirection
■
Internet Explorer Maintenance
■
Administrative Templates (registry-based policy)
Choosing Desktop Computer Configurations
For desktop computers that are used for specific functions, such as running certain line-ofbusiness applications, you can use a management structure that prevents users from installing
any application or device or from modifying the desktop or changing settings. To improve
security and manage data storage, you can use Folder Redirection to save all data to a server
location instead of on the local computer.
You can also use Group Policy settings to manage configurations, restrict user access to certain
features, and limit the customizations users can make to their computer environment. To con-
www.allitebooks.com
Chapter 1:
Planning Deployments
23
figure a computer for a single application and no other tasks, you can remove desktop features
such as the Start menu and set that application to start when the user logs on.
If users need to exercise a great deal of control over their desktops, and tightly managing them
is not acceptable, you can use desktop management strategies to reduce support costs and
user downtime. You can allow users to install approved applications and to change many settings that affect them while preventing them from making harmful system changes. For example, you might allow users to install or update printer drivers, but not to install unapproved
hardware devices. To ensure that the user’s profile and data are saved to a secure location
where it can be backed up regularly and restored in the event of a computer failure, use Roaming User Profiles and Folder Redirection.
For more information about implementing the preceding desktop management strategies, see
Chapter 5, “Managing Desktops.” For more information about implementing and using
Folder Redirection and Offline Files and Folders for desktop management, see Chapter 6,
“Managing Files and Folders.” For more information about implementing Group Policy to
manage desktop computers, including creating organizational unit (OU) structures and determining Group Policy strategies, see the Change and Configuration Management Deployment
Guide link on the Web Resources page at http://www.microsoft.com/windows/reskits
/webresources.
Choosing Configurations for Portable Computers
If your mobile users travel frequently or work from remote sites and use slow or intermittent
network connectivity, you might want to give them more control over their computers than
you allow users who use their computers primarily on-site where administrators can provide
full support. For example, you might allow traveling users to install or update device drivers
and applications but restrict them from performing tasks that can damage or disable their
computers.
Mobile users who work mostly off-site, whether or not they are connected to your network,
have less access to support personnel. Therefore, when you install applications for users who
are seldom connected to the network or do not have a reliable fast connection to it, make sure
that all necessary components are also installed. You can use scripts to make sure that all files
associated with the installed applications are installed locally. A sample Visual Basic script
can be found in the Implementing Common Desktop Management Scenarios white paper,
available on the Web Resources page at http://www.microsoft.com/windows/reskits
/webresources. To allow portable computer users to install software, make them members
of the Power Users security group. For more information about security groups, see the
“Determining Security Strategies” section later in this chapter.
Users who connect to your network remotely might need to configure virtual private network
(VPN) connections. To allow them to make necessary configuration changes, configure the
24
Part I:
Deployment
following Group Policy settings, which are found under User Configuration/Administrative
Templates/Network/Network Connections:
■
Delete remote access connections belonging to the user.
■
Rename connections belonging to the current user.
■
Display and enable the New Connection Wizard.
■
Display the Dial-up Preferences item on the Advanced menu.
■
Allow status statistics for an active connection.
■
Allow access to the following:
❑
Current user’s remote access connection properties.
❑
Properties of the components of a local area network (LAN) connection.
❑
Properties of the components of a remote access connection.
If mobile users rarely connect to your network, you might not want to use features such as
Roaming User Profiles and Folder Redirection. However, these features help maintain a seamless work environment from any computer for users who frequently connect to the network or
roam between portable and desktop computers.
For details about setting up portable computers and selecting features that best support
mobile users, see Chapter 7, “Supporting Mobile Users.”
For more information about determining a desktop management strategy, see Chapter 5,
“Managing Desktops.”
Determining a Client Connectivity Strategy
Determining how to connect clients to your network depends largely on where they are
located and the type of network you are running. Those located within the corporate infrastructure can use a variety of network media, such as asynchronous transfer mode (ATM),
Ethernet, or Token Ring; those outside of the corporate infrastructure need to use Routing
and Remote Access or virtual private networking.
Windows XP Professional uses TCP/IP as its standard network protocol. For a Windows XP
Professional–based computer to connect to a legacy NetWare or Macintosh server, you must
use a protocol that is compatible with the server. NWLink is the Microsoft implementation of
the Novell IPX/SPX protocol, which allows you to connect to legacy NetWare file and print
servers. However, the IPX/SPX protocol is not available on Microsoft Windows XP Professional x64 Edition.
In the Properties dialog box for your Local Area Connection, you can specify which protocols
to install and enable. Windows XP Professional attempts to connect to remote servers by
using the network protocols in the order specified in the Advanced Settings dialog box,
Chapter 1:
Planning Deployments
25
which is accessed using the Advanced menu option of the Network Connections folder. For
more information, see Chapter 23, “Connecting Clients to Windows Networks.”
Note
Install only the necessary protocols. For example, installing and enabling Internetwork
Packet Exchange (IPX) when you need only TCP/IP generates unnecessary IPX and Service
Advertising Protocol (SAP) network traffic.
TCP/IP Networks
Client computers running on TCP/IP networks can be assigned an IP address statically by the
network administrator or dynamically using Dynamic Host Configuration Protocol (DHCP).
Windows XP Professional uses DNS as the namespace provider whether you use static IP
addresses or DHCP. Networks that include Microsoft Windows NT Server version 4.0 or earlier or client computers running versions of Windows earlier than Windows 2000 might
require a combination of DNS and Windows Internet Name Service (WINS).
DNS is required for integration with Active Directory, and it provides the following advantages:
■
Interoperability with other DNS servers such as UNIX Bind.
■
Integration with other networking services such as WINS and DHCP.
■
Dynamic registration of DNS names and IP addresses.
■
Incremental zone transfers and load balancing between DNS servers.
■
Support for Services Locator (SRV) and Asynchronous Transfer Mode Addresses
(ATMA) resource records.
DHCP allows Windows XP Professional–based computers to receive IP addresses automatically. This helps to prevent configuration errors and address conflicts that can occur when
previously assigned IP addresses are reused to configure new computers on the network. As
computers and devices are removed from the network, their addresses are returned to the
address pool and can be reallocated to other clients. The DHCP lease renewal process ensures
that needed changes are made automatically when client configurations must be updated.
The advantages of using DHCP follow:
■
Conflicts caused by assigning duplicate IP addresses are eliminated.
■
DNS or WINS settings do not need to be manually configured if the DHCP options are
configured for those settings.
■
Clients are assigned IP addresses regardless of the subnet to which they connect, so IP
settings need not be manually changed for roaming users.
26
Part I:
Deployment
If you assign IP addresses statically, you need to have the following information for each client:
■
The IP address and subnet mask for each network adapter installed on each client computer
■
The IP address for the default gateway for the local subnet
■
Whether the client is using DNS or WINS
■
The name of the client computer’s DNS domain and the IP addresses for the DNS or
WINS servers
■
The IP address for the proxy server (if there is one)
Note
It is recommended that you assign static IP addresses to servers and dynamic ones to
client computers. However, there are exceptions that might require you to assign static
addresses to computers running Windows XP Professional. For example, a computer that runs
an application that has the IP addresses hard-coded into it requires a static address.
On the CD
For more information about TCP/IP, DHCP and DNS, see “Configuring TCP/IP”
on the companion CD included with this book.
For more information about IP addressing, see Chapter 24, “Configuring IP Addressing and
Name Resolution.”
IPX Protocol
Internetwork Packet Exchange (IPX) is the network protocol used by legacy NetWare computers to control addressing and routing of packets within and among LANs. Windows XP Professional computers can connect to NetWare servers using Client Service for Netware.
Windows XP Professional includes NWLink and Client Service for NetWare to transmit NetWare Core Protocol (NCP) packets to and from legacy NetWare servers.
Note
Although TCP/IP is used on some Novell NetWare–based networks, Client Service for
NetWare does not support it.
NWLink and Client Service for NetWare provide access to file and print resources on NetWare
networks and servers that are running either Novell Directory Services (NDS) or bindery
security. Client Service supports some NetWare tools applications. It does not support IP,
including NetWare/IP.
You can install either Client Service for NetWare or the current Novell Client, but not both.
Note, however, you cannot use Novell Client to connect a computer running Windows XP
Chapter 1:
Planning Deployments
27
Professional to a Windows 2000 Server–based computer.
Caution
Do not install both Client Service and Novell Client for Windows NT/2000 on the
same computer running Windows XP Professional. Doing so can cause errors on the system.
When upgrading to Windows XP Professional from Windows Me, Windows 98, or Windows
NT 4.0 Workstation, Windows XP Professional upgrades Novell Client version 4.7 or earlier
to the latest version of Novell Client, allowing for a seamless upgrade. All other versions of
Novell Client should be removed before upgrading the operating system. Then reinstall and
reconfigure Novell Client.
You can also use Microsoft Services for NetWare on a Windows 2000–based server. Services
for Netware uses Client Service to connect to a NetWare network or server.
Determining Security Strategies
The Windows XP Professional security model is based on the concepts of authentication and
authorization. Authentication verifies a user’s identity, and authorization verifies that the user
has permission to access resources on the computer or the network. Windows XP Professional also includes encryption technologies, such as Encrypting File System (EFS) and public key technology, to protect confidential data on disk and across networks.
Authentication
When the user logs on to a computer, a user name and password are required before the user
can access resources on the local computer or the network. Windows XP Professional authentication enables single sign-on to all network resources, so that a user can log on to a client
computer by using a single password or smart card and gain access to other computers in the
domain without re-entering credential information. The Windows XP Professional authentication model protects your network against malicious attacks, such as:
■
Masquerade attacks. Because a user must prove identity, it is difficult to pose as another
user.
■
Replay attacks. It is difficult to reuse stolen authentication information because Windows XP Professional authentication protocols use timestamps.
■
Identity interception. Intercepted identities cannot be used to access the network,
because all exchanges are encrypted.
Kerberos V5 is the primary security protocol within Windows 2000 and Microsoft Windows
Server™ 2003 domains. Windows XP Professional–based clients use NTLM to authenticate to
servers running Windows NT 4.0 and to access resources within a Windows NT domain.
28
Part I:
Deployment
Computers running Windows XP Professional that are not joined to a domain also use NTLM
for authentication.
If you use Windows XP Professional on a network that includes Active Directory, you can use
Group Policy settings to manage logon security, such as restricting access to computers and
logging users off after a specified time. For more information about logon security, see Chapter 16, “Understanding Logon and Authentication.”
Authorization
Authorization controls user access to resources. Using access control lists (ACLs), security
groups, and NTFS file permissions, you can make sure that users have access only to needed
resources, such as files, drives, network shares, printers, and applications.
Security groups Security groups, user rights, and permissions can be used to manage security for numerous resources while maintaining fine-grained control of files and folders and
user rights. The four main security groups include:
■
Domain local groups
■
Global groups
■
Universal groups
■
Computer local groups
Using security groups can streamline the process of managing access to resources. You can
assign users to security groups, and then grant permissions to those groups. You can add and
remove users in security groups according to their need for access to new resources. To create
local users and place them within local security groups, use the Computer Management snapin of MMC or the User Accounts option in Control Panel.
Within the domain local and computer local security groups there are preconfigured security groups to which you can assign users. These include the following (and a more complete list of built-in accounts is included in Chapter 17, “Managing Authorization and Access
Control”):
Administrators Members of this group have total control of the local computer and have
permissions to complete all tasks. A built-in account called Administrator is created and
assigned to this group when Windows XP Professional is installed. When a computer is
joined to a domain, the Domain Administrators group is added to the local Administrators
group by default.
Power Users Members of this group have read/write permissions to other parts of the system in addition to their own profile folders, can install applications, and can perform many
administrative tasks. Members of this group have the same level of permissions as Users and
Power Users in Windows NT 4.0.
Chapter 1:
Planning Deployments
29
Users Members of this group are authenticated users with read-only permissions for most
parts of the system. They have read/write access only within their own profile folders. Users
cannot read other users’ data (unless it is in a shared folder), install applications that require
modifying system directories or the registry, or perform administrative tasks. Users permissions under Windows XP Professional are more limited than under Windows NT 4.0.
Guests Members of this group can log on using the built-in Guest account to perform limited tasks, including shutting down the computer. Users who do not have an account on the
computer or whose account has been disabled (but not deleted) can log on using the Guest
account. You can set rights and permissions for this account, which is a member of the builtin Guests group by default. The Guest account is disabled by default.
You can configure access control lists (ACLs) for resource groups or security groups and
add or remove users or resources from these groups as needed. The ability to add and
remove users makes user permissions easier to control and audit. It also reduces the need to
change ACLs.
You can grant users permissions to access files and folders, and specify what tasks users can
perform on them. You can also allow permissions to be inherited so that permissions for a
folder apply to all its subfolders and the files in them.
Group Policy You can use Group Policy settings to assign permissions to resources and
grant rights to users as follows:
■
To restrict which types of users can run certain applications. This reduces the risk of
exposing the computer to unwanted applications, such as viruses.
■
To configure many rights and permissions for client computers. You can also configure
rights and permissions on an individual computer to be used as the base image for desktop installations, to ensure standardized security management even if you do not use
Active Directory.
Auditing features allow you to detect attempts to disable or circumvent protections on
resources.
For more information about managing access to resources and applications, see Chapter 17,
“Managing Authorization and Access Control.” For more information about creating disk
images for installation, see Chapter 2, “Automating and Customizing Installations.”
You can use preconfigured security templates that meet the security requirements for a given
workstation or network. Security templates are files with preset security settings that can be
applied to a local computer or to client computers in a domain by using Active Directory.
Security templates can be used without modification or customized for specific needs. For
more information about using security templates, see Chapter 17, “Managing Authorization
and Access Control.”
30
Part I:
Deployment
Encryption
You can use Encrypting File System (EFS) to encrypt data on your hard disk. For example,
because portable computers are high-risk items for theft, you can use EFS to enhance security
by encrypting data on the hard disks of your company’s portable computers. This precaution
protects data and authentication information against unauthorized access.
Before implementing EFS, it is important to understand the proper backup strategy for EFS
keys and to know how to restore them.
For more information about EFS, see Chapter 18, “Using Encrypting File System.”
Determining Client Administration and Configuration Strategies
The following sections can help you make decisions about configuring Windows XP Professional computers to make them easier to administer. Depending on the needs of your organization, you can include support for multiple language versions of the operating system and
applications, specify what devices users can access, choose the file system that best suits your
security and compatibility needs, and create logical disks that are more efficient to manage.
Depending on the installation method you use, you can install applications along with the
operating system to speed the deployment process of your desktop computers. You can
enable accessibility options for users with disabilities and have those options available wherever users log on to the network.
Multilingual Options
Windows XP Professional supports companies that need to equip their users to work with
various languages or in multiple locale settings. This includes organizations that:
■
Operate internationally and must support various regional and language options, such
as time zones, currencies, or date formats
■
Have employees or customers who speak different languages, or require languagedependent keyboards or input devices
■
Develop an internal line of business applications to run internationally or in more than
one language
If you have roaming users who need to log on anywhere and edit a document in several languages, you need the appropriate language files installed or installable on demand, on a server
or workstation. You can also use Terminal Services to allow users to initiate individual Terminal Services sessions in different languages.
For more information about multilingual feature support in Windows XP Professional, see
Chapter 3, “Multilingual Solutions for Global Businesses.”
Chapter 1:
Planning Deployments
31
You can use Setup scripts to install regional and language options on your users’ computers.
For more information about creating Setup scripts, see Chapter 2, “Automating and Customizing Installations.”
Hardware Devices
Windows XP Professional includes support for a range of hardware devices, including USBand IEEE 1394–compliant devices. Device drivers for most devices are included with the operating system. Drivers can be configured to be dynamically updated by connecting to the
Microsoft Windows Update Web site and downloading the most recent versions.
If you can connect to the Internet, the Dynamic Update feature can connect to Windows
Update during setup to install device drivers that were not included on the Windows XP Professional operating system CD. For more information about Dynamic Update, see “Planning
for Dynamic Update” later in this chapter.
You can add devices, such as mass storage and Plug and Play devices, to your installation. For
more information about adding hardware devices to your installation, see Chapter 2, “Automating and Customizing Installations.” For more information about the types of hardware
devices Windows XP Professional supports and about configuring these devices, see Chapter
9, “Managing Devices.”
File Systems
Windows XP Professional supports the FAT16, FAT32, and NTFS file systems. Because NTFS
has all the basic capabilities of FAT16 and FAT32, with the added advantage of advanced storage features such as compression, improved security, and larger partitions and file sizes, it is
the recommended file system for Windows XP Professional.
Following are some features that are available only when you choose NTFS:
■
File encryption allows you to protect files and folders from unauthorized access.
■
Permissions can be set on individual files, as well as on folders.
■
Disk quotas allow you to monitor and control the amount of disk space used by individual users.
■
Better scalability allows you to use large volumes. The maximum volume size for NTFS
is much greater than it is for FAT. Additionally, NTFS performance does not degrade as
volume size increases, as it does in FAT systems.
■
Recovery logging of disk activities helps restore information quickly in the event of
power failure or other system problems.
When you perform a clean installation of Windows XP Professional, it is recommended that
you use NTFS. If you upgrade computers that use NTFS as the only file system, continue to
use NTFS with Windows XP Professional.
32
Part I:
Deployment
Converting vs. reformatting existing disk partitions Before you run Setup, you must
decide whether to keep, convert, or reformat an existing partition. The default option for an
existing partition is to keep the existing file system intact, thus preserving all files on that
partition.
Windows XP Professional provides support for Windows 95, Windows 98, or Windows Me
file systems, including FAT16 and FAT32 file systems. If you upgrade computers that use FAT
or FAT32 as their file system, consider converting the partitions to NTFS.
Warning You cannot upgrade compressed Windows 98 volumes; you must uncompress
them before you upgrade them to Windows XP Professional.
Use the conversion option if you want to take advantage of NTFS features, such as security or
disk compression, and if you are not dual-booting with another operating system that needs
access to the existing partition. You cannot convert an NTFS volume to FAT or FAT32. You
must reformat the NTFS volume as FAT. However, when you convert a volume from FAT to
NTFS, you cannot use the uninstall feature to roll back to a previous operating system installation.
Warning
Once you convert to NTFS, you cannot revert to FAT or FAT32.
You can reformat a partition during a clean installation only. If you decide to convert or reformat, select an appropriate file system (NTFS, FAT16, or FAT32). For more information about
converting volumes to NTFS, see Chapter 13, “Working with File Systems.”
Caution
You can reformat a partition as either FAT or NTFS; however, reformatting a partition erases all files on that partition. Make sure to back up all files on the partition before you
reformat it.
Multiple-booting and file system compatibility NTFS is the recommended file system
for Windows XP Professional. However, you might need a different file system to multipleboot Windows XP Professional with an operating system that cannot access NTFS volumes. If
you use NTFS to format a partition, only Windows XP, Windows 2000, Windows Server
2003, and Windows NT 4.0 (with Service Pack 4 or later) can access the volume locally on the
machine.
If you plan to install Windows XP Professional and another operating system on the same
computer, you must use a file system that all operating systems installed on the computer can
access. For example, if the computer has Windows 98 and Windows XP Professional, you
must use FAT on any partition that Windows 98 must access. However, if the computer has
www.allitebooks.com
Chapter 1:
Planning Deployments
33
Windows NT 4.0 and Windows XP Professional, you can use FAT or NTFS because both operating systems can access all those file systems. However, certain features in the version of
NTFS included with Windows XP Professional are not available when the computer runs
Windows NT 4.0. For more information about file system compatibility and multiple booting,
see “Determining How Many Operating Systems to Install” in this chapter.
Warning You can access NTFS volumes locally only when running Windows NT, Windows
2000, Windows Server 2003, or Windows XP.
Table 1-7 describes the size and domain limitations of each file system.
Table 1-7
Comparison of NTFS and FAT File Systems
Subject of Comparison
NTFS
FAT16
FAT32
Operating
system
compatibility
A computer running
Windows 2000, Windows Server 2003, or
Windows XP can access
files on an NTFS partition. A computer running Windows NT 4.0
with Service Pack 4 or
later can access files on
the partition, but some
NTFS features, such as
Disk Quotas, are not
available. Other operating systems allow no access.
File access is available
to computers running
Microsoft MS-DOS®‚
all versions of Windows, Windows NT,
Windows XP, and OS/2.
File access is available
only to computers running Microsoft Windows 95 OSR2,
Windows 98, Windows
Me, Windows 2000,
Windows Server 2003,
and Windows XP.
Volume size
Recommended minimum volume size is approximately 10 MB.
Volumes up to 4 GB.
Volumes from 512 MB
to 2 terabytes.
Can be used on floppy
disks.
Recommended practical
maximum for volumes is
2 terabytes. Much larger
sizes are possible.
In Windows XP Professional, you can format a
FAT32 volume only up
to 32 GB.
Cannot be used on floppy disks.
Cannot be used on floppy disks.
File size
Maximum file size 16
terabytes minus 64 KB
(244 minus 64 KB)
Maximum file size 4
GB
Maximum file size 4 GB
Files per volume
4,294,967,295 (232 minus 1 files)
65,536 (216 files)
Approximately
4,177,920
34
Part I:
Deployment
If you also want to use MS-DOS on your system, you must use FAT to format another partition,
which is the MS-DOS operating system’s native file system. MS-DOS does not recognize data
on NTFS or FAT32 partitions.
For more information about FAT, NTFS, and other file systems supported in Windows XP
Professional, see Chapter 13, “Working with File Systems.”
Warning
To format the active system partition, you must use a file system that all the operating systems running on your computer recognize. You can have up to four primary partitions, but only the active one starts all the operating systems.
Disk Partitions
Disk partitioning is a way of dividing hard disks into sections that function as separate units.
Partitions can be set up to organize data or to install additional operating systems for multiple
boot configurations. Partitioning involves dividing a disk into one or more areas, each formatted for use by a particular file system.
Configuring partitions Depending on your existing hard disk configuration, you have the
following options during setup:
■
If the hard disk is unpartitioned, you can create and size the Windows XP Professional
partition.
■
If an existing partition is large enough, you can install Windows XP Professional on that
partition.
■
If the existing partition is too small but you have adequate unpartitioned space, you can
create a new Windows XP Professional partition in that space.
■
If the hard disk has an existing partition, you can delete it to create more unpartitioned
disk space for the Windows XP Professional partition. Keep in mind that deleting an
existing partition also erases any data on that partition.
Caution
Before you change file systems on a partition or delete a partition, back up the
information on that partition because reformatting or deleting a partition deletes all existing
data on that partition.
If you install Windows XP Professional as part of a multiple-boot configuration, it is important
to install Windows XP Professional on its own partition. Installing Windows XP Professional
on the same partition as another operating system might overwrite files installed by the other
operating system, and it overwrites the system directory unless you specify a different directory in which to install Windows XP Professional.
Chapter 1:
Planning Deployments
35
Warning
If you install Windows XP Professional as part of a multiple-boot configuration,
make sure that you install it after you install all other operating systems. If you install another
operating system after Windows XP Professional, you might not be able to start Windows XP
Professional. For more information about problems with starting your computer, see Chapter
29, “Troubleshooting the Startup Process.”
Sizing partitions It is recommended that you install Windows XP Professional on a
2-gigabyte (GB) (that is, 2,048 megabytes) or larger partition. Although Windows XP Professional requires a minimum of 650 MB of free disk space for installation, using a larger installation partition provides flexibility for adding future updates, operating system tools, and
other files.
During setup, you only need to create and size the partition on which you plan to install Windows XP Professional. After Windows XP Professional is installed, you can use the Disk Management snap-in to make changes or create new partitions on your hard disk.
For more information about Disk Management, see Chapter 12, “Organizing Disks.”
Warning
Windows 2000, Windows Server 2003, Windows XP Professional, and Windows XP
x64 Edition are the only operating systems that can access a dynamic disk.
If you convert the disk that contains the system volume to dynamic, you cannot start the other
operating systems. For more information about basic and dynamic disks, see Chapter 12,
“Organizing Disks.”
Applications to Install
During setup, you can choose to install standard productivity applications such as Microsoft
Office, as well as custom applications. If certain core applications need to be available to users
at all times, you can install them along with the operating system. If you are automating installations by using Remote Installation Services (RIS) or Sysprep, you can install the applications
on the disk image that you create; if you are doing unattended installations by using answer
files, you can include applications and make them available from your distribution folder. For
more information about adding applications to your installations, see Chapter 2, “Automating
and Customizing Installations.”
If you use Active Directory, you can use the Software Installation And Maintenance feature of
IntelliMirror to make applications available to users. You can assign critical applications to
users and publish applications users might need to access.
Publishing an application When you publish applications, users can install the application by using Add or Remove Programs in Control Panel. For more information about using
Software Installation and Maintenance to make applications available to your users, see the
36
Part I:
Deployment
Distributed Systems Guide of the Microsoft® Windows® 2000 Server Resource Kit.
Assigning an application to a user When you assign an application to a user, it appears to
the user that the application is already installed, and a shortcut appears in the user’s Start
menu. When the user clicks the shortcut, the application is installed from a server share.
Automating deployment and upgrades You can also use Systems Management Server
(SMS) to automate the deployment and upgrade applications during and after installing the
operating system. SMS is a good option for large-scale software-deployment projects because
SMS can be set to run when it will cause minimal interruption to your business, such as at
night or on weekends. For more information about SMS, see the documentation included
with SMS.
Accessibility Options
Windows XP Professional includes multiple features and options that improve accessibility
for people with disabilities. You can use the Accessibility Wizard or individual Control Panel
properties to set options to meet the needs of users with vision, mobility, hearing, and learning disabilities.
For users with vision impairments or learning disabilities, you can set size and color options
for the display of text and screen elements, such as icons and windows. You can also adjust
the size, color, speed, and motion of the mouse cursor to aid visibility on the screen. Options
such as StickyKeys, BounceKeys, ToggleKeys, and MouseKeys benefit some users with mobility impairments. SoundSentry and ShowSounds can assist users with hearing impairments.
Accessibility tools such as Magnifier, Narrator, and On-Screen Keyboard allow users with disabilities to configure and use computers without additional hardware or software. These tools
also allow some users with disabilities to roam multiple computers in their organization.
Note Accessibility features such as Narrator, Magnifier, and On-Screen Keyboard provide a
minimum level of functionality for users with special needs. Most people with disabilities
require tools with higher functionality.
You can use Group Policy and set user profiles to make sure that accessibility features are
available to users wherever they log on in your network. You can also enable some accessibility features when you run Setup by specifying them in your answer file.
For more information about accessibility features included with Windows XP Professional,
see Appendix H, “Accessibility Tools.” For more information about customizing answer files
for unattended Setup, see Chapter 2, “Automating and Customizing Installations.”
Chapter 1:
Planning Deployments
37
Planning Installations
After you decide how to use Windows XP Professional in your organization and how best to
manage your users and computers, you need to prepare your installations. The following
questions can help you make important decisions affecting the installation process:
■
Are you going to upgrade computers or perform clean installations?
■
Which installation method is appropriate for you to use?
■
Do you plan to install multiple operating systems on individual computers?
Your answers to the preceding questions are largely determined by your business goals and
your current configuration. For example, if you plan to install Windows XP Professional to
gain enhancements unavailable in current Windows 2000 Professional installations, upgrading might be the preferred strategy. However, if your desktop computers run Windows 95,
you must do a clean installation of Windows XP Professional. If you have an Active Directory
environment in place, you can use RIS to standardize the installations across your desktops,
customize and control the installation process, and determine the media on which to distribute the installation.
For more information about installing Windows XP Professional, see Chapter 4, “Supporting Installations” and Chapter 2, “Automating and Customizing Installations.” For more
detailed information about client and sever installations, see the Microsoft Windows Server
2003 Deployment Kit.
Upgrading vs. Clean Installation
Windows XP Professional provides upgrade paths from Windows 2000 Professional, Windows NT 4.0, Windows 98, and Windows Me. If you are using Windows 95, Windows 3.x, or
another operating system, you need to choose a clean install.
During an upgrade, existing user settings are retained, as well as installed applications. If you
perform a clean installation, the operating system files are installed in a new folder, and you
must reinstall all your applications and reset user preferences, such as desktop and application settings.
You need to choose a clean installation of Windows XP Professional in the following cases:
■
No operating system is installed on the computer.
■
The installed operating system does not support an upgrade to Windows XP Professional.
■
The computer has more than one partition and needs to support a multiple-boot configuration that uses Windows XP Professional and the current operating system.
38
Part I:
■
Deployment
A clean installation is preferred.
The most basic advantage of a clean installation is that all your systems can begin with the
same configuration. All applications, files, and settings are reset. You can use a single disk
image or answer file to make sure that all the desktops in your organization are standardized.
In this way, you can avoid many of the support problems that are caused by irregular configurations.
Note
Installing multiple operating systems on the same partition is not supported and can
prevent one or both operating systems from working properly. For more information about
installing multiple operating systems on a single computer, see Chapter 4, “Supporting
Installations.”
Upgrading from Windows 98 or Windows Me
Upgrading from Windows 98 or Windows Me to Windows XP Professional might require
some additional planning because of differences in the registry structure and the setup process. For more information about software compatibility issues, see “Application Compatibility” in this chapter. If problems arise, you can choose to uninstall Windows XP Professional
and revert to the previous installation. For more information about uninstalling Windows XP
Professional, see Chapter 4, “Supporting Installations.”
Upgrading from Windows 2000 Professional or Windows NT
Workstation 4.0
Windows 2000 Professional and Windows NT Workstation 4.0 provide the easiest upgrade
path to Windows XP Professional because they share a common operating system structure
and core features, such as supported file systems, security concepts, device driver requirements, and registry structure.
If you upgrade or install Windows XP Professional on a Windows NT Workstation 4.0–based
computer that uses NTFS, the installation process automatically upgrades the file system to
Windows XP Professional NTFS. If you install or upgrade to Windows XP Professional and the
current file system is FAT, you are asked whether you want to convert to the NTFS file system.
Note You cannot upgrade computers that run Windows NT Workstation 3.51 to Windows
XP Professional. You must either do a clean installation of Windows XP Professional or first
upgrade to Windows NT Workstation 4.0 and then upgrade to Windows XP.
Chapter 1:
Planning Deployments
39
Using the User State Migration Tool
The User State Migration Tool (USMT) allows you to save and restore users’ settings and files
to minimize the time required to configure users’ computers after installing Windows XP Professional. You can use USMT when performing clean installations, migrating from computers
running Windows 95, Windows 98, Windows Me, Windows NT 4.0, Windows 2000, or Windows XP. You can run USMT from the Windows XP Professional installation CD.
You can restore these settings only on computers running Windows XP Professional or Windows XP Home Edition. You cannot use USMT to migrate to Windows XP x64 Edition.
By default, USMT saves the majority of user interface settings such as desktop color schemes
and wallpaper, network connectivity settings such as e-mail servers and proxy servers, and
some files associated with Microsoft Office. You can customize the .INF files the tool uses to
save only the settings you want to migrate to Windows XP Professional.
Choosing an Installation Method
You can install Windows XP Professional on client computers in various ways. The installation method you choose is based on several factors, including:
■
Whether you upgrade from an existing operating system or perform clean installations
■
How many computers will be in the deployment
■
Whether you want to allow users to install the operating system themselves, or whether
you want to perform unattended installations
■
How much customization is required for your installations
■
What hardware is available and how the various types differ
■
Whether you are using Active Directory
Table 1-8 describes the installation methods available for Windows XP Professional and some
of the considerations for each method.
Table 1-8
Methods and Requirements for Installing Windows XP Professional
Method and
Requirements
From
CD-ROM
Unattended
Setup
SysPrep
RIS
SMS
Supported installation
methods
Upgrade or
clean install
Upgrade or
clean install
Clean
install only
Clean install
only
Upgrade only
40
Part I:
Deployment
Table 1-8
Methods and Requirements for Installing Windows XP Professional
Method and
Requirements
From
CD-ROM
Unattended
Setup
SysPrep
RIS
SMS
Required
hardware
CD-ROM
drive on each
computer
A network
boot disk if
using a remote distribution share,
or a CDROM drive
and a floppy
disk drive
All desktop
computers
need
similar
hardware
configurations
PXE-enabled
desktop
computers
A fast connection
to the SMS site
Server
requirements
Does not
require a
server
Does not require a server
Does not
require a
server
Requires
Active
Directory
Requires a Windows server with
SMS running an
SMS site
Considerations
for modifying
project
No changes
can be made
Requires updating Unattend.txt
Requires
updating
and reimaging the
master installation
Requires
modifying
the answer
file
Requires creating
an advertising
package
For information about running Setup, see Chapter 4, “Supporting Installations.”
For more information about the relative advantages and when to use each of the installation
methods, see Chapter 2, “Automating and Customizing Installations.”
Determining How Many Operating Systems to Install
You can install multiple operating systems on a computer so that the user can choose the
operating system to use each time the user starts the computer. You can also specify an operating system as the default that starts when the user makes no selection.
Warning
If you install Windows XP Professional and any other operating system on a computer, you must install Windows XP Professional on a separate partition. Installing Windows XP
Professional on a separate partition ensures that it will not overwrite files used by the other
operating system.
Installing multiple operating systems on a computer has some drawbacks, however. Each
operating system uses disk space, and compatibility issues (especially between file systems)
can be complex. Also, you cannot use dynamic disks with certain operating systems. Only
Windows 2000 and Windows XP Professional can access a dynamic disk.
Chapter 1:
Planning Deployments
41
Converting a basic disk to a dynamic disk that contains multiple installations of Windows XP
Professional or Windows 2000 can cause startup problems. For more information about
dynamic disks, see Chapter 12, “Organizing Disks.”
Note
To ensure that you can always start the computer, despite driver or disk problems,
consider the disaster-recovery features available in Windows XP Professional. Safe mode allows
Windows XP Professional to start with default settings and the minimum number of drivers.
The computer will start even if a new driver causes a problem. With this and other disasterrecovery features, you do not need more than one operating system as a safeguard against
system problems. For more information about disaster recovery, see Chapter 29, “Troubleshooting the Startup Process.”
When you perform a clean installation of Windows XP Professional (not an upgrade), by
default the installation is put on a partition on which no other operating system is located.
You can specify a different partition when you run Setup.
Before setting up a computer that has more than one operating system, review the following
restrictions.
For computers on which you want to install MS-DOS and Windows XP Professional:
■
Format the system partition as FAT.
■
Install MS-DOS before installing Windows XP. Otherwise, important files needed to
start Windows XP Professional can be overwritten.
■
Install each operating system on its own partition, and then install the applications used
with each operating system on the same partition. If you intend to run an application on
both operating systems, install it on both partitions.
For computers on which you want to install Windows 95 and Windows XP Professional:
■
Format the system partition as FAT. (For Windows 95 OSR2, the primary partition must
be formatted as FAT or FAT32.)
■
Install Windows 95 first. Otherwise, important files needed to start Windows XP Professional can be overwritten.
■
Install each operating system on its own partition, and then install the applications used
with each operating system on the same partition. If you intend to run an application on
both operating systems, install it on both partitions.
■
Compressed DriveSpace or DoubleSpace volumes are not available while you run Windows XP Professional. It is not necessary to uncompress DriveSpace or DoubleSpace
volumes that you access only from Windows 95.
42
Part I:
Deployment
For computers on which you want to install Windows 98 or Windows Me and Windows XP
Professional:
■
Format the system partition as FAT or FAT32.
■
Install each operating system on its own partition, and then install the applications used
with each operating system on the same partition. If you intend to run an application on
both operating systems, install it on both partitions.
■
Compressed DriveSpace or DoubleSpace volumes are not available while you run Windows XP Professional. It is not necessary to uncompress DriveSpace or DoubleSpace
volumes that you access only from Windows 98.
For computers on which you want to install Windows NT 4.0 and Windows XP Professional:
■
Make sure that Windows NT 4.0 has been updated with the latest service pack.
■
Install each operating system on its own partition, and then install the applications used
with each operating system on the same partition. If you intend to run an application on
both operating systems, install it on both partitions.
■
Using NTFS as the only file system on a computer that contains both Windows XP Professional and Windows NT is not recommended.
■
Do not install Windows XP Professional on a compressed volume unless the volume
was compressed by using the NTFS compression feature.
■
If the computer is part of a domain, use a unique computer name for each installation.
For computers on which you want to install Windows 2000 and Windows XP Professional, or
multiple Windows XP Professional partitions:
■
Install each operating system on its own partition, and then install the applications used
with each operating system on the same partition. If you intend to run an application on
both operating systems, install it on both partitions.
■
On a computer on which you install multiple Windows XP Professional partitions, you
can install any product in the Windows XP product family. For example, you can install
Windows XP Professional on one partition and Microsoft Windows XP Home Edition
on another.
Note
Because Windows XP Home Edition does not support dynamic disks, you must
use basic disks on computers that multiple-boot Windows XP Professional and Windows
XP Home Edition.
Chapter 1:
Planning Deployments
43
■
If the computer participates in a domain, use a different computer name for each installation. Because a unique security identifier (SID) is used for each installation of Windows XP Professional on a domain, the computer name for each installation must be
unique, even for multiple installations on the same computer.
■
If you use EFS, ensure that encrypted files are available from each of the installations.
Multiple Operating Systems and File System Compatibility
For Windows-based computers, the available file systems are NTFS, FAT, and FAT32. For more
information, see “File Systems” in this chapter and Chapter 13, “Working with File Systems.”
The version of NTFS included in Windows 2000 and Windows XP Professional has new features that are not available for Windows NT. You might have full access to files that use new features only when the computer is started by using Windows 2000 or Windows XP Professional.
For example, a file that uses the new encryption feature is not readable when the computer is
started with Windows NT 4.0, which was released before the encryption feature existed.
To set up a computer that has an NTFS partition to run Windows NT and Windows XP Professional, you must use Windows NT 4.0 with the latest released service pack. Using the latest
service pack maximizes compatibility between Windows NT 4.0 and the NTFS enhancements
in Windows XP Professional. Specifically, Service Pack 4 and later service packs provide this
compatibility in file systems. Even the most recent service pack, however, does not provide
access to files using later features in NTFS.
Using NTFS as the only file system on a computer that contains both Windows XP Professional and Windows NT is not recommended. On these computers, a FAT partition ensures
that the computer has access to needed files when it is started with Windows NT 4.0.
If you set up a computer with Windows NT Workstation 3.51 or earlier on a FAT partition,
and Windows XP Professional on an NTFS partition, the NTFS partition is not visible while
you run Windows NT Workstation 3.51.
Multiple Operating Systems and EFS
If you configure a computer so that it contains Windows 2000 and Windows XP Professional,
or contains multiple Windows XP Professional partitions, you must take certain steps to use
EFS so that encrypted files are readable between the different installations. Use either of the
following approaches:
■
Ensure that all the installations are in the same domain and that the user has a roaming
profile.
■
Export the user’s file encryption certificate and associated private key from one installation and import it into the other installations.
For more information about using EFS, see Chapter 18, “Using Encrypting File System.”
44
Part I:
Deployment
Planning for Dynamic Update
Dynamic Update is a feature in Windows XP Professional Setup that works with Windows
Update to download critical fixes and drivers needed for the setup process. This feature
updates the required Setup files to improve the process of getting started with Windows XP
Professional. Dynamic Update also downloads device drivers from the Windows Update site
that are not included on the Windows XP Professional operating system CD, which ensures
that devices attached to the computer work. Updates to existing drivers are not downloaded
during Dynamic Update, but you can obtain them by connecting to Windows Update after
setup is complete.
Dynamic Update downloads the following types of files.
Critical fixes Dynamic Update replaces files from the Windows XP Professional operating
system CD that require critical fixes or updates. Files that are replaced also include DLLs that
Setup requires. No new files are downloaded—only replacements for existing files.
Device drivers Dynamic Update downloads new drivers for devices that are connected to
the computer and are required to run Setup. Only drivers that are not included on the operating system CD are downloaded.
Using Dynamic Update
For Dynamic Update to run during Setup, the computer needs an Internet connection (or
access to a network share containing updates downloaded from the Windows Update Catalog
on the Windows Update Web site) and Internet Explorer 4.01 or later. If either of these
requirements is not met, Dynamic Update does not connect to Windows Update or download
the required files.
The user is asked whether Setup should look for updates. If the user selects Yes, Dynamic
Update connects to the Windows Update and searches for new drivers and critical fixes. In
unattended installations, Dynamic Update is enabled by default but can be disabled by setting
the following key in the answer file:
DUDisable = yes
Winnt32.exe checks for required disk space, memory, and other Setup requirements. If these
requirements are not met, neither the setup process nor the Dynamic Update step proceeds.
If the computer meets the setup requirements, Winnt32.exe checks the size of the Dynamic
Update download to determine whether there is enough space to download the file.
The estimated size of the download is based on the size of the cabinet (.cab) files, and the total
amount of disk space required for the downloaded files cannot be determined. Winnt32.exe
checks the size of the files again after they are extracted from the downloaded CAB files.
Chapter 1:
Planning Deployments
45
For more information about creating and customizing answer files, see Chapter 2, “Automating and Customizing Installations,” and Microsoft Windows Pre-installation Reference
(Ref.chm) on the Windows XP Professional operating system CD.
Obtaining the Dynamic Update Package
If you plan to roll out Windows XP Professional to a large number of computers, you might
not want multiple users connecting to the Microsoft Windows Update Web site to download
critical fixes and device drivers. Using Dynamic Update, you can download the needed files
from the Windows Update Corporate site and place them on a share within your network
where client computers can connect during setup. This saves bandwidth and gives you more
control over what files are copied to each computer. This process also lets you choose device
drivers to include during the Dynamic Update phase of setup.
Note
Dynamic Update might download different sets of files at different times, depending
on the currently available fixes.
To download the Dynamic Update package, go to the Microsoft Download Center (http:
//www.microsoft.com/downloads) and under Product/Technology select Windows XP.
Then search for the keywords “dynamic update” and download the latest version of the
Dynamic Update package. This download is an executable self-extracting cabinet file. Run this
file to expand the Dynamic Update CAB files into the shared network folder. Prepare the
shared folder by running Winnt32 with the /DUPrepare:[pathtonetworkshare] parameter.
You can point to the network share containing the Dynamic Update files by running
Winnt32.exe together with the /DUShare parameter or by specifying the location of the share
in your answer file. For more information about downloading the Dynamic Update package,
preparing the downloaded files for Dynamic Update, and installing the downloaded update
files during unattended setup, see Chapter 2, “Automating and Customizing Installations.”
Planning for Windows Product Activation
Windows Product Activation (WPA) deters software piracy by requiring your Windows XP
Professional installation to be activated. Product Activation is based on requiring each unique
installation to have a unique product key.
WPA ties your Product Key and Product ID to your computer by creating an installation ID.
The installation ID is made up of your Product Identification (PID) and a PC identifier, called
a hardware ID, or HWID. The installation ID is sent to a Microsoft license clearinghouse,
which verifies whether Microsoft manufactured that PID and that the PID has not been used
to install the operating system on more hardware than is defined by the product’s End-User
License Agreement (EULA). For Windows XP Professional, the EULA states that you can
install on one computer. If this check fails, activation of Windows XP Professional fails. If this
46
Part I:
Deployment
check passes, your computer receives a confirmation ID that activates your computer. After
Windows is activated, you never need to perform Product Activation again, unless you significantly overhaul the hardware in your computer. You must activate your installation within 30
days after installing Windows XP Professional.
If the Product Key is used to install Windows on a second computer, the activation fails. Additionally, if WPA detects that the current installation of Windows is running on a different computer than it was originally activated on, you must activate it again. In this way, WPA prevents
casual copying of Windows.
Note
WPA is not required under volume-licensing agreements.
For unattended installations that are not performed using volume-licensing media, a separate
answer file, including a unique Product Key, must be created for each computer on which
Windows XP Professional is installed.
Warning
Because Product Keys cannot be determined from within the system, it is recommended that you create a database that lists each computer and the Product Key that corresponds to its installation.
Additional Resources
These resources contain additional information related to this chapter.
Related Information
■
The Planning Server Deployments book in the Microsoft Windows Server 2003 Deployment
Kit for information about planning a Windows Server 2003 environment
■
Microsoft Windows Desktop Deployment Resource Kit (Microsoft Press®, 2004) by Jerry
Honeycutt
■
The Deployment Planning Guide of the Microsoft Windows 2000 Server Resource Kit for
more information about designing a server environment, including planning your network and directory service infrastructure, for your organization
Chapter 2
Automating and Customizing
Installations
For organizations with many computers, automating the installation of Microsoft® Windows®
XP Professional is more efficient and cost effective than using the interactive Setup program.
You can use Windows XP Professional tools to add specific files and applications and to distribute customized installations with little or no user interaction.
In this chapter:
New in Windows XP Service Pack 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Overview of Automated and Customized Installations . . . . . . . . . . . . . . . . . . . . . . 48
Choosing an Automated Installation and Customization Tool . . . . . . . . . . . . . . . . 54
Preparing for the Installations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
Customizing Unattended Installations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
Installing the Operating System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .105
Additional Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .130
Related Information
■
For more information about installing Windows XP Professional by using the interactive
Setup program, see Chapter 4, “Supporting Installations.”
■
For more information about planning Windows XP Professional deployments, see
Chapter 1, “Planning Deployments.”
■
For more detailed information about automating and customizing installations, see the Automating and Customizing Installations eBook on the companion CD included with this
Resource Kit, or the Microsoft Windows Desktop Deployment Resource Kit from Microsoft Press.
New in Windows XP Service Pack 2
The release of Windows XP Service Pack 2 includes a number of enhancements to the deployment features. These enhancements include extensions to the Unattend.txt answer file, the
Sysprep.inf file, and the new version of Sysprep.exe that is included in the \support\tools section of the SP2 Integrated CD. It is also part of the new Deploy.cab file available from the
Microsoft Download Center at http://www.microsoft.com/downloads/details.aspx?FamilyID=3e90dc91-ac56-4665-949b-beda3080e0f6&DisplayLang=en.
47
48
Part I:
Deployment
Also new in SP2 is the ability to configure the Windows Firewall during unattended setup
using the Windows Firewall.inf file. This file is on the Windows XP SP2 Integrated CD as
\I386\Netfw.in_ and on an installed SP2 system as %windir%\inf\Netfw.inf. SP2 allows the
configuration of Operational mode; applications and static ports on the exception list; and
Internet Control Message Protocol (ICMP) and logging options, enabling resellers and large
enterprises to preconfigure the Windows Firewall before rollout.
Overview of Automated and Customized Installations
Windows XP Professional includes several tools that enable you to design and deploy automated and customized installations. These tools provide different types of functionality for a
variety of deployment scenarios. Each tool has specific strengths and limitations that you can
evaluate to determine which tool is most appropriate for your environment. For more information about the baseline requirements for each of the tools, see “Choosing an Automated
Installation and Customization Tool” later in this chapter.
Windows XP Professional includes the following automated and customized installation
tools:
■
Unattended Installation (unattended Setup). The two unattended installation tools,
Winnt32.exe and Winnt.exe, are in the \i386 folder on the Microsoft Windows XP Professional operating system CD.
■
System Preparation Tool (Sysprep). Sysprep is in the Deploy.cab file in the \Support
\Tools folder on the Windows XP Professional operating system CD.
■
Remote Installation Services (RIS).
RIS is included in Microsoft Windows 2000 Server
and Windows Server 2003.
You can also use Systems Management Server (SMS) to deploy Windows XP Professional. For
information about SMS, see the Microsoft Systems Management Server link on the Web
Resources page at http://www.microsoft.com/windows/reskits/webresources.
An automated installation runs with minimal or no user interaction. During an automated
installation, the Setup program uses configuration information provided by an answer file.
Answer files are text files containing settings that would otherwise be manually provided by
end users. Answer files provide answers to questions that the Setup program asks during
installation. In addition, answer files can contain instructions for running programs and
installing applications.
A custom installation is a modification of a standard Windows XP Professional installation
that supports specific hardware and software configurations and meets specific user needs.
You can customize an installation by modifying the answer file to provide the Setup program
with specific answers and instructions. You can also design a custom installation to add custom files, applications, and programs to the distribution folder.
Chapter 2:
Automating and Customizing Installations
49
You can automate and customize a Windows XP Professional installation to include applications, additional language support, service packs, and device drivers.
Design an Automated and Customized Installation
Windows XP Professional provides several tools for automating and customizing installations
for a variety of software and hardware configurations. Before you choose a tool, assess your
current configuration and evaluate your needs. With this information, you can choose the
deployment tool that is most appropriate for your organization. The tool you choose also
affects the customization options that you use and the procedures you must follow to implement your deployment scenario.
You can automate and customize how you install Windows XP Professional by following this
process:
■
Before you choose a tool,
collect information about the types of users in your company and their needs, about the
desktop environments of your users, and about your network. For information about
planning Windows XP Professional deployments, see Chapter 1, “Planning Deployments.”
■
Choose an automated installation and customization tool. The automated installation
and customization tools support a variety of installation scenarios. Each of the tools is
designed to take advantage of specific environments. Evaluate the tools to determine
which tool or combination of tools best fits your organization. For more information
about evaluating the tools, see “Choosing an Automated Installation and Customization
Tool” later in this chapter.
■
Prepare for the installations. Verify that you have the software and hardware you need,
create a distribution folder, and use Setup Manager to create an answer file. For more
information about software and hardware preparation, see “Preparing for the Installations” later in this chapter.
■
Customize the installations.
■
Test the customized installation of Windows XP Professional. After successful testing, conduct the full-scale deployment. For more information
about operating system installation, see “Installing the Operating System” later in this
chapter. For more information about testing your installation before actually deploying
it, see Chapter 1, “Planning Deployments.”
Assess your current configuration and plan your deployment.
Customize the Windows XP Professional desktop by adding device drivers, support information, passwords, custom language options, and
applications. For more information about customizing answer files and installing applications, see “Customizing Unattended Installations” later in this chapter.
Install the operating system.
50
Part I:
Deployment
Windows Product Activation
To help prevent software piracy, you must use Windows Product Activation for each installation of Windows XP Professional that is not covered by a volume license or that is not preactivated by an original equipment manufacturer (OEM). You can set Windows Product
Activation by using a unique product key for each computer in a bulk deployment. Create a
separate answer file for each computer and then assign a unique value to ProductKey in the
[UserData] section of each individual answer file. (ProductKey is a new name for the ProductID
key that was used in Microsoft Windows 2000.)
For an automated installation, you can add Autoactivate = Yes to the [Unattended] section of
the answer file to request product activation during Setup. Note that this does not guarantee
successful activation; check the Application Event log afterward to verify whether activation
was successful. For more information, see “Deploying Windows XP Using Windows Product Activation” on Microsoft TechNet at http://www.microsoft.com/technet/prodtechnol/winxppro
/deploy/wpadepl.mspx.
If your computer is connected to the Internet through a firewall on a network that does not
support Web Proxy Autodiscovery Protocol, you can also add AutoactivateProxy = Proxy to
the [Unattended] section of the answer file. The AutoactivateProxy key enables you to configure the proxy setting so that activation by using the HTTPS protocol can traverse a firewall.
If you add AutoactivateProxy = Proxy to the [Unattended] section of the answer file, you can
also add an optional [Proxy] section to the answer file. The [Proxy] section can contain keys
and values as shown in the following example:
[Proxy]
Proxy_Enable = 1
Use_Same_Proxy = 1
HTTP_Proxy_Server = myproxyserver:80
Proxy_Override = <local>
If you specify a proxy setting in the answer file, you must also specify a branding value, as
shown in the following example:
[Branding]
BrandIEUsingUnattended = Yes
You can also use a Uniqueness Database File (UDF) to provide information that is specific to
a single client computer, such as the value specified in the ProductKey key. The .udf file provides information that overrides and replaces a section of the answer file or appends additional sections to an existing answer file.
Chapter 2:
Automating and Customizing Installations
51
To support disk imaging as a deployment option, Windows Product Activation also adds activation rollback to the standard System Preparation tool (Sysprep) and the standard Remote
Installation Preparation tool (Riprep). However, activation rollback is not supported for evaluation media or for MSDN® media. For more information on activation rollback, see
“Deploying Windows XP Using Windows Product Activation” on Microsoft TechNet at http:
//www.microsoft.com/technet/prodtechnol/winxppro/deploy/wpadepl.mspx.
For more information about Windows Product Activation, see Chapter 1, “Planning Deployments.” For more information about activation rollback, see “How Sysprep Works with Windows Product Activation” and “Using the Remote Installation Preparation Tool” later in this
chapter. You can also perform automated activation after you install Windows XP Professional
by using the Windows Management Instrumentation (WMI) provider in Windows Product
Activation.
Dynamic Update
Microsoft regularly provides reliability and compatibility improvements and also provides
emergency fixes for security issues. Some of these updates might not be available on the Windows XP Professional operating system CD.
Updates are assembled into Dynamic Update packages, which are available from the
Microsoft Download Center (http://www.microsoft.com/downloads). To download the
Dynamic Update package and use it for Windows XP deployments in a corporate environment, go to the Download Center and under Product/Technology select Windows XP. Then
search for the keywords “dynamic update” and download the latest version of the Dynamic
Update package. The download is an executable self-extracting cabinet file that creates separate folders for each operating system. Specifically, a folder named IP contains the dynamic
updates for Windows XP Professional and a folder named IC contains the dynamic updates
for Windows XP Home Edition.
You can also access Dynamic Update packages when upgrading from previous versions of
Windows by selecting Yes, download the updated setup files on the Get Updated Setup
Files page of the Windows Setup Wizard. Setup then downloads and installs the updated files
instead of using the equivalent files on the Windows XP operating system CD.
If a Dynamic Update package is available and you downloaded the package during setup,
expand the downloaded package to display the .cab files. The package will contain some or all
of the four .cab files shown in Figure 2-1. Figure 2-1 shows the structure of the network share
folder and the relative location of each subfolder.
52
Part I:
Deployment
%DUShare%\
Updates.cab
All replacement files
Upginfs.cab
All INF files
Winnt32.cab
Fixes related to Winnt32.exe
Duasms.cab
Assembly fixes
Drv1.cab
Drv1.cab downloaded to this folder
\Drv1\*
Drv1.cab extracted in this folder
Drv2.cab
Drv2.cab downloaded to this folder
\Drv2\*
Drv2.cab extracted in this folder
Figure 2-1
Network share folder structure
Download additional device drivers If you plan on hosting the Dynamic Update files from a
share on your network, you should also download any additional device drivers you need for
your installation from the Windows Update Catalog. Open the Windows Update Web site,
http://windowsupdate.microsoft.com, click the Administrator Options link, and look under
Administer Multiple Operating Systems to access the Windows Update Catalog and download any device drivers that you need. Note that you need to update drivers only for devices
that are critical for Setup, such as hard disk controllers, mice, keyboards, and display adapters.
Preparing Dynamic Update .cab files and driver .cab files on the network share To prepare
the Dynamic Update .cab files and all the driver .cab files that you downloaded from the Windows Update Catalog, run Winnt32.exe with the /DUPrepare parameter pointing to the location of the downloaded .cab files, as shown in the following example:
Winnt32 /DUPrepare: path to CAB files
0
Chapter 2:
Automating and Customizing Installations
53
Note
For more information on downloading and preparing the Dynamic Update package,
see article 312110, “How to Deploy the Windows XP Dynamic Update Package,” in the
Microsoft Knowledge Base at http://support.microsoft.com.
Installing Windows XP using the Dynamic Update package To install Windows XP Professional and use the processed Dynamic Update .cab files, you can run Winnt32.exe with the
DUShare parameter, or you can specify in your answer file where Setup can find the processed .cab files. When you run Winnt32.exe with the /DUShare parameter, the Dynamic
Update Wizard is not displayed to the user and no attempt is made to connect to Windows
Update.
The update files are copied from the share into the appropriate folders under %windir%
\Setupupd. Setup searches the installation media for device drivers. If a device driver is not
found, Setup searches the driver folder in the Dynamic Update share. Setup finds and installs
a device driver.
To run Setup and connect to the Dynamic Update share
■
At the command line, type:
Winnt32 /DUShare:path to dynamic update share
When you run Setup in Unattended mode and specify a dynamic update share to connect to,
dynamic update is disabled by default; the Dynamic Update Wizard is not displayed to the
user, and no attempt is made to connect to Windows Update.
To specify a Dynamic Update share in Unattend.txt
■
In the [Unattend] section of the Unattend.txt answer file, include the following key
and value:
[Unattend]
DUShare = “Path to dynamic update share"
Note
Dynamic Update works only with manual or unattended upgrades that use
Winnt32.exe. It does not work with Winnt.exe, booting from the CD-ROM, booting from floppy
disks, or RIS installations.
54
Part I:
Deployment
Choosing an Automated Installation and Customization
Tool
The following questions and guidelines help you determine which of the automated installation and customization tools is most appropriate for your environment. The guidelines
describe baseline requirements for each of the tools.
Do the client computers have the same Hardware Abstraction Layer (HAL) as the reference
computer? Before you can determine which tool to use, you have to find out if the client computers have hardware abstraction layers (HAL) that are compatible with the reference computer. If the client and reference computers do not have compatible HALs, you cannot use
Sysprep or the Remote Installation Preparation tool (Riprep.exe), which is a component of
RIS. For example, if the reference computer has a Standard PC HAL, the destination computer
must have the same Standard PC HAL. If the reference computer has an Advanced Configuration and Power Interface (ACPI) PC HAL, the destination computer must have the same ACPI
PC HAL.
Note
Standard PC and ACPI PC are the names of HALs that are detected during the initial
phase of a Windows XP Professional installation, before Sysprep.exe or Riprep.exe are run.
Do the client computers have a fast and reliable network connection? If the client and reference computers have compatible HALs, you have to determine if the network connections are
fast and reliable enough to enable you to use RIS. If the client computers are not connected to
a network, you cannot use RIS. If the network connections are not fast and reliable, RIS is not
the appropriate tool to use.
Determine whether there is a Windows 2000 Server–based network infrastructure in place.
Identify existing network protocols. Determine the speed of network links.
Table 2-1 lists key issues related to assessing your network infrastructure and describes how
these issues can help you determine which tool to use.
Table 2-1
Some Important Issues for Assessing the Network Infrastructure
Issue
Effect on Your Plan
Network
infrastructure
Network protocols determine how you customize the networking sections of
the answer file, including [NetAdapters], [NetProtocols], and [NetServices].
Network
bandwidth
Network bandwidth might affect your choice of installation tool and method. For example, locations that do not have a high-bandwidth connection
to a network server might use a CD-ROM or other local installation method
instead of RIS for clean installations.
Chapter 2:
Table 2-1
Automating and Customizing Installations
55
Some Important Issues for Assessing the Network Infrastructure
Issue
Effect on Your Plan
Windows 2000
Server or Windows
Server 2003 network infrastructure
Remote Installation Services (RIS) is a good option if you have an existing
Windows 2000 Server or Windows Server 2003 infrastructure that is combined with the following:
■
High-bandwidth network connections.
■
Client computers that have remote boot-compliant network adapters
that support Pre–Boot eXecution Environment (PXE) technology.
You can use a Windows 2000 Server that is configured as a RIS server to
copy and automatically distribute customized images of a Windows XP Professional installation to client computers over a network connection.
Do you want to upgrade an existing operating system? If you are planning to perform a
clean operating system installation on the client computers, you can use any of the installation tools. However, if you are planning to perform an operating system upgrade to the client
computers, you cannot use RIS or Sysprep. Client computers running Microsoft Windows 3.x
and Microsoft Windows 95 cannot be upgraded to Windows XP Professional. You must perform clean installations on these client computers. Windows XP Professional supports
upgrades from the following operating systems:
■
Microsoft Windows NT® Workstation, version 4.0
■
Microsoft Windows 2000 Professional
■
Microsoft Windows 98
■
Microsoft Windows Millennium Edition (Windows Me)
Choosing to perform a clean installation is a good course of action if you plan to standardize
the desktop computers across your organization. If you decide to perform a clean installation,
you cannot migrate customized settings from the currently installed operating system.
Depending on the status of your deployment, you might have to upgrade many of your computers in addition to installing Windows XP Professional on new computers. If you plan to
use currently installed applications on existing hardware, you must perform an upgrade.
Table 2-2 provides a brief overview of tool support for upgrades and clean installations.
Table 2-2
Tool Support for Upgrades and Clean Installations
Tool
Upgrade
Clean Installation
Unattended Installation
X
X
System Preparation Tool (Sysprep.exe)
X
Remote Installation Services (RIS)
X
Systems Management Server (SMS)
X
56
Part I:
Deployment
Do you plan to deploy and maintain a large number of client computers? The number of client computers in a deployment can help you determine which installation tool to use. For
example, if you have a large number of computers, Remote Installation Services (RIS), Systems Management Server, or third-party disk-imaging utilities in conjunction with Sysprep are
good choices. For a small number of computers, using the Winnt.exe or Winnt32.exe Setup
tool in Unattended mode might be sufficient.
Unattended Installation
Unattended installations use setup scripts to answer installation questions and to automate
the Setup process. This simplifies the installation of the operating system. Use Setup Manager
to create or customize answer files that contain setup scripts.
Winnt32.exe You can use Winnt32.exe on computers that are running Windows 98, Windows Me, Windows NT Workstation 4.0, Windows 2000, or Windows XP Professional. Use
Winnt32.exe to automate the upgrade process for numerous computers without user intervention.
Winnt.exe Winnt.exe is a less versatile tool than Winnt32.exe. You cannot use Winnt.exe to
perform an operating system upgrade, and you can use Winnt.exe only from within the
MS-DOS® preinstallation environment. To use Winnt.exe from a network boot floppy disk,
run winnt /u:unattend.txt /s:source path.
When to Use Unattended Installation
Use the Winnt32.exe unattended installation tool to upgrade a large number of client computers that have different hardware and software configurations. Unattended installation uses
an answer file called Unattend.txt. You can rename Unattend.txt to reflect different installation configurations.
Advantages of unattended installation Unattended installations save time and money
because users do not have to attend to each computer and answer questions during installation. Unattended installations can also be configured to enable users to provide various levels
of input during the installation process. You can perform unattended installations to upgrade
many computers at once or to automate clean installations of the operating system.
Disadvantages of unattended installation You cannot use the unattended installation
tools (Winnt32.exe and Winnt.exe) to create reference configurations that include applications and then replicate the configurations across your client computers.
Unattended installation must be initiated by someone who has direct access to each client
computer.
Chapter 2:
Automating and Customizing Installations
57
Using a Windows XP Professional Operating System CD to Perform
Unattended Installations
Use a Windows XP Professional operating system CD to initiate the installation of Windows
XP Professional on client computers that are not connected to a network or on computers in
low-bandwidth environments.
When to use a Windows XP Professional operating system CD to perform unattended
installations You can use a Windows XP Professional CD to install the operating system,
fully configured for a network, on client computers that are not connected to a network.
Advantages of using a Windows XP Professional operating system CD to perform unattended
installations Using a Windows XP Professional Operating System CD is fast. It can save the
time that is required for downloading system files from a network. Using a Windows XP Professional CD simplifies deployment of the operating system on computers that do not have
high-speed connectivity.
Disadvantages of using a Windows XP Professional operating system CD to perform
unattended installations To use a Windows XP Professional operating system CD to initiate
the installation of Windows XP Professional on client computers, you must be able to implement the following configuration requirements:
■
The client computers must support the El Torito No Emulation CD boot specification.
■
Installation must be initiated by someone who has direct access to each client computer.
■
You must name the answer file Winnt.sif and place the Winnt.sif file in the root directory of a floppy disk. You must insert the floppy disk in the floppy disk drive of the client computer as soon as the computer starts from the CD.
System Preparation Tool
Disk imaging, which is also referred to as cloning, is a timesaving way to deploy Windows XP
Professional. To clone a system, first configure a reference computer with the operating system, standard desktop settings, and applications that users need; then make an image of the
reference computer’s hard disk. Next, transfer the image to other computers, installing the
operating system, settings, and applications quickly and without the need to configure each
computer.
The System Preparation tool (Sysprep.exe) prepares the reference computer for cloning.
Sysprep creates a unique security identifier (SID) for each cloned client computer, which
makes this process secure. Sysprep detects Plug and Play devices and adjusts for systems with
different devices.
You can run Setup Manager to select the screens you want displayed during Windows Welcome (Msoobe.exe) or during MiniSetup (if you use the -mini parameter).
58
Part I:
Deployment
These screens can be used to solicit user-specific information, such as user name or time zone
selection. You can also provide these answers by using an answer file to deploy fully automated installations.
Warning
Sysprep performs the preparation of the system image; however, a cloning utility
from a third party is required to create the image.
When to Use Sysprep
Use Sysprep to deploy clean installations in large organizations where hundreds of computers
need the same applications and desktop configurations. Use Sysprep if the computers in your
organization have only a few standard hardware configurations rather than many custom configurations.
Sysprep enables you to duplicate a custom image from a reference computer to destination
computers. The reference computer and the destination computers must have the same hardware abstraction layer (HAL).
Advantages of Sysprep
Sysprep greatly reduces deployment time because nearly every component, including the
operating system, applications, and desktop settings, can be configured without user interaction. The reference image can be copied to a CD and physically distributed to client computers, saving the time and network capacity required to load files across a network. Using
Sysprep to deploy Windows XP Professional on numerous desktops in a large organization
enables you to implement standardized desktops, administrative policies, and restrictions.
Additionally, by default, Sysprep does not perform full hardware Plug and Play redetection,
reducing this part of the installation process to just a few minutes (instead of 20 to 30 minutes
for each computer).
Note
Sysprep detects any new Plug and Play hardware during the MiniSetup Wizard; however, Sysprep does not detect hardware that is not Plug and Play.
Disadvantages of Sysprep
If you use a third-party disk-imaging utility with Sysprep to copy a reference image onto physical media, you must be able to distribute the physical media to remote client computers. The
size of the reference image is limited by the capacity of the CD (approximately 650 MB).
Sysprep cannot be used to upgrade earlier versions of the operating system. To preserve existing content, you must arrange to back up data and user settings prior to the installation, and
then restore the data and user settings after the installation.
Chapter 2:
Automating and Customizing Installations
59
Remote Installation Services
Remote Installation Services (RIS) enables you to perform a clean installation of Windows XP
Professional on supported computers throughout your organization. You can simultaneously
deploy the operating system on multiple clients from one or more remote locations.
Warning
To deploy Windows XP images from Windows 2000 RIS servers, you must install
the Windows 2000 Remote Installation Services update. For more information about the Windows 2000 Remote Installation Services update, see the Microsoft Knowledge Base link on the
Web Resources page at http://www.microsoft.com/windows/reskits/webresources. Search the
Microsoft Knowledge Base using the keywords Risetup.exe, RIS Servers, and Windows XP
Images. This update is not required if you are using Windows Server 2003 RIS servers.
System administrators can use RIS to create and store one or more images of a supported
operating system on a RIS Server. A RIS image can then be downloaded over a network connection by a client computer that supports the Pre-Boot eXecution Environment (PXE). You
can completely automate the installation of the downloaded RIS image, or you can require
users to provide input by typing a computer name or an administrator password, for example.
To use Remote Installation Services, Windows 2000 Server or Windows Server 2003 must be
deployed with Active Directory® configured. Then you can deploy Windows XP Professional
by using the PXE technology that enables computers to boot from their network adapters.
Administrators working with a RIS server can make a preconfigured image of Windows XP
Professional available for installation on a client computer.
For computers that do not support PXE technology, Remote Installation Services includes a
tool called the Remote Boot Floppy Generator (RBFG.exe) that you can use to create a remote
boot disk to use with RIS. You can use the RIS remote boot disk with supported network
adapters that comply with the Peripheral Component Interconnect (PCI) specification.
When to Use Remote Installation Services
Use Remote Installation Services (RIS) on desktop computers that are newly added to a network or on which you want to perform a clean installation of the operating system. Use RIS
when you want to standardize a Windows XP Professional configuration on new desktop
computers or on computers with an existing operating system that you want to replace with
Windows XP Professional.
Advantages of Remote Installation Services
Remote Installation Services offers a simple way to replace the operating system on a computer. RIS uses the Single Instance Store (SIS) method to eliminate duplicate files and to
reduce the overall storage that is required on the server for system files. You can also use the
60
Part I:
Deployment
Riprep option to install and configure a client computer to comply with specific corporate
desktop standards.
The following list describes some of the important advantages of using RIS:
■
You can standardize your Windows XP Professional installation.
■
You can customize and control the end-user installation. You can configure the end-user
Setup Wizard with specific choices that can be controlled by using Group Policy. For
more information about Group Policy, see Chapter 23, “Connecting Clients to Windows
Networks.”You do not need to distribute physical media, and image size is not constrained by the capacity of distributed physical media.
Disadvantages of Remote Installation Services
You can use Remote Installation Services only on client computers that are connected to a network that is running Windows 2000 Server or Windows Server 2003 with Active Directory.
RIS is restricted to working on computers that are equipped with PCI-compliant network
adapters that are enabled for PXE technology, or with the Remote Boot Floppy Generator
(Rbfg.exe) that is used to create a remote boot disk that can be used with supported PCI-compliant network adapters. RIS works only with images that have been created from drive C, and
RIS cannot use images of other partitions on a hard disk. You cannot use RIS to upgrade an
operating system; you can use RIS only for clean installations.
Systems Management Server
Systems Management Server (SMS) includes an integrated set of tools for managing Windows-based networks consisting of thousands of computers. Systems Management Server
includes desktop management and software distribution tools to automate operating system
upgrades.
When to Use Systems Management Server
In organizations that already use Systems Management Server to manage computers from a
central location, SMS provides a convenient means for administrators to upgrade computers
to Windows XP Professional.
You can use Systems Management Server only for upgrades of Windows-based client computers; you cannot use SMS for clean installations. For information about how administrators can
plan for and implement a Windows XP Professional deployment by using Systems Management Server, see the Microsoft Systems Management Server link on the Web Resources page at
http://www.microsoft.com/windows/reskits/webresources.
Chapter 2:
Automating and Customizing Installations
61
Advantages of Systems Management Server
You can upgrade computers in a locked-down or low-rights environment, and even upgrade
computers after hours, without the user being logged on. Systems Management Server
enables you to set deployment policies for specific client computers. Automatic load balancing
between distribution points accommodates many concurrent upgrades.
As a primary advantage, Systems Management Server offers centralized control of the
upgrade. For example, you can control when upgrades take place, which computers to
upgrade, and how to apply network constraints.
Disadvantages of Systems Management Server
Systems Management Server is an efficient deployment tool for Windows XP Professional only
if SMS is already being used within your network. Also, you cannot use SMS to perform clean
installations of Windows XP Professional, only upgrades from earlier versions of Windows.
Where to Find the Tools and Related Information
Table 2-3 provides the locations of the tools and related information.
Where to Find the Windows XP Professional Installation Tools and
Documentation
Table 2-3
Tool or Documentation
Go To
Winnt32.exe
\i386 on the Windows XP Professional operating system CD.
System Preparation tool
(Sysprep.exe)
Deploy.cab in the\Support\Tools folder on the Windows XP Professional operating system CD. You can use Windows Explorer or
you can run Extract.exe to extract Setupmgr.exe.
Remote Installation Services
Included in Windows 2000 Server and Windows Server 2003.
Systems Management Server
Systems Management Server product CD.
Setup Manager (Setupmgr.exe)
Deploy.cab in the \Support\Tools folder on the Windows XP
Professional operating system CD. You can use Windows
Explorer, or you can run Extract.exe to extract Setupmgr.exe.
Microsoft Windows XP Preinstallation Reference (Ref.chm)
Deploy.cab in the \Support\Tools folder on the Windows XP
Professional operating system CD. You can use Windows Explorer, or you can run the Extract.exe command to extract and view
the Ref.chm file.
Microsoft Windows Corporate
Deployment Tools User’s
Guide (Deploy.chm)
Deploy.cab in the \Support\Tools folder on the Windows XP
Professional operating system CD. You can use Windows
Explorer, or you can run Extract.exe to extract and view the
Deploy.chm file.
62
Part I:
Deployment
Preparing for the Installations
To prepare for an automated installation and customized deployment, compare the requirements of your design to the availability of the necessary software and hardware. In addition,
learn how to create a distribution folder that can accommodate a variety of client computer
configurations.
■
There are distinct environmental baseline
requirements for deployments that are built around each of the automated installation
and customization tools. Make sure that you have evaluated the baseline requirements
for the tool that you plan to use. Verify that your hardware and software configurations
are capable of supporting these baseline requirements.
■
Create a distribution folder. A distribution folder is a key component in designing a
robust and versatile automated installation and customized deployment. You can create
a single distribution folder for all your client computers, and you can design a distribution folder that all your answer files can reference.
Verify hardware and software requirements.
Verify Hardware and Software Requirements
To determine whether the hardware components in your organization are compatible with
Windows XP Professional, see the Windows Catalog at http://www.microsoft.com/windows
/catalog.
Use the following guidelines to verify that your deployment scenario meets all the hardware
and software requirements.
Sysprep requirements
following guidelines:
If you want to use Sysprep, your configuration must comply with the
■
The reference and destination computers must have compatible HALs.
■
You must have third-party disk-imaging software that can create binary images of a hard
disk.
For more information, see “Requirements for Running Sysprep” later in this chapter.
RIS requirements
ing guidelines:
To use RIS, you must have a configuration that complies with the follow-
■
To use the Remote Installation Preparation (Riprep) component of RIS, the reference
and destination computers must have compatible HALs.
■
You must have a configuration that includes a Windows 2000 Server or Windows Server
2003 machine, the Dynamic Host Configuration Protocol (DHCP) service, Domain
Name System (DNS), Active Directory, and RIS. The RIS server does not have to be the
sole DNS/DHCP server or a domain controller for the domain, but it must be a member
of the same domain as the client computers.
Chapter 2:
■
Automating and Customizing Installations
63
The RIS server must contain a second partition separate from the boot partition. The
second partition is required to install the Remote Installation Services. To accommodate
the operating system installation images, you might want to dedicate an entire hard disk
specifically to the RIS directory tree.
For more information, see “RIS” later in this chapter.
Systems Management Server You must have a current version of Windows 2000 Server
installed and configured with Systems Management Server.
For more information about using Systems Management Server to upgrade the operating system, see the Microsoft Systems Management Server link on the Web Resources page at http:
//www.microsoft.com/windows/reskits/webresources.
Create a Distribution Folder
A distribution folder is structured hierarchically and contains the Windows XP Professional
installation files, as well as any device drivers and other files that are required to customize the
installation. Distribution folders typically reside on a server to which the destination computers can connect. Use Setup Manager to create distribution folders.
A distribution folder provides a consistent environment for installing Windows XP Professional on multiple computers. You can use the same distribution folder for all the client computers. For example, if you install Windows XP Professional on various models of similarly
configured computers, all your answer files can reference the same distribution folder. In this
scenario, the distribution folder must contain all the necessary device drivers for the different
client computers. Then, if a hardware component changes, you can simply copy a device
driver for the new hardware component to the appropriate location within the distribution
folder. You do not need to change the answer file.
You can create distribution folders on multiple servers to help load balance the servers during
unattended installations of Windows XP Professional. Creating distribution folders on multiple servers also improves the performance of the file copy phase of unattended installation.
This enables you to run Winnt32.exe with up to eight source file locations.
Distribution Folder Structure
Figure 2-2 shows the distribution folder structure and the relative location of each subfolder.
64
Part I:
Deployment
\i386
Contains i386 folder contents from the Windows XP Professional
product CD, and optionally, the $$Rename.txt file.
\$OEM$
Contains all supplemental files for the operating system installation.
\Textmode
Contains mass storage device drivers (SCSI and IDE).
\$$
Equivalent to %windir% (for example, C:\Windows).
\Help
Contains Help files to be copied to
%windir%\Help during setup.
\System32
Contains files to be copied to the
%windir%\System32 during setup.
\$1
Equivalent to the system drive letter (automatically
redirects information to the specified system drive).
\PnPdrvers
Contains additional Plug and Play drivers
not included with Windows XP Professional.
\Sysprep
Contains files used to run Sysprep.
\Drive_letter
Contains files and/or folders to be copied to
the root of the corresponding drive.
\Misc
Contains files to be copied to
Drive_letter\Misc (any folder name is valid).
Figure 2-2
Distribution folder structure
Note The structure of a RIS distribution folder varies slightly from the folder structure
depicted in Figure 2-2. In a RIS distribution folder, the \$OEM$ folder must be created at the
same level as the i386 folder.
Chapter 2:
Automating and Customizing Installations
65
\i386 folder The distribution folder that includes the i386 folder contents from the product
CD and the following files and folders.
\$$Rename.txt file An optional file that Setup uses during installations started in MS-DOS
to convert specified file names from short to long. Each subfolder in the distribution folder
that contains file names that you want to convert from short to long must have its own
\$$Rename.txt file.
\$OEM$ A folder that contains all the additional files required to complete the installation.
If you use the OemFilesPath key in the [Unattended] section of the answer file, you can create
the \$OEM$ folder outside the distribution folder.
Warning
The OemPreinstall = Yes statement must appear in the [Unattended] section of
the answer file if you are using the \$OEM$ folder to add any more files to the system, or if you
are using Cmdlines.txt.
You can instruct Setup to automatically copy directories, standard 8.3 format files, and any
tools required for your automated installation to the \$OEM$ folder.
One of the additional files that you can add to the \$OEM$ folder is Cmdlines.txt. This file
contains a list of commands that Setup carries out during its GUI mode. These commands
can, for example, run an .inf file, an application installation command, or another executable
file. For more information about the Cmdlines.txt file, see “Adding Applications” later in this
chapter.
Note
The graphical user interface (GUI) phase of Setup is referred to as “GUI mode,” and the
text phase of Setup is referred to as “Text mode.”
If the \$OEM$ folder is in the root of the distribution folder, Setup copies all the files to the
temporary directory that is created during the text phase of Setup.
\$OEM$\Textmode A folder that contains the hardware-dependent files that Setup Loader
and Text-mode Setup install on the destination computer during Text-mode Setup. These files
can include original equipment manufacturer HALs, mass storage device drivers, and the Txtsetup.oem file, which directs the loading and installing of these components. These files must
also be listed in the [OEMBootFiles] section of Unattend.txt.
\$OEM$\$$ A folder that is equivalent to the %systemroot% or %windir% environment
variables. You can use \$OEM$\$$ to store additional files that you want copied to the folders
in the Windows XP Professional system directories. For example, if you want to copy a file to
the \Windows\System32 folder, place the file in \$OEM$\$$\System32.
66
Part I:
Deployment
You can also use \$OEM$\$$ to place files in a new directory (under %windir%) that is not
part of the default Windows XP Professional directory structure. For example, if you want to
copy OEM Plug and Play device drivers to a directory called \Windows\PnPDrvrs, place the
device drivers in \$OEM$\$$\PnPDrvrs.
\$OEM$\$$\Help A folder that contains the OEM Help files to be copied to C:
\Windows\Help during setup.
\$OEM$\$$\System32 A folder that contains files to be copied to the C:
\Windows\System32 folder during setup.
\$OEM$\$1 A folder that is equivalent to the %SystemDrive% environment variable. For
example, if the operating system is installed on drive C, \$OEM$\$1 refers back to drive C.
The use of a variable enables rearranging drive letters without creating errors in applications
that point to a hard-coded drive letter.
\$OEM$\$1\PnPdrvrs A folder that contains additional Plug and Play drivers that are not
included with Windows XP Professional. You can replace the name of the folder (\PnPdrvrs)
with any made up of eight or fewer characters. Make sure the name of this folder matches the
name used in the OemPnPDriversPath entry in Unattend.txt.
Note Microsoft® Windows® NT Workstation 4.0 used Display and Net folders to perform
the \$OEM$\$1\PnPdrvrs folder function.
\$OEM$\$1\Sysprep An optional folder that contains the files required to run Sysprep.
Most users do not have to run Sysprep at the end of an unattended installation. For more
information about Sysprep, see “System Preparation Tool” earlier in this chapter.
\$OEM$\Drive_letter Each \$OEM$\Drive_letter folder contains a folder structure that is
copied to the root of the corresponding drive in the destination computer during Text-mode
Setup. For example, files you put in an \$OEM$\C folder are copied to the root of drive C. You
can also create subfolders in these folders. For example, \$OEM$\D\Misc creates a \Misc
folder on drive D.
Using Setup Manager to Create a Distribution Folder
The easiest way to create a distribution folder for a Sysprep, RIS, or unattended installation is
to use Setup Manager, which is available on the Windows XP Professional operating system
CD in the Deploy.cab file of the \Support\Tools folder. Use the Create a Distribution Folder
option to create a distribution folder including required Windows XP Professional source files
on a network shared drive. You can also use Setup Manager to add files that you want to copy
or to supply additional device drivers for use with Windows.
Chapter 2:
Automating and Customizing Installations
67
For more information about using Setup Manager, see “Customizing Unattended Installations” later in this chapter.
Copying a Folder to the System Drive of the Computer You can copy an additional
folder to the system drive during the customization process. For example, you might want to
copy a folder containing additional device drivers.
To copy a folder to the system drive
1. In the \$OEM$ folder of the distribution share, create a folder called \$1. This folder
maps to SystemDrive, which is the destination drive for the Windows XP Professional
installation.
2. In the \$1 folder, copy the folder containing the files.
3. Verify that the following statement is in the [Unattended] section of the Unattend.txt
answer file:
[Unattended]
OemPreinstall = Yes
Customizing Unattended Installations
After you create a distribution folder, customize the installation by creating answer file(s) and
adding devices, device drivers, applications, Help files, support information, and other components. Depending on what you want to customize, use Setup Manager to perform either or
both of the following tasks:
■
Add entries in the answer file to provide specific instructions to be carried out by Setup
during installation.
■
Populate the distribution folder by adding files, programs, and applications.
The tools you can use to customize Windows XP Professional depend on your choice of methods to install the operating system.
Table 2-4 shows the customization tools that are covered in the “Using Windows XP Professional Customization Tools” section later in this chapter.
Table 2-4
Customization Tools
Installation Method
Tool
Description
Unattended Installation
(Winnt32.exe)
Unattend.txt
Supplies an answer file that you can either modify
or use as is.
Setup Manager
Used to create and modify answer files and distribution folders.
Notepad or
other text editor
Used to manually create a new answer file or to
modify an existing one.
68
Part I:
Deployment
Table 2-4
Customization Tools
Installation Method
Tool
Description
System Preparation
(Sysprep.exe) tool
Sysprep.inf
Supplies an answer file that you can either modify
or use as is.
Sysprep Factory
mode
Used to customize the Setup for the destination
computer.
MiniSetup
Wizard
Displays a configurable collection of Setup
screens to gather information that has not been
preconfigured in the answer file. Use Setup Manager (setupmgr.exe) to preconfigure the MiniSetup Wizard screens or Windows Welcome
(Msoobe.exe). OOBE is an acronym for out-ofbox experience.
MiniSetup starts the first time a computer starts
from a disk that has been duplicated using
Sysprep.
Remote Installation
Services (RIS)
Setup Manager
Used to create and modify answer files, distribution folders, and the MiniSetup Wizard.
RIS template
answer file
(Ristndrd.sif)
Supplies an answer file that you can either modify
or use as is.
RIS Client Installation Wizard
Provides basic functionality for installing client
computers.
Setup Manager
Used to create and modify answer files and distribution folders.
You can customize features and components in Windows XP Professional. The examples provided at the end of this section demonstrate the following:
■
Adding hardware devices, including storage devices, Plug and Play devices, and hardware abstraction layers (HALs). When adding hardware devices to the distribution
folder and specifying the devices in the answer file, consider mass storage devices such
as Small Computer Systems Interface (SCSI) hard drives. Windows XP Professional
Setup detects and installs most hardware devices automatically. However, to install a
SCSI device that is not supported by Windows XP Professional, you must add the device
drivers for that SCSI device and its Txtsetup.oem file to the distribution folder (in the
$OEM$\Textmode folder). To access that SCSI controller during Text mode, the
[MassStorageDrivers] section of the answer file must be modified with the appropriate
device driver entries.
Chapter 2:
Automating and Customizing Installations
69
Note
Ensure that hardware on the destination computer meets the minimum requirements listed in Chapter 1, “Planning Deployments.” Also, to ensure that the individual
components are compatible with Windows XP Professional, see the Windows Catalog at
http://www.microsoft.com/windows/catalog. The Windows Catalog is replacing the
older Hardware Compatibility List (HCL), but you can still access text-only versions of the
HCL for different Windows versions from Windows Hardware and Driver Central at http:
//winqual.microsoft.com/download.
■
Setting passwords for local user accounts. You can also force all users or certain users to
change their passwords when they log on after an upgrade from Windows 98 or Windows Me.
■
Setting options for language and multilingual support, and setting key descriptions for
other regional and language options, such as language-specific keyboard layouts.
■
Setting time zones.
■
Specifying display settings to ensure that Setup automatically detects a computer’s display resolution.
■
Specifying file system settings to automatically convert FAT16 and FAT32 file systems to
NTFS during upgrades.
■
Using the $$Rename.txt file to automatically convert short file names to long file names.
■
Adding applications during the GUI-mode phase of Setup using Cmdlines.txt.
■
Adding applications when the user logs on for the first time using [GuiRunOnce].
■
Using batch files and packaging applications to be used with Windows Installer Service.
You can customize many Windows XP Professional features after installation, such as wallpaper, screen saver settings, Active Desktop®, custom toolbars and taskbars, and new Start and
Programs menu options. For more information about post-installation customization, see
Chapter 5, “Managing Desktops.”
Using Windows XP Professional Customization Tools
Use Setup Manager (setupmgr.exe) to create answer files, or use a simple text editor (such as
Notepad) to manually create them.
You can use a network connection to a RIS server to download one or more operating system
images (including Windows XP Professional). If you use a RIS server to download an operating system image, RIS provides answer file templates and a Client Installation Wizard (CIW).
You can use Sysprep to distribute operating system images using removable media. Sysprep
also provides an answer file (Sysprep.inf) that you can customize.
70
Part I:
Deployment
Customizing Unattended Installations
An answer file or setup script is a text file that follows a specific format and syntax and contains all the information Setup must have to automate and customize an installation. The
Setup program uses this customized script to provide values for all the settings that are
required during installation.
Typically, the answer file for Winnt32.exe is named Unattend.txt; however, you can use any
valid file name (for example, Sales.txt, Test.txt, and Support.txt). You must use the /Unattend
parameter and the correct file name when you run Setup from the command line (for example, /Unattend:filename.txt). By using descriptive names to differentiate different versions of
an answer file, you can build and maintain a variety of unique answer files for the different
departments within your organization.
The answer file provides Setup with the necessary information to enable interaction with the
distribution folders and files that you have created.
Creating an answer file by using Setup Manager You can use Setup Manager to create an
answer file for an unattended installation, an automated installation using Sysprep, or an
automated installation using RIS. Setup Manager is available on the Windows XP Professional
operating system CD in the Deploy.cab file of the \Support\Tools folder. Setup Manager helps
you create and modify an answer file by providing prompts for the information that is
required and then creating the answer file. Setup Manager can create a new answer file, import
an existing answer file for modification, or create a new answer file based on the configuration
of the computer on which it is running.
Table 2-5 lists the parameters that you can configure with Setup Manager. The parameters are
listed in the order in which they are presented. After you configure the parameters, Setup
Manager generates the results as answer file keys.
Table 2-5
Setup Manager Parameters
Parameter
Description
New or existing
answer file
Creates a new answer file or modifies an existing one.
Product to install
Specifies whether your answer file will be used for unattended, Sysprep, or
RIS installs.
Platform
Specifies the version of Windows you plan to deploy.
Distribution folder
Creates a distribution folder on the network that includes the required Windows XP Professional source files and to which you can add files that you
want to copy or supply additional device drivers for use with Windows XP
Professional. If you don’t want to create a distribution folder, you can use
the product CD instead by renaming your answer file from unattend.txt to
winnt.sif.
Chapter 2:
Table 2-5
Automating and Customizing Installations
71
Setup Manager Parameters
Parameter
Description
Set user
interaction
Sets the level of user interaction that is appropriate during the setup process. For example, you can select Provide defaults to display the configurable values supplied in the answer file, or Fully automated to create a
setup process that does not prompt the user to review or supply configuration values.
Customize the
software
Specifies an organization and user name.
Display settings
Allows you to automatically set the display color depth, screen area, and refresh frequency display settings.
Time zone
Sets the correct time zone using the same property sheet that a user would
access to change the time zone locally.
Providing the
product key
Needed if retail media is used instead of volume licensed media.
Computer names
When you enter multiple names during the setup process, Setup Manager
automatically generates the Uniqueness Database File (UDF) that is required to add those unique names to each computer during setup. If the
administrator imports names from a text file, Setup Manager converts each
name to a Uniqueness Database File. The administrator can also set an option to generate unique computer names.
Administrator
password
Setup Manager can encrypt the administrator password in the Unattend.txt
answer file. This prevents the password from being readable if the answer
file is viewed in a text editor. Setup Manager can also be set to prompt the
user for the administrator password during setup. Setup Manager can also
use the AutoLogon feature to automatically log on to the client computer
as an administrator when setup finishes.
Networking
components
Any custom network-setting option that can be configured from the desktop can be configured remotely using Setup Manager. The interface for setting network settings in Setup Manager is the same interface that users see
on their desktop.
Workgroup or
domain
Using Setup Manager, you can also add computers to a domain or workgroup, or automatically create accounts in the domain.
Telephony
Sets telephony properties, such as area codes and dialing rules.
Regional settings
Specifies regional and language options such as date, time, numbers, character sets, and keyboard layout.
Languages
Adds support for different language groups.
Browser and shell
settings
Performs the basic setup for Internet connections, such as connecting to
proxy servers. If your organization wants to customize the browser, the administrator can use Setup Manager to access the customization tool that is
part of the Internet Explorer Administration Kit (IEAK), available from http:/
/www.microsoft.com/windows/ieak.
Installation folder
Uses the default installation folder, \Windows, to generate a unique folder
during setup or to set a custom folder.
Install printers
Sets up multiple printers as part of the installation process.
72
Part I:
Deployment
Table 2-5
Setup Manager Parameters
Parameter
Description
Run once
Sets up commands that run automatically the first time a user logs on. These
might include running an application setup program or changing security
settings.
Additional
Commands
Specifies commands that run at the end of the setup process and before users log on to the system, such as starting an application setup file.
Setup Manager cannot perform the following functions:
■
Add system components during installation, such as Internet Information Services.
■
Create Txtsetup.oem files.
■
Create subfolders in the distribution folder.
Note
You can, however, add system components during installation by manually creating a
[Components] section in your answer file. For more information, Ref.chm, the Microsoft Windows XP Preinstallation Reference, can be found in the Deploy.cab file in the \Support\Tools
folder on your Windows XP Professional product CD.
To copy Setup Manager from the Windows XP Professional CD
1. In the \Support\Tools folder, double-click the Deploy.cab file.
2. Copy Setupmgr.exe to a folder on the hard disk.
To run Setup Manager
■
Double-click Setupmgr.exe. The Setup Manager Wizard helps you create an answer file
and a distribution folder.
Example of an Unattend.txt answer file Listing 2-1 displays a typical Unattend.txt answer
file. This file automates the installation or upgrade of Windows, enabling the Setup program
to run without requiring user input. Comments within the answer file describe most sections,
keys, and values.
Listing 2-1
Example of an Unattend.txt Answer File
[Unattended]
UnattendMode = FullUnattended
TargetPath = Windows
FileSystem = LeaveAlone
OemPreinstall = Yes
OemSkipEula = Yes
[GuiUnattended]
; Set the TimeZone. For example, to set the TimeZone for the
; Pacific Northwest, use a value of “004.” Be sure to use the
; numeric value that represents your own time zone. To look up
Chapter 2:
Automating and Customizing Installations
; a numeric value, see the Deploy.chm file on the Windows XP Professional CD.
; The Deploy.cab file is in the \Support\Tools folder.
TimeZone = “YourTimeZone"
OemSkipWelcome = 1
; The OemSkipRegional key allows Unattended Installation to skip
; RegionalSettings when the final location of the computer is unknown.
OemSkipRegional = 1
[UserData]
; Tip: Avoid using spaces in the ComputerName value.
ComputerName = “YourComputerName"
; To ensure a fully unattended installation, you must provide a value
; for the ProductKey key.
ProductKey = “Your product key"
[LicenseFilePrintData]
; This section is used for server installs.
AutoMode = “PerServer"
AutoUsers = “50"
[Display]
BitsPerPel = 16
XResolution = 800
YResolution = 600
VRefresh = 60
[Components]
; This section contains keys for installing the components of
; Windows XP Professional. A value of On installs the component, and a
; value of Off prevents the component from being installed.
iis_common = On
iis_inetmgr = Off
iis_www = Off
iis_ftp = Off
iis_doc = Off
iis_smtp = On
; The Fp_extensions key installs Front Page Server Extensions.
Fp_extensions = On
; If you set the TSEnabled key to On, Terminal Services is installed on
; a current version of Windows Server.
TSEnabled = On
; If you set the TSClients key to On, the files required to create
; Terminal Services client disks are installed. If you set this key
; to On, you must also set the TSEnabled key to On.
TSClients = On
Indexsrv_system = On
Accessopt = On
Calc = On
Charmap = On
Chat = Off
Clipbook = On
Deskpaper = On
Dialer = On
Freecell = Off
Hypertrm = On
73
74
Part I:
Deployment
Media_clips = On
Media_utopia = On
Minesweeper = Off
Mousepoint = Off
Mplay = On
Mswordpad = On
Paint = On
Pinball = Off
Rec = On
Solitaire = Off
Templates = On
Vol = On
[TapiLocation]
CountryCode = “1"
Dialing = Pulse
; Indicates the area code for your telephone. This value must
; be a 3-digit number.
AreaCode = “Your telephone area code"
LongDistanceAccess = 9
[Networking]
[Identification]
JoinDomain = YourCorpNet
DomainAdmin = YourCorpAdmin
DomainAdminPassword = YourAdminPassword
[NetOptionalComponents]
; Section contains a list of optional network components to install.
Snmp = Off
Lpdsvc = Off
Simptcp = Off
[Branding]
; This section brands Microsoft® Internet Explorer with custom
; properties from the Unattended answer file.
BrandIEUsingUnattended = Yes
[URL]
; This section contains custom URL settings for Microsoft
; Internet Explorer. If these settings are not present, the
; default settings are used. Specifies the URL for the
; browser’s default home page. For example, you might use the
; following: Home_Page = www.microsoft.com.
Home_Page = YourHomePageURL
; Specifies the URL for the default search page. For example, you might
; use the following: Search Page = www.msn.com
Search_Page = YourSearchPageURL
; Specifies a shortcut name in the link folder of Favorites.
; For example, you might use the following: Quick_Link_1_Name =
; “Microsoft Product Support Services"
Quick_Link_1_Name = “Your Quick Link Name"
; Specifies a shortcut URL in the link folder of Favorites. For example,
; you might use this: Quick_Link_1 = http://support.microsoft.com/.
Chapter 2:
Automating and Customizing Installations
75
Quick_Link_1 = YourQuickLinkURL
[Proxy]
; This section contains custom proxy settings for Microsoft
; Internet Explorer. If these settings are not present, the default
; settings are used. If proxysrv:80 is not accurate for your
; configuration, be sure to replace the proxy server and port number
; with your own values.
HTTP_Proxy_Server = proxysrv:80
Use_Same_Proxy = 1
Customizing Sysprep Installations
This section provides information about the components of Sysprep 2.0, including:
■
The Sysprep.inf File
■
The MiniSetup Wizard
■
Factory mode
■
Audit Boot mode
■
Reseal mode
■
The -msoobe parameter (Windows Welcome)
Using Sysprep.inf Listing 2-2 displays an example of a Sysprep.inf answer file. If you are
running Sysprep with the -mini parameter, you can use the Sysprep.inf answer file to automate the MiniSetup process. It uses the same .inf file syntax and key names (for supported
keys) as Unattend.txt. Place the Sysprep.inf file in the %SystemDrive%\Sysprep folder or on
a floppy disk. If you use a floppy disk, insert it into the floppy disk drive after the Windows
startup screen appears. Note that if you do not include Sysprep.inf when running Sysprep, the
MiniSetup Wizard requires user input at each customization page.
If you created a Sysprep.inf file on the reference computer and want to individually change
Sysprep.inf on each destination computer, use the floppy disk method.
Listing 2-2
Sample Sysprep.inf Answer File
[Unattended]
; Prompt the user to accept the EULA.
OemSkipEula = No
;Use Sysprep’s default and regenerate the page file for the system
;to accommodate potential differences in available RAM.
KeepPageFile = 0
;Provide the location for additional language support files that
;might be required in a global organization.
InstallFilesPath = c:\Sysprep\i386
[GuiUnattended]
;Set the time zone.
76
Part I:
Deployment
TimesZone = 20
;Skip the Welcome screen when the system starts.
OemSkipWelcome = 1
;Do not skip the Regional and Language Options dialog box so that users can
;indicate which options apply to them.
OemSkipRegional = 0
[UserData]
ComputerName = XYZ_Computer1
[Display]
BitsPerPel = 16
XResolution = 800
YResolution = 600
VRefresh = 60
[GuiRunOnce]
"%systemdrive%\sysprep\filename.bat” = “path-1\Command-1.exe"
"path-n\Command-n.exe"
"%systemdrive%\sysprep\sysprep.exe -quiet"
[Identification]
;Join the computer to the domain ITDOMAIN.
JoinDomain = ITDOMAIN
[Networking]
For more information about answer file keys and values, see the Deploy.chm in the
Deploy.cab file on the Windows XP Professional operating system CD. The Deploy.cab file is
in the \Support\Tools folder.
Using MiniSetup If you are running Sysprep with the -mini parameter, the MiniSetup Wizard appears the first time a computer starts from a disk that was duplicated by using Sysprep.
The MiniSetup Wizard gathers information that is required to customize the destination
computer. If you do not use Sysprep.inf or if you leave some sections of the file blank, the
MiniSetup Wizard displays pages to collect the required information that has not already
been provided. The displayed pages can include:
■
Welcome to Windows XP Professional Setup Wizard.
■
End-User License Agreement (EULA).
■
Regional and Language Options.
■
User name and company.
■
Product key. This screen is always displayed unless you prepopulate the system preparation procedure with product key information.
■
Computer name and administrator password.
Chapter 2:
Automating and Customizing Installations
■
Telephony application programming interface (TAPI) settings page. This page is displayed only if a modem or a new modem device exists on the computer.
■
Date and time settings.
■
Networking settings.
■
Workgroup or computer domain.
For more information about bypassing these screens, see Table 2-6.
Note Because Setup detects optimal settings for display devices, you no longer see the Display Settings page when Setup or the MiniSetup Wizard is running. You can specify the settings
in the [Display] section either in the answer file that is used for your reference computer or in
the Sysprep.inf file used for your destination computer. If settings in the [Display] section are in
the answer file that is used for your reference computer, Sysprep retains those settings unless
Sysprep.inf contains different settings or unless a video adapter or monitor is detected that
requires settings different from those of the reference computer.
Table 2-6
Parameters in Sysprep.inf for Bypassing the MiniSetup Wizard
Parameter
Section, Key, and Value
Set regional options
[RegionalSettings]
LanguageGroup = 15,7,1
SystemLocale = 00000409
UserLocale = 00000409
InputLocale = 0409:00000409
[GuiUnattended]
OemSkipRegional = 1
Define user name and company
[UserData]
FullName = “User Name”
OrgName = “Organization Name”
Define computer name and administrator password
[UserData]
ComputerName = W2B32054
[GuiUnattended]
AdminPassword = “”
Set TAPI settings
[TapiLocation]
AreaCode = 425
Set network settings
[Networking]
Set time zone
[GuiUnattended]
TimeZone = “Index”
77
78
Part I:
Deployment
If you use the [RegionalSettings] section to add additional language support, make sure the
language files are available. Also, make sure the C:\Sysprep\i386\Lang folder contains the
files in the \i386\Lang folder on the Windows XP Professional CD. In addition, make sure the
following entries appear in the Sysprep.inf file:
[Unattended]
InstallFilesPath = “C:\Sysprep\i386"
Using Sysprep Factory mode You can use Sysprep Factory mode, sysprep -factory, to preconfigure installation options and reduce the number of displayed MiniSetup or Windows
Welcome (Msoobe.exe) pages. Factory mode enables you to prepopulate information in the
[Factory] section header of the Sysprep answer file, WinBom.ini. You can prepopulate information, such as address, time zone, existing ISP, and locale. You can also use Factory mode to
update other .ini or answer files, such as Sysprep.inf, OOBEinfo.ini, or .isp and .ins files.
Factory mode enables you to add device drivers and applications to the image after the computer restarts when you are running Sysprep.exe. You typically run Sysprep.exe as the final
step in the preinstallation process to prepare the computer for delivery. When restarted, the
computer displays the MiniSetup or Windows Welcome pages. By clicking the Factory button
on the OEM Reset Reminder dialog box, or by running Sysprep -factory from the command
line (using the -factory parameter), the computer restarts in a network-enabled state without
starting MiniSetup or Windows Welcome. In this state, Factory.exe processes WinBom.ini
and performs the following tasks:
1. Copies device drivers from a network source to the computer.
2. Starts Plug and Play enumeration.
3. Copies applications from a network source to the computer.
4. Adds customer data.
In this state, the computer can be audited. When complete, run Sysprep with the - reseal
parameter to prepare it for delivery.
When you use Factory mode with disk-imaging (or cloning) software, you can reduce the
number of required images. You can create a reference computer image with a minimal set of
device drivers, and then copy the image to the destination computers. For any destination
computer that requires additional device drivers, you can run Factory mode to update the
installed image with the required drivers.
Table 2-7 lists the sections in a WinBom.ini file.
Chapter 2:
Table 2-7
Automating and Customizing Installations
79
WinBom.ini Sections
Section
Description
[ComputerSettings]
Configures end-user settings on the destination computer.
[Factory]
Includes entries for performing a factory installation of Windows XP
Professional.
[NetCards]
Includes entries for configuring the network adapter on the destination
computer if a network connection is required.
[OEMLink]
Adds a graphic and text to the Start menu to provide end users with easy
access to an OEM’s .htm file.
[OEMRun]
Runs external applications and command shell scripts while the Sysprep
-factory command is running. Commands are processed asynchronously.
Each application runs in the order listed in this section, but the application
does not wait for a previous application to finish before it runs. These
executable files or command shell scripts are the last processing performed by the Sysprep -factory command.
[OEMRunOnce]
Includes entries for controlling the running of external applications and
command shell scripts during the running of the Sysprep -factory
command.
[Section_name]
Preinstalls an application as specified in the [OEMRunOnce] section.
[PnPDriverUpdate]
Includes entries for updating device drivers on the installed image prior to
installing the drivers with Plug and Play.
[PnPDrivers]
Lists the updated device drivers to be copied on to the computer.
[Shell]
Customizes the appearance of the Windows desktop and Start menu.
[SetupHomenet]
Sets up a firewall on a computer that uses a preconfigured Internet
connection.
[StartMenuMFUlist]
Prepopulates the Most Frequently Used programs list on the Start menu
with shortcuts to preinstalled applications.
[UpdateSystem]
Updates any of the computer’s files or registry entries.
[UserAccounts]
Includes entries for controlling the creation of user identities on the destination computer.
[UserDefined]
Creates a user-defined section that can contain branding information or
any other data for other processes.
Using Sysprep Audit Boot mode To test and verify installations, you can use Audit Boot
mode to quickly restart the computer before you are ready to use Reseal mode. You can invoke
Audit Boot mode by clicking the Audit Boot button in the OEM Reset Reminder dialog box.
Using Sysprep Reseal mode When you have made modifications in Factory mode, you
can use Reseal mode to prepare the computer for delivery. When the computer restarts
from Factory mode, you can invoke Reseal mode by clicking the Reseal button on the
OEM Reset Reminder dialog box, or by running Sysprep -reseal from the command line
(using the -reseal parameter). To display the Windows Welcome pages on the first restart
after you reseal the image, use the -msoobe parameter.
80
Part I:
Deployment
Customizing RIS Installations
Remote Installation Services (RIS) is a tool that enables you to perform a clean installation of
a preconfigured image of a supported operating system on a client computer. You can use RIS
to install the operating system over a network connection on a computer that supports the
Pre-Boot eXecution Environment (PXE). You can also use RIS with the Remote Boot Floppy
Generator (Rbfg.exe) to create a remote boot disk that can be used with a variety of supported
PCI-based network adapters.
Using RIS answer files The Remote Installation Services answer file guides the installation
of the operating system. When you install RIS on a computer running a current version of
Windows 2000 Server and then run Risetup.exe, a standard answer file is created and named
Ristndrd.sif. You can modify this RIS answer file to perform an installation with minimal or no
user intervention and place the computer account object in the domain in which the RIS
server resides. Ristndrd.sif also contains the description that is displayed during the CIW
when the user at the client computer selects an operating system image to install.
Listing 2-3 displays an example of a RIS answer file, Ristndrd.sif.
Listing 2-3
Sample Ristndrd.sif Answer File
[Data]
Floppyless = “1"
MsDosInitiated = “1"
OriSrc = “\\%SERVERNAME%\RemInst\%INSTALLPATH%\%MACHINETYPE%"
OriTyp = “4"
LocalSourceOnCD = 1
[SetupData]
OsLoadOptions = “/noguiboot /fastdetect"
SetupSourceDevice = “\Device\LanmanRedirector\%SERVERNAME%\RemInst\%INSTALLPATH%”
[Unattended]
OemPreinstall = No
FileSystem = LeaveAlone
ExtendOEMPartition = 0
TargetPath = \WINDOWS
OemSkipEula = Yes
InstallFilesPath = “\\%SERVERNAME%\RemInst\%INSTALLPATH%\%MACHINETYPE%"
LegacyNIC = 1
[UserData]
FullName = “%USERFIRSTNAME% %USERLASTNAME%"
OrgName = “%ORGNAME%"
ComputerName = %MACHINENAME%
[GuiUnattended]
OemSkipWelcome = 1
OemSkipRegional = 1
TimeZone = %TIMEZONE%
AdminPassword = “*"
Chapter 2:
Automating and Customizing Installations
81
[Display]
BitsPerPel = 16
XResolution = 800
YResolution = 600
VRefresh = 60
[Networking]
[NetServices]
MS_Server = params.MS_PSched
[Identification]
JoinDomain = %MACHINEDOMAIN%
DoOldStyleDomainJoin = Yes
[RemoteInstall]
Repartition = Yes
UseWholeDisk = Yes
[OSChooser]
Description = “Microsoft Windows XP Professional"
Help = “Automatically installs Windows Professional without prompting the user for input."
LaunchFile = “%INSTALLPATH%\%MACHINETYPE%\templates\startrom.com"
ImageType = Flat
Version = “5.1”
Customizing the RIS Client Installation Wizard After you install RIS on a computer that is
running a current version of Windows 2000 Server or Windows Server 2003, you have access
to a default set of Client Installation Wizard (CIW) pages, which provide basic functionality
for installing clients. You can modify the CIW pages to meet the needs of your organization.
The files are simple text files (with an .osc extension) that are in the OSCML format. CIW
pages are also referred to as Operating System Chooser (OSC) pages. They have the .osc file
name extension and are modeled on the HTML 2.0 format.
Note
The CIW screens are modeled on HTML 2.0; they are not a subset of the HTML 2.0
specification.
OSCML does not support Microsoft Visual Basic Scripting Edition, Microsoft® JScript®, or Sun
Microsystems’ Java.
Table 2-8 describes the pages that are displayed when a user logs on to the client computer
during a RIS installation of the operating system.
After the summary page appears, the user exits the Client Installation Wizard and proceeds to
the automated installation process. The automated installation process is similar to installing
the operating system from a CD, but instead of accessing the installation media locally, the client computer accesses operating system files that are stored remotely on a RIS server. Depending on the speed of your network and the load on the RIS server, this process can be much
82
Part I:
Deployment
faster than an installation from a CD-ROM drive.
Table 2-8
Client Installation Wizard Screens
Page
Description
Logon page
(Login.osc)
Requires a user to log on. The user logs on to the network by using an existing user account, password, and domain. After the user successfully logs on,
RIS uses these credentials to determine which installation options to display
on the Setup Options page. If the process is not successful and the logon account, password, or domain is not recognized, the user is prompted to log
on again.
Setup Options
page (Choice.osc)
Displays installation options to the user, including:
Automatic provides the easiest operating system installation path. If there is
already a computer account object in Active Directory with a Globally
Unique Identifier (GUID) that matches the client computer’s GUID, the existing computer account is reused. If a matching GUID is not found in Active
Directory, the client computer is named based on the automatic naming format configured in the properties of the RIS server, and a new computer account is created in the location specified by the RIS server.
Custom allows users to override the automatic computer naming process, as
well as the default location within Active Directory where client computer account objects are created. The Custom Setup option is similar to the automatic option, but you can use it to set up a client computer for a subsequent
user (for example, to install an operating system on a client computer within
the enterprise) before delivery to a user. If either the computer name or
computer location is left blank on the Custom Setup page, the automatic
name or location is used.
Restart a Previous Setup Attempt restarts the operating system installation
process by using the information entered during the previous attempt. If the
installation process fails or network connectivity is disrupted during the
initial text-mode phase of setup (before completing the file copy phase), a
Restart Setup command is available for optional display to the user the next
time the computer is started.
Maintenance and Troubleshooting provides access to maintenance and
troubleshooting tools, such as system flash BIOS updates and computer diagnostic tools that can be used prior to operating system installation.
The degree to which this page and its options are displayed is controlled by
RIS Group Policy settings.
Duplicate GUID
detection page
(Osauto.osc)
This page is not displayed to users. Osauto.osc determines whether a
computer account object already exists in Active Directory with the same
GUID as the computer running the Client Installation Wizard. If a duplicate
GUID is found, DupAuto.osc is displayed. If no duplicate GUID is found,
OSChoice.osc is displayed.
Error page
(Dupauto.osc)
Displayed if a duplicate GUID is found in Active Directory. Instructs the user
to contact the network administrator.
Chapter 2:
Table 2-8
Automating and Customizing Installations
83
Client Installation Wizard Screens
Page
Description
Operating system
choice page
(Oschoice.osc)
Displays the list of operating system images on the RIS server that are available to a user who is logged on. If only one image is available for the user to
install, that image is automatically selected and the user does not see this
page.
Caution page
(Warning.osc)
Displays a warning message that the hard disk will be formatted. The user is
cautioned that an operating system will be installed on the computer, a process that requires the hard disk to be repartitioned and formatted, erasing
all data currently on the disk.
Summary page
(Install.osc)
Displays information about the computer, including computer name, computer GUID, and the RIS server to be used for downloading the image. Pressing any key begins the installation process.
At this point, the RIS server has created a computer account object in Active
Directory for the computer and can look up the computer and its computer
name and other settings if the computer is reinstalled.
If you were running the Client Installation Wizard to prestage the computer
for another user, you can now shut down the computer and return it to the
end user. The end user must have reset password permissions on the newly
created computer account object in Active Directory.
Custom Setup
page (Custom.osc)
Prompts the user for a computer name and the organizational unit (OU) in
which to create the computer account.
Using the Client Installation Wizard Typically, when a remote boot–enabled client computer using RIS to install an operating system is turned on for the first time, the client computer contacts the boot server, and the user is prompted to press the F12 key on the keyboard
of the client computer to initiate the download of the Client Installation Wizard (CIW). After
the CIW is downloaded to the client computer, the Welcome page appears and the user is
prompted to log on to the network with an existing user account, password, and logon
domain. After the logon process is established, RIS checks to see what installation options the
user has access to based on the Group Policy settings that are applied to the user. The CIW
displays a menu with the appropriate installation options tailored to the specific user. RIS has
been configured so that a user is not presented with installation options by default. The Automatic setup option is automatically chosen.
Startrom.com and Startrom.n12 are two of the RIS boot files in the \RemoteInstall
\OSChooser\i386 folder of the RIS hard disk partition on a RIS server.
Startrom.com The default RIS boot file that can be sent in response to a client computer
request to initiate the operating system installation procedure. If you use the default RIS boot
file, the client computer prompts the user to press the F12 key to download the Client Installation Wizard (CIW).
84
Part I:
Deployment
Startrom.n12 The alternate RIS boot file that you can rename and use to streamline the process of initiating the installation of the operating system. If the client computer has a new,
clean hard disk and if it is configured to boot from the network, use this alternate RIS boot file.
The RIS server automatically starts downloading the CIW to the client computer. The client
computer does not prompt the user to press the F12 key.
The \RemoteInstall\OSChooser\i386 folder is created and populated when you run
Risetup.exe on a computer that is running Windows 2000 Server. The default Startrom.com
file is the boot file that can be sent, in response to a client computer request, from a RIS server
to a client computer. This default Startrom.com file prompts the user to press the F12 key to
initiate the download of the CIW pages and to start the process of installing the operating
system.
If you are installing Windows XP Professional on a new client computer that has a clean hard
disk, you can use the Startrom.n12 file instead of the default Startrom.com file on the RIS
server to eliminate the need to press the F12 key from the client computer. To do this, perform
the following tasks from the RIS server:
1. In the \RemoteInstall\OSChooser\i386 folder of the hard disk partition that is used for
RIS installations, rename Startrom.com to Startrom.old, and then change the name of
the Startrom.n12 file to Startrom.com.
2. Change the boot order of the client computer so that it starts from the hard disk first
and from PXE second.
The first time the client computer attempts to start from the hard disk, the boot process fails
because the operating system is not yet installed on the hard disk. The client computer then
starts from PXE without requiring a user to press the F12 key. After you successfully complete
the operating system installation, subsequent restarts are performed by using the operating
system that is now installed on the hard disk. It is necessary to perform step two in the preceding task because the client computer initiates a RIS installation on every restart if PXE is
first in the boot order.
Creating an Answer File Manually
You can use a text editor, such as Notepad, to manually create an answer file. An answer file
consists of section headers, keys, and values for those keys. Note that you do not have to specify all possible keys in the answer file if the installation does not require them. Invalid key values might cause errors or faulty performance after Setup. Listing 2-4 displays an example of a
manually created answer file.
Chapter 2:
Listing 2-4
Automating and Customizing Installations
85
Example of a Manually Created Answer File
[Section1]
; Sections contain keys and corresponding values for the keys.
; Keys and values are separated by equal signs.
; Values with spaces usually require double quotes.
; Text (like this) following semi-colons are comments.
Key = Value
[Section2]
Key = “Value with spaces"
Winnt.sif is the name for an answer file that is used for performing an unattended clean installation from a CD. To create a Winnt.sif file, use Setup Manager and rename the Unattend.txt file it
creates to Winnt.sif. Listing 2-5 displays an example of a fully unattended Winnt.sif answer file.
Note When you use Winnt.exe to perform a clean installation from a bootable CD on a
computer with multiple hard disks or partitions, specify the exact location of the destination
hard disk or partition to which you are installing. Add AutoPartition = 1 to the [Data] section
of the Winnt.sif file to specify the location.
Listing 2-5
Sample Winnt.sif Answer File
[Data]
AutoPartition = 1
MsDosInitiated = 0
UnattendedInstall = Yes
[Unattended]
UnattendMode = FullUnattended
OemSkipEula = Yes
OemPreinstall = No
[GuiUnattended]
AdminPassword = *
OEMSkipRegional = 1
TimeZone = 85
OemSkipWelcome = 1
[UserData]
FullName = USERNAME
OrgName = MS
ComputerName = COMPUTERNAME
[Identification]
JoinWorkgroup = WORKGROUP
[Networking]
InstallDefaultComponents = Yes
86
Part I:
Deployment
Customizing Components and Features
This section describes the tools you can use and the procedures you can perform to manually
customize the components and features of a Windows XP Professional installation. You also
have the option of using Setup Manager Wizard to customize components and features for a
Windows XP Professional installation.
Adding Hardware Device Support
The following topics describe how to add hardware device support to your installation:
■
Mass Storage Devices
■
Hardware Abstraction Layers
■
Driver Signatures
■
Plug and Play Devices
Mass Storage Devices In Windows XP Professional, Plug and Play installs most hardware
devices that can be loaded later in the setup process. However, mass storage devices, such as
hard disk controllers, must be properly installed for full Plug and Play support to be available
during the GUI mode of Setup. For this reason, the installation of mass storage devices is handled differently from the installation of other hardware devices.
To add Small Computer Systems Interface (SCSI) devices during Text-mode Setup (before full
Plug and Play support is available), you must provide a Txtsetup.oem file that describes how
Setup needs to install the particular SCSI device. For more information about Txtsetup.oem,
see Windows Hardware and Driver Central at http://www.microsoft.com/whdc.
To install a mass storage device
1. In the distribution folder, create the Textmode folder in the \$OEM$ folder.
2. Copy the following files into the Textmode folder. These files are available from the
device vendor. In the following list, replace Driver with the appropriate driver name:
■
Driver.sys
■
Driver.dll
■
Driver.inf
■
Driver.cat
■
Txtsetup.oem
Some drivers, such as SCSI miniport drivers, might not include a DLL file.
Chapter 2:
Note
Automating and Customizing Installations
87
A catalog file, for example Driver.cat, might not be required.
Most SCSI drivers do not ship with dynamic-link library files (DLLs).
Catalog files (.cat) are not used during Text-mode Setup.
The required files are specified in the Txtsetup.oem file. Make sure that all the files listed
in Txtsetup.oem appear in the textmode directory and that the files are specified in the
[OEMBootFiles] section of the Unattend.txt file.
You must also copy the driver files to the PnPdrvrs location that you specified for the
OemPnPDriversPath key in the answer file. For example:
\$OEM$\$1\PnPdrvrs\Storage
You must include a catalog file, for example, Driver.cat, with the mass storage device
drivers if the catalog file is listed in Txtsetup.oem. For more information about catalog
files, see the Windows Hardware and Driver Central at http://www.microsoft.com
/whdc.
3. In the answer file, create a [MassStorageDrivers] section, and include the driver
entries that you want to include. If you are using two mass storage devices, one to
control the hard disk and the other to control the CD-ROM drive, a possible entry in
the [MassStorageDrivers] section is shown in the following example:
“Adaptec 2940…” = “OEM"
"Adaptec 2940…” = “retail"
Information for this section can be obtained from the Txtsetup.oem file, which is provided by the hardware manufacturer.
4. In the answer file, create an [OEMBootFiles] section, and include a list of the files in the
\$OEM$\Textmode folder. A possible entry to the [OEMBootFiles] section is shown in
the following example:
[OEMBootFiles] Driver.sys Driver.dll Driver.inf Txtsetup.oem
Replace the word “Driver” with the appropriate driver name.
Warning Add driver entries to the [MassStorageDrivers] and [OEMBootFiles] sections
only for bootable mass storage devices. Do not include references to secondary mass
storage devices. For secondary mass storage devices, add the drivers to the PnPdrvrs
folder specified in the OEMPnPDriversPath key of the answer file.
88
Part I:
Deployment
If your mass storage device is a Plug and Play device, verify that a Hardware Identification Section and a reference to the catalog file for the driver (Driver.cat) exist in the Txtsetup.oem file. For more information, see the Driver Development Kits link on the Web
Resources page at http://www.microsoft.com/windows/reskits/webresources.
5. In the Txtsetup.oem file, verify that a section named [HardwareIds.Scsi.yyyyy] exists. If
not, create it by using the following format:
[HardwareIds.scsi.yyyyy]
id = “xxxxx” , “yyyyy"
In the preceding example, xxxxx is the device identifier and yyyyy is the device service
name. For the Symc810 driver, which has a device ID of PCI\VEN_1000&DEV_0001,
you can create the section shown in the following example:
[HardwareIds.scsi.symc810]
id = “PCI\VEN_1000&DEV_0001” , “symc810"
Hardware Abstraction Layers To specify hardware abstraction layers (HALs) for installation, you must have a Txtsetup.oem file and the HAL files that are provided by the vendor. Use
the same Txtsetup.oem file if you are installing mass storage device drivers. Only one Txtsetup.oem file can be used; therefore, if you have to install HALs and mass storage device drivers, combine the entries into one file.
To use third-party drivers, you must make appropriate changes to the answer file. For more
information about answer file syntax, see the Deploy.chm in the Deploy.cab file on the Windows
XP Professional operating system CD. The Deploy.cab file is in the \Support\Tools folder.
To install a HAL
1. If you have not already done so, create a Textmode folder in the \$OEM$ folder.
2. Copy the files that you receive from the device vendor to the Textmode folder.
3. In the answer file, edit the [Unattended] section for the HAL, and add any drivers that
you want to install. A possible entry for the ComputerType key is shown in the following
example:
[Unattended]
ComputerType = “HALDescription", OEM
You can obtain information about the HALDescription from the [Computer] section of
the Txtsetup.oem file, which is provided by the hardware manufacturer.
4. In the answer file, create an [OEMBootFiles] section, and enter the names of the files in
the \$OEM$\Textmode folder.
Chapter 2:
Automating and Customizing Installations
89
Driver Signatures Before using updated drivers, verify that they are signed correctly. If drivers are not correctly signed, they might not be installed. To verify that drivers are correctly
signed, contact the vendor.
In the answer file, the DriverSigningPolicy key in the [Unattended] section specifies how nonsigned drivers are processed during installation.
Warning
Microsoft strongly advises against using DriverSigningPolicy = Ignore unless you
have fully tested the device driver in your environment and are sure that it works correctly.
Using unsigned drivers increases the risk of device driver problems that can affect the performance or stability of your computer.
If you are using DriverSigningPolicy = Ignore and you attempt to install a newer, unsigned
copy of a driver that is protected by Windows XP Professional, the policy level is automatically
updated to Warn.
For more information about driver signing policy, see the Deploy.chm in the Deploy.cab file
on the Windows XP Professional operating system CD. The Deploy.cab file is in the
\Support\Tools folder.
Plug and Play Devices Windows XP Professional automatically installs most Plug and Play
device drivers; however, you can easily add Plug and Play device drivers if necessary. When
you are creating your reference installation image, check the Windows XP Professional product CD to determine whether the drivers for the Plug and Play devices you are installing are
listed. You can add Plug and Play device drivers that are not included on the Windows XP Professional operating system CD by performing the procedures in this section. This method
works for all Plug and Play device drivers. You can also use this method to update existing
Plug and Play device drivers.
The following procedures illustrate how you can add Plug and Play to these installation
methods:
■
Unattended Installation
■
Sysprep images
■
Risetup images
To add Plug and Play device drivers to an Unattended Installation
1. In the \$OEM$ folder of the distribution folder, create subfolders for any special Plug
and Play drivers and their .inf files. Create these subfolders under the following folder:
$OEM$\$1\PnPDrvrs
2. Copy the driver files for the devices into the subfolders created in the previous step.
90
Part I:
Deployment
3. In the answer file, edit the [Unattended] key for Plug and Play and add the path to the
list of Plug and Play search drives, as shown in the following example:
[Unattended]
OEMPnPDriversPath = “PnPDrvrs"
To maintain the folders to accommodate future device drivers, create subfolders for potential
device drivers. By dividing the folders into subfolders, you can store device driver files by
device type rather than storing all device driver files in a single folder. Suggested subfolders
include Audio, Modem, Net, Print, Storage, Video, and Other. Creating an Other folder gives
you the flexibility to store new hardware devices that are not currently known.
Directories are not traversed; therefore, if you have files in both \Pnpdrivers\Video and in
\Pnpdrivers\Audio, they both need to be explicitly named in the OemPnPDriversPath key.
For example, if the PnPDrvs folder contains the Audio, Modem, and Net folders, the answer
file must contain the statement shown in the following example:
OEMPnPDriversPath = “PnPDrvs\Audio;PnPDrvs\Modem;PnPDrvs\Net"
The folders must contain all the files that are required to install the specific devices: drivers,
catalog, and .inf files. You can store multiple device drivers in a single folder.
When Setup searches .inf files for Plug and Play IDs during GUI-mode Setup, Setup also looks
in the paths noted in the OemPnPDriversPath along with the standard default path of
%windir%\Inf. The %windir%\Inf path is listed first in the search order, but if you have a
device that is supported by more than one .inf file (Windows XP Professional might include a
driver that offers generic functionality), Setup continues to search all paths specified in the
OemPnPDriversPath entry. Even though it might find multiple matches, Plug and Play uses
the .inf file that has the best match and then installs the associated device driver to support
the device.
Adding Plug and Play devices before performing disk duplication with Sysprep When a client computer that has been duplicated with Sysprep starts for the first time, the installer
detects all non–Industry Standard Architecture ISA hardware. If a hardware device is found
for which there are no device drivers in the default Drivers.cab, the installer checks the location specified in OemPnPDriversPath. If the device drivers are not in this location, the user is
prompted for the location of the device drivers.
To improve the user experience and reduce computer startup time during the first boot, you
can install additional Plug and Play device drivers before running Sysprep. If you determine
that you want these OEM-supplied device drivers to be available for Windows XP Professional
reinstallation, copy the OEM-supplied device driver files directly onto the hard disk before
Chapter 2:
Automating and Customizing Installations
91
you perform the installation procedure. During MiniSetup, the installer ignores the OemPnPDriversPath information and attempts to install these device drivers directly from their original locations on the hard disk.
To add Plug and Play devices to a Sysprep Image
1. Create a folder called \Sysprep on the %SystemDrive% folder.
2. On the root of the same volume, create a folder structure to hold the drivers, as shown
in the following example:
\Drivers
\NIC
\VIDEO
\Sysprep
\Windows
3. Copy the driver files for the devices into the subfolders created in the previous step. The
folders must contain all the files that are required to install the specific devices: driver,
catalog, and .inf files.
4. In the Sysprep.inf answer file, edit the [Unattended] key for Plug and Play, adding the
path to the list of Plug and Play search drives. You can list multiple paths in this key by
separating them with a semicolon, as shown in the following example:
[Unattended]
OEMPnPDriversPath = “Drivers\NIC;Drivers\Video”
5. Save the Sysprep.inf file to the \Sysprep folder.
If you do not want the OEM-supplied device drivers to remain on the volume after MiniSetup
is complete, place the folder structure (that you created in the \Sysprep folder) in the root volume. Adjust the OemPnPDriversPath key in the Sysprep.inf answer file to reflect this change.
The \Sysprep folder is automatically removed after Setup is complete. This automatic removal
process also removes all the subfolders that are subordinate to the \Sysprep folder. To ensure
that OEM-supplied device drivers are available if Windows XP Professional reinstallation is
required, do not remove any of the OEM-supplied device drivers from the root volume.
When you run Sysprep.exe, any Plug and Play devices (including those found using the driver
.inf files) are automatically installed during MiniSetup on the destination computers. You do
not need to specify the -PnP command-line parameter unless there are existing ISA devices on
the destination computers.
92
Part I:
Deployment
To add Plug and Play devices to a Risetup image
Warning
To deploy Windows XP images from Windows 2000 RIS Servers, you must install
the Windows 2000 Remote Installation Services update. For more information about the Windows 2000 Remote Installation Services update, see the Microsoft Knowledge Base link on the
Web Resources page at http://www.microsoft.com/windows/reskits/webresources. Search the
Microsoft Knowledge Base using the keywords Risetup.exe, RIS Servers, and Windows XP
Images. Note that this update is not required for Windows Server 2003 RIS.
1. Create a folder structure similar to the structure shown in the following example, making sure that the \$oem$ folder is at the same level as the \i386 folder:
\RemoteInstall\Setup\%language%\Images\%risetup_image_name%\i386
\RemoteInstall\Setup\%language%\Images\%risetup_image_name%\$oem$\$1\Drivers
\RemoteInstall\Setup\%language%\Images\%risetup_image_name%\$oem$\$1\Drivers\NIC
\RemoteInstall\Setup\%language%\Images\%risetup_image_name%\$oem$\$1\Drivers\Video
\RemoteInstall\Setup\%language%\Images\%risetup_image_name%\$oem$\$1\Drivers\Modem
2. Copy the device driver files for the devices into their respective folders. Use the folder
structure that you created in the previous step.
3. In the Ristndrd.sif answer file, change the value of the OemPreinstall key in the [Unattended] section from No to Yes, and add the paths to the list of Plug and Play search drivers. You can list multiple paths by using semicolons to separate the path names, as
shown in the following example:
[Unattended]
OemPreinstall = Yes
OEMPnPDriversPath = “Drivers\NIC;Drivers\Video;drivers\Modem”
4. Save the Ristndrd.sif file in the \RemoteInstall\Setup\%language%
\Images\%risetup_image_name%\i386\Templates folder.
Note
If one of the OEM-supplied drivers is for a network adapter, the RIS server must
have this driver available when booting into Text-mode Setup.
5. Copy the network adapter driver and the associated .inf file to the \RemoteInstall\Setup\%language%\Images\%flat_image_name%\i386 directory.
6. If the device driver that you are adding is an updated version of a driver that is already
in this directory, you must delete the associated .pnf file from the \RemoteInstall
\Setup\%language%\Images\%flat_image_name%\i386 directory.
Chapter 2:
Automating and Customizing Installations
93
7. Stop and restart the Boot Information Negotiation Layer (BINL) service on all RIS servers on which you copied the drivers. This step is required for these changes to take
effect.
Customizing Regional and Language Options
You can customize the [RegionalSettings] section of your answer file to specify the regional
and language options listed in Table 2-9
To use this section of your answer file, you must add, as a minimum, the /copysource:lang
parameter to Winnt32.exe or the /rx:lang parameter to Winnt.exe. This enables you to copy
the appropriate language files to the hard disk. For example, to copy Korean settings while
installing a U.S. version of Windows XP Professional, you can specify /copysource:lang\kor
if starting from Winnt32.exe.
Table 2-9 describes the keys in the [RegionalSettings] section of the answer file. To ensure that
Setup completes without prompting for regional option information, do not provide keys or
values for the [RegionalSettings] section when specifying OemPreinstall = Yes. Set OEMSkipRegional = 1 in the [GuiUnattended] section of the answer file.
Table 2-9
Keys in the [RegionalSettings] Section
Key
Description
InputLocale
Specifies the input locale and keyboard layout combinations to be installed
on the computer. The first keyboard layout specified is the default layout for
the installation. The specified combinations must be supported by one of the
language groups defined by using either the LanguageGroup key or the default language group for the language version of Windows XP Professional
being installed. If an available language group does not support the combination specified, the default combination is used for the installation. This key
is ignored if the Language key is specified.
Language
Specifies the language and locale to be installed on the computer. This language must be supported by one of the language groups specified by using
the LanguageGroup key. If an available language group does not support the
locale, the default language for the Windows XP Professional version being
installed is used.
If this value is specified, the SystemLocale, UserLocale, and InputLocale keys
are ignored.
LanguageGroup
Specifies the supported language group to be installed on the computer. If
this key is specified, it provides default settings for SystemLocale, InputLocale,
and UserLocale keys.
For a list of the supported language group IDs, see the Deploy.chm in the
Deploy.cab file on the Windows XP Professional operating system CD. The
Deploy.cab file is in the \Support\Tools folder.
SystemLocale
Enables localized applications to run, and displays menus and dialog boxes
in the local language.
UserLocale
Controls the settings for numbers, time, currency, and dates.
94
Part I:
Deployment
A list of valid locales and their language groups is available at the Global Software Development Web site at http://www.microsoft.com.
Note The \i386\Lang folder is automatically copied into Windows XP Professional images
on a RIS server; however, the Lang folder must be manually copied into Windows 2000 images.
The LANG folder must exist within images to enable locale changes.
To use [RegionalSettings] for multilingual support during MiniSetup
1. Create a folder named \i386 under \$OEM$\$1\Sysprep\ in the distribution folder.
2. Copy the following files from the \i386 folder of the Windows XP Professional operating system CD to the \i386 folder in the Sysprep folder::
*.nl?
kbd*.dl?
*.fo?
agt*.dl?
agt*.hl?
conime.ex?
wbcache.*
noise.*
wbdbase.*
infosoft.dl?
f3ahvoas.dl?
sylfaen.tt_
c_is*.dl_
\Lang\...
You can also use Setup Manager to add the necessary files and folders to the \i386
folder. However, any settings specified here are not kept if Sysprep is run on the computer.
3. In Sysprep.inf, add the InstallFilesPath key to the [Unattended] section, as shown in the
following example:
InstallFilesPath = %systemdrive%\Sysprep\i386
For more information about the InstallFilesPath key, see the Deploy.chm in the
Deploy.cab file, which is on the Windows XP Professional operating system CD. The
Deploy.cab file is in the \Support\Tools folder.
If you specify a regional setting in the image, you must also specify the same setting in the
Sysprep.inf file. In addition, you must copy the correct file to the \Sysprep\i386 folder.
Chapter 2:
Automating and Customizing Installations
95
The \i386 folder and its contents are required only if the end user needs language support
from one of the language groups provided in that folder. The \i386 folder is deleted after
MiniSetup runs on the end user’s computer. If you perform an audit or if a reseller further
customizes the computer, you must re-create \Sysprep\i386 and then rerun Sysprep.exe
before the image is installed to allow the end user to specify the necessary regional and language options.
Presetting Time Zones
You can specify the time zone of the computers in your organization by using the TimeZone
key in the [GuiUnattended] section of your answer file or the Sysprep.inf file. If the TimeZone
key is not present, the user is prompted for a time zone specification during setup.
To preset time zones
■
In the [GuiUnattended] section of your answer file, add the statement shown in the following example:
[GuiUnattended]
TimeZone = “Index"
In the preceding example, Index specifies the time zone of the reference computer.
Unless the TimeZone key is specifically set in the RIS answer file, client computers that
are installed with RIS use the same time zone setting as the RIS server.
For a list of valid TimeZone indexes, see the Deploy.chm in the Deploy.cab file on the Windows XP Professional operating system CD. The Deploy.cab file is in the \Support\Tools
folder.
Detecting Video Mode for Computer Displays
You can customize the [Display] section of the answer file to ensure that Setup automatically
detects a computer’s display resolution. Specify the optimal settings (you must know the valid
settings) for the keys listed in Table 2-10. If the settings that you specify are not valid, Setup
finds the closest match to the selected settings, which might not be optimal.
Table 2-10
Keys in the [Display] Section
Keys
Description
BitsPerPel
Specifies the valid bits per pixel for the graphics device being installed. For example, a value of 8 implies 256 colors; a value of 16 implies 65,536 colors.
Vrefresh
Specifies a valid refresh rate for the graphics device being installed.
Xresolution
Specifies a valid x resolution for the graphics device being installed.
Yresolution
Specifies a valid y resolution for the graphics device being installed.
96
Part I:
Deployment
To ensure the Video mode is properly detected by Setup
1. Check that the computer BIOS supports the set of Video ACPI extensions.
2. Check that the drivers for the video cards and displays are included in the \$1\PnPdrvrs path.
3. In the [Unattended] section of the answer file, set the OemPnPDriversPath key to the
\$1\PnPdrvrs path.
4. In the [Display] section of the answer file, set the optimal settings for your computer.
To determine whether the hardware components in your organization are compatible with Windows XP Professional, see Windows Catalog at http://www.microsoft.com/windows/catalog.
Automatically Converting FAT32 to NTFS
When upgrading, you can customize the [Unattended] section of your answer file to convert
FAT32 file systems automatically to NTFS.
To automatically convert FAT32 partitions to NTFS
■
In the [Unattended] section of your answer file, add the statement shown in the following example:
[Unattended]
FileSystem = ConvertNTFS
When the FileSystem key is specified, Setup automatically converts your drive just before the
GUI mode of Setup starts. You must add the FileSystem = ConvertNTFS entry to the [Unattended] section if the ExtendOEMPartition entry appears in the [Unattended] section of the
answer file.
For more information about the differences between the NTFS, FAT16, and FAT32 file systems, see Chapter 13, “Working with File Systems.”
Converting Short File Names to Long File Names ($$rename.txt)
If you are starting Setup from MS-DOS, you can convert short file names to long names by creating a file called $$Rename.txt and putting that file in the folder of the distribution folder
that also contains the files that you want to convert. If you are starting Setup from any other
operating system, they are converted automatically.
Setup uses the list of files that you specify in $$Rename.txt to convert short names to long
names during the installation process. Each folder that contains a file, or files, that you want
to convert must also contain a $$Rename.txt file.
Chapter 2:
Automating and Customizing Installations
97
The $$Rename.txt file changes short file names to long file names during Setup.
$$Rename.txt lists all the files in a particular folder that must be renamed. Each folder that
contains short file names to be renamed must contain its own version of $$Rename.txt.
To convert short file names to long file names
■
Create a $$Rename.txt file by using the sections, keys, and values shown in the following example:
[Section_name_1]
Short_name_1 = “long_name_1"
Short_name_2 = “long_name_2"
Short_name_x = “long_name_x"
[Section_name_x]
Short_name_1 = “Long_name_1"
Short_name_2 = “Long_name_2"
Short_name_x = “Long_name_x"
Table 2-11 describes the variables in the preceding example.
Table 2-11
Converting Short File Names to Long File Names
Section or Key
Description
[Section_name_x]
This section name indicates the path to the folder that contains the files. A
section does not have to be named, or it can have a backslash (\) as a name,
which indicates that the section contains the names of the files or folders
that are in the root directory of the drive.
Short_name_x
This key is the short name of the file or folder within the folder indicated by
the section name. The short name must not be enclosed in quotation marks.
Long_name_x
This key is the long name of the file or folder. This name must be enclosed
in quotation marks if it contains spaces or commas.
Tip
If you are using MS-DOS to start the installation and your MS-DOS–based tools cannot
copy folders with path names longer than 64 characters, use short file names for the folders
and then use $$Rename.txt to rename them later.
Adding Applications
Use any of the following methods to add applications to your installation:
■
Cmdlines.txt, to add applications during the GUI mode of Setup.
■
Customized answer files. For example, customize the [GuiRunOnce] section of the
answer file to install applications when the user logs on for the first time.
98
Part I:
Deployment
■
Application installation programs.
■
Batch files.
■
Windows Installer Service.
Using Cmdlines.txt The Cmdlines.txt file contains the commands that GUI mode runs
when installing optional components, such as applications that must be installed immediately after Windows XP Professional installation. If you plan to use Cmdlines.txt, place it in
the \$OEM$ folder of the distribution folder. If you are using Sysprep, place Cmdlines.txt in
the \$OEM$\$1\Sysprep\$oem$ folder.
Use Cmdlines.txt under the following circumstances:
■
You are installing from the \$OEM$ folder of the distribution folder.
■
The application that you are installing:
❑
Does not configure itself for multiple users (for example, Microsoft® Office 95)
❑
Is designed to be installed by one user and to replicate user-specific information
The section and keys for Cmdlines.txt are shown in the following example:
[Commands]
"Command_1"
"Command_2"
.
.
"Command_x"
Keys are defined as follows:
■
“Command_1”, “Command_2”, and “Command_x” refer to the commands that you want
to run (and the order in which you want to run them) when GUI mode calls Cmdlines.txt. Note that all commands must be within quotation marks.
When you use Cmdlines.txt, be aware of the following:
■
When the commands in Cmdlines.txt are carried out during setup, there is no logged-on
user and there is no guaranteed network connectivity. Therefore, user-specific information is written to the default user registry, and all users receive that information.
■
Cmdlines.txt requires that you place the files that you must have to run an application
or tool in directories that you can access during the setup process. This means that the
files must be on the hard disk.
Chapter 2:
Automating and Customizing Installations
99
Warning
Applications that can be installed by using Windows Installer Service cannot be
added by using Cmdlines.txt.
To specify a Cmdlines.txt file during the MiniSetup portion of Sysprep
1. Create a Sysprep.inf file to be used by Sysprep. This is a requirement and cannot be
bypassed. The Sysprep.inf file must be named Sysprep.inf and must be located in the
Sysprep folder on the root of the volume that contains the folder %systemroot%.
2. Place the following statement in the [Unattended] section of the Sysprep.inf file:
InstallFilesPath = drive:\path
In the preceding example, path is any folder you want to use. It is recommended that
you use drive as the volume containing the %systemroot% folder.
3. Create the folder drive:\path. You can use any folder name, but it must match the location that you specified in Sysprep.inf.
4. In the drive:\path folder, create a folder named $oem$, and then place the Cmdlines.txt
file in this folder. This file is processed at the end of MiniSetup, before saving any settings.
Using the [GuiRunOnce] section of the answer file The [GuiRunOnce] section of the
answer file contains a list of commands that run the first time a user logs on to the computer
after Setup has run. To configure the application installation program so that it starts automatically, you can add the statement shown in the following example to the [GuiRunOnce] section of the answer file:
[GuiRunOnce]
"%systemdrive%\appfolder\appinstall -quiet"
If you plan to use the [GuiRunOnce] section to initiate an installation, consider the following
additional factors:
If an application forces a restart, determine how to suppress the restart. This is important
because any time the system restarts, all previous entries in the [GuiRunOnce] section are lost.
If the system restarts before completing entries previously listed in the [GuiRunOnce] section,
the remaining items are not run. If there is no way within the application to suppress a restart,
you can try to repackage the application into a Windows Installer package. Third-party products are available to provide this functionality.
Windows XP Professional contains Iexpress.exe. You can use Iexpress.exe to package .inf files
into executable files. These executable files can then be included in either Cmdlines.txt or
[GuiRunOnce].
100
Part I:
Deployment
Warning If you are adding an application to multiple localized language versions of Windows XP Professional, it is recommended that you test the repackaged application on the
localized versions to ensure that the files are copied to the correct locations and the required
registry entries are written appropriately.
If an application requires a Windows Explorer shell to install, the [GuiRunOnce] section does
not work because the shell is not loaded when the Run and RunOnce commands are carried
out. Check with the application vendor to determine whether there is an update that you
can download that enables the application to install. If not, repackage the application as a
Windows Installer package or use another means of distribution.
Applications that use the same type of installation mechanism might not run correctly if you do
not use a /wait parameter. This can happen when an application installation is running and
starts another process. When Setup is still running, initiating another process and closing an
active process might cause the next routine listed in the RunOnce registry entries to start.
Because more than one instance of the installation mechanism is running, the second application usually fails.
Using application installation programs The preferred method for adding an application
is to use the installation routine supplied with the application. You can do this if the application that you are adding can run in Quiet mode (without user intervention) by using a -q or
-s parameter. These parameters vary depending on how the application is written. For a list of
parameters supported by the installation mechanism, see the application documentation.
To initiate the unattended installation of an application by using the application’s installation
program, you can add text to the [GuiRunOnce] section of the answer file that is similar to the
statement shown in the following example:
path to setup\Setup.exe /q
Setup parameters vary depending on how the application is written. For example, the -l
parameter included in some applications is useful when you want to create a log file to monitor the installation. Some applications have commands that can prevent them from automatically restarting. These commands are useful in helping to control application installations
with a minimal number of restarts.
Make sure that you check with the application vendor for information, instructions, tools, and
best practices information before you install any application.
Warning
You must meet the licensing requirements for any application that you install,
regardless of how you install it.
Chapter 2:
Automating and Customizing Installations
101
Using a batch file to control how multiple applications are installed To control how
multiple applications are installed, create a batch file that contains the individual installation
commands and uses the Start command with the /wait parameter. This method ensures that
your applications install sequentially and that each application is fully installed before the
next application begins its installation routine. The batch file is then run from the
[GuiRunOnce] section.
The following procedure explains how to create the batch file, install the application, and
remove all references to the batch file after the installation is complete.
To install applications by using a batch file
1. Create a batch file that uses the following syntax:
start /wait AppSetupProgram [AppSetupProgramParameters] […]
Table 2-12 describes the syntax that is used in the preceding example.
Table 2-12
Batch File Parameters
File or Parameter
Description
AppSetupProgram
Specifies the path and file name for the application setup
program—for example, D:\Setup.exe.
AppSetupProgramParameters
Specifies any available Quiet-mode parameters for the setup
program that you have specified.
2. Copy the batch file to the distribution folders or another location to which you have
access during setup.
3. Using File name.bat as the name of the batch file, include an entry in the [GuiRunOnce]
section of the answer file to run the batch file as shown in the following example. This
example is based on the assumption that the batch file was copied to the Sysprep folder
on the local hard disk. However, the batch file can be in any location that is accessible to
Setup during an installation.
[GuiRunOnce]
"path-n\Command-n.exe" "%systemdrive%\sysprep\sysprep.exe -quiet"
In the preceding example, “path-n\Command-n.exe” and “%systemdrive%
\sysprep\sysprep.exe -quiet” are fully qualified paths to additional applications, tool installations, or configuration tools. They can also be paths to batch files. These paths must be available during setup.
102
Part I:
Deployment
Using Windows Installer Service Windows Installer Service is a Windows XP Professional
component that standardizes the way applications are installed on multiple computers.
When you install applications without using Windows Installer Service, every application
must have its own setup executable file or script. Each application has to ensure that the
proper installation rules (for example, rules for creating file versions) are followed. This is
because the application setup was not an integral part of the operating system development;
therefore, no central reference for installation rules exists.
Windows Installer Service implements all the Setup rules for the operating system. To follow
these rules, applications must be described in a standard format known as a Windows
Installer package. The data file containing the format information is known as the Windows
Installer package file and has an .msi file name extension. Windows Installer Service uses the
Windows Installer package file to install the application.
The package file is a database format that is optimized for installation performance. Generally,
this file describes the relationships among features, components, and resources for a specific
product.
The Windows Installer package file is typically located in the root folder of the Windows XP
Professional operating system CD or network image, alongside the product files. The product
files can exist as compressed files known as cabinet (.cab) files. Each product has its own
package file. During installation, Windows Installer Service opens the package file for the
product and uses the information inside the Windows Installer package to determine which
installation operations must be performed for that product.
Setting Passwords
When upgrading from Windows 98 or Windows Me, you can customize your answer files to
set passwords for all local user accounts and force all users or specific users to change their
passwords when they first log on. You can also set passwords for the local Administrator
account.
Table 2-13 describes the types of passwords that you can set in an answer file.
Table 2-13 Types of Passwords That You Can Set in an Answer File
Section
Key
Description
[GuiUnattended]
AdminPassword
Automatically sets the password for the local Administrator account. If the AdminPassword key is used in a
Sysprep.inf file, the original password on the computer
must be set to null. Otherwise, any AdminPassword
value in the answer file is ignored.
[Win9xUpg]
DefaultPassword
Automatically sets a password for all local accounts
created when you are upgrading from Windows 98 or
Windows Me.
Chapter 2:
Table 2-13
Automating and Customizing Installations
103
Types of Passwords That You Can Set in an Answer File
Section
Key
Description
[Win9xUpg]
ForcePasswordChange
Forces users for all local accounts to change their passwords when they log on for the first time after upgrading from Windows 98 or Windows Me.
[Win9xUpg]
UserPassword
Forces specific users to change their passwords on
their local accounts when they log on for the first time
after upgrading from Windows 98 or Windows Me to
Windows XP Professional.
Sets user passwords for local accounts after an upgrade from Windows 98 or Windows Me to Windows
XP Professional.
If the answer file does not contain a UserPassword key
and a DefaultPassword key, a password is generated
for each migrated local user account. When users log
on for the first time, they are required to change their
password.
Prompting the user for the administrator password The administrator password is set to
null by default. You can customize your answer file to prompt the user for an administrator
password during installation.
Locate the following entry in the [Unattended] section of the answer file:
[Unattended]
UnattendMode = FullUnattended
If the UnattendMode key is set to FullUnattended, as shown in the preceding example, do not
edit the answer file as described in the following procedure. This combination of answer file
settings generates an error.
To prompt for an administrator password
1. Locate the following entry in the [GuiUnattended] section of your answer file:
[GuiUnattended]
AdminPassword = “*"
2. Edit the entry to read:
[GuiUnattended]
AdminPassword = “"
This enables the user to type the local administrator password in GUI-mode Setup.
104
Part I:
Deployment
3. To optionally put Setup in Read-only mode and prevent users from changing fields
(other than the Administrator password) during Setup, add the following line to the
[Unattended] section of the answer file:
[Unattended]
UnattendMode = “ReadOnly"
This enables the user to type only the local administrator password in GUI-mode Setup.
An alternative to the preceding procedure is to use Setup Manager to create the answer file
and supply an administrator password. When you use Setup Manager, you can encrypt the
password in the answer file so that users cannot read it.
For more information about using the RIS Client Installation Wizard to prompt users for the
administrator password, see “Customizing RIS Installations” earlier in this chapter.
Setting passwords on local accounts For upgrades, you can customize your answer file to
set all local account passwords to a default value.
To set passwords on all local accounts
■
In your answer file, add the following entry in the [Win9xUpg] section:
[Win9xUpg]
DefaultPassword = “password"
In the preceding example, password is the default password that you want to set for all
local users.
Note If a local account must be created for a user without a UserPassword entry and no
DefaultPassword is specified, Setup creates a random password. After the first restart, the user
is prompted to change the password.
For Windows 98 upgrades, you can customize your answer file to create passwords for specific local accounts. Because Windows 98 and Windows Me passwords cannot be migrated
during the upgrade, Setup must create passwords for local accounts during the upgrade process. By using the DefaultPassword key, the administrator can predetermine those passwords
for specific users. If a local account needs to be created for a user without a preset value for the
UserPassword entry and no value is specified for DefaultPassword, Setup generates a random
password.
Chapter 2:
Automating and Customizing Installations
105
To create passwords for specific local accounts when you are upgrading from
Windows 98 or Windows Me
■
In the answer file, add the following entry in the [Win9xUpg] section:
[Win9xUpg]
UserPassword = user,password[,user_1,password_1]
Forcing all users to change local account passwords when upgrading from Windows 98
or Windows Me You can customize your answer file to require all users to change the passwords for their local accounts when they log on for the first time. When a user logs on for the
first time, he or she is notified that his or her current password has expired and that a new
password must be supplied.
To force users to change their password after upgrading from Windows 98 or
Windows Me
■
In the answer file, add the following entry in the [Win9xUpg] section:
[Win9xUpg]
ForcePasswordChange = Yes
Installing the Operating System
After you have chosen the method to install the operating system and have customized your
answer file and the distribution folder with the appropriate files, you are ready to install the
operating system.
The following installation methods are covered in this section:
■
Unattended Installations
■
Image-Based Installations with Sysprep
■
Installations with RIS
Unattended Installations
Winnt32.exe and Winnt.exe are unattended installation tools that provide a convenient and
flexible method for installing the operating system. In addition, Winnt32.exe does not require
additional tools. This section explains how to use Winnt32.exe.
Caution Before upgrading to the Windows XP Professional operating system, restart the
computer if you have recently upgraded any applications.
106
Part I:
Deployment
Note When you run Winnt32.exe on a computer with multiple hard disks or partitions,
specify the exact location of the destination hard drive or partition to which you are installing.
Use the Winnt32 /tempdrive parameter to specify the destination.
Use Winnt32.exe to run Setup on computers running Windows 98, Windows Me, Windows
2000 Professional, Windows NT Workstation 4.0, or Windows XP Professional operating systems.
Note
Winnt32.exe is also referred to as Setup.
To run Setup in Unattended mode
■
At the command prompt type: winnt32 /unattend: answer_file.
When you run the Setup program, it installs Windows XP Professional in three phases: File
Copy, Text mode, and GUI mode.
File Copy
Setup copies the Windows XP Professional program files and any additional files that you
specify from the distribution folder to the computer’s hard disk.
Text Mode
Setup identifies the basic hardware in the computer (such as the microprocessor and motherboard type, hard disk controllers, file systems, and memory), installs the base operating system required to continue with Setup, and creates any folders that you specify.
GUI Mode
Setup configures the computer’s hardware (audio, video, and so on), configures network
settings, prompts you to provide an Administrator password, and allows you to personalize
the installation. If you use Sysprep, the Setup program goes through a different phase called
MiniSetup.
Winnt32.exe Parameters
Winnt32.exe accepts the following parameters.
[/checkupgradeonly]
[/cmd:command_line]
[/cmdcons]
[/copydir:folder_name]
[/copysource:folder_name]
[/debug[level]:[file_name]
Chapter 2:
Automating and Customizing Installations
107
[/dudisable] [/duprepare:pathname] [/dushare:pathname] [/m:folder_name]
[/makelocalsource]
[/noreboot]
[/s:sourcepath]
[/syspart:drive_letter]
[/tempdrive:drive_letter]
[/udf:ID,UDF_file]
[/unattend]
[/unattend:seconds][:answer_file]
Parameter Descriptions
To determine which parameters you want to use, refer to the following Winnt32.exe parameter descriptions:
/checkupgradeonly Checks the current operating system for upgrade compatibility with
Windows XP Professional. This is simply a verification and does not install Windows XP
Professional.
/cmd:command_line Specifies a command to be carried out after the GUI mode of Setup finishes. The command occurs before Setup is complete and after Setup has restarted your computer and collected the necessary configuration information. For example, this parameter can
run Cmdlines.txt, which specifies the applications to be installed immediately after Setup
completes.
/cmdcons
Adds a Recovery Console option for repairing a failed installation.
/copydir:folder_name Creates a subfolder within the folder that contains the Windows files.
For example, if the source folder contains a Private_drivers folder that has modifications just
for your site, you can type /copydir:private_drivers to copy that folder to your Windows XP
Professional folder. You can use the /copydir parameter multiple times.
/copysource:folder_name Temporarily creates a subfolder within the folder that contains the
Windows files. For example, if the source folder contains a Private_drivers folder that has
modifications just for your site, type /copysource:private_drivers to have Setup copy that
folder to your Windows XP Professional folder and use its files during Setup. Unlike the
/copydir parameter, folders created by using /copysource are deleted when Setup finishes.
/debug[level]:[file_name] Creates a debug log at the specified level. When you use the
default setting, the program creates a log file (%windir%\Winnt32.log) that has a warning
level of 2. The warning levels for the log file are as follows: 0 = severe errors, 1 = errors,
2 = warnings, 3 = information, and 4 = detailed information for debugging. Each level also
includes the levels below it.
/dudisable Prevents dynamic update from running. Without dynamic update, Setup runs
only with the original Setup files. This option disables dynamic update even if you set DisableDynamicUpdates = No in the [Unattended] section of the Unattend.txt file. The /dudisable
parameter in Winnt32.exe overrides the DisableDynamicUpdates = No setting in Unattend.txt.
108
Part I:
Deployment
/duprepare:pathname Prepares an installation share to be used with Dynamic Update files
downloaded from the Windows Update Web site. The installation share can then be used for
installing Windows on multiple client computers.
/dushare:pathname Specifies a share on which you previously downloaded Dynamic
Update files (updated files for use with Setup) from the Windows Update Web site, and on
which you previously ran /duprepare:pathname. When run on a client computer, /duprepare:pathname specifies that the client installation uses the updated files on the share that is
specified in pathname.
/m:folder_name Instructs Setup to copy replacement files from an alternate location. It
directs Setup to look at the alternate location first and to copy the files from that location (if
the files are present) instead of from the default location.
/makelocalsource Instructs Setup to copy all installation source files to your local hard disk.
Use /makelocalsource to obtain installation files if you begin installation from a CD and the
CD becomes unavailable during the installation.
/noreboot Instructs Setup to not restart the computer after the file copy phase of Winnt32 is
complete so that you can execute another command.
/s:sourcepath Specifies the source location of the Windows XP Professional files. The
default is the current folder. To copy files simultaneously from multiple servers, you can specify up to eight sources. For example:
winnt32 /s:server1 … /s:server8
If you type the option multiple times, the first server specified must be available, or Setup fails.
This functionality speeds up the file copy phase of Setup to the destination computer and provides additional load balancing capability to the distribution servers from which you run
Setup.
/syspart:drive_letter Specifies that you can copy Setup startup files to a hard disk, mark the
disk as active, and install the disk in another computer. When you start that computer, Setup
automatically starts at the next phase. Remember the following points when you use this
parameter:
■
You must always use the /tempdrive option when you use the /syspart option.
■
Both /syspart and /tempdrive must point to the same partition of a secondary hard
disk.
■
You can use the /syspart parameter only from a computer that is running Windows NT
3.51, Windows NT 4.0, Windows 2000 Professional, or Windows XP Professional. You
cannot use this parameter from a computer that is running Windows 98 or Windows Me.
Chapter 2:
Automating and Customizing Installations
109
/tempdrive:drive_letter Directs Setup to place temporary files on the specified partition and
to install Windows XP Professional on that partition.
/udf:ID[,UDF_file] Indicates an identifier that Setup uses to specify how a Uniqueness
Database File (UDF) modifies an answer file. The UDF file overrides values in the answer file,
and the identifier determines which values in the UDF file are used. For example,
/udf:Roaming_user,Our_company.udf overrides settings specified for the identifier
Roaming_user in the Our_company.udf file. If you do not specify a UDF file, Setup prompts
you to insert a disk that contains the file $Unique$.udf.
/unattend Upgrades a previous version of Windows by using Unattended installation
mode. Setup downloads the Dynamic Update files from Windows Update and includes these
files in the installation. All user settings are taken from the previous installation. No user intervention is required during Setup.
User passwords cannot be migrated from a Windows 98 or Windows Me installation during
an upgrade to Windows XP Professional; however, if you are upgrading from Windows NT
Workstation 4.0 or Windows 2000 Professional, any user accounts that were defined in the
local database are available after upgrading to Windows XP Professional.
Warning
By adding the OemSkipEula key to the [Unattended] section of the answer file,
you can automate Setup to affirm that you have read and accepted the End-User License
Agreement (EULA) for Windows XP Professional. Before using this entry to install Windows XP
Professional on behalf of an organization other than your own, you must confirm that the end
user (whether an individual or a single entity) has received, read, and accepted the terms of the
Windows XP Professional EULA. OEMs cannot specify this key for computers being sold to end
users.
/unattend[num][:answer_file] Performs a fresh installation of Windows in Unattended
mode using the specified answer file. The specified num value indicates the number of seconds between the time that Setup finishes copying the files and when Setup restarts.
Sysprep
The System Preparation tool, Sysprep.exe, is a disk-image–based deployment tool that you can
use to install identical configurations on multiple computers. You can also use Sysprep to customize and automate MiniSetup and to audit computers. You can run Sysprep as many times
as you want; however, if you are using a non–volume licensed version, you can run
Sysprep.exe and the MiniSetup Wizard only three times on the same operating system installation. You cannot run Sysprep a fourth time. This restriction also applies to Riprep.
On a reference computer, install the operating system and any applications that you want
installed on your destination computers, and then run Sysprep. Sysprep prepares the hard
disk on the reference computer for duplication to other computers. You can then run a third-
110
Part I:
Deployment
party disk-imaging application. The major advantage of Sysprep installation is speed. The
image can be packaged and compressed; only the files required for the specific configuration
are created as part of the image. The shortened GUI-mode Setup can take five or six minutes
instead of 45 to 60 minutes and prompts the user only for required and user-specified information.
Because the reference and destination computers are required to have identical HALs and
ACPI support, you might be required to maintain multiple images for your environment.
Warning
Before performing disk duplication, check with your software vendor to make
sure that you are not violating the licensing agreement for installation of the software that you
want to duplicate.
Overview of the Sysprep Process
Table 2-14 describes the steps you must perform during the process of preparing a reference
computer for disk duplication.
Table 2-14 Preparing a Reference Computer for Disk Duplication
Step
Description
Step 1
Install the operating system on a computer that has hardware similar to the destination
computers. While preparing the computer, do not join it to a domain, and keep the local administrative password blank.
Step 2
Configure the computer. Log on as the administrator, and then install and customize
Windows XP Professional and associated applications. This process might include adding Plug and Play device drivers or productivity applications (such as Microsoft® Office), business-specific applications, and other applications or settings that you want
included in a common configuration for all client computers.
Step 3
Validate the image. Run an audit, based on your criteria, to verify that the image configuration is correct. Remove residual information, including anything left behind from
audit and event logs.
Step 4
Prepare the image for duplication. When the computer is configured exactly as you
want it, prepare the system for duplication. If you are running Sysprep with the -mini
parameter, you can prepare the system by running Sysprep with the optional
Sysprep.inf file, which is described earlier in this chapter. After Sysprep runs, the computer shuts down automatically or indicates that it is safe to shut down.
Step 5
Duplicate. The computer hard disk is triggered to run Plug and Play detection, create
new security identifiers (SIDs), and run the MiniSetup Wizard the next time the system
is started. You can duplicate or create an image of the system by using hardware or
software. The next time Windows XP Professional is started from this reference computer or from any destination computer created from this image, the system detects
and reenumerates the Plug and Play devices to complete the installation and configuration on the destination computer.
Chapter 2:
Warning
Automating and Customizing Installations
111
Components that depend on the Active Directory directory service cannot be
duplicated.
Requirements for Running Sysprep
Before you can use Sysprep, your computer hardware and related devices must meet the following requirements:
■
The reference and destination computers must have compatible HALs. For example,
Advanced Programmable Interrupt Controller (APIC)–based MPS (multiprocessor systems) must use the same APIC HAL. A standard HAL programmable interrupt controller (PIC)–based system is not compatible with either the APIC HAL or the MPS HAL.
■
The reference and destination computers must have identical Advanced Configuration
and Power Interface (ACPI) support.
■
The Plug and Play devices on the reference and destination computers—such as
modems, sound cards, network adapters, and video cards—do not have to be from the
same manufacturer. However, the drivers for these devices must be available.
■
Third-party disk-imaging software or disk-duplicating hardware devices are required.
These products create binary images of a computer’s hard disk and either duplicate the
image to another hard disk or store the image in a file on a separate disk.
■
The size of the hard disk on the destination computer must be at least the same size as
the hard disk on the reference computer. If the destination computer has a larger hard
disk, the difference is not included in the primary partition. However, you can use the
ExtendOemPartition key in the Sysprep.inf file to extend the primary partition if it was
formatted as NTFS.
How Sysprep Works with Windows Product Activation
In Windows XP Professional, Sysprep can reset Windows Product Activation a maximum of
three times. When a computer running a disk image that was prepared with Sysprep is
restarted, the activation timer is reset and the installation of Windows XP Professional is
enabled with the full grace period for Windows Product Activation. After three resets, the activation timer is no longer reset. To prevent resets of the activation timer, run Sysprep from the
command line, and include the -activated parameter and the -reseal parameter, as shown in
the following example:
sysprep -activated -reseal
For more information about Windows Product Activation, see Chapter 1, “Planning
Deployments.”
112
Part I:
Deployment
Sysprep Components
Run Sysprep.exe manually or configure Setup to run Sysprep.exe automatically by using the
[GuiRunOnce] section of the answer file. Sysprep.exe and Setupcl.exe must be located in a
Sysprep folder at the root of the system drive (%SystemDrive%\Sysprep\). To place the files
in the correct location during an automated Setup, add these files to your distribution folders
under the \$OEM$\$1\Sysprep folder. For more information about this folder, see “Create a
Distribution Folder” earlier in this chapter.
Sysprep.exe and Setupcl.exe prepare the operating system for duplication and start MiniSetup. If
you are running Sysprep with the -mini parameter, you can also include the optional answer
file, Sysprep.inf, in the Sysprep folder. Sysprep.inf contains default keys that you can use to
provide consistent responses where they are appropriate. This limits the requirement for user
input and reduces potential user errors.
In addition, you can customize the destination computer by placing the Sysprep.inf file on a
floppy disk and inserting it after the Windows startup screen appears. The floppy disk is read
when the “Please Wait” MiniSetup Wizard page appears. When the MiniSetup Wizard successfully completes its tasks, the system restarts a final time, the Sysprep folder and all of its
contents are deleted, and the system is ready for the user to log on.
The Sysprep files are defined in the following sections.
Sysprep.exe
Table 2-15 describes the optional parameters for Sysprep.exe.
Table 2-15 Sysprep.exe Optional Parameters
Parameter
Description
quiet
Runs Sysprep without displaying the Sysprep onscreen messages.
nosidgen
Runs Sysprep without regenerating SIDs that are already on the system. This parameter is useful if you do not intend to duplicate the computer on which you
are running Sysprep.
pnp
Forces full hardware detection when the computer is restarted. Setup actively
seeks new devices on the system whether or not they are Plug and Play. Because
this mode increases the time required for MiniSetup, it is useful only if the computer on which the image is being loaded contains non–Plug and Play hardware
that cannot be dynamically detected.
reboot
Automatically restarts the computer after Sysprep shuts it down. This eliminates
the need to manually turn on the computer again.
activated
Prevents Windows Product Activation resets. If this parameter is not set, Sysprep
can reset Windows Product Activation a maximum of three times.
factory
When you are running Sysprep.exe, enables you to add additional drivers and
applications to the image after the computer restarts.
reseal
Enables you to reseal the image and prepare the computer for delivery after you
have made modifications to the image in Factory mode.
Chapter 2:
Automating and Customizing Installations
113
Sysprep.exe Optional Parameters
Table 2-15
Parameter
Description
msoobe
Displays the Windows Welcome screen (Msoobe.exe) on the next restart of the
computer.
forceshutdown
Prepares the operating system as specified by Reseal mode, and then immediately shuts down the computer without user intervention.
mini
Runs MiniSetup on the next restart of the computer.
Note
For more information about optional parameters for Sysprep.exe, see Microsoft Windows Presinstallation Reference (Ref.chm) in the Deploy.cab file in the \Support\Tools folder on
the Windows XP Professional operating system CD. You can use Windows Explorer or you can
run Extract.exe to extract and view the Ref.chm file.
Sysprep.inf Sysprep.inf is an answer file that is used to automate the MiniSetup process. It
uses the same INI file syntax and key names (for supported keys) as Unattend.txt. Place the
Sysprep.inf file in the %systemdrive%\Sysprep folder or on a floppy disk. If you use a floppy
disk, insert it into the floppy disk drive after the Windows startup screen appears. Note that if
you do not include Sysprep.inf when running Sysprep, the MiniSetup Wizard requires user
input at each customization page.
For more information about Sysprep.inf, see “Customizing Sysprep Installations” earlier in
this chapter. For details about answer file parameters and syntax, see the Deploy.chm in the
Deploy.cab on the Windows XP Professional operating system CD. The Deploy.cab file is in
the \Support\Tools folder.
Setupcl.exe
Setupcl.exe regenerates new security identifiers (SIDs) for the computer.
Sysprep User Interface To run Sysprep from the user interface, double-click Sysprep.exe.
The System Preparation Tool dialog box appears. The System Preparation Tool dialog box
enables you to perform the following functions:
Factory mode
image.
Run Factory mode to add additional drivers and applications to the Sysprep
Audit Boot mode
Reseal mode.
Run Audit Boot mode to restart the computer before you are ready to use
Reseal mode When you have made modifications in Factory mode, run Reseal mode to prepare the computer for delivery.
PnP flag
Select the PnP flag to force full hardware detection when the computer is restarted.
NoSIDGen flag Select the NoSIDGen flag to run Sysprep without regenerating SIDs that are
already on the computer.
114
Part I:
Deployment
MiniSetup flag Select the MiniSetup flag to run MiniSetup the first time a computer starts
from a hard disk that has been duplicated by using Sysprep.
Pre-activated flag
Activation.
Select the Pre-activated flag to prevent resets of Windows Product
For more information about Factory mode and about MiniSetup flag, see “Customizing
Sysprep Installations” earlier in this chapter.
Running Sysprep
After you install the operating system, you can use Sysprep to prepare for the transfer of the
operating system to other similarly configured computers.
To run Sysprep manually, first install the operating system, configure the computer, and
install any applications you want to include. Then run Sysprep without using the -reboot
command-line parameter. After the system shuts down, duplicate the image of the hard disk
to the similarly configured computers.
If you are running Sysprep with the -mini parameter, the MiniSetup Wizard runs when users
start their duplicated computers for the first time. You can preassign all or some of the
Sysprep configuration parameters by using Sysprep.inf. The Sysprep folder (which contains
Sysprep.exe and Setupcl.exe) is automatically deleted after MiniSetup is completed.
To prepare a Windows XP Professional installation for duplication
1. From the Start menu, click Run, and then type cmd.
2. At the command prompt, change to the root folder of drive C, and then type:
md sysprep
3. Insert the Windows XP Professional operating system CD into the appropriate CD-ROM
drive. Open the Deploy.cab file in the \Support\Tools folder.
4. Copy Sysprep.exe and Setupcl.exe to the Sysprep folder.
If you are using Sysprep.inf, copy this file to the Sysprep folder. For Sysprep to function
correctly, Sysprep.exe, Setupcl.exe, and Sysprep.inf must all be in the same folder.
5. At the command prompt, change to the Sysprep folder by typing:
cd sysprep
6. At the command prompt, type:
sysprep /optional_parameter
Chapter 2:
Automating and Customizing Installations
115
If you don’t use -reboot as one of your optional parameters, click Shut Down from the
Start menu when a message appears requesting that you shut down the computer. You
are now ready to use a third-party disk-imaging tool to create an image of the installation.
Note
You can add a Cmdlines.txt file to the Sysprep\i386\$oem$ folder to be processed by
Setup. This file is used to run post-setup commands, including commands for application
installation. For more information about Using Cmdlines.txt, see “Adding Applications” earlier
in this chapter.
Selecting disk-imaging tools Use a third-party disk-imaging tool to create a Windows XP
Professional image. To ensure the best outcome when you are using a third-party disk-imaging
tool with Windows XP Professional, make sure the tool meets all the requirements for your
environment and make sure the tool can do the following:
■
Access NTFS partitions.
Make sure your disk-imaging tool is compatible with Windows XP. Disk-imaging tools
that are designed for use with the version of NTFS supported by Windows 2000, might
not be compatible with the version of NTFS supported by Windows XP.
■
Handle long file names.
■
Create packages with short file names (for server environments that cannot read long
file names).
■
Open packages to add/remove files (such as new/updated drivers) without having to recreate the entire package.
Reducing the number of reference images With Sysprep, you can minimize the number
of images that you need to use for preinstalling Windows XP Professional from multiprocessor (MP) to uniprocessor (UP) computers or from uniprocessor to multiprocessor computers.
However, this functionality works only for APIC or ACPI APIC computers.
Note More interrupts are available with APIC systems than with programmable interrupt
controller (PIC) uniprocessor systems. As a result, computers with APIC HALs have faster
response times, and they can support more hardware devices than computers with PIC HALs.
You can use one of several methods to create images for installations on multiprocessor systems and deploy the images on uniprocessor systems, or to create images for installations on
uniprocessor systems and deploy the images on multiprocessor systems. Each method has
advantages and disadvantages, as outlined in the following sections. Choose the method that
works best for you and your preinstallation environment.
116
Part I:
Deployment
Table 2-16 illustrates the compatibility of computers based on their HAL type. One image is
required for each compatibility group. In this table, multiprocessor is abbreviated MP and uniprocessor is abbreviated UP.
Table 2-16 HAL Compatibility
ACPI–
APIC UP
ACPI–APIC
MP
ACPI APIC UP
X
X
ACPI APIC MP
X
X
Compatibility
ACPI PIC
ACPI PIC
X
Non–ACPI
UP PIC
Non–ACPI UP
PIC
X
Non–ACPI
APIC UP
X
Non–ACPI
APIC MP
Non–ACPI
APIC UP
Non–ACPI
APIC MP
X
X
X
X
X
Multiprocessor to uniprocessor For this process, the image is created on a multiprocessor
reference computer. This image can be used on other multiprocessor computers or on uniprocessor computers.
The advantage of multiprocessor to uniprocessor is that you can create a single entry in the
Sysprep.inf file that then prompts Windows XP Professional to determine, after MiniSetup is
complete, whether a single processor or multiple processors are running. The correct kernel
files are then used.
The disadvantage of multiprocessor to uniprocessor is that this process requires that, when
you create the reference image, you include each of the Mp2up.inf files and other related
Mp2up files in the distribution folders.
Warning
This image can be used only in one of the following configurations depending on
the HAL type you are using:
■
From an ACPI APIC MP–based reference computer for use on other ACPI APIC MP or
ACPI APIC UP–based computers.
■
From a non–ACPI APIC MP–based reference computer for use on other non–ACPI APIC
MP or non–ACPI APIC UP–based computers.
Chapter 2:
Automating and Customizing Installations
117
To create a multiprocessor-to-uniprocessor image
1. Copy the Mp2up.inf and associated Mp2up files to the location you are using for your
Plug and Play device drivers in your distribution folders—for example,
\$OEM$\$1\Sysprep\Hal.
2. In Sysprep.inf, add:
[Unattended]
UpdateUPHAL = “hwid,%SystemDrive%\Sysprep\Hal.inf”
In the preceding example, hwid is either MPS_UP or ACPI APIC_UP.
3. Install the operating system from the distribution folders to a multiprocessor computer.
4. Run Sysprep with the Sysprep.inf created in step 2.
5. Image the computer.
6. Place the image on comparable destination computers.
Uniprocessor to multiprocessor For this process, the image is created on a uniprocessor reference computer with an APIC HAL. This image can then be used on computers with compatible hardware and compatible HALs (either APIC UP HALs or APIC MP HALs).
The advantage of uniprocessor to multiprocessor is that you do not have to install the Mp2up
files on the computer.
The disadvantage of uniprocessor to multiprocessor is that before the computers can be
shipped, the Sysprep.inf file must be replaced depending on the type of computer being
shipped: uniprocessor or multiprocessor.
Warning
This image can be used only in one of the following configurations, depending on
the HAL type you are using:
■
From an ACPI APIC uniprocessor–based reference computer for use on other ACPI APIC
uniprocessor or ACPI APIC multiprocessor–based computers.
■
From a non–ACPI APIC uniprocessor–based reference computer for use on other non–
ACPI APIC uniprocessor or non–ACPI APIC multiprocessor–based computers.
To create the uniprocessor-to-multiprocessor image
1. Install the operating system on a uniprocessor computer.
2. Run Sysprep.
3. Create the image of the computer.
118
Part I:
Deployment
4. In Sysprep.inf, add:
[Unattended]
UpdateHAL = “hwid,%windir%\inf\hal.inf"
In the preceding example, hwid is either MPS_MP or ACPI APIC_MP.
5. Place the image on comparable destination computers.
6. On multiprocessor computers, use the Sysprep.inf file created in step 4 to replace all
previous Sysprep.inf files.
You can use any tools you normally use to manipulate files on the hard disk when creating new computers from an image.
Using Sysprep to extend disk partitions When installing Windows XP Professional, you
might find it necessary to extend the partition of the destination computer. You can use
Sysprep with the appropriate entries in the answer file to extend an NTFS partition. You might
want to extend an NTFS partition for the following reasons:
■
To create images that can be extended into larger disk partitions and take advantage of
hard disks that might have greater capacity than the original hard disk on the reference
computer.
■
To create images on smaller hard disks.
Review the following steps, and choose the method that works best for you based on the
third-party tools that you are using to create an image of the operating system.
Caution
Make sure that you do not accidentally delete the Setupapi.log and Hyberfil.sys
files (if applicable) when modifying the image. These files are re-created when the MiniSetup
Wizard runs on the destination computer. Deleting these files on an active system can cause
the system to function improperly.
When used in an answer file, the ExtendOemPartition key causes Setup to extend the destination partition into any available unpartitioned space that physically follows it on the hard
disk.
The values for ExtendOemPartition are 0, 1, and extra size in MB, where
■
0 Setup does not extend the partition.
■
1 Setup extends the partition to fill out the hard disk.
■
extra size in MB Setup increases the current partition size by this amount.
ExtendOemPartition automatically leaves the last cylinder on the hard disk free to allow
dynamic disk support. ExtendOemPartition can be set to a number other than 1 to indicate a
Chapter 2:
Automating and Customizing Installations
119
specific disk size for extending the hard disk. This is useful if more than one partition is
required on a computer.
Warning
Only NTFS partitions can be extended. If the destination partition you plan to
extend is FAT or FAT32, run convert.exe /fs:ntfs from the command line before running Sysprep.
The file system is converted when the image is applied to the destination computer before the
MiniSetup Wizard starts. Setup does not extend FAT16 and FAT32 partitions.
ExtendOemPartition can be used with both the Unattend.txt and Sysprep.inf Setup files.
When used in Sysprep.inf for imaged computers, the destination computer’s hard disk must be
the same size or larger than the reference computer’s hard disk.
To enable the extension, the partition to be extended must have contiguous unpartitioned
space available.
To extend a hard disk partition when using a third-party disk-imaging product or a
hardware-imaging device that supports the version of NTFS that is used by Windows XP
Professional
1. Create a partition on the reference computer hard disk that is just large enough to install
Windows XP Professional with all the components and applications that you intend to
add. This helps keep the size of the reference image file to a minimum.
2. If the destination partition you plan to extend is FAT or FAT32, run convert.exe /fs:ntfs
from the command line before running Sysprep. The file system is converted when the
image is applied to the destination computer before the MiniSetup Wizard starts.
Note
ConvertNTFS does not work in Sysprep.inf because this is a Text mode–only
function and Sysprep does not go through Text mode.
3. In the [Unattended] section of Sysprep.inf, include the statement:
ExtendOemPartition = 1
You can also set the additional size in megabytes to extend the partition.
4. Install Windows XP Professional on the reference computer. Sysprep shuts down the
system automatically.
5. Generate the image.
6. Place the image on the destination computer where the destination computer has the
same size system partition as the reference computer.
7. Restart the destination computer.
120
Part I:
Deployment
When you place the reference image on a destination computer, drive C is converted to
NTFS when the computer starts. The computer then restarts and starts MiniSetup. During MiniSetup, Windows extends drive C to the rest of the unpartitioned space on the
hard disk. The destination computer then restarts, and the end user can log on and
begin using Windows XP Professional.
The MiniSetup Wizard starts, and the partition is extended.
To extend a hard disk partition when using a disk-imaging product that does not
support NTFS used by Windows XP Professional
1. In the [Unattended] section of Sysprep.inf, include the statement:
ExtendOemPartition = 1
Or you can specify the additional size in megabytes to extend the partition.
2. Use $$Rename.txt to convert short file names.
3. Run Sysprep.
The following actions occur when you restart the destination computer:
■
The computer initially starts in Conversion mode to convert the system partition on the
destination computer to NTFS.
■
The computer automatically restarts.
■
The MiniSetup Wizard starts, and the partition is extended almost instantaneously.
Installing Windows XP Professional on non-networked computers Even if you don’t
have a network, you can still install Windows XP Professional and various applications on client computers, one computer at a time.
To install Windows XP Professional on non-networked computers
1. Choose a setup method, and then start Setup.
2. Add custom information and additional files.
3. Install applications. If you have no applications to install, skip this step.
Warning
Each client computer must have a CD-ROM drive.
Choose a setup method and then start Setup Setup can typically be started from an MS-DOS
bootable floppy disk, from a set of Windows XP Professional Setup floppy disks that you can
create from the Web, or from the Windows XP Professional operating system CD. Starting
from a CD is available only on computers that support the El Torito No Emulation CD boot
specification. Choose from the setup methods provided later in this section.
Chapter 2:
Automating and Customizing Installations
121
Note Windows XP Professional Setup floppy disks are not provided with Windows XP Professional. To create a set of bootable floppy disks, go to the Microsoft Download Center at
http://www.microsoft.com/downloads. Specify Windows XP as the Product/Technology and
search for the keywords “Setup Disks”.
To install from the Setup floppy disks
1. Start the computer by using the Windows XP Professional Setup floppy disks.
2. When Setup is complete, you can add applications and run Sysprep.
For more information about how to install applications, see “Customizing Unattended Installations” earlier in this chapter.
To install from Windows 98, Windows Me, Windows NT Workstation 4.0, or
Windows 2000 Professional
1. Start the computer.
2. From the Start menu, click Run, and then type:
path to distribution folder winnt32 /unattend:Unattend.txt
In the preceding path, Unattend.txt is the answer file that contains answers to installation questions that you want to automate.
3. When Setup is complete, you can add applications and run Sysprep to prepare for creating an image.
For instructions about how to install applications, see “Adding Applications” earlier in this
chapter.
To install by using CD Boot
1. Start the computer from the Windows XP Professional operating system CD. Setup
begins automatically.
2. When Setup displays the message that it is examining the hardware configuration,
insert the floppy disk containing the Winnt.sif file.
3. When the floppy drive light goes off, remove the floppy disk. Setup begins copying files
to the hard disk.
For more information about how to install applications, see “Adding Applications” earlier in
this chapter.
Note
The /udf parameter cannot be used with the CD Boot method.
122
Part I:
Deployment
Add customized information and components During this step, you can add customized
information (such as your company’s name) and components (such as custom Help files and
other documentation).
To add customized information and components
■
Create a file called Oeminfo.ini, and copy it to the %systemroot%\System32 folder. The
systemroot folder is usually C:\Windows.
RIS
You can use Remote Installation Services (RIS) to install Windows XP Professional throughout an organization from remote locations. Using RIS, you can direct client computers to a RIS
server and install automated, customized versions of Windows XP Professional.
RIS uses PXE/DHCP-based remote boot technology to remotely install the operating system
on the client computer. The RIS server contains the operating system that can be installed on
the client computer using either a Risetup or a Riprep-based image. You can contact the servers by designating the network adapter as the first in the boot order of the client computer’s
BIOS, or by using a remote boot disk for pre-PC98 computers. When a network boot is
requested, the client computer performs the following tasks:
■
The client computer requests an IP address from the DHCP server.
■
The client computer requests the IP address of a boot server using PXE (if the boot
server is not the DHCP server).
■
The client computer contacts the boot server and downloads the Client Installation
Wizard (CIW).
RIS Process
When a client computer starts, it sends out a broadcast DHCP Discover packet requesting an
IP address and the location of a DHCP server. In this packet, the client computer also includes
its Globally Unique Identifier (GUID). If the DHCP and RIS servers are on the same computer,
all requested information is provided in the initial reply. If DHCP and RIS are on separate
computers, the client computer sends out another broadcast DHCP Discover packet to contact a RIS server after it has successfully obtained an IP address from the DHCP server.
A RIS server running on Windows 2000 Server or Windows Server 2003 uses the Boot Information Negotiation Layer (BINL) service to contact the Active Directory service to determine
whether the client computer is a known client. Known clients are computers that are prestaged to Active Directory.
The RIS server checks the Active Directory directory service to determine which RIS server can
respond to this client request. The RIS server then provides the name of the server and the file
that the client computer must download to start the installation process.
Chapter 2:
Automating and Customizing Installations
123
After the boot process begins, the Client Installation Wizard (CIW) pages are downloaded to
the client computer and the installation begins.
When the CIW runs, the user at the client computer must log on to the domain. At this point,
the user can select an image to install.
Before You Use RIS
To deploy Windows XP images from Windows 2000 RIS Servers, you must install the Windows 2000 Remote Installation Services update. For more information about the Windows
2000 Remote Installation Services update, see the Microsoft Knowledge Base link on the Web
Resources page at http://www.microsoft.com/windows/reskits/webresources. Search the
Microsoft Knowledge Base using the keywords Risetup.exe, RIS Servers, and Windows XP
Images. Note that this update is not required if you are using Windows Server 2003 RIS.
In addition, consider the following before you design a RIS deployment:
■
RIS server. A RIS server is a computer running Windows 2000 Server or Windows
Server 2003, containing a hard disk with at least two partitions, that has been configured with the Remote Installation Services Setup Wizard (Risetup.exe) to install and
run the following services:
❑
Boot Information Negotiation Layer (BINL) service in Windows 2000 Server
❑
Trivial File Transfer Protocol Daemon (TFTPD)
❑
Single Instance Storage Groveler
The Single Instance Storage (SIS) filter driver is also installed.
The remote installation client computer can be a new personal computer that has a PXE-enabled network adapter, or an older personal computer
(for example, computers built prior to the PC98/99 design specification) that can install
Windows XP Professional using a remote boot disk to emulate PXE for the network
adapter.
■
Remote Installation client.
■
Active Directory.
■
Networking considerations.
Active Directory is a requirement for RIS. RIS Setup sends a query to
make sure Active Directory is running. If Active Directory is not detected on the network, RIS Setup does not continue.
Consider the following factors when you are designing
your RIS deployment:
❑
The RIS server does not have to be the domain controller for the domain.
You must have DNS and DHCP servers available to service the RIS client computers on the network.
❑
The servers that are running DNS and DHCP do not have to be members of the
same domain as the RIS server.
❑
❑
You do not have to use Microsoft DNS and DHCP services.
124
Part I:
Deployment
Table 2-17 describes the major RIS components and the users who work with each component.
Table 2-17 RIS Components, Descriptions, and Intended Users
Component
Description
User
Remote Installation
Services Setup
(Risetup.exe)
Sets up the RIS server. This component is
not available in Windows XP Professional.
System administrator
Remote Installation
Services Administrator
Configures Group Policy settings relating to RIS. This component is not available in Windows XP Professional.
System administrator
Remote Installation
Preparation tool
(Riprep.exe)
Creates operating system images, and
installs them on the RIS server. You can
also use Riprep.exe to create application
images to install applications with the
operating system. Client computers using PXE boot ROMs or a Remote Boot
Floppy Generator (RBFG) floppy disk can
then download the image. Because the
client computer initiates the download,
starting from the Text-mode portion of
Setup, Riprep allows for differences in
hardware among client computers (such
as the boot device).
Desktop administrator
Remote Boot Floppy
Generator (Rbfg.exe)
Creates the Remote Installation Services
bootable floppy disk that is required to
install RIS-based operating systems on
client computers that do not have a
PXE-enabled boot ROM.
End user
Client Installation Wizard (Oschooser.exe)
Selects the RIS image that the user must
install. This wizard is used on the client
computer.
End user with rights to
create computer objects
in the domain
Warning To deploy Windows XP Professional Riprep-based images from Windows 2000 RIS
Servers, you must install the Remote Installation Preparation tool update. For more information
about the Remote Installation Preparation tool update, see the Microsoft Knowledge Base link on
the Web Resources page at http://www.microsoft.com/windows/reskits/webresources. Search
the Microsoft Knowledge Base using the keywords Riprep.exe, Setupcl.exe, Imirror.dll, and Windows XP Images. Note that this update is not required if you use Windows Server 2003 RIS.
The following sections discuss planning for RIS from a client perspective and explain how to
use the Remote Installation Preparation tool and the Remote Installation Services boot disk.
RIS enables the administrator to configure Windows XP Professional and any applications for
a single group of users, and then to apply this configuration when installing the operating system on client computers. For users, the result is a simplified and timely installation and configuration of their computer and a more rapid return to productivity if a hardware failure occurs.
Chapter 2:
Automating and Customizing Installations
125
Administrators have two options when using RIS:
■
Similar to setting up a workstation directly from the Windows XP
operating system CD; however, the source files reside across a network on RIS servers.
Risetup images are created by using Risetup.exe, which is a server-only application.
■
The Riprep imaging option.
The Risetup option.
Enables a network administrator to clone a standard desktop configuration, including operating system configurations and desktop customizations. After installing and configuring Windows XP Professional, its services, and any
standard applications on a workstation, the network administrator runs a wizard that
prepares the installation image and replicates it to available RIS servers. Remote boot–
enabled client computers can then request a local installation of the image from the RIS
servers over the network.
When a network service boot is requested, DHCP provides an IP address for the client computer, and the client computer can then download the Client Installation Wizard. At this point,
the wizard prompts the user to log on and, depending on the user’s credentials or security
group membership, displays a menu that offers appropriate customized unattended operating
system installation options. The network administrator uses Group Policy settings to determine
which installation options are available to a specific user, based on the policy that has been
defined for that user at the client computer that initiated the network service boot request.
If you have a Windows 2000 Server or Windows Server 2003 operating system infrastructure
with RIS installed and a client computer with the appropriate hardware, you can install Windows XP and any applications on that client computer remotely and automatically.
Preparing for Client Configuration
To ensure that a remote installation can proceed successfully, prepare the client computer for
installation from a RIS server by completing the following tasks:
■
Verify the hardware compatibility of the client computer.
■
Set user rights.
■
Set permissions.
■
Specify the installation options.
■
Configure the network adapter.
■
Select and restrict client computer installation options.
■
Use Riprep to prepare the client image.
■
Deploy RIS.
Table 2-18 lists the tasks that the server administrator performs on a RIS server versus those
that the desktop administrator performs on the client computer.
126
Part I:
Deployment
Table 2-18 Tasks for Preparing a Client Computer for a Remote Installation
Task
Description
User
Verify that the
client hardware meets all
requirements.
The client computer must meet the requirements
for Windows XP installation and have a bootable
network adapter or be enabled for remote startup.
All computers that meet the PC98 0.6 and later design specification include a PXE-remote boot ROM
for RIS. For client computers that do not contain a
PXE ROM, use the Remote Boot Floppy Generator
(Rbfg.exe) to create a floppy disk that initiates the
RIS process.
Desktop administrator
Set required
permissions on
the RIS server.
If users are allowed to use RIS to install an operating system on client computers, those users need
correct permissions for creating computer accounts within the domain, specifically the Organizational Unit container specified in the Advanced
Settings on the RIS Server. Use Active Directory Users and Computers to set permissions on a container that allows users to use RIS to install an
operating system on their own computers.
Server administrator
Specify installation options
on the RIS
server.
On the RIS server, you can use Group Policy settings to restrict the installation options available to
users during remote installation. To restrict access
to images, set permissions on the folders containing the installation images.
Server administrator
Configure the
network
adapter on
the client
computer.
You must configure the network adapter of the client computer as the primary startup device within
the system BIOS. This allows the client computer to
request a network service startup from the RIS
server on the network. Many computers with builtin PXE-compliant network adapters have three settings for the network adapter in the BIOS: off, on,
and on with PXE. After the network adapter is set
to on with PXE, on with PXE is typically available as
an option in the boot order section of the BIOS.
Desktop administrator
Using the Remote Installation Preparation Tool
The Remote Installation Preparation tool (Riprep.exe) provides the ability to prepare a Windows XP Professional installation for disk imaging and to replicate the image to an available
RIS server on the network. The image can include locally installed applications and specific
configuration settings. The wizard feature supports replication of a single partition (drive C
only) installation. This means that the operating system and the applications included with
the standard installation must reside on drive C before the wizard is run.
It is recommended that you use RIS to install the operating system on a client computer. After
the operating system is installed, you can install any applications, including line-of-business
applications. You can then configure the installation to comply with company policies. For
example, you might define specific screen colors, set the background bitmap to a company
Chapter 2:
Automating and Customizing Installations
127
logo, and configure intranet proxy server settings within Internet Explorer. After the workstation has been configured and tested, you can run Riprep from the RIS server.
The destination computer (the computer that installs the image) does not need to have hardware that is identical to the computer that was used to create the image. However, the hardware abstraction layer (HAL) drivers must be the same. For example, both HALs must be
ACPI-based or non–ACPI-based. (See Table 2-16 earlier in this chapter.) In many cases, workstation-class computers do not require unique HAL drivers, as server-class computers do. During image installation, the wizard uses Plug and Play to detect differences between hardware
on the source and destination computers.
Riprep-based images are usually larger than Risetup-based images because Riprep-based images
are a complex copy of the client computer’s hard disk that is stored on the server. Riprep-based
images contain the operating system in addition to preinstalled programs and tools. To store a
Riprep-based image on a RIS server, your configuration must meet the following requirements:
■
You must have at least one Risetup image stored on the same RIS server as the Riprepbased image.
■
The Risetup image must use the same language and it must be based on the same version of the operating system as the reference computer.
The template (.sif) file refers the client computer to the RIS server to detect and load files for
the client computer’s network adapter. The template (.sif) file also uses the Risetup image to
provide drivers to start Text-mode Setup. Setup then copies the image to the installing client
computer’s hard disk.
When you image a client computer by using Riprep.exe, the following requirements must be met:
■
At least one Risetup image must exist on the server so that the user can access system
files later. The Risetup image must use the same language and be based on the same version of the operating system as the reference computer.
■
Only one partition is supported.
■
Client computers must use the same HAL (for example, ACPI or non-ACPI).
■
Destination computers must have a local hard disk that is at least equal to the size of the
partition on the imaged computer.
■
When you are creating the image, the client computer must not contain any encrypted files.
To run the Remote Installation Preparation tool (Riprep)
1. Install the standard operating system on the reference computer. It is recommended
that you use RIS to perform this task.
2. Install applications locally on the client computer. Configure the client computer with
specific corporate standard desktop settings. Make sure the client installation is correct.
After the image is replicated to the RIS server, you cannot modify the configuration.
128
Part I:
Deployment
3. Copy the profile of the user used to configure the computer to the Default User profile.
You should also delete any unwanted profiles at this point.
4. Connect to a RIS server from the computer on which you want to replicate this image,
and run Riprep.exe. The Remote Installation Preparation Wizard starts.
5. Enter the name of the RIS server where you want to replicate the contents of the client
hard disk. By default, the RIS server from which the wizard is being run is filled in automatically.
6. Type the name of the folder on the RIS server where this image is to be copied.
7. When prompted, provide a description and Help text for this image. These are displayed
to users during operating-system image selection. Provide enough information to allow
a user to distinguish between images.
8. After you complete the Remote Installation Preparation Wizard, review your selections
on the summary page that appears, and then click Next.
The image preparation and replication process begins. The system is prepared, and files are
copied to the RIS server. When the replication of the image is complete, you can use any client
computer that meets the restrictions described in the following “Riprep Rules and Restrictions” section and is enabled for PXE/DHCP-based remote boot technology to select and
install the image from the Client Installation Wizard. You can also use any client computers
that use the Remote Installation Services startup disk.
Riprep and Windows product activation In Windows XP Professional, Riprep can reset
Windows Product Activation a maximum of three times for any images that derive from an initial image and start with the installation of the initial image. When a disk image that was prepared with Riprep is rebooted, the activation timer is reset and the installation of Windows XP
Professional is enabled with the full Windows Product Activation grace period. After three
resets, the activation timer is no longer reset.
For more information about Windows Product Activation, see Chapter 1, “Planning
Deployments.”
Riprep rules and restrictions Riprep.exe is more flexible than Sysprep.exe because it starts
over the network in Text-mode Setup. This allows for a greater variation of hardware platforms, such as differing mass storage disk controllers. The only item that must be the same on
all client computers when you use Riprep.exe is the HAL.
By default, Riprep-based images do not perform Plug and Play enumeration. If you want Plug
and Play enumeration to occur, you must use the -PnP command-line parameter when you
create your image. For example, at the command prompt, type riprep -pnp. After you run this
command, Plug and Play enumeration always occurs. If you want to turn off Plug and Play
enumeration, you must re-create the image.
To take advantage of Riprep’s added functionality, be sure to follow these guidelines:
Chapter 2:
Automating and Customizing Installations
129
■
The hard disk of the computer you want to image can have only one partition. If the
hard disk of the client computer contains more than one partition, a message appears
and only the system partition (containing the Windows folder) is copied. If your boot
partition and system partition are different, the image is not useable.
■
A Risetup image must reside on the RIS server.
■
The hard disk on the destination computer must be at least the same size as, or larger
than, the reference computer.
■
The destination computer must also have the same HAL as the reference computer.
Using a Remote Installation Services Boot Disk
You can use the Remote Installation Services (RIS) boot disk with client computers that do
not contain a remote boot–enabled ROM. The startup disk simulates the PXE startup process
for computers that lack a remote boot–enabled ROM. The boot disk is analogous to a boot–
enabled ROM and uses the floppy disk drive to install the operating system from the RIS
server.
This disk enables you to use RIS to install programs on a laptop computer. Because Personal
Computer Memory Card International Association (PCMCIA) network adapters do not currently support PXE, you cannot use a PCMCIA network adapter with RIS. However, you can
place the laptop computer in a docking station that contains a PCI-compliant network adapter
and use a boot disk that you created by running Rbfg.exe.
Note
Currently, Remote Boot Floppy Generator (RBFG) floppy disks support only PCI-compliant adapters. RBFG floppy disks do not support PCMCIA or ISA network adapters.
You cannot add additional network adapters to the RIS boot disk. Microsoft adds additional
network adapters over time and makes the updates in the Rbfg.exe tool that is available
through distribution channels, such as the Web, Windows Update, and future service packs.
Understanding GUIDs
When a client computer with a PXE-enabled network adapter connects to a RIS server, the
Globally Unique Identifier (GUID) of the network adapter is among the items that are
exchanged before a logon screen is displayed. The GUID is a unique 32-digit number that is
stored with the computer account object that is created in Active Directory. Client computers
with network adapters that are not PXE-enabled cannot supply this GUID. Instead, client
computers that start from the RIS boot floppy with non–PXE-enabled network adapters send
the network adapter’s 12-character Media Access Control (MAC) address.
To generate a GUID in Windows 2000 Server, the Boot Information Negotiation Layer (BINL)
service uses the 12-character MAC address and prepends 20 zeros. This process creates a 32digit number that is used as the GUID. The computer account object is associated with the
130
Part I:
Deployment
network adapter, not with the computer. Even if you move the network adapter to a different
computer, the GUID is still associated with the network adapter and not with the computer.
Because the computer account object is associated with the network adapter, if you move the
network adapter to another computer, RIS assigns the attributes of the old computer to the
new computer. Therefore, the administrator must delete the GUID from the computer
account object for the old computer. If a user tries to install the new computer by using a different computer name, a message appears during the CIW that displays the names of the computers on the network that already have the same GUID. GUIDs and computer account
objects must have a one-to-one relationship.
The RIS boot disk can be used with a variety of supported PCI-compliant network adapters.
To determine whether the hardware components in your organization are compatible with
Windows XP Professional, see the Windows Catalog at http://www.microsoft.com/windows
/catalog.
One disk is used for all network adapters. The supported network adapters are listed in the
Remote Boot Floppy Generator dialog box. You can display this dialog box by running
Rbfg.exe. You can use this utility to create the boot disk. When RIS installation is complete,
you can find Rbfg.exe on the RIS server partition, in the \RemoteInstall\admin\i386 folder.
Additional Resources
These resources contain additional information and tools related to this chapter.
Related Information
■
The Automating and Customizing Installations book in the Microsoft Windows Server 2003
Deployment Kit for more information about using Sysprep and RIS.
■
The Windows Catalog at http://www.microsoft.com/windows/catalog for information
about hardware compatibility. The Windows Catalog is replacing the older Hardware
Compatibility List (HCL) but you can still access text-only versions of the HCL for different Windows versions from Windows Hardware and Driver Central at http://winqual.microsoft.com/download.
■
The Microsoft Windows Desktop Deployment Resource Kit by Jerry Honeycutt (Microsoft
Press, 2004)
Related Tools
■
For more information about answer file sections, keys, and values, see the Deploy.chm
in the Deploy.cab file on the Windows XP Professional operating system CD. The
Deploy.cab file is in the \Support\Tools folder. You can use Windows Explorer or run
the Extract.exe command to extract and view the Deploy.chm file.
Chapter 3
Multilingual Solutions for
Global Business
A large number of corporations do business internationally, have employees or customers that
communicate using more than one language, or have a need to create a single global corporate
desktop image or a single code base to develop and test applications. To meet the needs of
today’s global business environment, Microsoft® Windows® XP Professional includes desktop
configurations and application support designed to ensure multilingual compatibility.
In this chapter:
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .131
Multilingual Features in Windows XP Professional . . . . . . . . . . . . . . . . . . . . . . . . .135
Planning a Multilingual Deployment. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .142
Configuring Desktops. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .147
Using Unattended and Silent Installations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .152
Supporting Multilingual Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .163
Ensuring Compatibility. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .166
Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .168
Additional Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .171
Related Information
■
For more information about supporting mobile users, see Chapter 7, “Supporting
Mobile Users.”
■
For more information about configuring remote desktops, see Chapter 8, “Configuring
Remote Desktop.”
Overview
Windows XP Professional supports companies that need to allow users (employees or customers) to work in more than one language. Typically, these companies:
■
Operate internationally and must support different regional options, such as time
zones, currencies, or date formats.
131
132
Part I:
Deployment
■
Have employees or customers who speak different languages or require language-dependent keyboards or input devices.
■
Develop internal line-of-business applications that must run internationally or in more
than one language.
Table 3-1 presents an overview of the most common problems that multilingual and international organizations face, and it outlines the possible solutions that you can apply to your
Windows XP Professional deployment.
Table 3-1
Problems and Solutions for Global Business
Problem
Solution
Users need to edit documents
that contain multiple languages.
All versions of Windows XP Professional contain support for editing documents in multiple languages. Some versions might require the installation of additional language collections. For
advanced multilingual support—such as localized language user
interface elements, dictionaries, and proofing tools—deploy Microsoft® Windows® XP Professional Multilingual User Interface
Pack (MUI Pack) together with the Microsoft® Office XP Multilingual User Interface Pack.
Regional offices need automatic operating system deployments with the correct
language and regional options, such as the default input language, date, time, and
currency formats.
Determine each office’s language and regional needs to help reduce the number of unique setup scripts. For each unique setup
script, specify the appropriate [RegionalSettings] values in the
answer file, and use new keywords to set the default standards
and formats and input language/keyboard layout combination
for the default user account for new users.
Roaming users need to log on
anywhere in their native languages.
Consider using Windows XP Professional MUI Pack for desktops
if roaming users must log on in a native language user interface.
Use Active Directory® directory service and Group Policy to
publish MUI Pack language packages to users so that they can
install the correct user interface language wherever they log on.
Multiple users need to log on
to the same computer in different languages.
Consider using Windows XP Professional MUI Pack for desktops
if users must log on in a native language user interface. Use Terminal Services Client to support different language sessions for
different users sharing computers connected to a Microsoft®
Windows® 2000 Server MultiLanguage Version–based computer running Terminal Services.
Users need language-specific
keyboards, Input Method Editors, or alternative input devices.
Windows XP Professional contains built-in support for a variety
of keyboard layouts and input methods and devices. Install additional language collections and input languages as needed. Place
the On-Screen Keyboard on desktops where the physical keyboard might not match the operating system language version
in use.
Existing line-of-business applications must accommodate language and regional
differences.
Ensure proper code page support for applications developed under older operating systems; test applications by changing the language for non-Unicode programs and default input languages.
Chapter 3:
Table 3-1
Multilingual Solutions for Global Business
133
Problems and Solutions for Global Business
Problem
Solution
Application developers want
to create single code-based
applications that run in the
correct local language.
Deploy Windows XP Professional MUI Pack internationally as the
desktop standard; develop applications in Unicode that support
the multilingual user interface. Write applications that check for
the default user interface language and follow world-ready software development guidelines.
Sites on the corporate intranet must account for language and regional
differences.
Use the Location setting to configure desktop browsers to receive appropriate local content, such as local weather or news.
IT wants to do simultaneous
worldwide rollouts of hotfixes, patches, and Service
Packs.
Deploy Windows XP Professional MUI Pack as the global desktop
standard.
Users need to share folders or
files containing text in other
languages.
Ensure that only Unicode characters are used for Active Directory
and other folder and file names; install the Complex Script and
Right-to-Left or East Asian Language Collections as needed.
New Multilingual Features in Windows XP Professional
Windows XP Professional includes technologies that enhance your company’s ability to do
business in multiple languages and/or across multiple countries/regions.
Support for 160 locales Versions of Microsoft® Windows® earlier than Windows XP Professional support up to 126 locales. Windows XP Professional adds support for ten additional
locales, and Service Pack 2 for Windows XP adds support for an additional 24 locales, bringing the total up to 160 locales.
Built-in language support Each language version of Windows XP Professional provides
built-in support for editing documents in hundreds of languages, grouped into three language
collections. The Basic Language Collection, which is always installed, supports most Western
languages. The Complex Script and Right-to-Left Language Collection can be installed to support languages such as Arabic, Hebrew, Indic, or Thai, and the East Asian Language Collection
can be installed to support Simplified or Traditional Chinese, Japanese, or Korean.
Users can change input languages, keyboard layouts, and other regional options (except for
the language for non-Unicode programs) without restarting the computer for the changes to
take effect. Administrators can customize the desktop with new tools, such as the Language
Toolbar, to simplify switching languages, keyboard layouts, and other regional options.
Redesigned Regional and Language Options Control Panel The Control Panel for regional
and language options has been redesigned to make it easier to add and change input languages and keyboard layouts; change standards and formats for displaying dates, amounts,
and currencies; set the default location for Web content; and change the language for nonUnicode programs. The most frequently used options are now easier to find and use.
134
Part I:
Deployment
New, simplified terminology The terminology used in versions of Windows earlier than
Windows XP Professional has been updated to simpler, more descriptive terms:
■
Standards and Formats, which determines the formats used to display dates, times, currency, numbers, and the sorting order of text, was previously called the User Locale.
■
Input Language, which specifies the combination of the language and keyboard layout
used to enter text, was previously called the Input Locale.
■
Language for Non-Unicode Programs, which specifies the default code pages and fonts for
running non-Unicode programs, was previously called the System Locale.
Additional answer file and Unattended mode Setup options Windows XP Professional
includes four new language keys that you can use in the [RegionalSettings] section of answer
files. These keys make it easier for administrators to customize language settings, such as the
default input language for new user accounts. Other features provide more options for customizing Unattended mode setups and silent configurations after setup.
Updated multilingual troubleshooter The Multilingual Document Consultant in Windows
XP Professional Help and Support Center can assist you in diagnosing and resolving problems with displaying or entering different languages.
Improved Windows XP Professional Multilingual User Interface Pack The Windows XP Professional Multilingual User Interface Pack (MUI Pack) ensures that most of the operating system user interface—including the Start and Programs menus, alerts and dialog boxes, and the
Windows XP Professional Help and Support Center—appears in the localized language that
has been selected as the default. (In Microsoft® Windows® 2000 Professional MultiLanguage
Version, for example, a user who switches the user interface language to German might still
find some user interface elements displayed in English.)
Although it is based on the code of the Microsoft® Windows® XP Professional International
English language version, the MUI Pack also includes more localized components that make
it easier to develop multilingual applications. New Windows Installer MUI language packages
reduce storage space requirements on network servers or CD images and make it easier for
administrators to set up, and for users to install, additional user interface languages. The MUI
Pack also includes improved local language drivers, makes roaming easier, and simplifies
remote administration over a corporate network.
Note
The Windows XP Professional MUI Pack is available only through Volume Licensing
programs and OEMs. The MUI Pack is not available through retail channels. The Windows XP
Tablet PC Edition 2005 MUI Pack is available directly to end users via download from http:
//www.microsoft.com/downloads/details.aspx?FamilyID=ac1c6f5a-bace-425b-bc60f8d3331c89a3&displaylang=en.
Chapter 3:
Multilingual Solutions for Global Business
135
Multilingual Features in Windows XP Professional
This section introduces some key features, concepts, and terms you need to understand as
you work with a multilingual or international deployment of Windows XP Professional.
Included are discussions of basic concepts, such as language collections, the use of alternative
keyboard layouts, Input Method Editors, and Unicode, as well as descriptions of new terms
introduced with Windows XP Professional.
Note On a Microsoft Tablet PC, you can select the language you want your keyboard to recognize. In addition, the Microsoft Windows XP Tablet PC Edition 2005 includes the Tablet PC
Recognizer Pack. The Recognizer Pack lets you convert ink and speech to typed text in multiple
languages. For more information, see “Microsoft Tablet PC Recognizer Pack” at http:
//www.microsoft.com/windowsxp/using/tabletpc/learnmore/multilanguagecd.mspx.
Built-In Language Support
Each language version of Windows XP Professional supports hundreds of languages through
17 language groups, which are organized into three separately installable language collections, as
shown in Table 3-2.
Note
In Windows XP Professional—unlike Microsoft® Windows® 2000 Professional—you
cannot install individual language groups. You must install the appropriate language collection as described in Table 3-2, which includes support for all language groups in that language collection.
Table 3-2
Language
Collection
Basic
Language Support in Windows XP Professional
Installation Status
Always installed on every language version.
Language Group ID and Name
1.
Western Europe and United States
2.
Central Europe
3.
Baltic
4.
Greek
5.
Cyrillic
6.
Turkic
136
Part I:
Deployment
Table 3-2
Language Support in Windows XP Professional
Language
Collection
Complex
Script and
Right-to-Left
East Asian
Installation Status
Language Group ID and Name
Always installed on the Arabic language version and the
Hebrew language version;
optionally installed on all
other language versions.
11.
Thai
12.
Hebrew
13.
Arabic
14.
Vietnamese
15.
Indic
16.
Georgian
Always installed on the Simplified Chinese, Traditional
Chinese, Japanese, and Korean language versions; optionally installed on all other
language versions.
17.
Armenian
7.
Japanese
8.
Korean
9.
Traditional Chinese
10.
Simplified Chinese
Locales
A locale is a collection of Windows XP Professional operating system settings that reflects a
specific country’s/region’s language and cultural conventions. For example, the English
(Canadian), English (United Kingdom), and English (United States) locales reflect different
countries/regions that share a common language but use different dialects, currencies, and so
on. Windows XP Professional supports a total of 135 locales.
Standards and Formats (User Locales)
The Standards and Formats section of the Regional and Language Options Control Panel in
Windows XP Professional, formerly called the user locale, determines the formats used to display dates, times, currency, numbers, and the sorting order of text. On a given computer, each
user account can have its own unique Standards and Formats setting. The Standards and Formats setting does not affect any language settings other than the language used to display the
names of days and months, and time and date formats.
For example, an English-speaking salesperson from the Boston office logs on to a desktop in
the Milan office. The Milan desktop uses the International English language version of Windows XP Professional. The salesperson selects a Standards and Formats setting of Italian
(Italy), which immediately changes the currency to Lira and the date format to dd/MM/yyyy—
without restarting the computer.
Chapter 3:
Multilingual Solutions for Global Business
137
Input Method Editors, Input Languages, and Keyboard Layouts
For a computer to support a given language, the computer must be able to display the language on screen using the correct alphabet, characters, and fonts. The computer must also be
able to accept input typed on a specific language keyboard or specialized input device. The
appropriate language collection must be installed, and the default input language and keyboard layout determine how characters entered on the keyboard will be displayed on the
screen.
Languages such as Japanese use an Input Method Editor (IME) so that a user can enter Asian
text in programs by converting the keystrokes into Asian characters. The IME interprets the
keystrokes as characters and then gives the user the opportunity to insert the correct interpretation into the program being worked in. Windows XP Professional contains IMEs for Simplified and Traditional Chinese, Japanese, and Korean.
The Input Language setting of the Regional and Language Options Control Panel, formerly
called an input locale, specifies the combination of the language being entered and the keyboard layout, IME, speech-to-text converter, or other device being used to enter it. Input languages are added to a computer user by user; each user can add multiple input languages,
enabling multiple-language document editing, viewing, and printing. When you change input
languages, some programs (such as Microsoft® Office XP and Office 2003) offer additional
features, such as fonts or spelling checkers designed for different input languages.
For example, a user in the Tokyo office who wants to write an e-mail message in both Japanese
and Russian would need to install Russian as an input language to enter and display the Russian language using a Japanese keyboard. The user can then change between the Japanese and
Russian languages while composing the message.
Keyboard Layouts
Each input language that Windows XP Professional supports has a default keyboard layout
associated with it. Some languages also have alternative keyboard layouts.
For example, a standard U.S. English language keyboard has 101 keys, while a typical keyboard for the Japanese localized language version of Windows XP Professional has 106 keys.
In these situations—where the physical keyboard might not match the language being entered,
or a difference in the number of characters and keys makes it difficult to type—administrators
or users can add layouts for additional keyboards. Also, by using the On-Screen Keyboard,
users can enter text by selecting characters on the appropriate language version On-Screen
Keyboard, as shown in Figure 3-1.
138
Part I:
Deployment
Figure 3-1
On-Screen Keyboard for French
Tip
Administrators can make it easier for users to change input languages and keyboard layouts by placing the Language Toolbar on the desktop or in the Taskbar, or by enabling keyboard sequences or “hot keys.” For more information, see “Simplifying Multiple Language
Access on Desktops” later in this chapter.
Unicode and Code Pages
Unicode is an international standard for representing the characters in common use in the
most widely used languages. Unicode provides a universal character set that can accommodate most known scripts, meaning that the text used in documents, files, and applications created in one operating system language (such as Japanese) display correctly in a different
operating system language (such as English). Windows XP Professional supports Unicode as
its base character encoding.
Windows XP Professional supports code pages to ensure backward compatibility and comprehensive language support for legacy documents and applications. A code page is an ordered set
of characters in which a numeric index (code point) is associated with each character of a particular writing system. There are separate code pages for different writing systems, such as
Western European and Cyrillic. In a code page–based environment, each set of characters
from a specific language has its own table of characters.
Because a code page is a much smaller ordered set of characters than Unicode, code pages
have limited abilities to display the characters of another code page’s language. Documents
based on the code page of one operating system rarely transfer successfully to an operating
system that uses another code page, resulting in unintelligible text or characters. For example,
if someone in Boston using the International English language version of Microsoft® Windows® 98 with the Latin code page opens a file created in the Japanese language version of
Windows 98, the code points of the Japanese code page are mapped to unexpected or nonexistent characters in the Latin script.
To ensure that new applications being written for Windows XP Professional can function in
any language, use Unicode as the base character encoding. Do not use code pages.
For a complete list of code pages and their associated code points, see the Microsoft OEM
Code Reference link on the Web Resources page at http://www.microsoft.com/windows
/reskits/webresources. For a complete listing of Unicode control characters, see “Unicode
Control Characters” in Windows XP Professional Help and Support Center.
Chapter 3:
Multilingual Solutions for Global Business
139
Language for Non-Unicode Programs (System Locale)
The Language for non-Unicode Programs, previously called the system locale, specifies the
default code pages and associated bitmap font files for a given computer and affects all of that
computer’s users. The default code pages and fonts enable non-Unicode applications to run
as they do on a system localized to the language of the Language for non-Unicode Programs.
If an application displays question marks (???) instead of the expected alphanumeric characters, the Language for non-Unicode Programs probably needs to be switched to the language
in which the application was developed. Switching the Language for non-Unicode Programs
to match an older application’s language affects other operating system settings that will
improve overall application and system compatibility.
For example, assume that a data entry clerk in the Tokyo office is using the International
English language version of Windows XP Professional. If the clerk wants to run a non-Unicode accounting application designed for the Japanese localized language version of Windows 98, the clerk needs to change the Language for non-Unicode Programs of the computer
to Japanese and restart the computer. Otherwise, Kanji characters would be displayed as question marks.
Note Changing the Language for non-Unicode Programs alone does not change the language of the Windows XP Professional user interface elements, such as the system menus and
dialog box display languages. Only the Windows XP Professional MUI Pack allows a user to
change the language of the user interface.
User Interface Language Options (MUI Pack Only)
Using the Windows XP Professional MUI Pack, users can change the language of the user
interface—such as the names of menu options, choices in dialog boxes, and Help system—to
any of the localized language versions of Windows XP Professional. Administrators can also
specify the default user interface language by using setup scripts or silent configurations, and
they can restrict users’ abilities to change the user interface language by using Group Policy
settings.
Windows XP Professional Language Versions
Windows XP Professional is available in three different language versions: International
English, individual localized language versions, and the MUI Pack. Understanding the differences between the language versions that are available will help you to choose the language
version that best meets your company’s specific language and international needs.
140
Part I:
Deployment
Table 3-3 shows the user needs that each language version supports.
Table 3-3
Differences Between Windows XP Professional Language Versions
International
English Version of
Windows XP
Professional
Localized Language
Versions of
Windows XP
Professional
Windows XP
Professional
MUI Pack
Ability to read and write documents in multiple languages
X
X
X
Language and regional support
for over 135 locales
X
X
X
User Needs
Language and regional support
for supported localized language
versions
X
Localized language user interface
X
X
Ability to transact business primarily in one or more languages
besides English
X
X
X
X
X
X*
X
X*
Ability to transact business mostly
in English, but have access to additional languages
X
Extensive support for localized
language applications compatibility
Extensive support for localized
language drivers
X
Legacy DOS and BIOS support
Single code base for application
development
X
X
X
X
Single code base for application
testing in different user interface
languages
X
Ability to log on anywhere in any
language
X
Single, simultaneous worldwide
rollouts for hotfixes, patches, and
Service Packs
X
*
Support for local language drivers and language applications is usually not as extensive as for localized
language versions.
Chapter 3:
Multilingual Solutions for Global Business
141
Windows XP Professional International English Version
The International English version of Windows XP Professional is designed for companies that
do business mostly in English but have some users with additional language needs. This version provides complete language and regional support for over 135 locales, allowing users to
read and write documents in almost any language.
The Windows XP Professional user interface, however, is in English. If you require the user
interface to appear in a language other than English, a localized language version or the MUI
Pack is a more appropriate choice.
Windows XP Professional Localized Language Versions
Each localized language version of Windows XP Professional contains the same language and
regional support that is included in the International English version, meaning that users can
read and write documents in almost any language. However, the operating system user interface appears only in the localized language instead of English.
A localized language version contains more extensive application compatibility than the International English version of Windows XP Professional, as well as extra local language drivers
and legacy DOS and BIOS support. If your company or a particular office or division of your
company operates primarily in a language other than English, or if it requires that the operating system user interface is in a language other than English, a localized language version of
Windows XP Professional is an appropriate choice. The 24 fully localized versions of Windows XP Professional include Arabic, Chinese Hong Kong, Chinese Simplified, Chinese Traditional, Czech, Danish, Dutch, Finnish, French, German, Greek, Hebrew, Hungarian, Italian,
Japanese, Korean, Norwegian, Polish, Portuguese (Brazil), Portuguese (Portugal), Russian,
Spanish, Swedish, and Turkish.
Windows XP Professional MUI Pack
The Windows XP Professional MUI Pack allows users to change the language of the operating
system user interface to any of the supported localized language versions (including English).
This version is well suited for companies that:
■
Want to deploy and maintain a single operating system standard or desktop image
worldwide
■
Want to maintain a single code base for international application development
■
Want to do single, simultaneous worldwide rollouts for hotfixes, patches, and Service
Packs
■
Have multilingual offices where different language speakers must share computers
■
Have users who need to be able to log on anywhere in any language
142
Part I:
Deployment
The Multilingual User Interface Pack is based on the International English version of Windows XP Professional. Although the user interface can be switched to any of the supported
languages, compared to a localized language version of Windows XP Professional, some parts
of the operating system are not localized in the MUI Pack. These include:
■
16-bit code
■
Bitmaps
■
Some registry keys and values
■
INF files
■
Some system components, including:
❑
Narrator
❑
MSN® Explorer
❑
NetMeeting®
❑
Internet Connection Wizard
For more information about the Windows XP Professional MUI Pack, see the Locales and
Language link on the Web Resources page at http://www.microsoft.com/windows/reskits
/webresources.
Planning a Multilingual Deployment
To deploy the appropriate language versions of Windows XP Professional and configure
regional support based on your organization’s current geographic and IT infrastructure, you
need to determine your language and regional requirements, as well as your hardware requirements and limitations. You also need to take into account the needs of roaming users in your
organization and whether you are upgrading an earlier localized language version of Windows. Also, consider whether your organization requires a single global image and whether
you will require specific regional builds for different offices in your organization.
Determining Language and Regional Requirements
If you do business in multiple languages or have multilingual office environments, you need
to know which languages or dialects your organization must support and whether these languages require IMEs or alternative keyboards or input devices.
If you do business internationally, you need to know which countries/regions your organization must support and which languages or dialects are used in each. You must determine
whether currency, time zone, or calendar formats vary between the different countries and
regions. Additionally, you must determine which line-of-business applications you have that
must accommodate such regional differences.
Chapter 3:
Multilingual Solutions for Global Business
143
A four-column planning table can help you determine your language and regional needs. You
can organize the table as follows:
■
In column one, list your offices or divisions.
■
In column two, list the languages or dialects used in those offices or divisions.
■
In column three, note the corresponding Windows XP Professional language collections
and locales that support those languages or dialects. For tables listing Windows XP Professional language collections and locales, see the Global Software Development List of
Locale IDs and Language Groups link on the Web Resources page at http://
www.microsoft.com/windows/reskits/webresources.
■
In column four, note any special standards and formats settings, input language support, or default languages for non-Unicode programs required for your offices or divisions.
Tip You can use the resulting worksheet to plan your physical deployment and complete the
[RegionalSettings] section of your answer files. For more information about completing your
answer file, see “Using Unattended and Silent Installations” later in this chapter.
Assessing Hardware Requirements for Multilingual Support
Supporting multiple languages can affect your hardware requirements in two areas:
Some languages require more hard-disk storage space than others.
The more languages installed on a computer, the more hard-disk space consumed. In
addition, the Windows XP Professional MUI Pack requires more disk space for each
user interface language installed or supported.
■
Hard disk space.
■
Some languages or users require special keyboards,
IMEs, or alternative input devices.
Specialized hardware devices.
Note Installing a language collection enables you to view text in those languages in a document, on a Web page, and so on. However, to input text in a given language, you must also
add that language as an input language. For more information about adding input languages,
see “Configuring Desktops” later in this chapter.
Disk Space Requirements
If a workstation needs to support users who speak multiple languages, that workstation must
have enough space on the hard disk for the appropriate language resources. The amount of
disk space that you need depends, in part, on the Windows XP Professional language version
that you deploy.
144
Part I:
Deployment
Language support requirements Every language version of Windows XP Professional
comes with support for all the languages in the Basic Language Collection, which is installed
by default. Table 3-4 lists the estimated hard drive space that you need to install additional language support. In addition, every additional language installed will require approximately 115
MB of extra disk space.
Table 3-4
Disk Space Requirements for Language Support
Language
Collection
Installation Status
Space Required
in Megabytes
(MB)
Basic
Always installed on every language version.
N/A
Complex
Script and
Right-to-Left
Always installed on the Arabic language version and the Hebrew 10
language version; optionally installed on all other language versions.
East Asian
Always installed on the Simplified Chinese, Traditional Chinese, 250
Japanese, and Korean language versions; optionally installed on
all other language versions.
User interface language requirements (MUI Pack only) The Windows XP Professional
MUI Pack contains Windows Installer packages that allow users to install the user interface
languages on demand. Because they are compressed, Windows Installer packages require less
storage space on a network server or CD image.
Tip If your organization uses regional or customized builds or a CD-based deployment,
include the appropriate Windows Installer packages on the custom image or CD to ensure that
support for those user interface languages is available. This ensures that the specific user interface languages that each office needs are available either for unattended installations during
deployment or for on-demand installations by users post-deployment.
Providing on-demand installation also saves storage space on desktops because users can
install only the user interface languages that they need, when they need them. For a list of the
storage space required on a client computer for each user interface language that is installed,
see the Locales and Language link on the Web Resources page at http://www.microsoft.com
/windows/reskits/webresources.
For more detailed information about using Windows Installer packages with the Windows XP
Professional MUI Pack, see “Using Windows Installer Packages for On-Demand Installations
(MUI Pack Only)” later in this chapter.
Specialized Hardware Needs
If your language requirements require you to use special keyboards, IMEs, or alternative input
devices, your hardware must meet minimum hardware compatibility requirements. You can
find the minimum hardware compatibility requirements at http://www.microsoft.com
/windowsxp/pro/evaluation/sysreqs.mspx.
Chapter 3:
Multilingual Solutions for Global Business
145
Determining Roaming User Needs
If you have many roaming users who need to log on from different locations and edit documents in several languages, you must ensure that the appropriate language files are either
installed or installable on demand on those users’ workstations. You can also install Terminal
Services so that users can sign on to unique Terminal Services sessions in different languages.
If your roaming users need to log on from different locations in their native-language user
interface version of the operating system, you must install the Windows XP Professional MUI
Pack as appropriate.
Tip If you have deployed a Windows® 2000 Server MultiLanguage Version or Windows
Server 2003 with the Multilingual Language Interface, you can extend the lifecycles of old
desktops and functionality of thin clients for use as multilingual workstations. By installing Terminal Services on clients connected to a computer running Windows 2000 Server MultiLanguage Version or Windows Server 2003 with the Multilingual Language Interface, you
effectively permit the client to function as a Windows XP Professional MUI Pack–based workstation that allows users to change user interface languages easily.
Upgrading from Earlier Versions of Windows
A localized language version of a Windows-based client cannot be upgraded to a different
language version of Windows XP Professional or to the Windows XP Professional MUI
Pack. For example, you cannot upgrade a Japanese localized language version of Windows
2000 Professional to either the International English language version or MUI Pack of Windows XP Professional.
Warning
To replace any other language versions of Windows with the Windows XP Professional MUI Pack, you must remove the previous Windows version and perform a clean installation of the Windows XP Professional MUI Pack.
You can upgrade to the Windows XP Professional MUI Pack only from an International
English language version of Windows or from the Microsoft® Windows® 2000 Professional
MultiLanguage Version. Table 3-5 shows which of these earlier versions of Windows clients
can be upgraded to the Windows XP Professional MUI Pack.
146
Part I:
Deployment
Table 3-5
Upgrade Matrix for Windows XP Professional MUI Pack
International English or MultiLanguage Version of Windows
Windows XP Professional MUI Pack
Microsoft® Windows NT® Workstation version 3.51
Microsoft® Windows NT® Workstation version 4.0
X
Windows 98
X
Microsoft® Windows® Millennium Edition (Me)
X
Windows 2000 Professional
X
Windows 2000 Professional MultiLanguage Version
X
Microsoft® Windows® XP Home Edition
Deploying a Single Global Image
The Windows XP Professional MUI Pack enables a global organization’s IT department to
deploy and maintain a single global desktop image. In this way, your company can create a single build that includes user interface language support for all the languages in which you do
business. The build can also include world-ready applications such as Office XP or Office
2003.
For example, if your company supports user interfaces in English, French, Italian, Spanish,
Japanese, Simplified Chinese, and Traditional Chinese, you can create a single global image
that includes user-interface support for those seven languages. You can also make support for
those languages available for on-demand installation after deployment by using Windows
Installer packages.
Tip
Deploying and maintaining a single global image can significantly improve IT efficiency
and help lower many costs. It enables single-code-base application development and testing,
simplifies releasing hotfixes and service patches, and reduces end-user support calls.
Creating Regional Builds
You can further customize Windows XP Professional deployments by creating specific
regional builds tailored to each office’s multilingual and international needs. For each office
or site, you can create a regional build that specifies the appropriate language version of the
operating system, the default input language, and the standards and formats appropriate to
that region. You can also include the appropriate localized language versions of third-party
applications, such as virus-checking utilities, as well as other specialized drivers and applications required by that office.
For example, you might create the following four unique regional builds for North America:
Chapter 3:
Multilingual Solutions for Global Business
147
■
Two Canadian builds for the Vancouver, B.C., and Montreal offices to deploy the International English version of Windows XP Professional, with English and French (Canada) set as the default input languages, and Canada set as the default for standards and
formats. English is the default input language in Vancouver, and French is the default
input language in Montreal.
■
A U.S. English build so that users in Seattle and other U.S. locations can install the International English version of Windows XP Professional, with English (U.S.) set as the
default input language, and optional support for the East Asian Language Collection,
which includes the font files, font linking, and registry settings needed for Simplified
and Traditional Chinese, Japanese, and Korean language support.
■
A Boston regional build that installs the U.S. English build along with optional support
for the East Asian Language Collection.
The regional build for the Tokyo office, by contrast, might install the Japanese localized language version of Windows XP Professional, as well as the Japanese localized language versions
of virus-checking and accounting applications.
Using the Windows XP Professional MUI Pack, global organizations can also take a hybrid
approach combining a single global core image, which contains the baseline operating system
and applications, with additional regional core images that include localized language applications, settings, and so on. The global IT department develops and maintains the global core;
individual countries/regions are responsible for building and maintaining their own regional
cores. Local offices can also add a third-tier customization core image for custom stationery or
templates, printer drivers, and so on.
Configuring Desktops
Using Windows XP Professional, you can customize desktops to support your company’s specific language and regional needs. You can configure desktops with specific Regional and Language Options, such as a default input language or keyboard layout. You can also configure
the browser to receive localized, regional content, and you can add toolbars and keyboard
shortcuts to simplify switching between input languages.
Windows XP Professional enables administrators to specify the appropriate input language/
keyboard layout combination and standards and formats settings for the default user account
on a computer. All subsequent new user accounts created on that computer inherit the specified defaults; existing user accounts are not affected.
Administrators can specify these default settings through the user interface or by using
answer files. For more information about specifying the default settings through the user
interface, see “Configuring Regional and Language Options” later in this chapter. For more
information about specifying the default settings through the answer files, see “Creating Unattended Installations” and “Using Silent Configurations” later in this chapter.
148
Part I:
Deployment
Configuring Regional and Language Options
You can use the Regional and Language Options settings in Control Panel to configure input
languages for user accounts, and for the MUI Pack, to specify or change the default user interface language or install or remove user interface language packs.
To install the Complex Script and Right-to-Left Collection or East Asian Language
Collection
1. In Control Panel, double-click Regional and Language Options to open it.
2. Click the Languages tab, and then under Supplemental language support, select the
check boxes of the language collections that you want to install.
To change the language for non-Unicode programs
1. Log on as an Administrator.
2. In Control Panel, double-click Regional and Language Options to open it.
3. Click the Advanced tab, and then under Language for non-Unicode programs, select
the language for which the application was developed.
For more information about language collections and languages for non-Unicode programs,
see “New Multilingual Features in Windows XP Professional” earlier in this chapter.
Configuring Regional and Language Support for User Accounts
Some language versions of Windows XP Professional might require installing the Complex
Script and Right-to-Left Language Collection or the East Asian Language Collection, as well as
the appropriate input languages, to properly input and display all characters.
Administrators can specify which input languages are available for user selection at the Windows logon screen, and which are applied to new user accounts, by adding the appropriate
input languages to the default user account.
To add an input language for the current user
1. In Control Panel, double-click Regional and Language Options to open it.
2. Click the Languages tab, and then under Text services and input languages, click
Details.
3. Under Installed services, click Add.
4. In the Input Language box, click the input language that you want to add to enable
users to input text in that language.
This installs the input language with the default keyboard layout/IME listed in the Keyboard layout/IME box.
Chapter 3:
Multilingual Solutions for Global Business
149
To add an alternative keyboard layout/IME for an input language
1. In Control Panel, double-click Regional and Language Options to open it.
2. Click the Languages tab, and then under Text services and input languages, click
Details.
3. Under Installed services, click Add.
4. In the Keyboard layout/IME box, click the alternative keyboard layout or IME that you
want to add to enable users to input text in the specified input language.
To specify the default input language for the current user
1. In Control Panel, double-click Regional and Language Options to open it.
2. Click the Languages tab, and then under Text services and input languages, click
Details.
3. Under Default input language, select the appropriate input language.
To add an input language for the default user account
1. Log on as an Administrator.
2. In Control Panel, double-click Regional and Language Options to open it.
3. Click the Languages tab, and then under Text services and input languages, click
Details.
4. Under Installed services, click Add.
5. In the Input Language box, click the input language that you want to add to enable
users to input text in that language, and then click OK.
If you want to add more than one input language, repeat this step for each language that
you want to add.
6. Click OK or Apply to close the Text services and input languages dialog box.
7. Click the Advanced tab, and then select the Apply all settings to the current user
account and to the default user profile check box.
Configuring the User Interface Language (MUI Pack Only)
The Windows XP MUI Pack allows users to change user interface languages, as long as support for additional user interface languages has been installed and Administrators have not
locked down the desktop by using Group Policy settings.
To change the current user interface language
1. In Control Panel, double-click Regional and Language Options to open it.
2. Click the Languages tab, and then under Language used in menus and dialogs, select
the language that you want to use.
150
Part I:
Deployment
To specify the user interface language for the default user account
1. In Control Panel, double-click Regional and Language Options to open it.
2. Click the Languages tab, and then under Language used in menus and dialogs, select
the language that you want to use.
3. Click the Advanced tab, and then select the Apply all settings to the current user
account and to the default user profile check box.
Configuring Localized Content
You can configure the default location to ensure that a user or group of users receives the
appropriate local content, such as news and weather, from Internet or intranet content providers. You can change the default location without affecting other multilingual settings, such as
the default standards and formats used for currency, sorting, dates, and so on.
The Location setting of the Regional and Language Options Control Panel enables Web content providers to redirect users to more appropriate regional sites when they visit a generic
site. For example, users in the Milan office would want the default location set to Italy to
ensure that they connect to the appropriate servers, content providers, and so on.
To configure localized browser content
1. In Control Panel, double-click Regional and Language Options to open it.
2. Click the Regional Options tab, and then under Location, click the region or location
for which you want customized content.
Simplifying Multiple Language Access on Desktops
Administrators can configure desktops to simplify working in multiple languages. For example, you can add a language toolbar to the desktop or a language icon to the taskbar, making
it easier for users to change between different input languages when they need to compose
documents in multiple languages. You can also enable specific key sequences that let users
quickly change between installed input languages and alternative keyboard layouts/IMEs.
To add the Language bar to the desktop or taskbar
1. In Control Panel, double-click Regional and Language Options to open it.
2. Click the Languages tab, and then under Text services and input languages, click
Details.
3. In the Text Services and Input Languages dialog box, under Preferences, click Language Bar.
4. In the Language Bar Settings dialog box, select the check boxes that correspond to the
language bar and taskbar options you want to enable.
Chapter 3:
Multilingual Solutions for Global Business
151
To enable or change key sequences for switching input languages or keyboard
layouts/IMEs
1. In Control Panel, double-click Regional and Language Options to open it.
2. Click the Languages tab, and then under Text services and input languages, click
Details.
3. In the Text Services and Input Languages dialog box, under Preferences, click Key Settings.
4. In the Advanced Key Settings dialog box, select the options that correspond to the key
sequences and actions you want to use to enable a user to change between installed
input languages or keyboard layouts/IMEs.
If you want to use the On-Screen Keyboard to input text in a different language, change to the
appropriate input language before enabling the On-Screen Keyboard.
To display the On-Screen Keyboard
1. From the Start menu, point to All Programs, point to Accessories, and then point to
Accessibility.
2. Click On-Screen Keyboard.
Entering Special Characters or Code Points
Users can input characters that are not on the keyboard by pressing and holding the ALT key
and then typing the appropriate decimal code value for that character on the numeric keypad.
■
If the first digit typed is 0, the value is recognized as a code point in the current input
language. For example, pressing and holding the ALT key while typing 0163 produces
£, the pound sign (U+00A3 in the format for Unicode encoding), if the default input language is English (U.S.).
■
If the first digit typed is any number from 1 through 9, the value is represented as a
code point in the operating system’s OEM code page. For example, pressing and holding the ALT key while typing 163 produces ú, (U+00FA), if the code page is 437
(MS-DOS Latin US).
For a complete list of OEM code pages and their associated code points for numeric keypad
input, see the Microsoft OEM Code Reference link on the Web Resources page at http://
www.microsoft.com/windows/reskits/webresources.
Controlling Desktops by Using Group Policy Settings
Windows XP Professional enables administrators to automate different users’ Regional and
Language Options, such as the default input language or standards and formats, by using a
Group Policy logon script. When a given user logs on to a computer, the Group Policy logon
script silently calls the Regional and Language Options Control Panel to specify the correct
152
Part I:
Deployment
settings for that user. For more information about using a Group Policy logon script to silently
configure desktop settings, see “Using Silent Configurations” later in this chapter.
The Windows XP Professional MUI Pack allows administrators to use Group Policy settings to
control users’ abilities to change the user interface language. For more information about
Group Policy settings, see Chapter 23, “Connecting Clients to Windows Networks.”
Using Unattended and Silent Installations
Windows XP Professional contains keywords and options that simplify creating unattended
installations of new computers and silent configurations of existing computers. In addition,
when installing and configuring the Windows XP Professional MUI Pack, special considerations must be taken into account.
Creating Unattended Installations
For unattended installations of any language version of Windows XP Professional, you might
need to specify additional options for running Winnt32.exe or Winnt.exe. Also, you must
specify certain keywords and values in your Unattend.txt or Sysprep.inf answer file.
There are also special considerations for performing unattended installations of the Windows
XP MUI Pack.
Options for Running Winnt32.exe or Winnt.exe
If your organization requires the installation of East Asian language and locale support, you
must specify /copysource:lang or /rx:lang to copy the necessary language files. If you do not,
and the [RegionalSettings] section of your answer file contains East Asian values, Setup will
ignore everything in the [RegionalSettings] section.
Note If you install one of the East Asian localized language versions of Windows XP Professional, you do not need to specify the /copysource or /rx parameters because East Asian language and locale support are installed by default.
For Winnt32.exe, the appropriate syntax is:
winnt32.exe /unattend:"path to answer file" /copysource:lang /s:"path to install source"
To run Winnt.exe from a 16-bit, MS-DOS network startup disk, the appropriate syntax is:
winnt.exe /u:"path to answer file" /rx:lang /s:"path to install source"
Chapter 3:
Multilingual Solutions for Global Business
153
Note
For the MUI Pack, you must specify certain options to run Winnt32.exe. You cannot
run Winnt.exe. For more information about specifying options for the MUI Pack, see “Special
Considerations for Installing the Windows XP Professional MUI Pack” later in this chapter.
Defining Language and Regional Settings in the Answer File
For unattended installations of Windows XP Professional, you can customize the following
sections of the answer file to address specific language and other regional needs:
■
[RegionalSettings]
■
[GuiUnattended]
■
[TapiLocation]
Warning
If you are creating an answer file for a localized language version of Windows XP
Professional other than International English, create the answer file using that localized language version. Otherwise, change the language for non-Unicode programs to that of the
localized language version, and save the answer file as ANSI text using the appropriate text
encoding method for the language version that you are installing.
For example, if you are creating an answer file to install the Russian localized language version
on a desktop, use the Russian localized language version of Windows XP Professional to create
the answer file. Otherwise, change the language for non-Unicode programs to Russian and use
the Cyrillic OEM code page to author the answer file.
Specifying [RegionalSettings] options The [RegionalSettings] section of the answer file
specifies multilingual and international settings such as the language collections installed, the
input languages installed, and the language for non-Unicode programs. All the [RegionalSettings] values can be specified in either Unattend.txt or Sysprep.inf.
Warning
Any [RegionalSettings] values specified in Sysprep.inf will override any values set
in Unattend.txt. In addition, if you use Sysprep, all the appropriate additional language files
specified must already be installed on the computer.
The following shows the correct syntax for the [RegionalSettings] section:
[RegionalSettings]
Language="locale ID"
LanguageGroup="language group ID","language group ID" [, ...]
SystemLocale="locale ID"
UserLocale="locale ID"
InputLocale="locale ID:keyboard layout ID", "locale ID:keyboard layout ID", …
UserLocale_DefaultUser="locale ID”
InputLocale_DefaultUser="locale ID:keyboard layout ID", …
154
Part I:
Deployment
Note The Windows XP Professional MUI Pack requires additional considerations to ensure
consistency among language settings for unattended installations. For more information
about creating unattended installations of the MUI Pack, see “Special Considerations for
Installing the Windows XP Professional MUI Pack” later in this chapter.
Table 3-6 describes the [RegionalSettings] keys and identifies the corresponding settings in
the Regional and Language Options Control Panel. For a complete listing of valid values for
these keys, see the Locales and Language link on the Web Resources page at http://
www.microsoft.com/windows/reskits/webresources.
Table 3-6
[RegionalSettings] Keys
Key
Usage
Language
Specifies the language installed. If this
key is specified, the SystemLocale,
UserLocale, and Input Locale keys are
ignored.
LanguageGroup
Regional and Language Options
Control Panel Settings
■
Standards and Formats
■
Input Language
■
Language for Non-Unicode
Programs
Specifies the language groups installed
on the computer. Installing one language group also installs support for
all other language groups in the same
language collection. For example, if
you install the Korean language group
(8), Windows XP Professional installs
support for all other language groups
in the East Asian Language Collection
(for example, Japanese (7), Traditional
Chinese (9), and Simplified Chinese
(10)). For a list of the language groups
installed under each language collection, see “Built-In Language Support”
earlier in this chapter.
Same effect as:
SystemLocale
Enables non-Unicode applications to
run and display menus and dialog boxes in the localized language.
Language for Non-Unicode Programs
UserLocale
Controls settings for sorting numbers,
time, currency, and dates.
Standards and Formats
■
Installing support for Complex Script and Right-toLeft languages
■
Installing support for East
Asian languages
Chapter 3:
Table 3-6
Multilingual Solutions for Global Business
[RegionalSettings] Keys
Regional and Language Options
Control Panel Settings
Key
Usage
InputLocale
Specifies input language and keyboard
layout combinations. The first keyboard layout specified becomes the
system default. Specified combinations
must be supported by one of the languages defined by using either the
LanguageGroup key or the default
language for the language version of
Windows XP Professional being installed. If an available language does
not support the specified combination,
the default combination is used. This
key is ignored if the Language key is
specified.
Input Language(s)
UserLocale_
DefaultUser*
Controls the formats for numbers,
time, currency, and dates for the default user. The specified setting must
be supported by one of the languages
specified using the LanguageGroup
key or the default language for the language version of Windows XP Professional being installed.
Same effect as:
Sets the input language and keyboard layout combinations for the
default user.
Same effect as:
InputLocale_
DefaultUser*
*
155
■
Setting Standards and Formats
■
Selecting Apply all settings
to the current user account
and to the default user
profile check box on the
Advanced tab
■
Specifying Input Languages
■
Selecting Apply all settings
to the current user account
and to the default user profile check box on the Advanced tab
Denotes new keys added in Windows XP Professional
Note If you specify a Language key, the value associated with it overrides all the values
specified in the InputLocale, SystemLocale, and UserLocale keys. Typically, using the Language key is the preferred method for specifying input languages because it prevents the
occurrence of incompatible values in the InputLocale, SystemLocale, and UserLocale keys and
installs locales appropriate for the specified language and locale combinations.
156
Part I:
Deployment
Specifying [GuiUnattended] options You must specify the time zone of the computer by
using the TimeZone key in the [GuiUnattended] section of your answer file. If the TimeZone
key is not present in Unattend.txt, the user is prompted for a time zone during setup.
To preset time zones
■
In your answer file, add the following entry in the [GuiUnattended] section:
[GuiUnattended]
TimeZone="Index"
Index specifies the time zone of the computer. For a list of valid Time Zone indices, see
Ref.chmin Support\Tools\Deploy.cab on the Microsoft® Windows® XP Professional
operating system CD.
Note If you specify OemPreinstall=Yes in the [Unattended] section of your answer file, you
might want to add OemSkipRegional=1 to the [GuiUnattended] section to ensure that setup
does not prompt the user for regional information during GUI-mode setup.
Specifying [TapiLocation] options You can specify dialing rules specific to your country/
region by using the [TapiLocation] section of your answer file. These dialing rules specify the
default country code and area code that a modem uses when dialing the phone. The [TapiLocation] keys described here are supported in both Unattend.txt and Sysprep.inf, and they are
valid only for computers with modems.
To preset telephone dialing rules
■
In your answer file, specify the appropriate values in the [TapiLocation] section:
[TapiLocation]
CountryCode="CountryCode"
AreaCode="AreaCode”
For a complete list of country codes to use for telephony, search on the Internet for “ISO
3166,” or see the International Telecommunication Union link on the Web Resources page at
http://www.microsoft.com/windows/reskits/webresources.
Sample answer file In the following example, an International English language version of
Windows XP Professional is configured with additional support for the East Asian Language
Collection installed. English (U.S.) is the default for both the language for non-Unicode programs (the SystemLocale) and the standards and formats (the UserLocale). Additional input
languages and keyboard layouts are also installed for Japanese, Chinese (Taiwan), Chinese
(People’s Republic of China), Korean, and German. The telephone country code is set to U.S.,
and the area code is 425. The time zone is Redmond (U.S.) Pacific Standard Time.
Chapter 3:
Multilingual Solutions for Global Business
157
[GuiUnattended]
TimeZone="020"
[RegionalSettings]
LanguageGroup="1","7","8","9","10"
SystemLocale="0409"
UserLocale="0409"
InputLocale="0409:00000409","0411:e0010411","0404:00000404","0804:00000804",
"0412:E0010412","0407:00000407"
[TapiLocation]
CountryCode="US"
AreaCode="425"
Special Considerations for Installing the Windows XP Professional
MUI Pack
Unattended setup of the Windows XP Professional MUI Pack is slightly different from that of
the Windows XP Professional International English or localized language versions for the following reasons:
■
Because the Windows XP Professional MUI Pack requires the use of files from several
CD-ROMs, you should carefully review how this affects different deployment methods,
including network installation, creating custom images on multiple CD-ROMs using
SysPrep, or a combination of CD-ROM and network installation.
■
You must specify OemPreinstall=Yes and OemFilesPath="path to install source" in the
[Unattended] section of your answer file to point to the location of the user interface language files. If you are installing the MUI Pack from the default location of \i386\$OEM$,
you do not need to specify an OemFilesPath value.
■
The [Commands] section of Cmdlines.txt must be used to specify the execution of
Muisetup.exe, the program that installs the user interface languages.
Ensuring consistency within [RegionalSettings] The MUI Pack requires special attention
to ensure consistency within the [RegionalSettings] section of the answer file. You must specify the language groups and locales to install to support the appropriate user interface languages and applications.
The other settings that you specify in the [RegionalSettings] section depend on your workstation configurations:
■
For single user systems. Set locales to the same value as the default user interface language (specified when running Muisetup.exe). For example, if German is set as the
default user interface language, specify one of the German locales in the answer file.
■
Set the default user
interface language and the language for non-Unicode programs to English, the administrative language of the MUI Pack. You can set the input language according to individual
For shared workstations and in Terminal Services environments.
158
Part I:
Deployment
preferences or requirements. Or, if specified by using the Language key, restrict the
input language to be the same as the language for non-Unicode programs.
Warning
Install the appropriate language groups to ensure support for both the locales
and the user interface languages specified. For example, if you install the Japanese (Japan) user
interface language, you must also install the East Asian Language Collection to ensure Japanese language and locale support.
The following [RegionalSettings] example installs support for the East Asian Language Collection. English (U.S.) is the default for both the language for non-Unicode programs (the SystemLocale) and standards and formats (the UserLocale). Additional input language and
keyboard layouts are also installed for Japanese, Chinese (Taiwan), Chinese (People’s Republic of China), Korean, and German.
[RegionalSettings]
LanguageGroup="1","7","8","9","10"
SystemLocale="0409"
UserLocale="0409"
InputLocale="0409:00000409","0411:e0010411","0404:00000404","0804:00000804",
"0412:E0010412","0407:00000407"
Specifying [Unattended] options In addition to the [RegionalSettings] options, you must
specify the following settings in the [Unattended] section when installing the MUI Pack:
[Unattended]
OemPreinstall="Yes"
OemFilesPath="path to install source"
The OemFilesPath key points to the installation share that you create to contain the MUI user
interface language files. If you are installing the MUI Pack from the default location of
\i386\$OEM$, you do not need to specify an OemFilesPath value.
Specifying [GuiUnattended] options The [GuiUnattended] section of the answer file lets
you disable the OEM Regional prompt that would otherwise be displayed during setup.
Because you specified OemPreinstall=Yes in the [Unattended] section of your answer file, you
might want to add OemSkipRegional=1 to the [GuiUnattended] section to ensure that setup
does not prompt the user for regional information during GUI-mode setup.
[GuiUnattended]
OemSkipRegional="1"
Set the value to 1 to bypass the user prompt.
Chapter 3:
Multilingual Solutions for Global Business
159
Creating the installation share For unattended installations of the Windows XP Professional MUI Pack, you must copy all the MUI files from CD2 into a temporary directory below
the top-level directory on a network share or CD. In the following example, the computer
name is MUICORE, the share name is $OEM$, and the temporary directory is MUIINST.
\\MUICORE
\$OEM$
\MUIINST
<...all MUI Pack files>
Tip
For CD-based deployments, if the MUI Pack files are located on the CD (and not on a
network share), the user might need to change CDs to complete the installation. This would
require user intervention to change CDs, effectively “breaking” the unattended nature of the
installation.
Installing by using a Cmdlines.txt file For the Windows XP Professional MUI Pack, you
must create a Cmdlines.txt file in the top level of your temporary directory. Cmdlines.txt must
contain a [Commands] section that executes the Muisetup program using the appropriate
parameters and values, using the following syntax:
[Commands]
".\temporary directory name\MUISETUP.exe [/i LangID LangID...] [/d LangID] /r /s"
You must use quotation marks around the command, and the path to Muisetup.exe must
specify the temporary directory you created in the installation source. Table 3-7 describes the
Muisetup parameters.
Table 3-7
Muisetup Parameters
Key
Description
/i
Specifies the user interface language(s) to be installed. Typically, languages are entered
in four-digit hexadecimal LangID values.
/d
Specifies the default user interface language (applied to all new user accounts and used
in places such as the Winlogon screen).
/r
Specifies that the restart message not be displayed.
/s
Specifies that the installation complete message not be displayed.
The following Cmdlines.txt answer file is created in the temporary directory specified by the
OemFilesPath key in your Unattend.txt answer file. (In the example specified earlier, the location is \\MUICORE\$OEM$.) If Unattend.txt does not specify a custom location for OemFilesPath, Cmdlines.txt uses the default location of \i386\$OEM$.
The following specifies that Muisetup install the Japanese (Japan) and German (Germany)
user interface languages, and sets Japanese (Japan) as the default user interface language used
for the Winlogon screen and applied to all new user accounts.
160
Part I:
Deployment
[Commands]
".\MUIINST\MUISETUP.exe /i 0411 0407 /d 0411 /r /s"
Installing Windows Installer user interface language packages You can use Windows
Installer (.msi) packages to install additional MUI user interface language support. To do this,
you must copy the .msi files for those user interface languages to the installation share, and
then invoke Windows Installer in your Cmdlines.txt file to install the user interface languages
on the computer. To install multiple user interface languages, repeat the msiexec invocation,
specifying the appropriate .msi file for each additional user interface language that you want
to install.
In the following example, the German (Germany) user interface language is silently installed
from the German .msi package and the Japanese (Japan) user interface language is silently
installed from the Japanese .msi package.
[Commands]
"msiexec.exe /i 0407.msi /q"
"msiexec.exe /i 0411.msi /q"
For more information about Windows Installer packages and parameters for using the
msiexec.exe command, click the MSDN Library link on the Web Resources page at http:
//www.microsoft.com/windows/reskits/webresources and search for “msiexec”.
Additional parameters for installing Windows Installer packages When installing Windows Installer packages, you can choose whether to set a particular user interface language for
the current user, the default user, or both. You can also specify whether a user language can be
uninstalled by any user. Table 3-8 describes these parameters and how to use them.
Table 3-8
Windows Installer Package Parameters
Parameter=value
Description
currentuser=1
Sets the user interface language being installed as the user interface language
for the current user. If this is not specified, the user interface language will be
installed without changing the current user’s user interface language.
Defaultuser=1
Sets the user interface language being installed as the user interface language
for the default user account, which affects the logon screen and all new user
accounts. If this is not specified, the user interface language will be installed
without changing the default user account’s user interface language.
allusers=1
Specifies that the user interface language is to be installed per computer,
which means that it can be uninstalled by any user of that computer.
In the following example, the German (Germany) and Japanese (Japan) user interface languages are silently installed, and the current user and default user accounts are set to Japanese. In addition, the German .msi package is to be installed per computer, allowing all users
of the computer to remove it.
Chapter 3:
Multilingual Solutions for Global Business
161
[Commands]
"msiexec.exe /i 0407.msi allusers=1 /q"
"msiexec.exe /i 0411.msi defaultuser=1 currentuser=1 /q"
Caution
Use the allusers=1 parameter carefully because it allows any user to remove a user
interface language from a computer—even though that user interface language might be
required by another user of the same computer. If you install a given user interface language
by using the currentuser=1 and/or defaultuser=1 parameters, do not specify the allusers=1
parameter for the same user interface language.
Using Silent Configurations
You might want to change a computer’s Regional and Language Options silently after the initial installation. For example, if your organization locks down the desktop to prevent a group
of users from accessing the Control Panel, you can update that group’s Regional and Language Options by using a Group Policy–applied logon script.
In these situations, you can use Rundll32.exe to call the Regional and Language Options Control Panel with an answer file that specifies the appropriate settings. The syntax for calling
Rundll32.exe from the command line is as follows:
Rundll32 shell32,Control_RunDLL intl.cpl,,/f:"c:\unattend.txt”
The answer file specified in c:\unattend.txt must contain a [RegionalSettings] section that
specifies the appropriate regional and language settings.
Changing Language and Regional Options
The format of the answer file specified in a silent configuration is exactly the same as that used
during setup. This means that all the [RegionalSettings] options can be changed silently after
the initial installation. The following is an example of a silent configuration that:
■
Adds the “German - German” input language for the current user.
■
Adds the “German - Swiss German” input language to the list of input languages for the
default user.
■
Configures the language for non-Unicode programs to German.
[RegionalSettings]
InputLocale="0407:00000407"
InputLocale_DefaultUser="0407:00000807"
SystemLocale="0407"
162
Part I:
Deployment
If you specify multiple input languages for the InputLocale and InputLocale_DefaultUser
keys, the first value specified will be set as the default for that particular user. In the following
example, the InputLocale will set “German - German” as the default input language for the
current user while also making “German - Swiss German” available as an input language.
[RegionalSettings]
InputLocale="0407:00000407", “0407:00000807"
Changing MUI Pack Defaults
The Windows XP Professional MUI Pack contains two new keywords that you can use after
running setup to perform silent configurations. These keywords are intended for silent configuration after setup, when the specified user interface language has already been installed on
the computer. Table 3-9 describes these additional [RegionalSettings] keys. For a complete listing of valid values for these keys, see the Locales and Language link on the Web Resources
page at http://www.microsoft.com/windows/reskits/webresources.
Table 3-9
[RegionalSettings] Keys for Silently Configuring MUI Pack Defaults
Key
Usage
MUILanguage
Sets the user interface language for the current user
MUILanguage_DefaultUser
Sets the user interface language for the default user account, including the logon screen and the user interface language applied
to all new user accounts
Using Windows Installer Packages for On-Demand Installations
(MUI Pack Only)
The Windows XP Professional MUI Pack includes Windows Installer packages that allow
users to install user interface languages on demand. For companies that support one global
image, on-demand installation enables smaller and faster setups and images. If you do
regional builds or CD-based deployments, include on a CD or network share the Windows
Installer package for each specific user interface language your company needs to support.
To enable on-demand installations, you can publish a Windows Installer (.msi) package for
each user interface language that your company supports in Active Directory. The Windows
Installer packages are then listed as additional user interface languages in the appropriate
users’ Add or Remove Programs Control Panel. If you publish the .msi packages with the Maximum UI option, users can choose whether to install and set a specific user interface language
for the current user, the default user, or both. Alternatively, to set the user account settings
automatically, you can publish the .msi packages with the Basic UI option and then apply
transforms to the packages.
Chapter 3:
Multilingual Solutions for Global Business
163
For example, assume that your company supports 12 different languages worldwide. Your IT
department publishes those 12 Windows Installer user interface language packages in the global Active Directory. A clerk in the Boston office, using Windows XP Professional MUI Pack
with English (U.S.) as the default user interface language, can then install Italian and Japanese
user interface language support when it is needed. All that the user needs to do is open the
Add or Remove Programs Control Panel and select the Italian and Japanese user interface language support packages.
For more information about Windows Installer packages and parameters for using the
msiexec.exe command, click the MSDN Library link on the Web Resources page at http://
www.microsoft.com/windows/reskits/webresources and search for “msiexec”.
Supporting Multilingual Applications
In a multilingual environment, it is important to ensure that your existing line-of-business
applications run properly under any language version of Windows XP Professional. Multilingual and international considerations can affect legacy application support, as well as the
development of new applications and the authoring of Web sites for international companies.
When you deploy Windows XP Professional in a global environment, it is important to ensure
that all your current and future applications and Web technologies are compatible with the
language versions that you support.
Supporting World-Ready Applications
All versions of Windows XP Professional are built from a single world-ready source code. This
simplifies supporting multilingual applications because an application developed on any language version of Windows XP Professional following world-ready guidelines runs correctly on
any other language version of Windows XP Professional. For example, a clerk in the Boston
office using the International English language version of Windows XP Professional can run
an application developed in the Tokyo office on a Japanese localized language version of Windows XP Professional, as long as the Boston client computer has installed the East Asian Language Collection (for Simplified and Traditional Chinese, Japanese, and Korean language
support).
Supporting Non-Unicode Applications
In many organizations, legacy line-of-business applications were not developed according to
world-ready guidelines. Older applications might not be Unicode-enabled, relying instead on
the use of a particular code page for character encoding. These non-Unicode applications
might not run correctly if the language of the application does not match the language version
of the operating system (for example, running a non-Unicode, Japanese order-tracking system
164
Part I:
Deployment
on the International English language version of Windows XP Professional). In these situations, one of two problems commonly occurs:
■
The application fails to load.
■
The application loads, but text strings do not display correctly in the application’s user
interface.
In most cases, setting the language for non-Unicode programs of the Windows XP Professional–based computer to match the language in which the application was developed solves
the problem. In the previous example, if the Boston clerk sets the Windows XP Professional–
based computer’s language for non-Unicode programs to Japanese, the strings in the legacy,
non-Unicode, Japanese order-tracking system’s user interface will be correctly displayed in
Kanji.
Note
The language for non-Unicode programs can be set to only one language at a time. If
you need to run non-Unicode applications in a variety of languages, you might want to consider porting the applications to Unicode through the Microsoft Layer for Unicode (MSLU).
The Microsoft Layer for Unicode
Another solution for porting a non-Unicode application to Unicode involves using
the Microsoft® Layer for Unicode™ (MSLU) on computers running Windows 98
and Windows Me. MSLU is easy to integrate into applications and requires little
more than recompiling the application as a Unicode component and including the
MSLU library along with the other libraries used by the program. MSLU is available
and fully documented in the Windows XP Professional Platform SDK, found at http://
msdn.microsoft.com/library/en-us/sdkintro/sdkintro/windows_xp.asp.
Determining the Compatibility of Your Current Applications
Before deploying Windows XP Professional, you need to test your internally developed line-ofbusiness applications, and any third-party applications (such as antivirus tools), under each
language version of Windows XP Professional that your organization supports in order to
determine potential problems with multilingual or international compatibility. For example, if
you intend to deploy the Japanese localized language version of Windows XP Professional as
well as the Simplified Chinese localized language version and the MUI Pack, be sure to test
your existing applications under all three configurations.
It is also important to test applications developed for one language version to see how they
function while emulating the native language under a different language version of the operating system. For example, test any applications developed using the Japanese localized language version of Windows XP Professional (or earlier versions of Microsoft® Windows®) on
Chapter 3:
Multilingual Solutions for Global Business
165
computers running the International English language version of Windows XP Professional,
after making sure that those computers have the East Asian Language Collection installed.
Basic differences in application support and backward compatibility exist between the localized language versions of Windows XP Professional and the Windows XP Professional MUI
Pack. Some 16-bit applications developed on localized language versions run better on those
localized language versions of Windows XP Professional than on the Windows XP Professional MUI Pack. For example, the Japanese language version of Windows 2000 supports
DOS/V applications, and the Korean language version of Windows NT supports HBIOS applications, whereas the Windows XP Professional MUI Pack does not.
To determine whether a specific third-party application (such as an antivirus tool) is certified
as compatible with Windows XP Professional, see the Windows Catalog at http://
www.microsoft.com/windows/catalog.
Developing Multilingual Applications
The Microsoft Global Software Development Web site provides extensive information to help
application developers create products that take full advantage of the multilingual and international compatibility features of Windows XP Professional. For information about how and
what it means to globalize an application, see the Globalization: Step-by-Step link on the Web
Resources page at http://www.microsoft.com/windows/reskits/webresources.
For more information about creating world-ready software, see the Microsoft Global Software
Development link on the Web Resources page at http://www.microsoft.com/windows/reskits/webresources.
Developing Multilingual Web Sites
Developers authoring Web sites in global organizations typically require a first-time site visitor
to select a preferred language, which is then stored in a client-side cookie on the visitor’s computer or as a property in the visitor’s profile. Thereafter, site content always appears in the
user’s specified language.
An alternative approach involves using a script that detects the client computer’s default
browser language, and then serves the appropriate language version of the Web site to the client.
The key to developing a single Web site that can serve multiple language visitors is to properly
structure the following two common language-dependent strings:
■
Product information or other data, such as the product name, description, and price
■
Site information, such as content in navigation bars, banner ads, and search results
166
Part I:
Deployment
Ensuring Compatibility
Multilingual compatibility issues can arise when you use Windows XP Professional with naming of Active Directory objects, with Terminal Services, or in mixed operating system environments. Also, special considerations arise when you use the multilingual versions of Office XP
or Office 2003 and Windows XP Professional together. You will need to be aware of these and
other global compatibility issues as you prepare to deploy Windows XP Professional in a multilingual environment.
Multilingual Compatibility with Active Directory Objects, Clients,
and Domain Controllers
Because Active Directory uses Unicode, there are few multilingual compatibility problems
with Active Directory in any language version of Windows XP Professional. Typically, if Active
Directory objects are named using Unicode characters, and both the Complex Script and
Right-to-Left Language Collection and the East Asian Language Collection are installed, no
problems occur in displaying Active Directory object names that combine different languages
and fonts.
If you use Active Directory in a mixed operating system environment, consider the following
limitations when implementing multilingual features:
■
Active Directory supports a single sort order, which might not be the sort order specified
by the default language version or settings of the server. If you store objects that have
localized names, the returned sort order might not be what you expect.
■
If your Active Directory domain controller uses a different language from that of a client
computer that is a member of the same domain, you can use only the character sets common to both code pages in Active Directory naming conventions. Otherwise, the two
computers might not be able to initialize a trust relationship.
■
If an Active Directory client computer does not have the correct language support and
fonts installed to interpret localized names in a different language used for objects
stored in the directory, the client might not be able to render the names.
For example, if an Active Directory client computer in Boston does not have the East
Asian Language Collection installed, it might not be able to display the Kanji characters
in the Japanese name of an object stored in an Active Directory server in Tokyo.
■
Localized language domain and computer names might not be supported by Windows
98, Windows NT 3.51, and legacy DNS servers because those systems do not support
UTF-8.
For more information about Active Directory, see Chapter 23, “Connecting Clients to Windows Networks.” For more information about authentication, see Chapter 16, “Understanding Logon and Authentication.”
Chapter 3:
Multilingual Solutions for Global Business
167
Using Office XP or Office 2003 and Windows XP Professional
Together
Like Windows XP Professional, the English (U.S.) versions of Office XP and Office 2003 are
built on an international core, meaning that it combines support for different language versions into a single product that you can run worldwide. Also like Windows XP Professional,
Office XP and Office 2003 are available in the International English and other localized language versions, and with the Multilingual User Interface Pack.
When you install Office XP or Office 2003 on a computer running an International English
or localized language version of Windows XP Professional, Office detects and uses the
same default input language that the Windows XP Professional operating system uses.
Office also enables support for scripts created on the Windows XP Professional operating
system configuration.
Localized Versions of Office
Licensing localized versions of Microsoft® Office, such as Microsoft® Office 2003 Spanish Edition, is the best option if you need completely localized functionality and the additional content, such as templates and wizards in Word, that comes with some fully localized versions.
Each localized version includes at least two sets of appropriate proofreading tools for the languages you are likely to use most (for example, the Norwegian version includes Norwegian,
German, and English proofreading tools). To expand that support to more than 30 languages,
you can install the Microsoft® Office 2003 Editions Proofing Tools CD together with any localized version.
Organizations that work in very few languages, or that have completely decentralized IT
departments that work with only the local languages, might choose to use the localized versions of Office.
Office XP and Office 2003 Editions Multilingual User Interface Pack
The Microsoft® Office XP or Office 2003 Editions Multilingual User Interface Pack adds key
multilingual capabilities to those already built into Office by providing localized text for the
user interface, online Help, wizards, and templates for Office programs.
If your company uses many languages, deploys Office 2003 worldwide from a central IT
group, or needs to support workstations shared by many different language speakers, use the
Office 2003 Editions Multilingual User Interface Pack. Windows 2000 Professional and Windows XP Professional are the only operating systems that support all Office 2003 Editions
Multilingual User Interface Pack features.
When you install the Office XP or Office 2003 Editions Multilingual User Interface Pack on a
computer running the Windows XP Professional MUI Pack, Office detects the default user
interface language of the Windows XP Professional MUI Pack and sets that as the default for
168
Part I:
Deployment
all Office programs. For example, if you install the Office XP Multilingual User Interface Pack
on a computer running the Windows XP Professional MUI Pack and the default user interface
language of that computer is set to Spanish, Office XP will also use Spanish as the default user
interface language for Office XP applications.
Troubleshooting
Organizations that support multilingual desktops face unique support issues. Typical problems include characters or fonts that do not display properly, applications that use the wrong
currencies or sorting orders, and compatibility problems with line-of-business and third-party
applications and drivers. This section summarizes how to solve the most common problems
that your Help desk might encounter following a multilingual deployment of Windows XP
Professional.
Tools for Troubleshooting Multilingual Issues
The updated Multilingual Document Consultant in Windows XP Professional Help and Support Center is your first resource for diagnosing and resolving most common problems involving inputting or viewing documents written in multiple languages.
To start the Multilingual Document Consultant
1. In Help and Support Center, in the Search box, type Multilingual Document
Consultant.
2. In the Search Results list, click Multilingual Document Consultant.
Problems Inputting or Displaying Multiple Languages
The following are possible solutions for some of the most common problems that users might
encounter when inputting or viewing characters from multiple languages.
Characters in Complex Script, Right-to-Left, or East Asian Languages Do
Not Display Correctly
If you know that the languages displayed incorrectly are part of the Complex Script and Rightto-Left Collection or the East Asian Language Collection, support for those languages probably has not been installed. Only a user logged on as an Administrator can install this support.
Users might require the Microsoft® Windows® XP Professional operating system CD or access
to a network distribution point to complete this procedure.
Chapter 3:
Multilingual Solutions for Global Business
169
To install the Complex Script and Right-to-Left Collection or East Asian Language
Collection
1. In Control Panel, double-click Regional and Language Options to open it.
2. Click the Languages tab, and then under Supplemental language support, select the
check boxes for the language collections that you want to install.
If you install both the Complex Script and Right-to-Left Language Collection and the East
Asian Language Collection but the document still does not display those characters correctly,
verify that the font being displayed supports multiple character sets. If it does not, change the
font to Tahoma or Microsoft Sans Serif.
Characters from Another Language Appear as Question Marks, Black
Boxes, or Lines
Some applications might not support multiple languages, or the application might have been
developed using a different language version of Windows XP Professional. Try entering characters using another program, such as WordPad, that you know contains multilingual support.
If you know that the application was developed under another language version operating
system or if you are using a 16-bit DOS character-based program, close the application, change
the default input language as appropriate, and then restart the application.
To change the default input language
1. In Control Panel, double-click Regional and Language Options to open it.
2. Click the Languages tab, and then under Text services and input languages, click
Details.
3. Under Default input language, click the input language that you want to use.
If you suspect that the application was not developed using Unicode, you might need to
change the language for non-Unicode programs.
To change the language for non-Unicode programs
1. In Control Panel, double-click Regional and Language Options to open it.
2. Click the Advanced tab, and then under Language for non-Unicode programs, select
the language for which the application was developed.
Finally, if none of these solutions solve the problem, verify that the font being displayed supports multiple character sets. If it does not, change the font to Tahoma or Microsoft Sans Serif.
Characters Typed at the Command Prompt Are Not Correct
The default input language on the computer might require that you use a TrueType font, such
as Tahoma, when typing at the command prompt. If you change to a TrueType font and continue to experience problems, check the mapping of your keyboard layout. Some keyboard
layouts have MS-DOS keyboard mapping that differs from the normal mapping of characters.
170
Part I:
Deployment
To select a TrueType font to use at the command prompt
1. Open a command prompt window, and then on the System Menu, click Properties.
2. Click the Font tab, and then in the Font box, click a TrueType font, such as Lucida Console.
3. In the Apply Properties to Shortcut dialog box, do one of the following:
❑
To use the TrueType font for this session only, click Apply properties to current
window only.
❑
To use the TrueType font as the default for all command prompt windows, click
Modify shortcut that started this window.
Numbers, Currencies, Dates, or Sorting Orders Are Incorrect
Verify that you are using the correct standards and formats settings for your locale, or customize the settings to your preferences.
To change number, currency, time, date, and sort-order settings
1. In Control Panel, double-click Regional and Language Options to open it.
2. Click the Regional Options tab, and then under Standards and Formats, click the
country/region whose standards and formats you want to use. If you want to customize
individual settings, such as how dates are displayed or numbers are sorted, click Customize, and then click the appropriate tabs and options.
Verifying Application Compatibility
If you have a language or regional problem with an application, the language emulation capabilities of Windows XP Professional make it easy for your IT department to verify and test an
application’s multilingual compatibility issues. You can test an application developed on any
other language version of Windows by setting the test computer’s language for non-Unicode
programs to that of the application.
When testing for application compatibility, be sure to do the following:
■
Anywhere that an application accepts user input, verify that any mixture of scripts works
and that automated test cases are passing in randomly generated Unicode strings, not
just as characters from the ANSI character set.
■
For the Windows XP Professional MUI Pack, change the user interface language for one
user and run an application. Check to see whether the user interface language of the
application changes to match the new setting.
Chapter 3:
Multilingual Solutions for Global Business
171
Some common problems you might encounter with applications include:
■
This indicates that the default font
does not contain glyphs for the characters being displayed. The solution is to change the
font to the appropriate language.
■
This indicates that a conversion from
Unicode to ANSI was for a Unicode character that does not exist in the ANSI code page.
The question mark is the default character returned instead. The solution is to change
the language for non-Unicode programs to the native language.
■
Formats and sorting orders are incorrect for the locale.
Square boxes or dots displayed instead of characters.
Question marks displayed instead of characters.
This indicates that the default
standards and formats settings for currency and date formats and for sorting orders
might not be set to the correct language.
For more information about resolving these problems, see “Problems Inputting or Displaying
Multiple Languages” earlier in this chapter.
Additional Resources
These resources contain additional information related to this chapter.
Related Information
■
Chapter 7, “Supporting Mobile Users” for more information about supporting mobile
users
■
Chapter 8, “Configuring Remote Desktop” for more information about configuring
remote desktops
■
Appendix H, “Accessibility Tools” for more information about alternative input devices
and accessibility options
■
The Locales and Language link on the Web Resources page at http:
//www.microsoft.com/windows/reskits/webresources for a list of locale IDs for use in
unattended installations
■
The Configuring and Using International Support of the MultiLanguage Version of Windows Operating Systems link on the Web Resources page at http:
//www.microsoft.com/windows/reskits/webresources
■
The Ask Dr. International link on the Web Resources page at http:
//www.microsoft.com/windows/reskits/webresources for more information about
developing applications for multilingual or international use
172
Part I:
Deployment
■
The Microsoft OEM Code Reference link on the Web Resources page at http:
//www.microsoft.com/windows/reskist/webresources for a complete list of code pages
and their associated code points
■
The Locales and Language link on the Web Resources page at http:
//www.microsoft.com/windows/reskits/webresources for a complete list of the localized language versions of Windows XP Professional
■
The Global Software Development List of Locale IDs and Language Groups link on the
Web Resources page at http://www.microsoft.com/windows/reskits/webresources for
tables listing Windows XP Professional language collections and locales
■
The International Telecommunication Union link on the Web Resources page at http:
//www.microsoft.com/windows/reskits/webresources for a complete list of country
and region codes to use for telephony
■
The MSDN Library link on the Web Resources page at http://www.microsoft.com
/windows/reskits/webresources for more information about Windows Installer packages and parameters for using the msiexec.exe command (Search for “msiexec”)
■
The Globalization: Step-by-Step link on the Web Resources page at http:
//www.microsoft.com/windows/reskits/webresources for information about how and
what it means to globalize an application
■
The Microsoft Global Software Development link on the Web Resources page at http:
//www.microsoft.com/windows/reskits/webresources for more information about creating world-ready software
■
“Unicode Control Characters” in Windows XP Professional Help and Support Center
■
The Windows Catalog at http://www.microsoft.com/windows/catalog for more information about third-party software applications that are certified as compatible with
Windows XP Professional
Chapter 4
Supporting Installations
In addition to running Setup, you might need additional tools to aid your Microsoft® Windows® XP Professional deployment. The following discussion describes the setup process,
optional Windows Support Tools, service pack and software update deployment, and troubleshooting tips for issues that you might encounter during setup.
In this chapter:
The Setup Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .173
Support Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .176
Installing Service Packs and Other Software Updates . . . . . . . . . . . . . . . . . . . . . . .178
Uninstalling a Service Pack or Other Software Update . . . . . . . . . . . . . . . . . . . . . .195
Troubleshooting Windows XP Professional Setup. . . . . . . . . . . . . . . . . . . . . . . . . .196
Additional Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .198
Related Information
■
For more information about troubleshooting Windows XP Professional, see Chapter 27,
“Understanding Troubleshooting.”
■
For more information about automating and customizing Windows XP Professional
installations, see Chapter 2, “Automating and Customizing Installations.”
■
For more information about Plug and Play and ACPI, see Chapter 9, “Managing
Devices.”
The Setup Process
Windows XP Professional includes Dynamic Update and Uninstall, two new Setup features.
The following discussion describes these features and what occurs during a new installation
before and after each restart. During a nonscripted installation, Setup restarts your computer
three times.
New Setup Features
Windows XP Professional includes new features that enhance the setup process.
173
174
Part I:
Deployment
Dynamic Update
Using Dynamic Update, a process that occurs during setup, the computer connects to the
Microsoft® Windows Update Web site and searches for the following:
■
Updated Windows XP Professional installation files
■
Device driver files not included or updated on the Windows XP Professional operating
system CD
Dynamic Update downloads the installation and device driver files to your computer and
incorporates them into the setup process. To initiate Dynamic Update, the computer you are
upgrading must have the following:
■
Internet connection capability
■
Microsoft® Internet Explorer 4.0 or later installed
For more information about Dynamic Update, see Chapter 2, “Automating and Customizing
Installations.”
Note
If you install Windows XP Professional by using the CD-ROM boot method, Dynamic
Update is not used.
Uninstall
If your hardware or software does not function as expected after installing Windows XP Professional, you can use Uninstall to restore your computer to its previous operating system
with little interruption. Uninstall removes all setup files from your computer and restores
your previous operating system. Uninstall is available if you upgrade to Windows XP Professional from any of the following operating systems:
■
Microsoft® Windows® 98
■
Microsoft® Windows® 98, Second Edition (SE)
■
Microsoft® Windows® Millennium Edition (Me)
The following are factors to consider when using the Uninstall feature:
■
Setup requires about 300 megabytes (MB) of additional space to save the information it
needs to be able to uninstall. Setup notifies you if your disk space is insufficient for saving the backup information.
■
Thirty days after you complete Setup, the Disk Cleanup Wizard asks whether you want
to remove the Uninstall file from your computer.
Chapter 4:
Supporting Installations
175
■
Before removing Windows XP Professional from your computer, back up all your
important data. For information about using Backup (NTBackup.exe), see Chapter 14,
“Backing Up and Restoring Data.”
■
If you install an application on your computer after you have upgraded to Windows XP
Professional and then decide to remove Windows XP Professional from your computer,
you must reinstall the application after restoring the previous operating system.
Warning
If you convert a volume to NTFS or to dynamic disk, or if you create or delete any
volume, you can no longer use the Uninstall feature.
Running Setup
During an upgrade to Windows XP Professional, the following processes occur before and
after each of three restarts.
Before the first restart
As it begins the installation, Setup does the following:
■
Collects information about your computer, such as whether you want to accept your
license agreement or enter your product key. You can also specify installation options,
including whether you want to perform an upgrade or a clean installation.
■
Runs Dynamic Update.
■
Checks disk space, and builds a list of backup files to support Uninstall.
To cancel Setup at this point, click Cancel when prompted or close the Setup dialog box. Your
computer’s previous operating system and settings return immediately.
After the first restart
Setup runs in Text mode and does the following:
■
Provides an option to repair your existing installation.
■
Provides an option to specify a partition in which to install Windows XP Professional.
Setup can also format partitions.
■
Copies files to the installation folder on your hard disk.
To cancel Setup and uninstall Windows XP Professional at this point, restart your computer,
and then choose Cancel Windows XP Professional Setup instead of Microsoft® Windows
XP Professional Setup on the menu that appears after your computer restarts.
Your computer’s previous operating system and settings are restored.
176
Part I:
Deployment
After the second restart
following:
Setup runs in graphical user interface (GUI) mode and does the
■
Installs devices.
■
Sets system locale and customizes your keyboard.
■
Prompts you to specify your name, organization, computer name, and administrator
password.
■
Installs networking components, including Client for Microsoft Networks, File and
Print Sharing for Microsoft Networks, and the TCP/IP protocol with automatic addressing. Setup also determines whether your computer uses automatic IP addressing or a
DHCP server to connect to the Internet, and then installs the appropriate components.
■
Prompts you to join a workgroup or domain.
■
Performs the basic operating system configuration.
■
Installs Start menu items.
■
Updates the backup file list and prepares the restore environment to support Uninstall.
■
Registers components and then saves and backs up the registry.
■
Removes temporary files used during setup.
To cancel Setup and uninstall Windows XP Professional at this point, choose Cancel Windows XP Professional Setup instead of Microsoft Windows XP Professional Setup on the
menu that appears after your computer restarts.
Your computer’s previous operating system and settings are restored.
After the third restart Setup has completed the installation process, and you can log on and
start using Windows XP Professional. To remove Windows XP Professional after the setup
process is complete, in Control Panel, double-click Add or Remove Programs, and then
select Uninstall Windows XP Professional. Your computer’s previous operating system and
settings are restored.
Warning
If you convert a volume to NTFS or to a dynamic disk, or if you create or delete
any volume, you can no longer use the Uninstall feature.
Support Tools
Windows Support Tools help you deploy Windows XP Professional, manage your network,
and troubleshoot problems. You can find Windows Support Tools in the \Support\Tools
folder on your operating system CD. The folder also includes two cabinet files, Deploy.cab and
Support.cab, which contain numerous tools in compressed form. For information about
Chapter 4:
Supporting Installations
177
installing Support Tools, including how to extract tools within Deploy.cab and Support.cab,
see Readme.htm in the \Support\Tools folder.
Table 4-1 lists some of the key deployment tools that are in the \Support\Tools folder.
Table 4-1
Support Tools That Aid in Deployment
Name
File Name
Description
Application
Compatibility
Toolkit
Act20.exe
The Application Compatibility Toolkit for Windows XP contains tools and documents to help you diagnose and resolve application compatibility issues. Some of the tools in
the Toolkit include:
■
Compatibility Administration Tool, which provides
an interface for working with compatibility data and
features on Windows XP computers
■
Application Verifier Tool, which is designed to help
developers identify compatibility and stability issues
in their applications
■
QfixApp, which provides a quick way of testing applications that have any of the common compatibility fixes provided in the Windows XP operating
system
■
PageHeap, which helps developers find heap-related
bugs, corruptions, and leaks in applications
Setup Manager
Setupmgr.exe
A wizard-based tool that helps you create unattended answer files. Setup Manager also creates a network distribution share, required for unattended and Sysprep
deployments.
System
Preparation Tool
(Sysprep) 2.0
Sysprep.exe
A utility that prepares a system on a hard disk for duplication (cloning) and customization. It does not actually perform the duplication of the reference image onto
destination computers (third-party utilities are required for
this purpose), but ensures that the security identifiers (SIDs)
are unique for each installation. In addition, Sysprep can
help you customize duplicated images by adding computer-specific information such as user name, computer name,
time zone, and domain membership.
Deploy.chm
Deploy.chm
A Help file that contains information about using Setup
Manager, Sysprep, and command-line tools such as
Winnt32.exe and Winnt.exe. Deploy.chm and Ref.chm together replace Unattend.doc, the answer file reference for
previous Microsoft® Windows® NT–based operating systems. For more information about using answer files and
automated installations, see Chapter 2, “Automating and
Customizing Installations.”
178
Part I:
Deployment
Table 4-1
Support Tools That Aid in Deployment
Name
File Name
Description
Ref.chm
Ref.chm
A Help file that contains a complete reference to section
headers and keys that can be used in answer files such as
unattend.txt and sysprep.inf. Deploy.chm and Ref.chm together replace Unattend.doc, the answer file reference for
previous Microsoft® Windows® NT–based operating systems. For more information about using answer files and
automated installations, see Chapter 2, “Automating and
Customizing Installations.”
Note Updated versions of the System Preparation Tool (sysprep.exe) and the Sysprep.inf file
have been included in Windows XP Service Pack 2. In addition, the Help files in the Deploy.cab
file have been updated to cover Service Pack 2. Finally, new versions of several of the Support
Tools are included in Service Pack 2. Corporate administrators can download the updated
Deployment Tools (Deploy.cab) by searching the Microsoft Download Center (http:
//www.microsoft.com/downloads) for “Windows XP Service Pack 2 Deployment Tools”, and
they can download the updated Support Tools (Support.cab) by searching the Download Center for “Windows XP Service Pack Support Tools”. For more information, see articles 838079
and 838080 in the Knowledge Base at http://support.microsoft.com.
Installing Service Packs and Other Software Updates
A service pack is a collection of updates pertaining to an operating system. These updates
might address operating system reliability, application compatibility, setup, and security
issues. The term software update generally refers to any critical update, security update, hotfix,
rollup, or service pack that can be applied to the operating system to improve or fix a software
product released by Microsoft. The term update is used to describe a released fix for a specific
problem; it refers to noncritical, nonsecurity-related updates. For a description of the terminology used to describe Microsoft software updates, see the Knowledge Base article 824684 at
http://support.microsoft.com/?kbid=824684.
Typically, Microsoft packages service packs and other software updates with a setup program
that installs updates to your computer. The service pack or software update setup program copies files and updates settings automatically if your operating system configuration meets requirements specific to the service pack or software update. Typically, you restart your computer after
installing a service pack or software update before the updates to your computer take effect.
Warning
While critical updates and security updates should generally be applied immediately to all systems (after testing in a suitable environment), you should apply a software
update only if directed to do so by a Microsoft Knowledge Base article that describes your
problem exactly or under the direction of your support representative. For information about
the Microsoft Knowledge Base, see the Microsoft Knowledge Base link on the Web Resources
page at http://www.microsoft.com/windows/reskits/webresources.
Chapter 4:
Supporting Installations
179
Service Pack and Software Update Setup Programs
Check the documentation that comes with your service pack or software update for the specific
name of the setup program. You can usually run service pack or update setup programs from
the command prompt. In addition, you can customize your installation by using parameters.
Service Pack Setup Program Naming Convention
In this section, ServicePack.exe refers to generic service pack self-extracting packages used for
performing network installations by corporate administrators. This generic ServicePack.exe
file is a self-extracting cabinet file that can be obtained from the Microsoft Download Center
(http://www.microsoft.com/downloads) or from Windows Update (http://windowsupdate.microsoft.com), and it contains all the files required to install the service pack on a computer running Windows XP, including updated system files, other binary files, .inf files, .cab
files, and the Update.exe setup program that starts the service pack installation process. The
generic name ServicePack.exe is used because the actual naming convention used for service
pack files can vary. For example, the U.S. English version of the Windows XP Service Pack 1a
self-extracting package was named xpsp1a_en_x86.exe, while the package for Service Pack 2
is named WindowsXP-KB835935-SP2-ENU.exe, where KB 835935 is the Knowledge Base article containing the release notes for SP2.
Table 4-2 lists the different command-line switches available when running both ServicePack.exe and Update.exe from the command line (as far as Microsoft® Windows® XP Service
Pack 2 is concerned). Before using these switches, check your service pack documentation for
any changes if you are deploying a more recent service pack than SP2. For more information,
see KB 262841, “Command-Line switches for Windows software update packages” (http://
support.microsoft.com/default.aspx?scid=kb;EN-US;262841). Note that you can prefix
switches with either a dash (for example, -passive) or a slash (for example, /passive) when
using them.
Table 4-2
Command-Line Switches for Service Pack Setup Programs
Command-Line Switch
Description
-u or -passive
Run an unattended installation of the service pack. No user interaction
is required, but a progress bar is displayed during installation. If a critical error occurs during installation, the user will be prompted to respond.
-f or -forcerestart
Force other applications to close at shutdown. After installing the service pack files and before restarting the computer, this switch closes
all applications. This option cannot be used with the -integrate, -l, -n
or -z options.
-n
Do not back up files for Uninstall. In a typical service pack installation,
files necessary for uninstalling the service pack are saved to your hard
drive. If you use this switch, you cannot uninstall the service pack. This
option cannot be used with the -integrate or -l options.
180
Part I:
Deployment
Table 4-2
Command-Line Switches for Service Pack Setup Programs
Command-Line Switch
Description
-o
Overwrite OEM-supplied files, such as device drivers, without prompting. If you use the -q or -u switches and have OEM-supplied miniport
drivers or HAL, you must use the -o switch to ensure these files are
properly updated.
-z or -norestart
Do not restart the computer when the installation completes. This option cannot be used with the -integrate or -l options.
-q or -quiet
Quiet mode—no user interaction required.
-l
Display installed Windows updates, critical updates, and security updates. This switch cannot be used with any other command-line
switches.
-uninstall
Uninstalls the service pack.
-integrate:path
Integrated Installation mode—combines the service pack with the
Windows XP installation files in a shared distribution folder so that you
can perform an integrated installation.
-extract: path or
-x:path
Extracts the service pack files to the specified folder without running
Update.exe. If you don’t specify a path, you are prompted to provide
one. This option is available only for ServicePack.exe.
-d: path
Back up the files for removing the service pack into the folder specified.
For more information on installing service packs on Windows XP, see the “Guide for Installing
and Deploying Microsoft® Windows® XP Service Pack 2” on Microsoft TechNet at http://
www.microsoft.com/technet/prodtechnol/winxppro/deploy/spdeploy.mspx. If you are installing a more recent service pack, see the appropriate documentation on Microsoft TechNet.
Windows XP Software Update Setup Program Naming Convention
For the remainder of this section, SoftwareUpdate.exe generically refers to the setup program
for any software update, including critical updates, security updates, rollups, and hotfixes.
Since Windows XP Service Pack 2 was released, software update setup programs for Windows
XP now follow this naming convention:
WindowsXP-KB######-ZZZ-LLL.exe
In the preceding naming convention, the variables have the following meanings:
■
###### is the six-digit Microsoft® Knowledge Base article number (for example,
123456) for the article in which the software update is described.
■
ZZZ is the hardware platform (either x86 or ia64).
■
LLL is the language (for example, ENU for U.S. English).
To find an article in the Microsoft Knowledge Base, click the Microsoft Knowledge Base link
on the Web Resources page at http://www.microsoft.com/windows/reskits/webresources.
Administrators can download critical updates, security updates, and other updates from the
Chapter 4:
Supporting Installations
181
Windows Update Catalog on Windows Update (http://windowsupdate.microsoft.com), and
they can contact Microsoft Product Support Services (PSS) to obtain hotfixes for specific problems identified in Microsoft Knowledge Base articles. Note that hotfixes released by Microsoft
PSS might still follow the following older naming convention:
Q######_XXX_YYY_ZZZ_LLL.exe
In the preceding naming convention, the variables have the following meanings:
■
Q###### is the Microsoft® Knowledge Base article number (for example, 123456).
■
XXX is the platform or operating system (WXP for Windows XP).
■
YYY is the service pack level (for example, SP2 for a hotfix that will be rolled into Service
Pack 2).
■
ZZZ is the hardware platform (either x86 or ia64).
■
LLL is the language (for example, ENU for U.S. English).
Table 4-3 lists command-line switches that you can use with SoftwareUpdate.exe to customize
your software update installation. Before using these switches, check the documentation for
the software update in the appropriate Knowledge Base article for any changes. For more
information on these switches, see KB 262841, “Command-Line switches for Windows software update packages” (http://support.microsoft.com/default.aspx?scid=kb;EN-US;262841).
Note that you can prefix switches with either a dash (for example, -q) or a slash (for example,
/q) when using them. Note also that some updates might not support the longer, more
descriptive swiches, such as -quiet instead of -q and so on.
Table 4-3
Command-Line Switches for Software Update Setup Programs
Command-Line Switch
Description
-f or -forcerestart
Force other applications to close at shutdown. After installing the software update files and before restarting the computer, this switch closes
all applications.
-n
Do not back up files for Uninstall. In a typical software update installation, files necessary for uninstalling the software update are saved to
your hard drive. If you use this switch, you cannot uninstall the software
update.
-z or -norestart
Do not restart the computer when the installation completes.
-q or -quiet
Quiet mode—no user interaction required.
-u or -passive
Unattended mode. Use this switch to run an unattended installation of
the software update.
-l
List installed software updates. This is useful to check for compatibility
with the requirements of your software update.
-uninstall
Uninstall the software update (which can be used with -m or -q).
-integrate:path
Integrates the software update into the specified path where the Windows XP source files reside.
182
Part I:
Deployment
If your service pack version is newer than the software update you are installing, the installation stops and silently exits if you included the -m or -q parameters. If you did not use these
switches, an error message appears, stating that the version is incorrect. In addition, if the language version of the software update does not match the operating system’s language, Setup
is always interrupted. If no version conflict exists, Setup installs the software update without
user intervention.
For more information on installing software updates on Windows XP, see “The Guide for
Installing and Deploying Updates for Microsoft® Windows® XP Service Pack 2” (formerly
known as “Hotfix Deployment and Installation Guide”) on Microsoft TechNet at http://
www.microsoft.com/technet/prodtechnol/winxppro/deploy/hfdeploy.mspx. If you are
installing a software update for a more recent service pack than SP2, see the appropriate documentation on Microsoft TechNet.
Planning the Deployment
To successfully deploy your service pack, prepare for the deployment. Assess the updates and
enhancements contained in your service pack, and determine how they will affect your organization. Also, you might want to perform other steps when planning the deployment, including these important tasks:
■
Choose an installation method.
■
Choose deployment tools and files.
■
Check space requirements.
■
Test the deployment in your environment.
Choosing an installation method Depending on a number of factors, including the homogeneity of operating systems your computers are running and your company’s security policies, you can choose one of the following methods to install your service pack:
■
The update installation is the standard method originally used to install Windows NT–
based service packs. Using this method, you install your service pack on top of your
existing operating system.
■
The integrated installation method was first introduced with Windows 2000 Service Pack
1. Using this method, you simultaneously install the operating system together with
your service pack.
■
The combination installation was also first introduced in Windows 2000 Service Pack 1.
Using this method, you install your service pack with software updates, other components, or third-party applications by using a combination of the update and integrated
installation methods.
Chapter 4:
Supporting Installations
183
For more information about applying these installations and scenarios that might relate to
your deployment, see “Update Installation,” “Integrated Installation,” and “Combination
Installation” later in this chapter.
Choosing deployment tools and files After you select your installation method and one of
the associated scenarios for your installation, review the scenario to determine whether you
might need one or more of the following deployment tools and files:
Systems Management Server Microsoft® Systems Management Server (SMS) provides a
variety of tools to help you deploy service packs. Using the SMS version 2.0 or later software
distribution feature, you can simultaneously upgrade all the SMS client computers in your site
with your service pack. You can allow your users to run the service pack installation whenever
they like, or you can schedule the service pack installation to run at a specific time. You can
also schedule it to run on SMS client computers at a time when no users are logged on to the
network.
Note SMS provides tools for upgrading your current computers, but not for the installation
of new computers that do not have an operating system already installed.
Setup Manager Setup Manager (Setupmgr.exe) is a wizard-based tool that can help you create or update the Unattend.txt answer file, the Cmdlines.txt file, and the network distribution
share (a requirement if you want to include drivers or files from the network in your service
pack installation). Setup Manager is available in the Deploy.cab file in the \Support\Tools
folder on your Windows XP Professional operating system CD. For more information about
Setup Manager, see “Support Tools” earlier in this chapter.
The Unattend.txt answer file identifies how Windows XP Professional Setup interacts with the
distribution folders and files you create, and it supplies information about your pre-installation requirements. The answer file also supplies Setup with all the information that the end
user is prompted to provide during a typical Windows XP Professional installation. For example, Unattend.txt contains a “FullName” entry in the [UserData] section, which prompts the
user to provide a full name. You can create or modify the Unattend.txt answer file by using a
text editor or Setup Manager. For a complete list of section headers and keys that you can use
in your answer file, see Ref.chm in the \Support\Tools\Deploy.cab folder on your Windows
XP Professional operating system CD.
The Cmdlines.txt file contains a list of the commands that run during Windows XP Professional GUI–mode setup. For example, these commands can run an application setup command or another executable file. You can create the Cmdlines.txt file by using a text editor or
Setup Manager.
184
Part I:
Deployment
Additional Windows XP Professional deployment and pre-installation tools For more information about tools to use when deploying a service pack or other software update, see “Support Tools” earlier in this chapter.
Checking space requirements A service pack requires a certain amount of space on your
computer’s hard drive for installation, storage, and to uninstall. Check your service pack documentation for space requirements, and then remember to reserve space for the Uninstall file
if you want to remove the service pack later.
Testing the deployment in your environment Testing a service pack in your environment
can include the following steps:
1. Use a cross section of the types of computers deployed in your environment that will
receive the service pack. Test computers that have a typical sample of software and hardware devices used in your organization.
2. Install your service pack on each of these computers in the same way that you expect to
install it in your environment:
❑
Update existing Windows XP Professional–based computers to the service pack.
❑
Upgrade existing computers that are running Windows 98, Windows 98 Second
Edition (SE), Windows Millennium Edition (Me), Microsoft® Windows® NT®
Workstation 4.0, and Microsoft® Windows® 2000 Professional to Windows XP
Professional integrated with the service pack.
❑
Install Windows XP Professional integrated with the service pack on computers
with no existing operating system (that is, a clean installation).
3. Verify that the applications and hardware continue to work as expected for the various
scenarios.
Update Installation
During an update installation, a service pack is applied to a computer that is already running
Windows XP Professional. The ServicePack.exe program automatically installs the updated
system files and makes the necessary registry changes. After the computer restarts, the installation is completed and the operating system is running with an updated file set.
A number of methods for creating the update installation are supported since the release of
Windows 2000 Service Pack 1. These include manually running the ServicePack.exe program
or running a script that starts the ServicePack.exe program. You can use a combination of
installation parameters whether you run ServicePack.exe manually or by using a script. Or
you can use SMS to install a service pack. Also supported are a variety of distribution media,
including CD-ROM, network distribution share, Web download, and Microsoft® Windows
Chapter 4:
Supporting Installations
185
Installer. Table 4-4 lists the advantages and disadvantages of using ServicePack.exe versus
using SMS.
Table 4-4
Comparison of Methods for Performing an Update Installation
Method
Advantages
Disadvantages
ServicePack.exe
Parameters are available to customize your
installation.
You cannot set the installation to start and end at a
specific time.
Can be scripted to automate the installation.
You do not need to purchase additional
software to install the service pack on your
computers.
SMS
Installation is automated.
Can be scheduled to start and stop the installation automatically (for example, at
night when employees do not need their
computers).
You must purchase SMS
separately.
For more information about using Systems Management Server, see your SMS product documentation.
Tip Another method for deploying service packs and software updates is to use the Software
Installation and Maintenance feature of Group Policy. By assigning service packs or software
updates to a Group Policy Object (GPO) linked to an organizational unit (OU), you can automatically install the updates on computers in that OU at the next restart. For more information
on this approach, see the “Guide for Installing and Deploying Microsoft® Windows® XP Service Pack 2” on Microsoft TechNet at http://www.microsoft.com/technet/prodtechnol
/winxppro/deploy/spdeploy.mspx. If you are installing a more recent service pack, see the
appropriate documentation on Microsoft TechNet.
Performing an Update Installation
The update installation scenarios described in this section include procedures you can use to
meet your installation requirements. These scenarios focus on the network distribution share,
the distribution media most commonly used by IT professionals. For the procedures in the
following scenarios, drive E is a mapped network share or a local hard disk and drive D is the
CD-ROM drive.
■
Scenario 1: Installing a service pack manually or by using a script
■
Scenario 2: Installing a service pack by using SMS
■
Scenario 3: Installing a software update
186
Part I:
Deployment
Scenario 1: Installing a service pack manually or by using a script You can use a script
or manually install a service pack on Windows XP Professional–based computers from a network distribution share.
To install a service pack manually
1. Connect to the network or computer on which you want to create the distribution
folder.
2. On the network distribution share, create a distribution folder for the service pack. For
example, to create a distribution folder named SP, type mkdir E:\SP.
3. Copy the contents of your service pack onto the network distribution share.
4. To install the service pack, connect to the network distribution share and run ServicePack.exe. For example, to install the service pack from a distribution folder named SP,
type E:\SP\ServicePack.exe.
Note
When running ServicePack.exe by using a script or batch file, include the following in
your script: ServicePack.exe -u -q. This installs the service pack in Unattended mode, with no
user interaction. For more information about the switches you can use with ServicePack.exe,
see Table 4-2 earlier in this chapter.
Scenario 2: Installing the service pack by using SMS You can install a service pack on
Windows XP Professional–based SMS client computers from a network distribution share by
using SMS.
Warning
SMS 2.0 Service Pack 4 or later or SMS 2003 is required to support Windows XP
Professional Service Pack 2 installations.
To use SMS to install a service pack
1. Create the SMS package by importing the package definition file for your service pack.
In the package, provide the path to the service pack source files.
2. Distribute the SMS package to the distribution points.
3. Create the advertisement to notify SMS clients about the service pack.
To use SMS for an update installation, you must have an understanding of SMS as well as a
working knowledge of software distribution. Also, your SMS infrastructure must be in place
before you deploy the service pack. For more information about SMS, see your SMS product
documentation.
Chapter 4:
Supporting Installations
187
Creating the SMS package When using SMS to distribute software, first create the SMS
package, which contains the files and instructions that direct the software distribution process. When you create the SMS package, you specify the location of the package source files
(where SMS obtains the files) and the package definition file (.pdf) for distributing the service
pack.
A package definition file is a specially formatted file that contains all the information necessary to create the SMS package. If you import this file, SMS immediately creates the package.
After you use a package definition file to create a package, you can modify it the way you
would any other SMS package.
Each predefined SMS package also contains SMS programs, which are command-line executables that run on each targeted computer to control the execution of the package. Each program is a different combination of options that you create for installing the package. For
example, the package definition for the service pack includes programs that install the service
pack with or without user input. These SMS programs must be compatible with the installation files for the package.
To create an SMS package
1. Connect to the network or computer on which you want to place the source files.
2. On the network or computer, create a source files directory for the service pack. For
example, to create a source files directory named SP, type mkdir E:\SP.
3. Copy the service pack executable files to the source files directory that you created in
step 2. For example, to copy the service pack executable files from a service pack CD in
the CD-ROM drive (D) to the source files directory named SP, type xcopy D:\ E:\SP /e.
4. In the SMS Administrator console, select Packages.
5. On the Action menu, point to New, and then click Package from Definition.
6. On the Welcome page, click Next.
7. Click Browse from the package definition list, and then navigate to the folder where the
package definition file for the service pack was created. When you find the package definition file, click it to import the service pack package definition file, and then click
Next.
8. On the Source Files page, click Always obtain files from a source directory, and then
click Next.
9. In the Source directory box, enter the path to the package source files. (See step 3.)
10. Click Next, and then click Finish.
11. Select Programs.
12. In the details pane, double-click the service pack program.
188
Part I:
Deployment
13. In the Program Properties property sheet, on the General tab, verify that the predefined Command line is the correct setup command for your needs.
14. Click the Requirements, Environment, and Advanced tabs to check and modify the
options that control the execution of your program. For more information about the
options on these tabs, see your SMS product documentation.
15. Click OK.
Warning If you download your service pack from the Microsoft Windows Service Pack Web
site, you must extract the compressed program file before you can copy it to the source files
directory. Check the documentation included with your service pack for information about
extracting the compressed program files.
Distributing the SMS package to the distribution points After you create the SMS package
for the service pack, you can distribute the package to your distribution points. Distribution
points are shares on site systems where SMS copies the package source files for access by the
client computers.
To distribute an SMS package to distribution points
1. In the SMS Administrator console, select Packages, select the SMS package that you
created for the service pack, and then select Distribution Points.
2. On the Action menu, point to New, and then click Distribution Points.
3. In the New Distribution Points Wizard, click Next, and then select the distribution
points you want to use.
All the distribution points for all sites are listed, so you can select all the distribution
points now.
4. Click Finish.
The package is immediately distributed to the selected distribution points.
Note
Your distribution points must have sufficient disk space for the SMS package. For
instructions about how to check the disk space for distribution points from the SMS Administrator console, see your SMS product documentation.
Creating the SMS advertisement After you distribute the SMS package to the distribution
points, you can create the advertisement that offers the package to the SMS clients.
To create an advertisement
1. Create a collection of SMS clients to receive the installation program. You can base the
collection on a query or direct membership rules. For more information about creating
Chapter 4:
Supporting Installations
189
a collection, see your SMS product documentation.
2. Right-click the collection that will receive the program, and then click All Tasks/Distribute Software.
3. In the Distribute Software Wizard, click Next.
4. Click Distribute an existing package, click the SMS package for the service pack, and
then click Next.
5. In the Distribution Points dialog box, make sure the desired distribution points are
selected, and then click Next.
6. In the Advertise a Program dialog box, click Yes. Advertise a program, click the program you want to advertise, and then click Next.
7. In the Advertisement Target dialog box, confirm that the collection of clients selected
in step 2 is listed, and then click Next. If this collection is not listed, click Browse to find
the collection you want.
8. In the Advertisement Name dialog box, fill in the advertisement name if appropriate,
and then click Next.
9. Specify any subgroups that should also receive this advertisement, and then click Next.
10. Confirm or change the time the advertisement is offered and specify whether the advertisement should expire and when.
11. On the Assign Program page, click Yes to assign the program.
12. Click Next, and then click Finish.
SMS clients refresh the list of advertised programs on a configurable polling interval, set to 60
minutes by default. After the service pack advertisement is received on a client, it is either displayed for selection by users in the Advertised Program Wizard in Control Panel, or, if
assigned (mandatory), runs according to the specified schedule.
Scenario 3: Installing a software update You can install a software update on Windows
2000–based and Windows XP Professional–based computers from a network distribution
share.
Running a software update setup program The following procedure describes how to install
a software update by running the WindowsXP-KB######-x86-LLL.exe program.
To install a software update
1. Connect to the network or computer on which you want to create the distribution
folder.
2. On the network distribution share, create a distribution folder for the software update
files. For example, to create a distribution folder named Updates, type:
mkdir E:\Updates
190
Part I:
Deployment
3. Copy the software update executable file to the distribution folder that you created in
step 2. For example, to copy the software update executable file to the distribution
folder named Updates, type:
xcopy C:\WindowsXP-KB######-x86-LLL.exe E:\Updates
4. To install the software update from the network distribution share, run the WindowsXPKB######-x86-LLL.exe program. For example, to install the software update from the
distribution folder named Hotfix, type:
E:\Updates\WindowsXP-KB######-x86-LLL.exe
Integrated Installation
You can create an integrated installation of the Windows XP Professional operating system
and your service pack on a network distribution share. When you run the ServicePack.exe
program in Integrated mode, it applies the service pack directly to the Windows XP Professional installation files. Thereafter, you do not need to perform separate installations of the
operating system and your service pack.
Warning
You cannot uninstall a service pack that you install in Integrated mode.
After the ServicePack.exe program creates the integrated installation, you can run Windows
XP Professional Setup (Winnt32.exe) to install the operating system integrated with the service pack.
Creating an Integrated Installation
The following integrated installation scenarios focus on the network distribution share, the
distribution media most commonly used by IT professionals. Depending on your installation
requirements, choose from two integrated installation scenarios, which are detailed in the following sections. For the procedures in the following scenarios, drive E is a mapped network
share or a local hard disk and drive D is the CD-ROM drive.
■
Scenario 1: Installing Windows XP Professional integrated with the service pack from a
network distribution share
■
Scenario 2: Installing Windows XP Professional integrated with the service pack by
using Remote Installation Services (RIS)
Scenario 1: Installing Windows XP Professional integrated with a service pack You can
create an integrated installation of the Windows XP Professional operating system and a service pack on a network distribution share. During an integrated installation, the service pack
and Windows XP Professional Setup are installed at the same time.
Chapter 4:
Supporting Installations
191
To create an integrated installation of Windows XP Professional and your service pack
1. Connect to the network or computer on which you want to create the distribution
folder.
2. On the network distribution share, create a distribution folder for the Windows XP Professional installation files. For example, to create a distribution folder named \WinXP\i386
to mirror the location of the installation files on the operating system CD, type:
mkdir E:\WinXP\i386
3. Insert your Windows XP Professional operating system CD into the CD-ROM drive, and
then copy the contents of the \i386 folder on the CD to the distribution folder that you
created in step 2. For example, to copy the \i386 folder from the Windows XP Professional operating system CD to the distribution folder named WinXP, type:
xcopy D:\i386 E:\WinXP\i386 /e
4. From your service pack CD, run the ServicePack.exe program in Integrated mode by
using ServicePack.exe -s. For example, to apply the service pack located in the CD-ROM
drive to the Windows XP Professional installation files located in the distribution folder
named WinXP\i386, type:
D:\i386\ServicePack.exe -s:E:\WinXP\i386
5. Customize Windows XP Professional Setup as needed.
After ServicePack.exe creates the integrated installation, you can deploy Windows XP
Professional to your users’ computers from the network distribution share in Attended
or Unattended mode. During the integrated installation process, Windows XP Professional Setup (Winnt32.exe) installs the integrated operating system with the service
pack already applied.
When you run the ServicePack.exe program in Integrated mode (ServicePack.exe -integrate:path), a Spslpsrm.log file is created in the %SystemRoot% folder on the computer that
is running the ServicePack.exe program. If you plan to update more than one version of Windows XP Professional on this computer, you should rename the Spslpsrm.log file after you
update each version. This ensures that you do not overwrite the current log file when you
update additional versions of Windows XP Professional.
Scenario 2: Using RIS to install Windows XP Professional integrated with a service
pack This scenario describes your options using Remote Installation Services (RIS) to
install Windows XP Professional integrated with your service pack.
192
Part I:
Deployment
Creating a RIS image RIS supports two types of operating system images:
■
Remote Installation Setup (RISetup) images
■
Remote Installation Preparation (RIPrep) images
Installing Windows XP Professional from a RISetup image is similar to installing directly from
the Windows XP Professional operating system CD, but in this case, the source files reside on
the RIS server. You use RISetup.exe to create and install from the image.
A RIPrep image is an installation of Windows XP Professional that contains specific configuration settings made by the administrator. Typically, it also contains locally installed applications. In this scenario, you install your service pack to integrate it into the Windows XP
Professional installation. You use RIPrep.exe to replicate the local (RIPrep) image to a RIS
server, and then restore that image to a new computer on the network. RIPrep.exe can replicate single disk partitions only, and it requires that your image reside on drive C.
For more information about RIS, including creating and installing RISetup and RIPrep images,
see Chapter 2, “Automating and Customizing Installations.”
Combination Installation
The combination installation uses both update and integrated installation processes to install
your service pack with a variety of other components, such as the operating system, software
updates, or additional Microsoft and third-party software that your installation might include.
Creating a Combination Installation
You can install Windows XP Professional and software updates, as well as additional applications, in Unattended mode.
Scenario: Installing Windows XP Professional, software updates, and additional
applications in Unattended mode Follow these steps to create a combination installation
of the Windows XP Professional operating system together with software updates and thirdparty drivers or applications on a network distribution share. This process can be accomplished only in Unattended mode.
Step 1: Prepare for the installation Before you run Setup to install the Windows XP Professional operating system combined with software updates, you must change the software
update file names (from WindowsXP-KB######-x86-LLL.exe to KB######.exe and from
Q######_XXX_YYY_ZZZ_LLL to Q######), because Windows XP Professional Setup
requires the 8.3 naming convention for all files and folders in the distribution folder.
Step 2: Create a distribution folder
Follow these steps to create the distribution folder:
Chapter 4:
Supporting Installations
193
1. Connect to the network or computer on which you want to create the distribution
folder.
2. On the network distribution share, create an \i386 distribution folder. For example, to
create an \i386 distribution folder, type:
mkdir E:\i386
3. Within the \i386 folder created in step 2, create an \$OEM$ subfolder to contain any
additional files, drivers, and folders you need for your installation. For example, to create an \$OEM$ subfolder within the \i386 folder, type:
mkdir E:\i386\$OEM$
4. To install additional files (for example, device driver, application, or component files) on
users’ computers, within the \$OEM$ subfolder created in step 3, create a \$1 subfolder. For example, to create an \$1 subfolder within the \$OEM$ subfolder, type:
mkdir E:\i386\$OEM$\$1
The \$1 subfolder maps to the Windows XP Professional installation drive, for example,
drive C.
Note
The \$OEM$ and distribution folders are deleted from users’ computers after Windows XP Professional Setup is completed.
Step 3: Create and customize the Unattend.txt answer file Using Setup Manager or Notepad.exe, create an Unattend.txt file that contains the following section header, key, and value:
[Unattended]
OemPreinstall = Yes
For information about using Setup Manager to customize an Unattend.txt answer file, see
Chapter 2, “Automating and Customizing Installations.”
For a complete reference to answer file section headers and keys, see Ref.chm, which is in the
Deploy.cab file in the \Support\Tools folder on your operating system CD.
Step 4: Customize the Cmdlines.txt file To run Windows XP Professional software updates
during Windows XP Professional setup, add the following section header and line to the Cmdlines.txt file for each software update:
[Commands]
"KB###### -n -q -z"
194
Part I:
Deployment
###### is the Microsoft Knowledge Base article number (for example, 123456). For example, to install the KB123456.exe software update, add the following line to the [Commands]
section header in the Cmdlines.txt file:
[Commands]
"KB123456 -n -q -z"
For information about creating and using a Cmdlines.txt file, see Chapter 2, “Automating and
Customizing Installations.”
Step 5: Copy the files necessary for the installation to the distribution folder You must copy
all the files needed for the installation to your distribution folder. The distribution folder contains the installation and executable files for the Windows XP Professional operating system
and the Windows XP Professional software updates, as well as any device driver and other
files that you want to install.
To copy the files necessary for the installation
1. Copy the contents of \i386 and all its subdirectories on the Windows XP Professional
operating system CD to the \i386 distribution folder on your network distribution
share.
2. Copy the following files to the \i386\$OEM$ subfolder on your network distribution
share:
■
Software update executable files
■
Unattend.txt and Cmdlines.txt files
For information about files contained in the \i386\$OEM$ subfolder, see Chapter 2,
“Automating and Customizing Installations.”
3. Copy any folders that contain additional device driver, application, or component files
that you want to install on the system drive to the \i386\$OEM$\$1 subfolder on your
network distribution share.
Step 6: Deploy the combination installation You can deploy the installation of the Windows
XP Professional operating system and the Windows XP Professional software updates to your
users’ computers from the network distribution share. During the installation process, Windows XP Professional Setup (Winnt32.exe in Unattended mode) installs the operating system, applies the software updates, and installs the third-party drivers or other applications
you specified.
To deploy the installation
1. Verify that the installation and executable files for the Windows XP Professional operating system and the Windows XP Professional software updates exist in your distribution
folder.
Chapter 4:
Supporting Installations
195
2. Customize Windows XP Professional Setup as required.
3. Run Windows XP Professional Setup (Winnt32.exe) in Unattended mode to install the
Windows XP Professional operating system, software updates, and other applications
from the network distribution share.
Note
You can also use Winnt.exe for unattended installations of the operating system, but
Winnt.exe is a less versatile tool than Winnt32.exe. You cannot use Winnt.exe to perform an
operation system upgrade, and you can use Winnt.exe only from within the MS-DOS® preinstallation environment.
For more information about running Winnt32.exe in Unattended mode, see Chapter 2, “Automating and Customizing Installations.”
Warning
If you are deploying only post-SP2 updates for Windows XP and are not deploying
any third-party drivers or applications, instead of the preceding procedure you should follow the
approach outlined in “The Guide for Installing and Deploying Updates for Windows® XP Service
Pack 2” (formerly known as the “Hotfix Deployment and Installation Guide”) on Microsoft TechNet at http://www.microsoft.com/technet/prodtechnol/winxppro/deploy/hfdeploy.mspx. You
can also refer to Knowledge Base article 828930, “How to integrate software updates into your
Windows installation source files” (http://support.microsoft.com/?kbid=828930) for further
instructions.
Uninstalling a Service Pack or Other Software Update
Windows XP Professional service packs and software updates support Uninstall, which is a
feature that you can use to restore your computer to its previous state. When you run the
ServicePack.exe program to install the service pack, a subfolder named $NtServicePackUninstall$ is created in your systemroot folder.
Uninstalling a Service Pack
You can uninstall the service pack by using Add or Remove Programs in Control Panel or by
running the Uninstall program from the command prompt. Be aware of the following considerations when uninstalling a service pack:
■
You cannot uninstall a service pack that you installed in Integrated mode.
■
If you used the -n parameter when running ServicePack.exe, you cannot uninstall the
service pack.
■
If you install any programs or services that require or have fixes contained in the service
pack, uninstalling the service pack can adversely affect those programs.
196
Part I:
Deployment
■
You should not uninstall the service pack if you have installed any applications since the
service pack was installed.
■
You should not uninstall the service pack if it contains system updates—such as file format, database format, and registry format changes—that Setup cannot uninstall.
To uninstall a service pack by using Add or Remove Programs
1. In Control Panel, double-click Add or Remove Programs, click ServicePack.exe, and
then click Change/Remove.
2. Follow the instructions that appear.
To uninstall a service pack from the command prompt
1. In the Run dialog box, type cmd, and then click OK.
2. Change the folder to C:\$NtServicePackUninstall$\spuninst\, where C: is the root of
your hard drive.
3. Type Spuninst.exe, and then press Enter.
4. To close the command prompt window, type Exit.
Uninstalling a Software Update
You can uninstall a software update by using Add or Remove Programs in Control Panel.
To uninstall a software update
1. In Control Panel, double-click Add or Remove Programs.
2. If your computer is running Windows XP Service Pack 2 or later, select the Show
updates check box to display installed software updates.
3. Click the name of the software update (such as Windows XP Hotfix KB######) you
want to remove, and then click Remove.
4. Follow the instructions that appear.
Note If multiple software updates replace the same file and you want to successfully return
your system to its original state, you must remove the most recently installed software update
first and then all the others in the reverse order of installation.
Troubleshooting Windows XP Professional Setup
Windows XP Professional includes Recovery Console, which you can use to resolve problems
that might occur during setup. This section also includes a discussion about common setup
problems.
Chapter 4:
Supporting Installations
197
Recovery Console
Recovery Console is a command-line tool that you can start from Setup. Using Recovery Console, you can start and stop services, format drives, read and write data on a local drive
(including drives formatted to use NTFS), and perform many other administrative tasks.
Recovery Console is particularly useful if you need to repair your computer by copying a system file from a floppy disk or CD-ROM to your hard drive, or if you need to reconfigure a service that is preventing your computer from starting properly. Because Recovery Console is
quite powerful, only advanced users who have a thorough knowledge of Windows XP Professional should use it. In addition, you must log on using the local Administrator account to use
Recovery Console.
Recovery Console allows the local system administrator to access an NTFS volume without
starting Windows XP Professional. When you are running Recovery Console, type help at the
command prompt to get help for the available commands. For more information about installing and using Recovery Console and other Startup issues, see Chapter 29, “Troubleshooting
the Startup Process,” and Appendix C, “Tools for Troubleshooting.”
Common setup errors The following troubleshooting tips can help you resolve problems
that might occur during setup.
Disk space errors If you receive the error message “Not enough disk space for installation,”
use the Setup program to create a partition by using the existing free space on the hard disk.
If you do not have enough space, you might have to delete files on the original partition to
make space for the installation. You can delete and create partitions as needed to obtain a partition that has enough disk space to install Windows XP Professional.
Windows does not start If Windows XP Professional does not start, verify that all the
installed hardware is detected. Check that all hardware is listed in the Windows Catalog at
http://www.microsoft.com/windows/catalog. Only devices that are listed in the Windows
Catalog have passed testing for compatibility with Windows XP Professional.
Stop messages If you are installing Windows XP Professional and you encounter a Stop message, see the troubleshooting information for the Stop message in “Common Stop Messages
for Troubleshooting” on the CD included with this book. Also, check the Windows Catalog to
determine whether the computer and its components are supported by Windows XP Professional. Reduce the number of hardware components by removing nonessential devices.
Setup stops during Text mode If possible, avoid legacy boot devices on ACPI systems
because these settings cannot be reliably determined by the ACPI system. This can make the
building of the device tree inaccurate, causing problems that are hard to track. For non-ACPI
systems, verify that the Plug and Play operating system option is disabled in the BIOS. If it is
not disabled, your operating system might read and write to the hardware registers.
198
Part I:
Deployment
Setup stops during GUI mode If the computer stops responding during the GUI-mode
phase of Setup, restart the computer and Setup will attempt to resume from where it stopped
responding. You can usually isolate these failures to one of the following locations:
■
Device detection. At the beginning of the GUI-mode phase of Setup, Plug and Play
detects all the devices on the system. This involves external code called class installers.
These class installers check the hardware settings on the computer to determine which
devices are present.
■
OC Manager. The Optional Component Manager (OCM or OC Manager) is a Setup component that allows the integration of external components into the setup process, such as
Internet Information Service (IIS) and COM+, which have their own setup routines.
■
Computer configuration. This is one of the last phases of Setup and involves the registration of object linking and embedding (OLE) control dynamic-link libraries (DLLs).
Disk input/output and file copy errors If you receive disk input/output (I/O) errors or file
copy errors during setup, your hard disk might be defective or contain defective sectors. For
more information about troubleshooting and repairing your hard disk and defective sectors, see
Chapter 28, “Troubleshooting Disks and File Systems,” and Chapter 12, “Organizing Disks.”
File copy errors If you receive file copy errors during setup, you might need to replace RAM, or
you might have defective media. For more information about troubleshooting RAM and bad
media, see “Common Stop Messages for Troubleshooting” on the CD included with this book.
More troubleshooting tips For more information about troubleshooting Windows XP Professional, see Chapter 27, “Understanding Troubleshooting”; Appendix C, “Tools for Troubleshooting”; Chapter 28, “Troubleshooting Disks and File Systems”; and Chapter 29,
“Troubleshooting the Startup Process.”
Additional Resources
These resources contain additional information and tools related to this chapter.
Related Information
■
Chapter 2, “Automating and Customizing Installations,” for more information about
automating your installation of Windows XP Professional, including detailed information about methods and tools available
■
Chapter 28, “Troubleshooting Disks and File Systems,” for more information about
troubleshooting
■
Chapter 9, “Managing Devices,” for more information about Plug and Play and ACPI
■
Readme.htm in the \Support\Tools folder on your Windows XP Professional operating
system CD, for more information about installing and using Support Tools described in
this chapter
Part II
Desktop Management
In this part:
Chapter 5: Managing Desktops . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201
Chapter 6: Managing Files and Folders . . . . . . . . . . . . . . . . . . . . . . . . . . . 239
Chapter 7: Supporting Mobile Users. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 271
Chapter 8: Configuring Remote Desktop. . . . . . . . . . . . . . . . . . . . . . . . . . 311
Chapter 9: Managing Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 329
Chapter 10: Managing Digital Media . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 397
Chapter 11: Enabling Printing and Faxing . . . . . . . . . . . . . . . . . . . . . . . . . 431
Chapter 12: Disk Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 473
Chapter 13: Working with File Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . 511
Chapter 14: Backing Up and Restoring Data . . . . . . . . . . . . . . . . . . . . . . . 583
Chapter 15: Managing Software Updates . . . . . . . . . . . . . . . . . . . . . . . . . 609
When you configure the client computers in your organization for ease of management,
you also reduce support costs. This part provides in-depth information about how to
configure and manage client computers in a variety of environments to help you get the
most out of Microsoft® Windows® XP Professional.
Chapter 5
Managing Desktops
Deploying standard desktop configurations and managing users’ computers and settings
reduces the time required to support computer users in an organization. Microsoft® Windows® XP Professional includes desktop management technologies—collectively known as
Microsoft® IntelliMirror®—that allow you to centrally manage the privileges, permissions, and
capabilities of users and client computers and ensure that users’ data, software, and settings
are available to them when they move from one computer to another. Most IntelliMirror features rely on Group Policy, which requires the Microsoft® Active Directory® directory service,
which is included with Microsoft® Windows® 2000 Server or Microsoft® Windows Server™
2003. Several of these desktop management tools and features can also be used to manage
desktop computers in non–Active Directory environments.
In this chapter:
Managing Desktops in Various Network Environments . . . . . . . . . . . . . . . . . . . . .202
Managing Desktops in an Active Directory Environment . . . . . . . . . . . . . . . . . . .203
Managing Desktops Without Active Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . .221
Creating and Managing Standard Desktop Configurations . . . . . . . . . . . . . . . . . .230
Additional Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .238
Related Information
■
For more information about deploying Group Policy and security policies, see the
Designing a Managed Environment book in the Microsoft Windows Server 2003
Deployment Kit.
■
For more information about implementing security for Windows-based client computers and servers, see the Microsoft Windows Security Resource Kit.
■
For information about IntelliMirror and Group Policy, especially implementation and
troubleshooting, see “Desktop Configuration Management” in the Distributed Systems
Guide of the Microsoft® Windows® 2000 Server Resource Kit.
■
For information about deploying Group Policy and Active Directory, see the Deployment
Planning Guide of the Microsoft Windows 2000 Server Resource Kit.
■
For information about IntelliMirror and Group Policy, especially deployment information, see the Change and Configuration Management Deployment Guide link on the
Web Resources page at http://www.microsoft.com/windows/reskits/webresources.
201
202
Part II:
Desktop Management
Managing Desktops in Various Network Environments
Desktop Management tools and features available for managing Windows XP Professional–
based clients differ depending upon whether the Windows XP Professional desktop operates
exclusively in an Active Directory environment or in other network environments. IntelliMirror management technologies rely on Group Policy and most also require Active Directory;
both are available in Windows 2000 Server and Windows Server 2003 environments. Group
Policy requires Active Directory.
In an environment without Active Directory, you can use a variety of tools, such as Systems
Management Server (SMS) for managing software distribution, the Internet Explorer Administration Kit for managing Internet Explorer settings, and System Policy for managing registrybased settings. In addition, each local computer has its own local Group Policy object (LGPO),
regardless of whether it participates in a domain. While it is possible to set a variety of settings
by using the LGPO, note that System Policy scales more easily to a large number of clients.
The LGPO can be useful if you need to apply certain settings only to a small number of Windows XP Professional–based clients in a Windows NT® 4.0 or other domain.
“Group Policy” refers to policy that relies on a hierarchical targeting mechanism based on
Active Directory. Group Policy does not include the local Group Policy object (LGPO), which
is specific to each computer rather than to objects in Active Directory. Because LGPOs cannot
be managed through Active Directory, they must instead be managed on each computer.
For Windows XP Professional desktops operating in other environments, such as Microsoft®
Windows NT® version 4.0, UNIX, or Novell, or in a mixed environment, many desktop management capabilities and tools differ. Table 5-1 summarizes the differences in desktop management tools and functionality between Active Directory and non–Active Directory
environments.
Desktop Management Tools and Features in Active Directory and Non–
Active Directory Environments
Table 5-1
Management Task
Active Directory
Configure registry-based
settings for computers
and users.
Administrative Templates deployed using
Group Policy.
Manage local, domain,
and network security.
Security Settings deployed using Group Policy.
Centrally install, update,
and remove software.
Systems Management Server (SMS).
Non–Active
Directory
System Policy
LGPO
Administrative templates deployed using local
Group Policy object (LGPO).
LGPO
Security Settings deployed using the LGPO.
Group Policy–based software distribution.
SMS
Chapter 5:
Managing Desktops
203
Desktop Management Tools and Features in Active Directory and Non–
Active Directory Environments
Table 5-1
Management Task
Active Directory
Manage Internet Explorer
configuration settings after deployment.
Internet Explorer Maintenance in the Group
Policy MMC snap-in (called Group Policy Object Editor in Windows Server 2003).
Non–Active
Directory
LGPO
IEAK
Internet Explorer Maintenance deployed
using the LGPO.
Internet Explorer Administration Kit (IEAK).
Apply scripts during user
logon/logoff and computer startup/shutdown.
Logon/logoff and startup/shutdown scripts
can be centrally configured using Group
Policy or independently through the LGPO.
LGPO
Centrally manage users’
folders and files on the
network.
Folder Redirection in conjunction with Offline
Files and Folders.
System Policy
Centrally manage user
settings on the network.
Roaming User Profiles.
Roaming User
Profiles (for Windows domains)
Manipulation of
registry settings
You can also manage Windows XP Professional desktops on UNIX and Novell networks by
using standards-based protocols such as TCP/IP, Simple Network Management Protocol
(SNMP), Telnet, and Internetwork Packet Exchange (IPX). To enable policy-based administration on UNIX and Novell networks, use a local Group Policy object or System Policy.
Managing Desktops in an Active Directory Environment
When you use Windows XP Professional or Windows 2000 Professional on networks with
Active Directory installed, you can take full advantage of IntelliMirror and Group Policy management features. If you are managing Windows XP Professional or Windows 2000 Professional desktops on networks and Active Directory is not installed, see “Managing Desktops
Without Active Directory” later in this chapter.
IntelliMirror allows you to centrally manage workstations, saving you significant time while
improving manageability. IntelliMirror ensures that users’ data, software, and personal settings are available when they move from one computer to another, whether or not their computers are connected to the network.
IntelliMirror consists of four components: user data management, user settings management, computer settings management, and Group Policy–based Software Installation and
Maintenance. The IntelliMirror components can help you to:
■
Centrally create and manage the configuration of each user’s desktop.
■
Enable users to access files from any location at any time by using Roaming User Profiles
and Folder Redirection in combination with Offline Files.
204
Part II:
Desktop Management
■
Manage how software is deployed and installed on computers to ensure that users have
the software they need to perform their jobs. Large organizations that need advanced
software distribution and inventory capabilities should consider using Microsoft® Systems Management Server (SMS) 2.0 or SMS 2003.
■
Manage and enforce centralized data storage, which helps administrators keep important corporate data backed up.
■
Save time when replacing computers by using Remote Installation Services (RIS) and
Group Policy–based software installation and maintenance to easily replace applications, Roaming User Profiles to recover user profiles, and Folder Redirection to centrally
manage files.
For more information about implementing IntelliMirror features, see the Distributed Systems
Guide of the Microsoft Windows 2000 Server Resource Kit. For more information about
deploying IntelliMirror in an Active Directory environment, see the Change and Configuration Management Deployment Guide link on the Web Resources page at http://
www.microsoft.com/windows/reskits/webresources.
Implementing IntelliMirror
Active Directory and Group Policy provide the foundation for implementing IntelliMirror.
Without Active Directory, you cannot take full advantage of IntelliMirror for managing clients.
Table 5-2 shows the streamlined management tasks you can perform in an Active Directory
environment.
Table 5-2
Management Tasks That Use IntelliMirror
Management Task
IntelliMirror Feature
Configure registry-based Group Policy settings for computers and users.
Administrative Templates
Manage local, domain, and network security.
Security Settings
Centrally install, update, and remove software.
Group Policy–based software
distribution
Manage Internet Explorer configuration settings after deployment.
Internet Explorer Maintenance
Apply scripts during user logon/logoff and computer startup/shutdown.
Scripts
Centrally manage users’ folders and files on the network,
and make shared files and folders available offline.
Folder Redirection
Centrally manage user profiles.
Roaming User Profiles
Offline Files and Folders
You can also use Group Policy to manage Remote Installation Services (RIS) by centrally setting client configuration options. For more information about using RIS, see Chapter 2, “Automating and Customizing Installations.”
Chapter 5:
Managing Desktops
205
Active Directory stores information about all physical and logical objects on the network. This
information is automatically replicated across the network to simplify finding and managing
data, no matter where the data is located in the organization. The Active Directory structure
you create determines how you apply Group Policy settings. In an Active Directory environment, Group Policy allows you to define and control the state of computers and users in an
organization. Group Policy allows you to control more than 1000 customizable settings that
you can use to centrally configure and manage users and computers.
Depending on the size of your organization, managing desktops, users, and their permissions
can be a very complex task, especially because changes constantly happen. For example, users
join and leave organizations, get promoted and transferred, and regularly change offices. Similarly, printers, computers, and network file shares are frequently added, removed, and relocated. When implemented in an Active Directory infrastructure, Group Policy–based
IntelliMirror features greatly simplify managing these ongoing changes. Once set, Group Policy automatically maintains the state you design without requiring further intervention.
You can associate or link a particular Group Policy object (GPO) to one or more sites,
domains, or organizational units (OUs) in an Active Directory structure. When multiple GPOs
are linked to a particular site, domain, or OU, you can prioritize the order in which the GPOs
are applied by determining when in the processing order particular settings are processed.
By linking GPOs to sites, domains, and OUs, you can implement Group Policy settings as
broadly or as narrowly in the organization as necessary. Consider the following when linking
GPOs:
■
A GPO linked to a site applies to all users and computers in the site.
■
A GPO linked to a domain applies directly to all users and computers in the domain and
by inheritance to all users and computers in all the OUs that are linked to that domain.
Note that Group Policy is not inherited across domains.
■
A GPO linked to an OU applies directly to all users and computers in the OU and by
inheritance to all users and computers in child OUs.
■
GPOs are stored in Active Directory by domain. You can, however, link a site, domain, or
OU to a GPO in another trusted domain, but this is generally not recommended for performance reasons.
For detailed procedures for linking a GPO to a site, domain, or OU, see Windows 2000 Server
or Windows Server 2003 Help. For complete technical information about Active Directory
and Group Policy, see the Distributed Systems Guide of the Microsoft Windows 2000 Server
Resource Kit. For information about planning and deploying an Active Directory structure,
see “Designing the Active Directory Structure” in the Deployment Planning Guide. For examples of Active Directory deployment scenarios, see the Windows 2000 Server Deployment Lab
Scenarios link on the Web Resources page at http://www.microsoft.com/windows/reskits
/webresources.
206
Part II:
Desktop Management
Using IntelliMirror to Manage Desktops
Windows XP Professional, Windows 2000, and Windows Server 2003 include IntelliMirror
management technologies, which are primarily enabled by Group Policy. IntelliMirror and
Group Policy greatly streamline managing user data, managing user settings, managing computer settings, and installing and maintaining software.
User Data Management
Files that a user creates and uses are user data. Examples are word processing documents,
spreadsheets, or graphics files. User data belongs to the user and is located on the user’s computer or on a network share to which the user has permissions.
Less obvious forms of user data include Microsoft® Internet Explorer cookies and Favorites
and customized templates. User data is usually hard to re-create—for example, a template that
has undergone extensive design work and customization. With IntelliMirror, users can transparently access their data from any Windows XP Professional–based or Windows 2000 Professional–based computer on the network, regardless of whether or not that computer is their
primary computer.
IntelliMirror technologies that support user data management include:
■
Folder Redirection
■
Offline Files and Synchronization Manager
■
Roaming User Profiles
You can ensure that users’ data is always available to them in the following ways.
Protecting user data by using Folder Redirection You can redirect user data to a network
share, where it can be backed up as part of routine system maintenance. This can be done so
that the process is transparent to the user. It is recommended that users be trained to store all
user data in My Documents (in the built-in subfolders My Pictures, My Music, and My Videos,
and in any subfolders they create to organize their data). The My Documents folder is then
redirected to a network share. This capability helps to enforce corporate directives such as
storing business-critical data on servers that are centrally managed by the IT staff. If users are
in the habit of storing files on their desktops, you should also consider redirecting the desktop.
Although the Application Data folder can be redirected using Folder Redirection, this is generally recommended only in the following cases:
■
To reduce the size of the profile—thereby decreasing logon time—on multi-user computers where you have enabled a Group Policy setting to delete cached profiles. This gives
users access to their application data, but without the need to download possibly large
files every time they log on.
Chapter 5:
Managing Desktops
207
■
To reduce the size of the profile in situations where keeping initial logon time short is a
top priority, such as on terminals.
■
For Terminal Services clients.
Providing users access to their data even when they are disconnected from the network By
using Offline Files and Synchronization Manager, administrators can ensure that the most upto-date versions of a user’s data reside on both the local computer and on the server. You can
use Offline Files in conjunction with Folder Redirection to make available offline those folders
that have been redirected to a server. Users can manually configure which files and folders are
available offline, or administrators can configure them through Group Policy. The file is stored
on a server, and the file on the local computer is synchronized with the network copy. Changes
made while offline are synchronized with the server when the user reconnects to the network.
Offline Files now supports Distributed File System (DFS) and Encrypting File System (EFS).
Enabling roaming user profiles Although profiles are commonly used as a method of managing user settings (such as a user’s shortcuts and other customizations of their environment), the profile also contains user data, including Favorites and Cookies. When roaming
user profiles are enabled, users can access this data when they log on to any computer on the
network. Windows XP Professional Group Policy settings allow the profile to roam correctly
and free up system memory.
User Settings Management
With the user settings management tools in Windows XP Professional, you can centrally
define computing environments for groups of users, and grant or deny users the ability to further customize their environments.
By managing user settings, you can:
■
Reduce support calls by providing a preconfigured desktop environment appropriate
for the user’s job.
■
Save time and costs when replacing computers by automatically restoring the user’s
settings.
■
Help users be more efficient by automatically providing their desktop environment, no
matter where they work.
The primary IntelliMirror technologies that support user settings management is Roaming
User Profiles and Administrative Templates. The policy settings in Administrative Templates
can control the desktop with predefined configurations; for more information, see the
“Administrative Templates” section, later in this chapter.
208
Part II:
Desktop Management
A user profile contains:
■
The portion of the registry that stores settings such as Windows Explorer settings, persistent network connections, taskbar settings, network printer connections, and userdefined settings made from Control Panel, Accessories, and application settings.
■
A set of profile folders that store information such as shortcut links, desktop icons, and
startup applications.
User profiles are located by default on the local computer; one profile is created for each user
who has logged on interactively to that computer. By configuring user profiles to roam, you
can ensure that the settings in a user’s profile are copied to a network server when the user
logs off from the computer and are available to the user no matter where he or she next logs
on to the network.
While useful for roaming users, roaming user profiles are also beneficial for users who always
use the same computer. For these users, roaming user profiles provide a transparent way to
back up their profile to a network server, protecting the information from individual system
failure. If a user’s primary workstation needs to be replaced, the new computer receives the
user’s profile from the server as soon as the user logs on.
Some folders in a user profile cannot be configured to roam; these are found in the Local Settings folder and include the subfolders Application Data (not to be confused with the “other”
Application Data folder that is a peer of Local settings, which does roam), History, Temp, and
Temporary Internet Files. These folders contain application data that is not required to roam
with the user, such as temporary files, noncritical settings, and data too large to roam effectively. This data is not copied to and from the server when a user logs on or logs off.
As an illustration of using roaming and nonroaming folders, you might configure Internet
Explorer to store a user’s Favorites in the roaming portion of the user profile and store the
temporary Internet files in the local, nonroaming portion of the user profile. By default, the
History, Local Settings, Temp, and Temporary Internet Files folders are excluded from the
roaming user profile. You can configure additional folders to not roam by specifying them in
the Group Policy snap-in, at User Configuration\Administrative Templates\System\User Profiles\Exclude directories in roaming profile.
Computer Settings Management
Group Policy settings also allow you to define how desktop computers are customized and
restricted on your network. For optimal control of workstations, use Group Policy objects in
an Active Directory environment to centralize computer management. However, if Active
Directory is not deployed, you can control security on a computer-by-computer basis by using
the local Group Policy object. Each computer has one LGPO that can be used to manage the
computer outside of an Active Directory environment. If you configure desktop security this
way, make sure to set workstation security to match corporate security standards.
Chapter 5:
Managing Desktops
209
The Computer Configuration tree in the Group Policy Microsoft Management Console
(MMC) snap-in includes the local computer-related Group Policy settings that specify operating system behavior, desktop behavior, application settings, security settings, computerassigned application options, and computer startup and shutdown scripts. Computer-related
Group Policy settings are applied when the operating system starts up and during periodic
refresh cycles. See “Using Group Policy to Manage Desktops,” later in this chapter for more
information.
You can also customize computer configuration settings by using the Group Policy MMC
snap-in, thus simplifying individual computer setup.
Group Policy–Based Software Distribution
While the advanced software deployment and management features of Systems Management
Server 2.0 (SMS) or SMS 2003 offer distinct advantages in enterprise-sized organizations—
such as inventory, diagnosis, and monitoring—Group Policy provides some ability to deploy
software to workstations and servers running Windows 2000 or later. With Group Policy–
based software deployment, you can target groups of users and computers based on their
location in the Active Directory. Group Policy–based software deployment uses Windows
Installer as the installation engine on the local computer.
The Software Installation and Maintenance component of Group Policy allows you to efficiently deploy, patch, upgrade, and remove software applications without visiting each desktop. This gives users reliable access to the applications that they need to perform their jobs, no
matter which computer they are using.
Group Policy–based software distribution enables you to:
■
Centrally deploy new software, upgrade applications, deploy patches and operating system upgrades, and remove previously deployed applications that are no longer required.
■
Ensure that users have the software they need to be productive without an Information
Technology (IT) administrator or technical support person having to visit each computer.
■
Create a standard desktop operating environment that results in uninterrupted user
productivity and straightforward administration.
■
Maintain version control of software for all desktop computers in the organization.
■
Identify and diagnose Group Policy setting failures by using Resultant Set of Policy
(RSoP) in logging mode.
■
Deploy, in combination with Windows Installer, 64-bit applications as well as 32-bit
applications.
Using the Software Installation extension of the Group Policy MMC snap-in, you can centrally
manage the installation of software on a client computer, either by assigning applications to
210
Part II:
Desktop Management
users or computers or by publishing applications for users. As Table 5-3 describes, you can:
■
Assign software to users. As an administrator, you can install applications assigned to
users the first time they log on after deployment, or you can have the application and its
components install on demand as the user invokes that functionality.
■
Assign software to computers. When you assign an application to a computer, the
installation occurs the next time the computer starts up, and the application is available
for all the users on that computer.
■
Publish software for users. You can publish applications for users only. Those users
can choose to install the software from a list of published applications located in Add or
Remove Programs in Control Panel. Add or Remove Programs includes an active Web
link that is associated with each application that provides users with the support information they need to install certain applications. For example, the default support link
for Microsoft® Office is http://www.microsoft.com/office. Administrators can overwrite
this default by using the Software Installation extension of the Group Policy snap-in.
Table 5-3
Approaches to Assigning and Publishing Software
Publish
Assign to User
(Install on Demand)
The next time
the user, to
whom this application’s Group
Policy setting applies, logs on.
The next time the
user, to whom this
application’s
Group Policy setting applies, logs
on.
It is also immediately visible in
Add or Remove
Programs.
It is also immediately visible in
Add or Remove
Programs.
The software is
installed:
By the user from
Add or Remove
Programs or, optionally, by
opening an associated document (for
applications deployed to autoinstall).
By the user from
the Start menu or
a desktop shortcut
or by opening an
associated document.
Automatically
when the user
logs on.
Automatically
when the computer is started.
The software is
not installed and
the user opens a
file associated
with the software:
The software
installs only if
Auto-Install is
selected.
The software
installs.
Does not apply.
The software is
already installed.
Does not apply.
The software is
already installed.
Situation or
Condition
Once the administrator deploys
the software, it is
available for installation:
Assign to User
(Full Install)
Assign to
Computer
The next time
the user logs on.
The next time
the computer is
started.
It is also immediately visible in
Add or Remove
Programs.
Chapter 5:
Table 5-3
Managing Desktops
211
Approaches to Assigning and Publishing Software
Situation or
Condition
The user wants
to remove the
software by using Add or
Remove
Programs:
Publish
The user can uninstall the software, and
subsequently
choose to install
it again by using
Add or Remove
Programs.
Assign to User
(Install on Demand)
Assign to User
(Full Install)
Assign to
Computer
The user can uninstall the software,
but it is re-assigned the next
time the user logs
on. It is available
for installation
again from the
typical software
distribution
points.
The user can uninstall the software, but it is reassigned the
next time the
user logs on. It is
available for installation again
from the typical
installation
points.
Only the local
administrator
and the network
administrator
can remove the
software.
Using Group Policy to Manage Desktops
Group Policy is the primary tool for defining and controlling how programs, network
resources, and Windows XP Professional and Windows 2000 Professional behave for users
and computers in an organization. Similar to the way in which information is stored in
Microsoft® Word .doc files, Group Policy settings are contained in Group Policy objects
(GPOs) created by using the Group Policy MMC snap-in.
Using Group Policy in an Active Directory environment, you can specify a user or computer
configuration once, and then rely on the Windows XP Professional or Windows 2000 operating system to enforce that configuration on all affected client computers until you change it.
After you apply Group Policy, the system maintains the state without further intervention.
You can define configurations by implementing Group Policy settings from a central location
for hundreds or even thousands of users or computers at one time. For example, you might
use Group Policy to implement the following rules:
■
Install Microsoft® Office XP or Microsoft® Office 2003 on all computers used by members of the Sales Department.
■
Prevent temporary personnel from accessing Control Panel.
■
Manage access to adding or removing hardware.
Note
Do not confuse Group Policy settings with preferences. Group Policy settings are created
by an administrator and enforced automatically. Preferences are system settings and configuration options, such as a screen saver or the view in My Documents that users set and alter without an administrator’s intervention. Group Policy settings take precedence over preferences.
212
Part II:
Desktop Management
Group Policy Objects
Each combination of Group Policy settings that you configure is called a Group Policy object
(GPO). You can link GPOs to computers and users based on their location in an Active Directory structure. That is, you can link a GPO to a site, domain, or organizational unit (OU). Each
GPO is applied as part of the startup process or when a user logs on to a workstation. The settings within the GPOs are evaluated by the affected clients, using the hierarchical nature of
Active Directory, as described in “GPO Processing Order,” later in this section.
Note
Every computer has one LGPO, which is stored on the local computer itself. Because
LGPOs must be set and modified individually on every client computer, it is recommended that
you use LGPOs to manage clients only if Active Directory is not deployed in your environment,
and only if you are not using the Windows XP Professional or Windows 2000 Group Policy
Administrative Templates with Windows NT 4.0 System Policy.
To create, edit, and manage a GPO, use the Group Policy MMC snap-in, either as a stand-alone
tool or as an extension to an Active Directory snap-in (such as the Active Directory Users and
Computers snap-in or the Active Directory Sites and Services snap-in). When working in an
Active Directory environment, the preferred method is to use the Group Policy snap-in as an
extension to an Active Directory snap-in. This allows you to browse Active Directory for the
correct Active Directory container, and then define Group Policy based on the selected
scope. To access Group Policy from either the Active Directory Users and Computers snapin or in the Active Directory Sites and Services snap-in, select the Group Policy tab from the
Properties page of a site, domain, or organizational unit.
Tip
An alternative to using the standard Group Policy tools to create and manage Group
Policy is to use the Group Policy Management Console (GPMC). GPMC simplifies the management of Group Policy by making it easier to understand, deploy, manage, and troubleshoot
Group Policy implementations and also enables automation of Group Policy operations via
scripting. GPMC runs on Windows Server 2003 computers and on Windows XP Professional
SP1 with the .NET Framework installed, and it can manage Group Policy in either Windows
2000 or Windows Server 2003 domains. For more information about the GPMC, search the
Microsoft Download Center (http://www.microsoft.com/downloads) for “Group Policy Management Console.”
When you create a GPO, start with a template that contains all the Group Policy settings available for you to configure. Because Group Policy settings apply to either computers or users,
GPOs contain trees for each:
■
Computer Configuration. All computer-related Group Policy settings that specify operating system behavior, desktop behavior, security settings, computer startup and shut-
Chapter 5:
Managing Desktops
213
down scripts, computer-assigned applications, and any settings provided by
applications.
■
User Configuration. All user-related Group Policy settings that specify operating system behavior, desktop settings, security settings, user-assigned and user-published
application options, folder redirection options, user logon and logoff scripts, and any
Group Policy settings provided by applications.
Warning
If an Active Directory domain contains both Windows 2000 Professional–based
and Windows XP Professional–based clients, any new Group Policy settings specific to Windows XP Professional that you configure do not apply to the Windows 2000–based clients. See
Group Policy Help or the Extended view in the Group Policy snap-in for the desktop operating
system required for each setting to apply.
GPO Processing Order
The computer policy portion of Group Policy is applied during the startup process and periodic refresh cycles. The user policy portion of Group Policy is applied when the user logs on
to the computer and during the periodic refresh cycle. When a computer starts, computer policy is applied during the boot process. Then, when a user logs on, user policy is applied in the
following order: local GPO, GPOs linked to sites, GPOs linked to domains, and GPOs linked
to organizational units (OUs). In the case of nested OUs, GPOs associated with parent OUs
are processed prior to GPOs associated with child OUs. Keep this processing order in mind
when configuring multiple GPOs to centrally manage desktops in your network environment.
Note
If a setting in a later-applied GPO is not configured, it does not overwrite settings configured in earlier-applied GPOs.
This order of application is the default behavior. You can modify the default processing order
by using the No Override, Block Policy Inheritance, or Loopback Group Policy settings.
These allow you to modify the rules of inheritance, either by forcing GPOs to affect groups of
users or computers or by preventing higher-level GPOs from affecting groups of users or
computers.
Resultant Set of Policy
The biggest change in Group Policy for Windows XP Professional is the introduction of the
Resultant Set of Policy (RSoP) MMC snap-in. RSoP gives administrators a powerful and flexible tool for troubleshooting Group Policy. RSoP allows you to see the aggregate effect of Group
Policy on a target user or computer, including which settings take precedence over others.
214
Part II:
Desktop Management
RSoP is enabled by Windows Management Instrumentation (WMI) by leveraging the capability of WMI to extract data from the registry, drivers, the file system, Active Directory, Simple
Network Management Protocol (SNMP), Windows Installer, Microsoft® SQL Server™, various
networking features, and Microsoft® Exchange Server.
Use Logging mode to determine which GPO settings are actually applied to a target user or
computer. You can also use logging mode on a stand-alone computer.
For example, a help desk worker can connect to any Windows XP Professional–based computer on the network and run Logging mode if they have local administrator access on the target computer.
Warning
The default configuration of Windows Firewall in Windows XP Service Pack 2 prevents you from remotely administering RSoP. For more information, see article 883611 in the
Knowledge Base on Microsoft TechNet (http://support.microsoft.com/kb/883611).
Managing Users and Desktops by Using Group Policy Extensions
Group Policy provides several extensions you can use to configure GPOs that enable IntelliMirror features and manage users. These extensions include:
■
Administrative Templates
■
Security Settings
■
Software Installation and Maintenance
■
Scripts (computer startup and shutdown scripts, and user logon and logoff scripts)
■
Folder Redirection
■
Internet Explorer Maintenance
■
Remote Installation Services
Note
Folder Redirection, Software Installation and Maintenance, and RIS require Active
Directory; they are not present on the local Group Policy object and cannot be managed by
using the local Group Policy object. If Active Directory is not deployed on your network, use
System Policy instead.
You can use any of these extensions to apply Group Policy to users or computers, although
settings are different for users and computers. Use the Group Policy snap-in to access the
extensions. By default, all the available extensions are loaded when you start the Group Policy
snap-in. Different extensions are available depending on whether you are viewing the local
Group Policy object or Active Directory domain–based Group Policy.
Chapter 5:
Managing Desktops
215
Administrative Templates Administrative templates (.adm files) are Unicode files that you
can use to configure the registry-based settings that govern the behavior of many services,
applications, and operating system components such as the Start menu. By default, the
Group Policy snap-in contains four .adm files that cumulatively contain almost 1400 settings
for Windows XP Service Pack 2 machines. You can also access three additional .adm files that
can be used with the Windows NT 4.0 System Policy Editor. The .adm files are described in
Table 5-4.
Table 5-4
Administrative Template Files
.adm File
Use With
Description
System.adm
Windows XP Professional
Contains many settings that you can use to
customize the user’s operating environment
Inetres.adm
Windows XP Professional
Contains settings for Internet Explorer
Conf.adm
Windows XP Professional
Contains settings you can use to configure
Microsoft® NetMeeting®
Winnt.adm
Windows NT 4.0 System
Policy Editor, Poledit.exe
Contains policy for Windows NT 4.0–based
clients
Wmplayer.adm
Windows XP Professional
Contains settings you can use to configure
Windows Media Player
Common.adm
Windows NT 4.0 System
Policy Editor, Poledit.exe
Contains policy for client computers running
Windows NT 4.0, Microsoft® Windows® 95,
and Microsoft® Windows 98
Windows.adm
Windows NT 4.0 System
Policy Editor, Poledit.exe
Contains policy for Windows 95–based and
Windows 98–based clients
Wuau.adm
Windows XP Service Pack 1
and later
Contains policy for configuring Automatic
Updates and Software Update Services (SUS)
SP1 client functionality
An .adm file specifies a hierarchy of categories and subcategories that together define how the
Group Policy snap-in displays the options. The file also indicates the registry locations where
the settings are stored if a particular selection is made, specifies any options or restrictions in
values that are associated with the selection, and might specify a default value if a selection is
activated.
In Windows 2000 Professional and Windows XP Professional, all Group Policy settings set
registry entries in either the \Software\Policies tree (the preferred location for all new policies) or the \Software\Microsoft\Windows\CurrentVersion\Policies tree, in either the
HKEY_CURRENT_USER subtree or the HKEY_LOCAL_MACHINE subtree.
Policy settings that are stored in these registry subkeys are known as true policy settings. Storing settings here has the following advantages:
■
These subkeys are secure and cannot be modified by a nonadministrator.
216
Part II:
■
Desktop Management
When Group Policy changes for any reason, these subkeys are cleaned, and then the
new Group Policy–related registry entries are rewritten.
This prevents Windows NT 4.0 behavior, where System Policy settings result in persistent settings in the registry. A policy remains in effect until the value of its corresponding registry
entry is reversed, either by a counteracting policy or by editing the registry. These settings are
stored outside the approved registry locations just mentioned and are known as preferences.
By default, only true policy settings are displayed in the Group Policy snap-in. Because they
use registry entries in the Policies subkeys of the registry, they will not cause persistent settings in the registry when the GPO that applies them is no longer in effect. The following .adm
files are displayed by default:
■
System.adm, which contains operating system settings
■
Inetres.adm, which contains Internet Explorer restrictions
■
Conf.adm, which contains NetMeeting settings
■
WMPlayer.adm, which contains Windows Media Player settings
■
Wuau.adm, which contains Automatic Updates settings (found in Windows XP Service
Pack 1 and later)
Administrators can add additional .adm files to the Group Policy snap-in that set registry values
outside of the Group Policy subkeys. These settings are referred to as preferences because the user,
application, or other parts of the system can also change the settings. By creating non–Group Policy .adm files, the administrator ensures that certain registry entries are set to specified values.
One useful feature of the Windows XP Professional Group Policy snap-in is view filtering. For
example, you can hide settings that aren’t configured or view only settings supported on a
particular operating system platform.
To filter the view of the Group Policy snap-in
1. Click View, and then click Filtering.
2. Select the Filter by requirements information check box, and then in the list box select
the check boxes for the categories that you want to make visible.
3. If you want to hide settings that are not configured, select the Only show configured
policy settings check box. If you do this, only enabled or disabled settings will be visible.
4. If you want to hide Windows NT 4.0–style system policy settings, make sure that the
Only show policy settings that can be fully managed check box is selected. This
option is recommended, and it is enabled by default.
You can also prevent administrators from viewing or using non-policy settings by enabling the
Enforce Show Policies Only Group Policy setting in User Configuration\Administrative
Templates\System\Group Policy.
Chapter 5:
Managing Desktops
217
The icon for non-policy or preference settings is red. True policy settings have a blue icon.
Use of non–Group Policy settings within the Group Policy infrastructure is strongly discouraged because of the persistent nature of these registry-based settings. To set registry-based
policy settings on client computers running Windows NT 4.0, Windows 95, and
Windows 98, use the Windows NT 4.0 System Policy Editor tool, Poledit.exe, instead.
Extended view for the Group Policy snap-in now provides Explain text for the selected Group
Policy setting without having to open a separate Help window. It also clearly shows which
operating system client platform is required for the selected setting to apply. You can now
more easily determine which settings will function depending on the existing desktop operating systems on your network.
A Group Policy settings spreadsheet is available on the Web for easy tracking of your configured Group Policy settings. See the Group Policy Object Settings spreadsheet link on the Web
Resources page at http://www.microsoft.com/windows /reskits/webresources.
Security Settings Use the Security Settings extension to set the security options for computers and users within the scope of a GPO. For information about defining security settings
for the domain and network, see the Distributed Systems Guide of the Microsoft Windows 2000
Server Resource Kit.
The Security Settings extension of the Group Policy snap-in complements existing system
security management features such as the Local Security Policy snap-in. You can continue to
change specific settings as needed.
You can configure security for computers to include:
■
Account policies, such as computer security settings for password policy, lockout
policy, and Kerberos authentication protocol policy in Active Directory domains.
Warning
Security settings are applied only at the domain level. If configured at the
OU level, they are neither processed nor applied.
■
Local policies, including security settings for auditing, assigning user rights (such as
who has network access to the computer), and security options (such as determining
who can connect to a computer anonymously).
■
Event logging, which controls settings such as the size and retention method for the
Application, Security, and System event logs.
■
Restricted groups, which allows administrators to control individual and group membership in security-sensitive groups. You can enforce a membership policy regarding
sensitive groups, such as Enterprise Administrators or Payroll.
218
Part II:
Desktop Management
■
System services, including services that control startup mode and access permissions
for system services, such as who is allowed to stop and start the fax service.
■
Registry security, which allows you to configure security settings for registry containers,
including access control, audit, and ownership.
■
File system, which configures security settings for file-system objects, including access
control, audit, and ownership.
■
Public Key policies, which control and manage certificate settings.
■
IP Security policies, which propagates Internet Protocol security (IPSec) policy to any
computer accounts affected by the GPO. For users, you can define IPSec security. This
propagates IPSec policy to any user accounts affected by the GPO.
Incremental security templates Windows XP Professional includes several incremental security templates. By default, these templates are stored in systemroot\Security\Templates. You
can customize these predefined templates by using the Security Templates MMC snap-in or by
importing them into the Security Settings extension of the Group Policy snap-in. These templates include:
■
Compatible. The Compatible template (Compatws.inf) relaxes the default permissions
for the Users group so that older applications written to less stringent security standards
are more likely to run.
■
Secure. Two templates, Securews.inf and Securedc.inf, work on workstations, servers,
and domain controllers. These provide increased security compared to the access control permissions set by default when Windows XP Professional is installed. The Secure
configuration includes increased security settings for Account Policy, Auditing, and
some common security-related registry subkeys and entries.
■
High Secure. The High Secure templates are Hisecws.inf and Hisecdc.inf. These provide
increased security over the secure configuration, and they work on workstations, servers, and domain controllers. This configuration requires that all network communications be digitally signed and encrypted.
■
Root Directory Permissions. The rootsec.inf template can be used to reapply the
default root directory permissions for the root of the system volume if they are inadvertently altered. The template can also be used to apply the same root permissions to other
volumes on the computer.
■
No Terminal Server user SID. The Notssid.inf template is used only when Terminal
Server is running in application compatibility mode.
In addition, the Setup security.inf template, which is not incremental, contains the default
security settings applied to the computer during Setup, including the file permissions for the
root of the system volume. This template, or portions of it, can be used for disaster recovery
Chapter 5:
Managing Desktops
219
purposes, but this template should never be applied using Group Policy because it contains a
large amount of data and can degrade performance when Group Policy is periodically
refreshed. This template should be applied only to the local computer using the Security Configuration and Analysis snap-in because the Setup security.inf template is created during
installation and is unique for each computer.
For more information about these templates, see Chapter 17, “Managing Authorization and
Access Control.”
Software Installation Use the Software Installation extension of the Group Policy snap-in
to centrally manage software in your organization. You can assign (make mandatory) or publish (make optionally available) software to users, and assign (but not publish) software to
computers. For more information about using the Software Installation extension, see “Using
IntelliMirror to Manage Desktops” earlier in this chapter.
Scripts You can use Group Policy–based scripts to automate computer startup and shutdown, and user logon and logoff sessions. You can use any language supported by Windows
Script Host (WSH), a language-independent scripting host for 32-bit Windows platforms.
Your options include Microsoft® Visual Basic® Scripting Edition (VBScript), JavaScript, Perl,
and batch files (with .bat and .cmd extensions) such as in Microsoft® MS-DOS®.
WSH is included in Windows XP Professional. With WSH, you can run scripts directly in
Windows XP Professional by double-clicking a script file, or by typing the name of a script file
at the command prompt.
You can use any WSH scripting tool, including the VBScript programming system and
Microsoft® JScript® development software, to create scripts. Independent software vendors
provide WSH support for other popular scripting languages. You can use Windows Script
Host to run .vbs and .js scripts directly on the Windows desktop or command console, without having to embed the scripts in an HTML document. MS-DOS-type batch files (with .bat
and .cmd extensions) also use WSH.
Windows XP Professional supports the following five scripts:
■
Group Policy logon scripts
■
Group Policy logoff scripts
■
Group Policy startup scripts
■
Group Policy shutdown scripts
■
Logon scripts set on the properties sheets for user accounts
Note Although Group Policy–based scripts are similar to logon scripts set on the user object,
they often require multibranching logic to target a specific group of users. Using Group Policy,
you can target the scripts by using OUs and security group filtering. For this reason, the Windows XP Professional scripting options are a more efficient choice.
220
Part II:
Desktop Management
Using the Scripts folder located under Computer Configuration\Administrative Templates\
System and User Configuration\Configuration\Administrative Templates\System in the
Group Policy snap-in, you can specify when and how startup and shutdown scripts and logon
and logoff scripts are run. See Table 5-6 later in this chapter for a partial list of script-related
settings.
Folder Redirection Use Folder Redirection to redirect certain Windows XP Professional
folders from their default location in the user profile to an alternate location on an Active
Directory network where you can centrally manage them and keep them secure. The Windows XP Professional folders that can be redirected include My Documents (and its subfolders My Pictures, My Music, and My Videos), Application Data, Desktop, and the Start menu.
Internet Explorer Maintenance Using Internet Explorer Maintenance, you can administer
and customize Internet Explorer on Windows XP Professional–based client computers by
using Group Policy instead of using the Internet Explorer Administration Kit (IEAK). You can
also export these settings to clients running earlier versions of Windows. For more information about managing Internet Explorer, see the Microsoft Internet Explorer Administration
Kit (IEAK) link on the Web Resources page at http://www.microsoft.com/windows/reskits
/webresources. For information about individual Internet Explorer Group Policy settings, see
Group Policy Help or the Extended view in the Group Policy snap-in.
Refreshing Group Policy from the Command Line
A new command-line tool, GPUdate.exe, replaces the Secedit.exe tool to give administrators
better control and flexibility in refreshing policy. Normally, Group Policy refreshes every 90
minutes for the computer and user. However, after you modify a GPO, you can use GPUpdate
to refresh the GPO so that it takes effect immediately. GPUpdate replaces the Windows 2000
tool Secedit.exe and provides increased control and flexibility. The command-line parameters
for this tool are described in Table 5-5.
Table 5-5 Command-Line Parameters for GPUdate.exe
Command-Line
Parameter
/target:{computer|user}
Behavior
Specifies that only Computer or User policy settings are refreshed. By
default, both Computer and User policy settings are refreshed.
Chapter 5:
Table 5-5
Managing Desktops
221
Command-Line Parameters for GPUdate.exe
Command-Line
Parameter
Behavior
/force
Reapplies all policy settings. By default, only policy settings that have
changed are applied.
/wait:value
Sets the number of seconds to wait for policy processing to finish. The
default is 600 seconds. The value “0” means not to wait. The value
“-1” means to wait indefinitely. When the time limit is exceeded, the
command prompt returns but policy processing continues.
/logoff
Causes a logoff after the Group Policy settings have been refreshed.
This is required for Group Policy client-side extensions that do not
process policy on a background refresh cycle but that do process policy when the user logs on. Examples include user-targeted Software
Installation and Folder Redirection. This option has no effect if there
are no extensions called that require the user to log off.
/boot
Causes a reboot after the Group Policy settings are refreshed. This is
required for Group Policy client-side extensions that do not process
policy on a background refresh cycle but that do process policy when
the computer starts up, such as computer-targeted Software Installation. This option has no effect if there are no extensions called that require a reboot.
/sync
Causes the next foreground policy application to be processed synchronously. Foreground policy applications occur at computer boot
and user logon. You can specify this for the user, computer, or both
using the /target parameter. The /force and /wait parameters are ignored if specified.
Managing Desktops Without Active Directory
On a network not running the Active Directory directory service, you can implement the following IntelliMirror and Group Policy features to manage Windows XP Professional and Windows 2000 desktops:
■
Roaming User Profiles and logon scripts (Microsoft® Windows NT® version 4.0
domains)
■
Folder Redirection (limited functionality only)
■
Internet Explorer Maintenance
■
System Policy
■
Local Group Policy object
Roaming User Profiles and Logon Scripts
In a Windows NT 4.0 domain, both roaming user profiles and logon scripts are configured on
the properties sheets for user accounts.
222
Part II:
Desktop Management
My Documents Redirection
On a Windows NT 4.0 Server network, you can redirect My Documents and its subfolders,
Application Data, Desktop, and the Start menu to a local or network location by using the following methods:
■
You can use System Policy to redirect these folders. This will provide only limited functionality compared with true Folder Redirection because you cannot actually move
folder contents or set ACLs.
■
Users can manually redirect the My Documents folder by changing the target folder
location in the My Documents Properties page.
■
Manipulation of registry settings.
Note that you cannot configure Folder Redirection by using an LGPO.
Internet Explorer Maintenance
Instead of using Group Policy to control Internet Explorer settings, you can use the Internet
Explorer Administration Kit (IEAK) to apply settings to Internet Explorer clients by using
auto-configuration packages. To download the IEAK, see the Microsoft Internet Explorer
Administration Kit (IEAK) link on the Web Resources page at http://www.microsoft.com
/windows/reskits/webresources.
System Policy
Like Active Directory–based Group Policy objects, System Policy can define a specific user’s
settings or the settings for a group of users. The resulting policy file contains the registry information for all users, groups, and computers that will use the policy file. Separate policy files
for each user, group, or computer are not necessary.
Group Policy includes the functionality from Windows NT 4.0 System Policy. It also provides
additional policy settings for scripts, Software Installation and Maintenance, security settings,
Internet Explorer maintenance, and folder redirection. Table 5-6 provides an overall comparison of Group Policy and Windows NT 4.0 System Policy.
Chapter 5:
Table 5-6
Managing Desktops
223
Comparison of Group Policy and System Policy
Windows NT 4.0 System
Policy
Comparison
Group Policy
Tool used:
Microsoft Management Console (MMC) Group
Policy snap-in or Group Policy Management
Console (GPMC).
System Policy Editor
(Poledit.exe).
Number of
settings:
More than 150 security-related settings and
almost 1400 registry-based settings.
72 settings.
Applied to:
Users or computers in a specified Active Directory container (site, domain, or OU) or local computers and users.
Domains or local computers
and users.
Security:
Secure.
Not secure.
Extensible
by:
Using Microsoft Management Console (MMC) or
.adm files.
Using .adm files.
Persistence:
Does not leave settings in the users’ profiles
when the effective policy is changed.
Persistent in users’ profiles
until the specified policy is
reversed or until you edit the
registry.
Defined by:
User or computer membership in security
groups.
User membership in security
groups.
Primary
uses:
Implementing registry-based settings to control
the desktop and user.
Implementing registrybased settings that govern
the behavior of applications
and operating system components such as the Start
Menu.
Configuring many types of security settings.
Applying logon, logoff, startup, and shutdown
scripts.
Implementing IntelliMirror Software Installation
and Maintenance.
Implementing IntelliMirror data and user settings management.
Optimizing and maintaining Internet Explorer.
Warning
System Policy settings applied to computers that have been upgraded to Windows XP Professional are persistent in the registry. Applying Group Policy to a computer with
persistent registry-based System Policy settings might have unpredictable results. It is recommended that you remove these settings from computers before applying GPOs.
Windows XP Professional–based clients in an Active Directory domain can process Group Policy but cannot process Windows NT 4.0 System Policy. Windows NT 4.0 policies are persistent in user profiles. This means that after a registry-based setting is applied using Windows
NT 4.0 System Policy, the setting persists until the specified policy is reversed or you edit the
registry to remove the corresponding entry. The effect of persistent registry-based settings can
cause conflicts when a user’s group membership changes. If the Windows XP Professional
computer account object or user account object that you manage exists in a Windows NT 4.0
domain, you can still use certain System Policy tools to manage them.
224
Part II:
Desktop Management
Note You can use System Policy to deliver any of the registry-based policy settings (Administrative Templates) that are available in Windows XP Professional. The procedures described in
the following subsections also work for providing System Policy from any Server Message
Block (SMB)–enabled share or even from a local share.
To create a policy that is automatically downloaded from validating domain controllers, you
must create a .pol file by using the System Policy Editor:
■
For Windows NT 4.0 and later, the .pol file is named Ntconfig.pol and is created using
the System Policy Editor for the specific operating system.
■
For Windows 95, Windows 98, and Microsoft® Windows® Millennium Edition (Windows Me), the .pol file is named Config.pol and must be created by using the System
Policy Editor for that operating system.
As system administrator, you can choose an alternate name for the .pol file and can direct the
computer to update the policy from a path other than the Netlogon share. You can do this by
using System Policy. The update path can even be a local path, so that each computer has its
own policy file. However, you must make this change manually on each desktop. For more
information about specifying a path to the policy file, see “Specifying a path to the policy file”
later in this chapter.
Administrative templates The System Policy Editor tool uses files called administrative templates (.adm files) to determine which registry settings you can modify and which settings display in the System Policy Editor.
In Windows XP Professional and Windows 2000, the Administrative Templates item in the
Group Policy snap-in uses administrative templates (.adm files) to specify the registry settings
that can be modified through the Group Policy snap-in. This includes Group Policy for the
Windows XP Professional operating system and its components as well as for applications.
Policy settings are written to the following locations in the registry:
■
HKEY_CURRENT_USER\Software\Policies (preferred location)
■
HKEY_LOCAL_MACHINE\Software\Policies (preferred location)
■
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies
■
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies
Caution
Do not edit the registry unless you have no alternative. The Registry Editor
bypasses standard safeguards, allowing settings that can damage your system or
even require you to reinstall Windows. If you must edit the registry, back it up first
and see the Registry Reference in the Microsoft Windows 2000 Server Resource Kit at
http://www.microsoft.com/reskit.
To configure or customize Group Policy, use the Group Policy snap-in whenever possible.
Chapter 5:
Managing Desktops
225
A client running Windows XP Professional or Windows 2000 Professional processes
System Policy if the user or computer account, or both, are in a Windows NT 4.0
domain. The client looks for the Ntconfig.pol file used by Windows NT 4.0–style System Policy. By default, it looks for this file in the Netlogon share of the authenticating
Windows NT 4.0 domain controller.
Warning
It is possible for a computer account object to exist in a Windows NT 4.0 domain
and a user account object for a user of that computer to exist in an Active Directory domain, or
vice versa. However, operating in such a mixed environment makes the users and computers
difficult to manage and might cause unpredictable behavior. For optimal central management, it is recommended that you move from a mixed environment to a pure Active Directory environment.
Setting registry-based policy in a Windows NT 4.0 domain A Windows XP Professional–
based client processes System Policy if either the user or computer account exists in a Windows NT 4.0 domain. When a user logs on to a Windows XP Professional–based client in a
Windows NT 4.0 domain and the client is running in the default Automatic mode, it checks
the Netlogon share on the validating domain controller for the Ntconfig.pol file. If the client
finds the file, it downloads it, parses it for user, group, and computer policy data, and then
applies the appropriate settings. If the client does not locate the policy file on its validating
domain controller, it does not check elsewhere. It is therefore critically important that the
Ntconfig.pol file is replicated among the domain controllers performing authentication.
Setting registry-based policy in a workgroup environment In the absence of a Windows
NT 4.0 domain, you can configure the client to look for the Ntconfig.pol file in a specific location on the local computer or on any SMB share location. For more information about specifying a path to the policy file, see “Specifying a path to the policy file” later in this chapter.
Creating Ntconfig.pol files based on Windows XP Professional .adm files You can create
Ntconfig.pol files based on the Windows XP Professional .adm files and apply these settings
to Windows XP Professional–based clients. To do this, you need the Windows NT 4.0 System
Policy Editor tool, Poledit.exe, which is installed with Windows 2000 Server and Advanced
Server. You can install Poledit.exe on Windows XP Professional–based computers by installing the Administrative Tools package that is included on the Windows 2000 Server and
Microsoft® Windows® 2000 Advanced Server operating system CDs.
To install Administrative Tools on a Windows XP Professional–based computer, open the
i386 folder on the applicable Windows 2000 Server disc, and then double-click the Adminpak.msi file. Follow the instructions that appear in the Administrative Tools setup wizard.
When you install the Administrative Tools package, Poledit.exe and its supporting .adm files
(Winnt.adm, Windows.adm, and Common.adm) are installed into the root \System directory
226
Part II:
Desktop Management
and the \Inf directory, as in Windows NT 4.0. Poledit.exe is not added to the Start menu, but
it is accessible from the command line.
Use the following procedure to create an Ntconfig.pol file.
Note
The System Policy Editor from Windows NT 4.0 or earlier cannot read the Unicodeformatted .adm files shipped in Windows 2000 or later. You must use the version of System
Policy Editor that ships in Windows 2000 or later, which supports Unicode. Alternatively, if you
resave the .adm files as .txt files without Unicode encoding, you can use an older version of
Poledit.exe.
To create an Ntconfig.pol file
1. Using a text editor such as Notepad, remove all #if version and #endif statements from
the following .adm files: System.adm, Inetres.adm, and Conf.adm, and then save the
files. This prevents inadvertent loading of these files by Poledit.exe.
For example, in the Inetres.adm file, remove these lines:
#if version <= 2
#endif
2. Open Poledit.exe.
3. In the System Policy Editor window, on the Options menu, click Policy Template.
4. In the Policy Template Options dialog box, click Add, select one of the .adm files that
you modified in step 1 above, and then click OK.
5. Specify the appropriate policy settings, as documented in System Policy Editor Help.
6. Save the file as Ntconfig.pol to the NETLOGON share of the Windows NT 4.0 domain
controller.
Specifying a path to the policy file You can change the default behavior so that a Windows
XP Professional–based client looks for the policy file in a different location than the Netlogon
share. The UpdateMode registry entry forces the computer to retrieve the policy file from a
specific location (expressed as a UNC path), regardless of which user logs on.
You can set UpdateMode by using the System Policy Editor and the System.adm file.
To retrieve the policy file from a specific location
1. Open Poledit.exe.
2. Click Options, click Policy Template, and then in the Policy Template Options dialog
box, make sure that System.adm is listed in the Current Policy Template(s) list box. If it
is not listed, click Add to add this file.
Chapter 5:
Managing Desktops
227
3. To open the Default Computer policy, on the File menu, click New Policy, and then
double-click Default Computer from the Policies for list.
– or –
To open the Local Computer policy, on the File menu, click Open Registry, and then
double-click Local Computer.
4. In the Properties dialog box, expand Network, and then expand System policies
update to display the Remote update option.
5. Select the Remote update box.
6. In the Update mode drop-down menu, select Manual (use specific path).
7. In the Path for manual update text box, type the UNC path and file name for the policy
file, and then click OK to save your changes.
The first time the Windows XP Professional–based client is modified locally by using the System Policy Editor or receives a default System Policy file from the NETLOGON share of a
domain controller, this location is written to the registry. Thereafter, the Windows XP Professional–based client does not look at a domain controller again to find a policy file, and all policy updates use the location you specified manually. Note that this change is permanent until
you edit the policy file to reset the option to Automatic.
Local Group Policy Object
In addition to setting System Policy, you can set settings in the local Group Policy object
(LGPO) for any computer, whether or not it participates in an Active Directory domain.
Although System Policy scales more easily to a large number of clients, the LGPO can be useful if you need to apply certain settings to only a small number of Windows XP Professional–
based clients in a Windows NT 4.0 or other domain.
The LGPO is located at \systemroot\System32\GroupPolicy. Not all Group Policy extensions
are available for the local GPO. Each Group Policy extension snap-in queries the Group Policy
engine to get the GPO type, and then determines whether the GPO is to be displayed. To set
the LGPO, use the Group Policy snap-in focused on the local computer.
Table 5-7 shows which Group Policy snap-in extensions open when the Group Policy snap-in
is focused on an LGPO.
228
Part II:
Desktop Management
Table 5-7
Local Group Policy Object Extensions
Group Policy Snap-In Extension
Available in LGPO
Software Installation
No
Scripts
Yes
Security Settings
Yes
Administrative Templates
Yes
Folder Redirection
No
Internet Explorer Maintenance
Yes
RIS
No
You can access the Group Policy snap-in by using the following procedure.
To start the Group Policy snap-in on a Windows XP Professional–based client
1. In the MMC window, on the File menu, click Add/Remove Snap-in.
2. On the Standalone tab, click Add.
3. In the Add Standalone Snap-in dialog box, click Group Policy, and then click Add. The
Group Policy Wizard appears.
4. Select Local Computer to edit the local GPO, or click Browse to select another computer.
5. Click Finish.
6. In the Add Standalone Snap-in dialog box, click Close.
7. In the Add/Remove Snap-in dialog box, click OK.
The Group Policy snap-in opens with focus on the specified GPO. If you select Local
Computer, you see Local Computer Policy. Expand the tree to see Computer Configuration and User Configuration.
Alternatively, to quickly access the local Group Policy object on the local computer, type
gpedit.msc in the Run dialog box.
Note
The Security Settings extension of the Group Policy snap-in does not support remote
management for the local Group Policy object in Windows XP Professional.
Managing Desktops in UNIX and Novell Environments
You can use LGPOs and System Policy to manage Windows XP Professional Desktops in Novell and UNIX environments. For example, NTConfig.pol can exist on any network server. You
can perform typical desktop-management tasks that are based on industry-standard protocols, such as Telnet and Simple Network Management Protocol (SNMP), a standards-based
TCP/IP network management protocol that is implemented in many environments. For more
information about using LGPOs and System Policy, see “Managing Desktops Without Active
Directory” earlier in this chapter.
Chapter 5:
Managing Desktops
229
Standards-Based Management
Windows XP Professional provides full support for SNMP, allowing you to easily manage systems that run Windows XP Professional by using a UNIX-based SNMP management suite
available from independent software vendors.
Telnet Client and Server
You can use Telnet to remotely log on to and execute commands on a Windows XP Professional–based or UNIX-based system. The Telnet client included with Windows XP Professional is character–based and console-based and is enhanced for advanced remote
management capabilities.
The Windows XP Professional–based Telnet client also provides NTLM authentication support. With this feature, a Windows XP Professional Telnet client can log on to a Telnet server
that uses NTLM authentication, such as the Telnet Server included with Windows 2000
Server and Windows Server 2003.
Novell NetWare IPX Network
Internetwork Packet Exchange (IPX) is the native NetWare protocol used on legacy Novell
networks. You can integrate Network Connections clients into a NetWare IPX network, with
the exception of clients running Microsoft® Windows® XP Professional x64 Edition.
The client must run a NetWare redirector to see a Novell NetWare network. This redirector is
called Client Service for NetWare (CSNW).
A remote access server is also an IPX router and Service Advertising Protocol (SAP) agent.
Once configured, remote access servers enable file and print services and the use of Windows
Sockets programs over IPX on the NetWare network for Network Connections clients.
Remote access servers and their Network Connections clients use the Point-to-Point (PPP) IPX
Control Protocol (IPXCP), as defined in RFC 1552, “The PPP Internetwork Packet Exchange
Control Protocol (IPXCP),” to configure the remote access line for IPX.
Network Connections clients are always provided an IPX address by the remote access server.
The IPX network number is either generated automatically by the remote access server, or a
static pool of network numbers is given to the remote access server for assignment to Network
Connections.
For automatically generated IPX network numbers, the remote access server uses the NetWare
Router Information Protocol (RIP) to determine an IPX network number that is not in use in
the IPX network. The remote access server assigns that number to the connection.
Configure a connection by selecting NWLink IPX/SPX/NetBIOS Compatible Transport
Protocol on the General tab of Local Area Connection Properties.
230
Part II:
Desktop Management
Novell ZENworks
To use Novell ZENworks, you must register Windows XP Professional with ZENworks. A
workstation record can then be imported into the Novell Directory Services (NDS) database
of a Novell NetWare network. The workstation is registered by running Wsreg32.exe either
from the command line or from a logon script. The following is an example of the logon script
code that detects Windows XP Professional and runs the correct registry program:
IF " %PLATFORM" =" WINDOWS_NT" THEN BEGIN
#F:\PUBLIC\WSREG32.EXE
END
After the workstation is registered, you can import it into NDS by using Nnwadmn32.exe.
You can administer Windows XP Professional–based clients by using the standard ZENworks
tools.
Creating and Managing Standard Desktop Configurations
IntelliMirror and Group Policy allow you to manage desktops with great efficiency. To take full
advantage of these benefits, it is recommended that you define and set up default user configurations.
A standard configuration must be carefully adapted to the target users’ applications, tasks,
and locations. It can also increase productivity by preventing users from making system
changes that could cause downtime. Because standard configurations are easier to troubleshoot or replace, they can also reduce support costs.
IntelliMirror and Group Policy are designed for use in environments where administrators
need to centralize tasks such as the following:
■
Creating managed desktops
■
Managing mobile users
■
Managing new users
■
Managing multi-user desktops
■
Replacing computers
Creating Managed Desktops
The managed desktop contains settings that can lower the total cost of ownership (TCO) of a
desktop for any level of user. This configuration can reduce help desk costs and user downtime by providing users with just the applications and tools they need to perform their jobs.
The user is permitted to install approved applications and make extensive customizations of
Chapter 5:
Managing Desktops
231
applications and the desktop environment. At the same time, the managed desktop configuration can keep users from making potentially harmful changes to configuration settings, such as
adding or disabling hardware devices, or changing system or user environment settings, such
as the location of the My Documents folder, and can restrict access to such features as the
MMC administration snap-ins and some hardware-configuration items in Control Panel. The
user for this configuration does not usually require access to Network Connections.
Table 5-8 shows the desktop management features used to create a typical managed desktop
configuration.
Table 5-8
Features of a Managed Desktop Configuration
Feature
Specifics
Explanation
Multiple Users
Per-user
logon
accounts
Users might share this computer during different shifts.
Each user has a unique logon account.
Roaming User
Profiles
Yes
Makes user settings available from any computer and enables administrators to easily replace computers without
losing user configuration.
Folder Redirection
My Documents folder
User data is saved on server shares and Group Policy prevents users from storing data locally.
Ability for User to
Customize
Most
Allows users to personalize their work environment while
preventing changes to critical system settings.
Assigned
Applications
Multiple
Core applications are automatically installed before the
user logs on.
Published
Applications
Multiple
All required applications are available for users to install
locally.
Group Policy
Settings
Yes
Group Policy settings are used to create the managed environment.
Managing Mobile Users
Many organizations have mobile users—traveling employees who often use a portable computer. Mobile users have unique needs because, although these users usually log on to the
same computer, they sometimes connect through a high-speed line and sometimes through a
low-speed (or dialup) line, and some mobile users never have a fast connection. Such users
fall into two main categories:
■
Users who spend the majority of time away from the office or have no fixed office. Typically, these users connect by using slow links, although they might have occasional
LAN access to their logon server, data servers, and application-delivery servers.
■
Users who spend most of their time in an office but occasionally work at home or in
another location. The majority of their network access is at LAN speed, but they occasionally use the Routing and Remote Access service or remote network links.
232
Part II:
Desktop Management
Despite the apparent differences between these two types of users, you can generally accommodate them with a single configuration. However, you might want to consider creating a
slightly different GPO for users who spend the majority of their time out of the office.
Mobile users are often expected to provide much of their own computer support because onsite support is not available. For this reason, you might want to grant them more privileges
than equivalent users on a desktop computer (for example, so they can install printers).
You might, however, decide to restrict mobile users from making system changes that might
damage or disable their systems. For example, you might restrict mobile users from altering
certain Internet Explorer settings or adding unapproved hardware devices. Although these
users might need access to some of the MMC administration snap-ins, you can make available
only a restricted set.
Mobile users expect transparent access to the most critical parts of their data and settings,
regardless of whether the portable computer is connected to the network. They roam to desktop computers while their portable computer is in use, for example, to read mail while they
are in a remote office. Finally, mobile users frequently disconnect their portable computer
from the network without logging off and shutting down. This is more likely to happen with
the hibernate and standby features of Windows XP Professional.
IntelliMirror provides several tools that greatly simplify managing mobile users. User data
and settings management tools allow users to work on files offline and automatically update
network versions of those files when they later reconnect to the network. The Offline Files feature allows users to work on network files when they are not actually connected to the network. Synchronization Manager coordinates synchronization of any changes between the
offline version of a file and the network version.
Note If users are likely to disconnect from the network without logging off, it is recommended that you set Offline Files to periodically synchronize in the background. If Offline Files
is set to synchronize only when users log off, users’ files might not be up–to-date. You might
also want to educate users to manually synchronize their data before disconnecting from the
network to ensure all files are up–to-date.
Synchronization Manager also helps manage multi-user network files. If multiple users modify
the same network file, Synchronization Manager notifies the users about the conflict and
offers several resolution methods. The users can save the network version, their local version,
or both versions. If both are to be kept, the user is asked for a new file name to store one of the
versions so that uniqueness is maintained.
Software installation for the mobile user requires some additional planning. You can make
sure that all important software components, defined by you or the user, are completely
installed initially. This allows the user access to necessary software even when he or she is not
connected to the network. That means that prior to these users leaving the office, you must
Chapter 5:
Managing Desktops
233
ensure that all relevant features within the application are installed locally and are not just
advertised. For example, make sure the spelling checker for Microsoft Office is locally
installed so that the user does not trigger on-demand installation of this feature while offline.
It is not recommended that you publish software for mobile users who connect over slow
links. Additionally, when mobile users connect over a slow link, user-assigned software effectively behaves the same as if you published it for these users. If you set the Group Policy slowlink detection setting to the default in the user interface, the software will not install on
demand. However, you can define the connection speed that is considered to be a slow link in
the Group Policy setting for slow-link detection.
Note It is recommended you treat any link that is slower than local area network (LAN)
speed as a slow link, although a broadband Internet connection such as DSL or a wireless
access point is usually sufficient for most software installation scenarios.
If you determine that it is appropriate for mobile users to download software from a remote
location and they experience difficulty staying connected when downloading the software,
you can verify that the connection speed and Group Policy settings are set appropriately in the
Group Policy slow link detection setting in Computer Configuration/Administrative Templates/System/Group Policy or User Configuration/Administrative Templates/System/
Group Policy.
Typically, a mobile user has a single portable computer and does not roam between portable
computers (unless the computer is replaced). However, roaming user profiles are useful to
give some measure of protection against mobile computer failure or loss and to allow roaming
to desktop computers when the mobile user is often connected to a fast network. When the
mobile user is not often connected to a fast network, it is best not to use roaming user profiles.
Data accessed by the mobile user often falls into one or more of the following categories:
■
Data that resides on a network server and which users want to access while not connected to the network. Users typically own this data (for example, their home directory), but shared data can also be stored on the local computer.
■
Data that resides only on the network server (either not needed offline or volatile shared
data that is inappropriate for storing offline).
■
Data that resides only on the portable computer local disk. Examples are policy manuals or other read-only items or large document sets that are needed offline by the user
but the performance overhead of synchronizing precludes storing them on a file server.
(In this case, a suitable backup mechanism is definitely needed.) Other examples might
be large database files or other data items that have their own synchronization mechanism, such as the offline storage feature in Microsoft® Outlook®.
Table 5-9 summarizes desktop management features you can use to create a mobile user
configuration.
234
Part II:
Desktop Management
Table 5-9
Features of a Mobile User Configuration
Feature
Specifics
Explanation
Number of Users
One
Each user has a local logon account.
Roaming User
Profiles
Yes, depending
on connection
type and
frequency
Provides centralized storage of user state to help administrators replace computers without losing user
configuration. Also facilitates roaming.
Folder Redirection
My Documents
folder
Allows users to access centrally stored data and documents from anywhere. Redirected folders are automatically made available offline to provide access
when users are not connected to the network.
Ability for User to
Customize
Within certain
guidelines
Allows users to personalize their work environment
while preventing changes to critical system settings.
Assigned
Applications
Multiple
Core applications are installed on all laptops.
Published
Applications
Multiple
Optional applications are available for users to install
locally.
Group Policy
Settings
Yes
Policy settings are used to create the managed environment.
For more information about configuring portable computers, see Chapter 7, “Supporting
Mobile Users.”
Managing New Users
IntelliMirror, Group Policy, Windows Installer, and RIS greatly streamline adding new users
and their computers to your network. You might use these technologies as follows to add a
new managed user.
A new user logs on to a new computer and finds shortcuts to documents on the desktop.
These shortcuts link to common files, data, and URLs, such as the employee handbook, the
company intranet, and appropriate departmental guidelines and procedures. Desktop
options, application configurations, Internet settings, and so on are configured to the corporate standard. As the user customizes his or her environment (within boundaries defined by
the administrator), these changes are added to the initial environment. For example, the user
might change the screen resolution for better visibility and might add shortcuts to the desktop.
In this situation, a default domain profile and Group Policy are used to configure the new
user’s environment based on job requirements. The advantage of using a default domain profile is that all new users start from a common, administrator-defined configuration in an existing domain structure. You create a customized domain profile that applies to all new domain
users the first time they log on, and they receive the customized settings from this profile.
Then, as the user personalizes desktop settings and items, these settings are saved in the user’s
profile that is stored locally, or in the case of a roaming user profile, in a predetermined location
on the network. By implementing a default domain profile in conjunction with Roaming User
Chapter 5:
Managing Desktops
235
Profiles, the administrator provides users with the necessary business information as a starting point and also allows them to access their settings whenever and wherever needed.
Finally, the administrator uses Folder Redirection to redirect the user’s My Documents folder
to a network location so that the user’s documents are safely stored on a network server and
can be backed up regularly.
The administrator uses the Software Installation and Maintenance extension of Group Policy
to assign Microsoft Word to a user or a specific group of users. The new user logs on for the
first time and sees that the software required to do his job is listed in the Start menu. When
the user selects Microsoft Word from the Start menu or double-clicks on a Word document,
Windows Installer checks to see whether the application is installed on the local computer. If
it is not, Windows Installer downloads and installs the necessary files for Word to run and
sets up the necessary local user and computer settings for an on-demand installation.
Managing Multi-User Desktops
A multi-user desktop is managed, but it allows users to configure parts of their own desktops.
The multi-user desktop is ideal for public shared access computers, such as those in a library,
university laboratory, or public computing center. The multi-user desktop experiences high
traffic and must be reliable and unbreakable while being flexible enough to allow some customization.
Users can change their desktop wallpaper and color scheme. Because many people use the
computers and security must be maintained, they cannot control or configure hardware or
connection settings. The computers often require certain tools, such as word processing software, spreadsheet software, or a development studio. Students might need access to customized applications for instructional purposes, and they might need to be able to install
applications that the network administrator has published.
With the multi-user desktop configuration, users can:
■
Modify Internet Explorer and the desktop.
■
Run assigned or published applications.
■
Configure some Control Panel options.
However, users cannot:
■
Use the Run command in the Start menu or at a command prompt.
■
Add, remove, or modify hardware devices.
In the multi-user environment, turnover is high and a user is unlikely to return to the same
computer. Therefore, local copies of roaming user profiles that are cached on the computer
are removed after the user logs off if the roaming user profile settings were successfully
236
Part II:
Desktop Management
synchronized back to the server. Roaming user profiles use the My Documents and Application Data folders that are redirected to a network folder. However, users can log on even if
their network profile is not available. In this case, the user receives a new profile based on the
default profile.
The multi-user computer is assigned a set of core applications that is available to all users who
log on to that particular computer. In addition, a wide variety of applications are available by
publishing for user or assigning to users. Due to security risks, users cannot install from a
disk, CD-ROM, or Internet location. To conserve disk space on the workstation, most applications must be configured to run from a network server. Start menu shortcuts and registry-based
settings are configured when the user selects an application to install, but most of the application’s files remain on the server. The shares that store the applications can be configured for automatic caching for programs so that application files are cached at the workstation on first use.
Table 5-10 shows the desktop management features used to create a multi-user computing
environment.
Table 5-10 Features of a Multi-User Desktop Configuration
Feature
Specifics
Explanation
Multiple Users
Per-user logon
accounts
Users share this computer during different shifts. Each user
has a unique logon account.
Roaming User
Profiles
Yes
Makes user settings available from any computer, and enables administrators to easily replace computers without
losing their configuration. When the user logs off, the local
cached version of the profile is removed to preserve disk
space.
Folder
Redirection
My Documents
and Application
Data
User data is saved on server shares, and Group Policy prevents users from storing data locally.
Ability for User
to Customize
Some
Most of the system is locked down, but some personal settings are available.
Assigned
Applications
Multiple
Core applications that are common to all users are assigned
to the computer. Other applications are available for ondemand install by means of user assignment.
Published
Applications
Multiple
Applications are available for users to install from Add or
Remove Programs in Control Panel.
Group Policy
Settings
Yes
Group Policy settings are used to create the managed environment.
Chapter 5:
Managing Desktops
237
Replacing Computers
When a user receives a new or different computer, it can cause a time-consuming interruption
in productivity. It is extremely important that such users regain productivity in the shortest
possible time and with a minimum of support. This can be accomplished by storing user data
and settings independently of any specific computer. By using the Group Policy features
Roaming User Profiles and Folder Redirection, you can assure that the user’s data, settings,
and applications are available wherever the user logs on to the network.
To further simplify setting up a new managed computer on your network, use Remote Installation Services (RIS) to create standardized operating system configurations. RIS allows you to
create a customized image of a Windows XP Professional or Windows 2000 Professional desktop from a source computer. Then you can save that desktop image to the RIS server. The
image can include the operating system alone or a preconfigured desktop image, including
the operating system and a standard, locally installed desktop application. You can use that
preconfigured image to set up multiple desktops, saving valuable time. Create as many standard
desktop images as you need to meet the needs of all types of users in your organization. For
more information about using RIS, see Chapter 2, “Automating and Customizing Installations.”
These technologies might work together as outlined in the following paragraphs.
A user’s computer suddenly undergoes a complete hardware failure. The user calls the internal support line. Shortly, a new computer, loaded only with the Windows XP Professional
operating system, arrives. Without waiting for technical assistance, the user plugs in the new
computer, connects it to the network, starts it, and can immediately log on.
Because roaming user profiles are enabled, the user finds that the desktop takes on the same
configuration as the computer it replaced: the same color scheme, screen saver, and all the
application icons, shortcuts, and favorites are present. Because folder redirection and software
installation are enabled, the user can seamlessly access data files on the server by using the
necessary productivity applications once they automatically install.
238
Part II:
Desktop Management
Additional Resources
These resources contain additional information related to this chapter.
Related Information
■
The Designing a Managed Environment book in the Microsoft Windows Server 2003
Deployment Kit, for information about deploying Group Policy and security policies
■
The Microsoft Windows Security Resource Kit, for information about implementing
security for Windows-based client computers and servers
■
The Deployment Planning Guide of the Windows 2000 Server Resource Kit, for information about deploying Group Policy and Active Directory
■
The Distributed Systems Guide of the Microsoft Windows 2000 Server Resource Kit, for
more information about implementing and troubleshooting IntelliMirror technologies
■
Chapter 2, “Automating and Customizing Installations,” for more information about
using Remote Installation Services (RIS)
■
The Change and Configuration Management Guide link on the Web Resources page at
http://www.microsoft.com/windows/reskits/webresources, for information about
deploying IntelliMirror
■
The Microsoft Internet Explorer Administration Kit (IEAK) link on the Web Resources
page at http://www.microsoft.com/windows/reskits/webresources, for detailed information about managing Internet Explorer
■
The “Group Policy Settings Reference for Windows XP Professional Service Pack 2”
spreadsheet, which is available from the Microsoft Download Center (http://
www.microsoft.com/downloads)
■
The “Managing Windows XP Service Pack 2 Features Using Group Policy” document,
which can be found at http://www.microsoft.com/technet/prodtechnol/winxppro
/maintain/mangxpsp2/mngxpsp2.mspx
Related Help Topics
■
“Tools for Troubleshooting” in Windows XP Professional Help and Support Center, for
information about troubleshooting tools use and syntax
■
Group Policy Help, for information about Group Policy
■
“IntelliMirror” in Windows XP Professional Help and Support Center, for information
about user data management, software installation and maintenance, user settings management, and Remote Installation Services (RIS)
Chapter 6
Managing Files and Folders
The Microsoft® Windows® XP Professional operating system helps you, as an administrator,
to better control how files and folders are used, and makes it easier for users to work with files
and folders. By using Group Policy, Folder Redirection, and Offline Files, you can centrally
manage the use of files and folders. You can regulate the extent to which users can modify files
and folders, back up user data automatically, and give users access to their files even when not
connected to the network.
In this chapter:
Overview of Managing Files and Folders . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .239
Managing Documents with Folder Redirection . . . . . . . . . . . . . . . . . . . . . . . . . . . .240
Using Offline Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .244
Sharing Files and Folders . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .254
Searching for Files, Folders, and Network Resources . . . . . . . . . . . . . . . . . . . . . . .259
Troubleshooting Files and Folders Management. . . . . . . . . . . . . . . . . . . . . . . . . . .263
Additional Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .270
Related Information
■
For an overview of managing desktops by using IntelliMirror® management technologies, see Chapter 5, “Managing Desktops.”
■
For more information about managing files for mobile users, see Chapter 7, “Supporting
Mobile Users.”
Overview of Managing Files and Folders
Your ability to manage files and folders differs depending upon whether the Active Directory®
directory service is available. Organizations that use Active Directory can use Group Policy settings, Folder Redirection, and Offline Files to help centrally manage files and folders. In network environments that do not use Active Directory, you can achieve some of the same
functionality by using other options such as local Group Policy, System Policy, and Windows
XP Professional features on client computers.
If you are managing Windows XP Professional client computers in an Active Directory environment, you can use Group Policy to implement IntelliMirror™ management using Folder
Redirection and Offline Files.
239
240
Part II:
Desktop Management
Group Policy
Group Policy is the administrator’s primary tool for defining and controlling programs, network resources, and the operating system. Using Group Policy, you define a configuration
that is subsequently applied on all specified client computers. Group Policy lets you create as
many different client configurations as needed for different kinds of users in your organization. For more information about using Group Policy, see Chapter 5, “Managing Desktops.”
Folder Redirection
By using Folder Redirection, you can redirect folders such as My Documents to network servers. Users can then access their files from any network location, and the files can be automatically backed up during routine server backups.
Offline Files and Synchronization Manager
Using Offline Files, you can make redirected user folders available offline so that users can
continue working even when they are not connected to the network. Offline Files can also be
used to make other files and folders that reside on the network available offline. When users
reconnect, updated local copies of files can be synchronized with copies on file servers by
using Synchronization Manager.
IntelliMirror
Realizing the full benefit of IntelliMirror components in an Active Directory environment
takes careful planning. If your organization has implemented or is planning to implement
Active Directory and you want to deploy IntelliMirror, many resources are available to help
with planning and implementation. For more information about implementing data management technologies on an Active Directory–based network, see the Deployment Planning Guide
of the Microsoft® Windows® 2000 Server Resource Kit and the Change and Configuration Management Deployment Guide link on the Web Resources page at http://www.microsoft.com
/windows/reskits/webresources.
Managing Documents with Folder Redirection
Folder redirection is a component of IntelliMirror that allows administrators to redirect the
path of the following folders to a new location: My Documents (and its subfolders My Pictures, My Music, and My Videos), Application Data, Desktop, and Start Menu. These folders
are located by default in each user’s profile on the local computer. The most commonly redirected folders are those that contain large amounts of user data—My Documents and its subfolders. Although it is not a recommended practice to store large amounts of data on the
Desktop, users in some organizations do, and the Desktop folder can be redirected as well.
Chapter 6:
Managing Files and Folders
241
The new location can be another folder on the local computer or a directory on a network
share. Users work with documents on a server as though the documents were stored on the
local drive.
There are benefits to redirecting any folder, but redirecting the My Documents folder can be
particularly advantageous:
■
No matter which computer on the network the user logs on to, the user’s documents are
always available.
■
You can use Group Policy to set disk quotas and limit the amount of space taken up by
users’ folders.
■
You can back up data stored on a shared network server as part of routine system administration. This is safer and requires no action on the part of the user.
■
User data can be redirected to a hard disk on the user’s local computer other than the
disk where the operating system files are located. This protects the user’s data if the
operating system must be reinstalled.
Combining Folder Redirection with roaming user profiles You can also combine Folder
Redirection and roaming user profiles to decrease logon and logoff times for roaming and
mobile users. A common scenario is to redirect the My Documents and My Pictures folders,
and allow the Application Data, Desktop, and Start Menu folders to roam with the profile. In
addition to improved availability and backup benefits from having the data on the network,
users also realize performance gains when using low-speed network connections and in subsequent logon sessions. Not all the data in the user profile is transferred to the desktop each
time the user logs on—only the data that user accesses during a session. Because only some of
the users’ documents are copied, performance is improved when the users’ profiles are copied
from the server.
When you combine the use of Folder Redirection and roaming user profiles, you can also provide fast computer replacement. If a user’s computer needs to be replaced, the user’s data can
quickly be copied from the server locations to a replacement computer.
Previously, administrators who wanted to redirect folders to the network had to edit the registry or use System Policy. These methods can still be used if you are not in an Active Directory
environment. For more information about registry entries that affect folder redirection, see
“Folder Redirection Registry Keys” later in this chapter.
Selecting Folders for Redirection
The following folders are located by default in the user’s profile, and roam by default with a
roaming user profile, but you can use Folder Redirection to redirect them to another location
instead.
242
Part II:
Desktop Management
My Documents My Documents is the folder where users normally save their documents.
Common dialog boxes in Windows XP Professional point to the My Documents folder by
default, so there is a greater tendency for a user to save files there. It is a good practice to train
users to save all their documents to this folder, and you can also enable a Group Policy setting
to prevent them from saving files in other locations. Because My Documents is often too large
to roam without creating excessive network traffic, it should generally be redirected.
My Pictures A subfolder of My Documents, this is the default location for pictures and
images in Windows XP Professional. If My Documents is redirected, My Pictures is also redirected by default. It is recommended that you accept the default setting and allow My Pictures
to follow the My Documents folder.
My Music A subfolder of My Documents, this is the default location for music files. If My
Documents is redirected, My Music is also redirected by default.
My Videos A subfolder of My Documents, this is the default location for video files. If My
Documents is redirected, My Videos is also redirected by default.
Application Data This folder stores application state data, such as toolbar settings, custom
dictionaries, and other non-registry-based settings. Application vendors decide what each
application stores here. Because many applications incorrectly determine that the application
data is local, redirecting it can cause inconsistent results. For this reason, it is recommended
that you allow Application Data to roam with the profile. However, there are three situations in
which redirecting Application Data might be advantageous:
■
To reduce the size of the profile, thereby decreasing logon time, on multiuser computers
where you have enabled a Group Policy setting to delete cached profiles. This gives users
access to their Application Data as needed, but without having to download several possibly large files every time they log on.
■
To reduce the size of the profile, thereby decreasing initial logon time, in situations
where keeping initial logon time short is a priority.
■
For Terminal Services clients where you have enabled a Group Policy setting to delete
cached profiles.
Desktop The Desktop folder contains items such as shortcuts and folders that are placed
there for quick access. Although the Desktop is usually allowed to roam with the profile, there
are two situations in which it might be advantageous to redirect the Desktop folder instead:
■
To reduce the size of the profile in organizations where users store large numbers of
files, rather than shortcuts, on their desktops. Because any folder that is redirected is
also automatically available offline, users can still access data in their redirected folders
even if they lose their connection to the server.
Chapter 6:
■
Managing Files and Folders
243
To mandate a common Desktop for a group of users. Some organizations want to configure computers to use a common look and feel. By redirecting a group of users to a
read-only copy of the desktop, you can ensure that all users share the same desktop,
with the same desktop items. However, Group Policy and default user profiles provide
better ways to accomplish this goal.
Start Menu The Start Menu folder contains program groups and shortcuts to programs.
Start menu redirection is treated differently from other redirected folders. The contents of the
user’s local Start menu are not copied to the redirected location. Instead, users are directed to
a standard Start menu the administrator has previously created and stored on a server. It is
not generally recommended to use Folder Redirection to redirect the Start menu folder; use
Group Policy to control what appears on the Start menu. Redirecting the Start menu can be
advantageous in the following situations:
■
Mixed operating system environments. For example, for Microsoft® Windows NT® version 4.0–based client computers, you can define a path for a redirected Start menu by
using System Policy. You can then use Folder Redirection to define a path for Windows
XP Professional–based clients to the same location.
■
Kiosk-type environments, to redirect to a read-only version of the Start menu. Redirect it
only in environments where software deployment features are not being used.
Tools for Configuring Folder Redirection
Folder Redirection configuration options vary, depending on whether you have an Active
Directory environment. In an Active Directory environment, you can use Group Policy to
apply different configurations to different user groups; for example, you can redirect Marketing users’ folders to a server in the Marketing department, and redirect Engineering users’ My
Documents folder to their existing home directories. In non–Active Directory environments,
you have other options, such as using System Policy, as described later in this chapter; you
cannot, however, configure folder redirection by using a local Group Policy object (LGPO).
Active Directory Environments
In an environment with Active Directory, you configure Folder Redirection by using the
Group Policy Microsoft Management Console (MMC) snap-in. The Group Policy settings for
redirecting My Documents and other user profile folders are found under User Configuration\Windows Settings\Folder Redirection. For details about implementing this component,
see “Applying Change and Configuration Management” in the Deployment Planning Guide of
the Microsoft® Windows® 2000 Server Resource Kit.
244
Part II:
Desktop Management
Other Server Environments
In Windows server environments without Active Directory and in other server environments,
you can redirect folders to a local or network location by using the following methods:
■
In Windows NT 4.0 environments, you can use System Policy.
■
Administrators or users can also redirect the My Documents folder by changing the Target folder location on the My Documents Properties page.
Using Offline Files
Offline Files provides access to network files and folders from a local disk when the network
is unavailable. This feature is particularly useful when access to information is critical, when
network connections are unstable, or when using mobile computers.
Offline Files gives mobile users access to their files when they are not connected to the network and ensures that they are always working with the most current version of the files.
These benefits are also useful to onsite workers who might temporarily lose network connectivity as a result of server maintenance or technical problems. For more information about
issues relating to offline files on mobile computers, such as synchronizing over a slow link and
preventing synchronization when running on battery power, see Chapter 7, “Supporting
Mobile Users.”
Offline Files can be paired with Folder Redirection for higher data reliability. For example, if a
folder is redirected, the contents of that folder are stored on a server drive. In Windows XP
Professional, by default any redirected folders are automatically made available offline. This
default behavior can be changed by enabling the Group Policy setting Do not automatically
make redirected folders available offline. The folder is then accessible on the user’s computer in case of network inaccessibility and from any computer to which the user logs on.
In an Active Directory environment, Group Policy settings control the Offline Files feature. For
details about Group Policy settings that manage Offline Files, see “Group Policy Settings That
Affect Offline Files” later in this chapter and Group Policy Help.
Implementing Offline Files
An Active Directory environment is not necessary to use Offline Files. You can make files available from any computer that supports server message block (SMB)–based File and Printer
Sharing, including computers running Microsoft® Windows® 95, Microsoft® Windows® 98,
Windows NT 4.0, and Windows 2000. Offline Files is not available on Novell NetWare networks or when Windows 2000 is running Terminal Services (except in single-user mode).
Files specified for offline use are cached in a database on the hard disk of the local computer.
If the network resource becomes unavailable, a message appears in the notification area.
Chapter 6:
Managing Files and Folders
245
Changes made to the file while offline are saved locally, and then synchronized when the network resource becomes available again.
Before you can make files or folders on a computer available offline, you need to set up the
computer to use Offline Files.
To set up a computer to use Offline Files
1. Open My Computer.
2. On the Tools menu, click Folder Options.
3. On the Offline Files tab, select the Enable Offline Files check box if it is not already
selected.
4. Select Synchronize all offline files before logging off to enable a full synchronization.
Leave this option unselected for a quick synchronization.
On the Offline Files tab, you can also set the reminder balloon options, designate the amount
of disk space to use for offline files, place a shortcut to the Offline Files folder on the desktop,
and encrypt the offline files local cache. Note that if an option is controlled by a Group Policy
setting, it cannot be changed on the Offline Files tab of the local computer.
Offline Files Database
Offline files and related information are stored in a database in the system folder (systemroot\CSC) on the local computer.
Note
Another term for Offline Files is client-side caching (CSC).
The CSC directory contains all offline files that are requested by any user on the computer.
The database mimics the network resource while it is offline so that files are accessed as
though the network resource is still available. File permissions and system permissions on the
files are preserved. For example, a Microsoft® Word document created by Bob, given a password, and saved to a share on which only Bob has Full Control cannot be opened from the
CSC directory by Alice, because she has neither the share permissions to open the file nor the
password required to open the file in Microsoft Word. You can also maintain the security of
sensitive files by using Encrypting File System (EFS) to encrypt the Offline Files cache.
The Offline Files folder shows the files that are stored in the database. To open or view the
files directly in the CSC folder, you must log on as a member of the Administrators group.
246
Part II:
Desktop Management
Note In a file allocation table (FAT) file system or a FAT file system converted to NTFS, users
might be able to read information that is cached in the systemroot\CSC directory. This includes
offline files that are requested by another user on the same computer.
It is very important not to delete files directly from the CSC directory. For information about
how to delete files see “Deleting Files and Folders” later in this chapter.
Making Files Available Offline
Files are cached either automatically or manually to the computer that requests them. Automatic caching occurs when a specific file in a folder is opened, but only if the server indicates
that the contents of the share must be automatically cached. Automatically cached files are
marked as Temporarily Available Offline in the Offline Files folder because they can be
removed from the cache as the cache fills up. There is no guarantee that an automatically
cached file will be available when offline.
Files are manually cached when a computer specifically requests, or pins, a particular file or
folder on the network to be made available offline. You pin a file or folder by selecting the file
or folder and, on the File menu, selecting Make Available Offline. Manually cached files are
marked as Always available offline in the Offline Files folder.
In Windows 2000 and Windows XP Professional, the Manual Caching for Documents setting is enabled by default when a folder is shared. To change the setting so that documents in
the shared folder are automatically cached, right-click the folder, click Properties, click the
Sharing tab, and then click Caching. In the Settings box, select Automatic Caching of Documents. You can also disable caching.
Note
You can manually pin files and folders that are configured for automatic caching.
By default, the following file types are not cached:
*.slm; *.mdb; *.ldb; *.mdw; *.mde; *.pst; *.db?
You can override the default settings by using the Files not cached Group Policy setting. Any
file types that you specify in the Group Policy setting override the default settings. For example,
if you specify that only .txt files cannot be cached, all other file types are available for caching.
The default cache size for automatically cached offline files is 10 percent of the total disk space
of the hard disk. You can change the default by specifying a value between 0 and 100 percent
on the Offline Files tab of the Folder Options dialog box. This setting does not affect the
cache for files that are manually cached by the user or for files pinned by the administrator by
Chapter 6:
Managing Files and Folders
247
using the Group Policy setting Computer Configuration\ or User Configuration\Administrative Templates\Network\Offline Files\ Administratively assigned offline files. You can
store up to 2 gigabytes (GB) of automatically cached files per computer if that much space is
available; for manually cached files, you are limited only by the amount of available disk space
on the drive containing the cache.
Note
If the network resource is online, renaming files in the Offline Files folder takes effect
immediately on the network resource.
Encrypting Offline Files
Windows XP Professional provides Encrypting File System (EFS) support for Offline Files.
The local cache of Offline Files can be encrypted if the cache directory resides on an NTFS volume. When the cache is encrypted, the local copy of a cached file is automatically encrypted.
Tip
This capability is particularly useful for securing data on mobile computers.
To select this option, in the Folder Options dialog box, click the Offline Files tab, and then
select the Encrypt Offline files to secure data check box. You must be a member of the
Administrators group to perform this function.
You can also use Group Policy to apply this option to groups of users. In the Group Policy
snap-in, enable the Encrypt the Offline Files cache setting. If the setting is configured by
using Group Policy, it cannot be overridden on the Offline Files tab on the local computer.
Reconnecting to the Network Resource
A network share automatically becomes available after being offline when three conditions are
all met:
■
No offline files from that network share are open on the user’s computer.
■
No offline files from that network share contain changes that must be synchronized.
■
The network connection is not a slow link.
If these conditions are met, a user can open a file and automatically begin working on that file
on the network share. The changes the user makes are saved both to the file on the network
share and to the file that is cached in the Offline Files folder.
If any of these conditions is not met and a user opens a file on the network share, the user continues working offline even though the network share is available. Any changes that the user
makes are saved only to the local version of the file, which must then be synchronized with
the network share.
248
Part II:
Desktop Management
Synchronizing Files
When using Offline Files, users can synchronize some or all network resources by using Synchronization Manager. For example, users can set certain shares to be synchronized every
time they log on or log off the network. Synchronization Manager quickly scans the system,
and if it detects changes, the resources are automatically updated. Only the resources that
have changed are updated, which speeds up the synchronization process.
Administrators can use Group Policy to specify that all offline files on a particular computer
are automatically synchronized when users log off, when users log on, or when a computer
enters a suspend state.
How Synchronization Works
Offline files can be synchronized with the server copies of the files in the following circumstances:
■
When the user manually forces synchronization
■
During the logon or logoff process, as specified in Synchronization Manager
■
At intervals when the computer is idle, as specified in Synchronization Manager
■
At scheduled times, as specified in Synchronization Manager
When synchronizing offline files, you can select quick synchronization or full synchronization. The full synchronization option synchronizes every file in the local cache with the network share. The quick synchronization option verifies only that all files in the cache are
complete; it does not verify that they are up-to-date.
For example if you have an autocached share containing a 10-MB file named Example.doc,
when the client opens Example.doc for the first time, a directory structure is created for the
file in the client database, and the file is marked as incomplete. At this point, a directory entry
with the file properties exists on the client, and Example.doc is a 0-byte length file. Example.doc is then read from the server in increments. If the application is closed before the entire
file is read, the file is saved in an incomplete manner in the local cache. Incomplete files are
not available offline. Quick synchronization marks such files as complete.
By default, full synchronization is performed when the user logs off. If the Group Policy setting Synchronize all offline files before logging off is disabled, the system automatically performs a quick synchronization.
For synchronization to work, the network resources must be online or available for reconnection. How synchronization is run affects how offline changes are sent to the network resource
and how new versions of cached files are downloaded. Table 6-1 describes what kind of synchronization occurs when each method is used.
Chapter 6:
Table 6-1
Managing Files and Folders
249
Synchronization Options and File-Caching Behavior
Send offline
changes to the
network resource?
Receive cached files
from the network
resource?
Automatically synchronize the selected items
when I log on to my computer is enabled
Yes
No
Synchronize all offline files before logging
off is enabled
Yes
Fully
Synchronize all offline files before logging
off is disabled
No
Partially
Synchronize the selected items while my
computer is idle is enabled
Yes
Partially
Synchronization Settings and Functions
Scheduled by using Synchronization Manager
Yes
Fully
Clicking Synchronize from the Start menu or
on the Tools menu
Yes
Fully
Clicking Synchronize on the File menu
Yes
Fully
Clicking Make Available Offline on the File
menu
No
Partially
Clicking the Offline Files icon in the notification area of the task bar
Yes
No
If the network resource version of a file and the locally cached version of the file are different,
you can view each file and the date and time that the files were saved, and then select one of
the following options in the Resolve file conflicts dialog box:
■
Saves the version that resides on the local computer to the network
as filename(username vX).doc, where filename is the name of the file, username is the user
name, and X is the version number.
■
Keep only the version on my computer.
■
Keep only the network version.
Keep both versions.
Replaces the network version.
Replaces the version on My Computer.
Configuring Synchronization
Use the following procedure to set up synchronization.
To set up synchronization
1. Click Start, click All Programs, click Accessories, and then click Synchronize.
2. Click Setup.
3. Use the Logon/Logoff, On Idle, and Scheduled tabs to configure options.
You can also initiate synchronization from the My Documents folder. After you have set up
files for synchronization, Synchronize appears on the Start menu.
Note
Synchronization works only for the user who is currently logged on.
250
Part II:
Desktop Management
Deleting Files and Folders
You can use two methods to safely remove offline files from the cache without affecting network files or folders. You can delete selected files from the Offline Files folder, or you can
delete all files associated with a particular network share by using the Delete Files feature from
the Offline Files property page. Do not directly delete or move any files from the systemroot\CSC folder.
Deleting Files from the Offline Files Folder
You can open the Offline Files Folder and delete files directly from the list of offline files.
Deleting a file this way removes it from the cache regardless of whether it was manually or
automatically cached.
Note Deleting files and folders from the cache does not delete the network copy of the file
or folder.
If an offline folder is manually cached and you delete any or all offline files in the folder, the
folder remains pinned. All files in the folder are cached the next time a full synchronization
occurs.
To delete files from the cache using the Offline Files Folder
1. Click a folder, and then on the Tools menu, click Folder Options.
2. On the Offline Files tab, click View Files.
3. Click the files you want to delete, and then on the File menu, click Delete.
In this view of the Offline Files folder, you can see which files are automatically cached (temporarily available offline) and which are manually cached (always available offline). If you
delete manually cached folders this way, the folders and files in them are no longer pinned.
You need to pin the files or folders to make them available offline again.
To delete files from the cache on a network share
1. Click a shared network folder, and then on the Tools menu, click Folder Options.
2. On the Offline Files tab, click Delete Files.
3. In the Confirm File Delete dialog box, select the shared folders containing the offline
files you want to delete.
4. Click Delete only the temporary offline versions if you want to delete files that were
automatically cached. Click Delete both the temporary offline versions and the versions that are always available offline if you want to delete files that were automatically cached and files that were manually cached (pinned).
Chapter 6:
Managing Files and Folders
251
Files are also deleted from the cache whenever an offline file is deleted by using a normal user
path, such as Windows Explorer, My Computer, the Run dialog box, or the command prompt.
When users verify that they want to delete a file, the file is removed from the cache. This is not
an effective way to clean up the cache because it also deletes files in the shared network folder.
However, the files are deleted immediately only if the associated network share is online. If the
share is offline, the local copy is deleted and the Synchronization Conflict notification is displayed during the next interactive synchronization.
Reinitializing the Cache
During normal operation, you delete cached files by using the procedure shown in “Deleting
Files from the Offline Files Folder” earlier in this chapter. However, if normal methods of
deleting files are unsuccessful, you might need to reinitialize. Reinitializing deletes all offline
files in the folder and resets the Offline Files database. If any files in the cache are changed and
not synchronized with the network versions, the changes are lost when the cache is reinitialized. You must restart the computer to complete the reinitialization.
To reinitialize the Offline Files cache
1. Click a folder, and then on the Tools menu, click Folder Options.
2. Click the Offline Files tab.
3. Press CTRL+SHIFT, and then click Delete Files.
4. Restart the computer.
Caution You cannot undo the effects of reinitialization. After the cache is reinitialized, all
offline files are permanently removed from the computer.
Group Policy Settings That Affect Offline Files
You can use Group Policy settings to control the functioning of Offline Files. In an Active
Directory environment, you can apply these settings to groups of users by applying a GPO to
a site, domain, or organizational unit. In a non–Active Directory environment, you can configure these settings in the LGPO, which is found on each client computer.
Note that many of the following settings can also be configured by the user by using the My
Computer interface, as described in “Implementing Offline Files” earlier in this chapter. Generally, if you apply a GPO but leave a setting as Not Configured, the user can configure it by
using Offline Files in Folder Options. If you either enable or disable the setting, the user cannot change it.
For more information about using Group Policy with Windows 2000 Server, see “Group Policy” and “Introduction to Desktop Management” in the Distributed Systems Guide of the
Microsoft Windows 2000 Server Resource Kit. For additional information on planning a managed
252
Part II:
Desktop Management
environment using Group Policy in Windows Server 2003, see the Designing a Managed Environment volume of the Microsoft Windows Server 2003 Deployment Kit.
The Group Policy settings for Offline Files are found in two locations in the Group Policy
snap-in: Computer Configuration\Administrative Templates\Network\ Offline Files for
computer-based settings, and User Configuration\Administrative Templates\Network\Offline Files for user-based settings. Some settings are available for Computer Configuration only, while some are available for both User Configuration and Computer
Configuration. If the same setting is configured for both Computer Configuration and User
Configuration, the Computer Configuration setting takes precedence.
For more information about a setting, click the Explain tab associated with each Group Policy
setting. Table 6-2 shows Group Policy settings for Offline Files.
Table 6-2
Group Policy Settings for Offline Files
Group Policy Setting
Description
Allow or Disallow use
of the Offline Files
feature
Determines whether Offline Files is enabled. Offline Files is enabled by
default on Windows XP Professional–based client computers and is disabled by default on servers.
Default cache size
Limits percentage of a computer’s disk space that can be used to store
automatically cached offline files.
Does not affect disk space available for manually cached offline files.
Files not cached
Allows you to exclude certain types of files from automatic and manual
caching for offline use.
At logoff, delete local
copy of user’s offline
files
Deletes local copies of the user’s offline files when the user logs off.
Encrypt the Offline
Files cache
Determines whether offline files are encrypted in the cache on the local
computer. Encrypting the offline cache enhances security on the local
computer.
Prohibit user configuration of Offline Files
Prevents users from enabling, disabling, or changing the configuration
of Offline Files. Administrators can configure other settings as they require, and then enable this setting to prevent users from making any
changes, thus locking in a standard configuration.
Synchronize all offline
files before logging
off
Determines whether offline files are fully synchronized when users log
off.
Synchronize all offline
files when logging on
Determines whether offline files are fully synchronized when users log
on.
Synchronize all offline
files before a suspend
Determines whether offline files are fully synchronized before a computer (such as a portable computer) enters suspend mode.
Action on server
disconnect
Determines whether network files remain available if the computer is
suddenly disconnected from the server hosting the files.
Caution: Files are not synchronized before they are deleted. Any changes
to local files since the last synchronization are lost.
Chapter 6:
Table 6-2
Managing Files and Folders
253
Group Policy Settings for Offline Files
Group Policy Setting
Description
Nondefault server
disconnect actions
Determines how computers respond when they are disconnected from
particular Offline Files servers. Administrators can enter the name of each
server and specify whether users can work offline when disconnected
from that server.
Remove Make
Available Offline
Prevents users from making network files and folders available offline.
Removes the Make Available Offline option from the File menu and
from all shortcut menus in Windows Explorer. Does not prevent the system from saving local copies of files that reside on network shares designated for automatic caching.
Prevent use of Offline
Files folder
Disables the View Files button on the Offline Files tab. As a result, users
cannot use the Offline Files folder to view or open copies of network files
stored on their computer. Does not prevent users from working offline
or from saving local copies of files available offline. Does not prevent
them from using other programs, such as Windows Explorer, to view
their offline files.
Administratively assigned offline files
Allows the administrator to specify files and folders available offline to
users of the computer. To assign a file or folder, click Show and then click
Add. In the Type the name of the item to be added box, type the fully
qualified UNC path.
Do not automatically
make redirected folders available offline
By default, local folders that are redirected are automatically made available offline. This setting allows the administrator to override the default
behavior. This policy setting can be configured on a per-computer basis
only.
Prohibit “Make Available Offline” for these
files and folders
Allows the administrator to specify files or folders that you do not want
available offline. To assign a file or folder, click Show and then click Add.
In the Type the name of the item to be added box, type the fully qualified UNC path.
Subfolders always
available offline
Makes subfolders available offline whenever their parent folder is made
available offline.
Turn off reminder
balloons
Reminder balloons appear above the Offline Files icon in the notification
area to notify users when they have lost the connection to a networked
file and are working on a local copy of the file. This setting hides or displays reminder balloons.
Reminder balloon
frequency
Determines how often reminder balloon updates appear (in minutes).
Initial reminder balloon lifetime
Determines how long the first reminder balloon for a network status
change is displayed (in seconds).
Reminder balloon
lifetime
Determines how long updated reminder balloons are displayed.
Event logging level
Determines which events the Offline Files feature records in the Event
Log.
Configure slow link
speed
Configures the threshold value at which the Offline Files component
considers a network connection to be slow, to prevent excessive synchronization traffic.
254
Part II:
Desktop Management
Sharing Files and Folders
In Windows XP Professional, members of the Administrators, Power Users, and Server Operators groups can share folders. Other users who have been granted the Create Permanent
Shared Objects user right can also share folders. If a folder resides on an NTFS volume, you
must have at least Read permission to share the folder.
When you share a folder, keep the following in mind:
■
You can share only folders, not files.
■
Shared folders are relevant only to users who need to access data over the network. Sharing a folder and assigning shared folder permissions has no effect on users who are
locally logged on to a computer.
■
When you copy a shared folder, the original shared folder is still shared, but the copy is
not shared.
■
When you move a shared folder, the folder is no longer shared.
■
If you have a mixed environment, use 8.3 format share names so that older client operating systems can recognize them.
To share a folder
1. Right-click the folder you want to share, and then click Properties.
2. In the folder properties dialog box, click the Sharing tab.
3. Click Share this folder, and then in Share name, type the name you want users to see
when they browse for this folder on the network. If you append the name with the $
symbol, the folder is shared, but the folder does not appear when users browse for it
across the network.
4. In Comment, type a description for the shared folder. This description is visible to users
who browse across the network.
5. In User limit, make any changes you want. The default setting is Maximum allowed,
which corresponds to the number of client access licenses you have purchased. You can
also designate a user limit by clicking Allow, typing the number of users next to Users,
and then clicking OK.
Warning
By default, shared folder permissions are set so that the Full Control permission is
assigned to the Everyone group. You can change the default shared folder permissions by
clicking Permissions in the folder properties dialog box. Note that this behavior changed in
Windows XP Service Pack 1 and later, where the default shared folder permissions are Read
permission for the Everyone group. This change does not apply, however, to sharing files using
the net share command or using Simple File Sharing. See article 328065 in the Microsoft
Knowledge Base at http://support.microsoft.com/kb/328065 for more information.
Chapter 6:
Managing Files and Folders
255
You can also share a folder from the command line by using the net share command. For
more information about sharing a folder, including information about using the net share
command, see Windows 2000 Server Help.
Configuring Shared Folder Permissions
Shared folder permissions determine who can gain access to resources on remote computers.
When a folder is shared, users can connect to the folder over the network and gain access to
its contents. Shared folder permissions allow you to control which users or groups can gain
access to the contents of a shared folder.
Shared folders and NTFS permissions Shared folder permissions are different from NTFS
permissions. NTFS permissions use access control lists (ACLs) to limit access to resources
and can be assigned only to resources on an NTFS volume. In addition, NTFS permissions
can be assigned to both files and folders. Shared folder permissions do not use access control
lists and can therefore be used on a volume that is formatted with any file system, including
FAT, FAT32, or NTFS. In addition, shared folder permissions can be assigned only to folders.
For more information about NTFS permissions, see Chapter 13, “Working with File Systems.”
Administrative shares In addition to folders you designate as shared, Windows XP Professional also creates several shared folders by default when you start a computer or when you
stop and then start the Server service. These shared folders, called the administrative shares, are
shared for administrative purposes and allow users to access administrative resources
remotely. Some of the administrative shares cannot be configured, and access is restricted to
users who have administrative rights. The administrative shares include folders such as the
systemroot folder (ADMIN$), the root folder of every drive (C$, D$, and so on), the printer
driver folder (PRINT$), and the IPC$ share used for temporary connections between network
programs using named pipes.
Setting shared folder permissions Shared folder permissions can be set only by members of
the Administrators, Power Users, or Server Operators groups. Users who have been granted
the Create Permanent Shared Objects user right can also assign shared folder permissions. If
a folder resides on an NTFS volume, you must have at least Read permission to assign shared
folder permissions.
There are three types of shared folder permissions: Read (the most restrictive), Change, and
Full Control (the least restrictive). Table 6-3 describes each of these permissions.
256
Part II:
Desktop Management
Table 6-3
Shared Folder Permissions
Permission
Description
Read
Users can display folder and file names, display file data and attributes, run program files and scripts, and change folders within the shared folder.
Change
Users can create folders, add files to folders, change data in files, append data to
files, change file attributes, delete folders and files, and perform all tasks permitted
by the Read permission.
Full Control
Users can change file permissions (on NTFS volumes only), take ownership of files
(on NTFS volumes only), and perform all tasks permitted by the Change permission
that aren’t otherwise prohibited by the underlying NTFS file system permissions.
You can allow or deny shared folder permissions to individual users or groups. From an
administrative standpoint, it is usually most efficient to assign permissions to a group rather
than to individual users. Also, deny permissions only when it is necessary to override permissions that are otherwise applied. Denied permissions take precedence over any permissions
that you otherwise allow for user accounts and groups. For example, it might be necessary to
deny permissions to a specific user who belongs to a group that has been granted permissions.
When you assign shared folder permissions, keep the following in mind:
■
Shared folder permissions do not restrict access to users who are locally logged on to a
computer where the shared folder is located. Shared folder permissions apply only to
users who connect to the folder across the network.
■
To restrict access to a folder, use shared folder permissions or NTFS permissions, but
not both. The best practice is to share a folder so that the Everyone group has Full Control, and then restrict access to the folder by using NTFS permissions.
■
If shared folder permissions are configured for a folder and NTFS permissions are configured for the folder and its contents, the most restrictive permissions apply.
■
When you assign a shared folder permission to a user and that user is a member of a
group to which you assigned a different permission, the user’s effective permissions are
the combination of the user and group permissions. For example, if a user has Read permission and is a member of a group with Change permission, the user’s effective permission is Change, which includes Read.
To configure shared folder permissions
1. Right-click the folder for which you want to configure shared folder permissions, and
then click Properties.
2. In the folder properties dialog box, click the Sharing tab, and then click Permissions.
3. In the Permissions for dialog box, click Add.
4. In the Select Users, Computers, or Groups dialog box, click Object Types, click the
Users check box, and then click OK.
Chapter 6:
Managing Files and Folders
257
5. Under Enter the object names to select, type the name of the group or user for which
you want to set shared folder permissions, and then click OK.
6. In the Permissions for dialog box, in the Group or user names box, click the group or
user for which you want to set shared folder permissions.
7. In the Permissions for dialog box, allow or deny permissions, and then click OK.
Simple Sharing and ForceGuest
When a Windows XP Professional–based computer is not joined to a domain, the simple sharing model is fundamentally different than the model used in previous versions of Windows.
By default, all users logging on to such computers over the network are forced to use the
Guest account; this is called ForceGuest.
How ForceGuest Works
On computers running Windows 95, Windows 98, and Windows Me, you can specify readonly and full-control share passwords: any user connecting to a share can enter the appropriate password and get the specified level of access. However, this share-level password model is
insecure, because share passwords are passed in plaintext and can be intercepted by someone
with physical access to the network.
On computers running Windows 2000 and not joined to a domain, identical user accounts
with matching passwords must be created on two computers (to enable transparent sharing)
or the user must type a user name and password when connecting. Windows 2000 also
requires that you grant permissions to the user account on the computer hosting a share to
the share and to the files and directories being shared or that you enable the Guest account.
However, using the Guest account can cause broader than intended access to the share,
because the Everyone group (which allows Guest access) is widely used in the default system
permissions.
By default, on computers running Windows XP Professional and not joined to a domain, all
incoming network connections are forced to use the Guest account. This means that an
incoming connection, even if a user name and password is provided, has only Guest-level
access to the share. Because of this, either the Guest user account or the Everyone group (the
only group to which the Guest account belongs) must have permissions on the share and on
the directories and files that are shared. It also means that, in contrast to Windows 2000, you
do not need to configure matching user accounts on computers to share files. Because Windows XP Professional supports Anonymous connections, and because it severely limits the
use of the Everyone group in file system permissions, granting the Everyone group access to
shared folders does not present the security problem that it does on Windows 2000–based
computers.
258
Part II:
Desktop Management
ForceGuest is enabled by default, but it can be disabled on Windows XP Professional by disabling the local security policy Network Access: Force Network Logons using Local
Accounts to Authenticate as Guest. By contrast, on Windows XP Professional–based computers joined to a domain, the default sharing and security settings are the same as in Windows 2000. Likewise, if the ForceGuest policy setting on a Windows XP Professional–based
computer not joined to a domain is disabled, the computer behaves as in Windows 2000.
Sharing Files and Folders Using the Simple Sharing User Interface
To simplify configuring sharing and to reduce the possibility of misconfiguration, Windows
XP Professional uses the simple sharing User Interface (UI). The simple sharing UI appears if
ForceGuest is turned on; the traditional sharing and security tabs are shown if ForceGuest is
turned off.
On computers running Windows XP Professional that are not joined to a domain, ForceGuest
is turned on by default. To access the traditional sharing and security tabs and manage permissions manually on these computers, go to Windows Explorer or My Computer, click the
Tools menu, click Folder Options, click the View tab, and then clear the Use simple file
sharing (Recommended) check box. Note that changes made manually cannot be undone by
using the simple sharing UI, and although you might make what appears to be a reasonable
change to permissions, the resultant permissions might not work as expected if ForceGuest is
subsequently turned on.
By using the simple sharing UI, you can create or remove a share and set permissions on the
share. When simple sharing is in effect, appropriate permissions are automatically set on
shared files and folders. The following permissions are added when you use the simple sharing UI:
■
Share permissions
■
File permissions
■
Allow others to change my files
■
Don’t allow others to change my files
When the Guest-only security model is used, the Sharing tab has only three options:
■
Share this folder on the network. Grants the Everyone group Read permissions on the
folder and its contents.
■
Share name. This is the name of the share on the network.
■
Allow other users to change my files.
Grants the Everyone group Full Control permissions on folders and Change permissions on files.
Chapter 6:
Managing Files and Folders
259
Sharing the Root Directory of a Drive
You can create a share at the root of the system drive, but simple sharing does not adjust the
file permissions on such shares. On a share created at the root, the simple sharing UI is displayed in the property sheet, and Sharing is added to the shortcut menu on the system drive
icon in Windows Explorer. There are two important reasons why it is recommended that you
not share the root directory of the system drive:
■
By default, the Everyone group is granted only Read permissions on the root of the system drive, so sharing the root of the system drive is not sufficient for most remote
administration tasks.
■
Sharing the root of the system drive is not secure—it essentially grants anyone who can
connect to the computer access to system configuration information. For maximum
security, it is recommended that you share folders only within your user profile, and
share only information that you specifically want others to access.
Shared Documents Folder
The Shared Documents folder in My Documents is new in Windows XP Professional. This
folder appears when two or more user accounts are created on the local computer. Files can be
shared among multiple users of the same computer. In a network environment, files can be
copied or moved to a folder on another computer.
By default, the Shared Documents folder is automatically shared and made accessible to all
other computers on the network.
Searching for Files, Folders, and Network Resources
Searching for files, folders, and network resources is easier in Windows XP Professional than
in Windows 2000 Professional. You can perform a search from the Start menu, My Computer,
My Documents, or My Network Places. As in Windows 2000 Professional, from My Network
Places you can connect to shared folders, a Web folder, or an FTP site.
In Windows XP Professional, using Windows Explorer is similar to using a Web browser. Forward and Back buttons, a History folder, an Address bar, custom views, and the Search Assistant are available in Windows Explorer windows and in all windows accessed by using My
Computer, My Network Places, My Documents, and the Search command on the Start menu.
When you use Windows XP Professional in an Active Directory domain, you can search the
Active Directory directory service by specifying attributes for the resource you want. For example, you can search for printers capable of printing double-sided pages. For more information
about searching in an Active Directory domain, see “Searching for Network Resources in an
Active Directory Environment” later in this chapter.
260
Part II:
Desktop Management
Finding Files and Folders
Windows XP Professional offers a number of ways to find files or folders. Each method provides access to the History folder, Search Companion, and Indexing Service on the local computer.
Users can search for files and folders in the following ways:
■
On the Start menu, point to Search, and then click Pictures, Music or Video, or Documents (word processing, spreadsheet, and so on), or All Files and Folders, or
Printers, Computers or People.
■
Open Windows Explorer.
■
Open My Documents, My Computer, or My Network Places.
Using the History Folder and History View
The Windows XP Professional History folder integrates Web links and network shares so that
users have access to their navigation history no matter where they view the History folder.
Users can sort the History folder by the following categories: By Date, By Site, By Most Visited, or By Order Visited Today.
You can also select the History view from the toolbar in Windows Explorer, which tracks the
history of all Web sites and documents opened. In this view, you can sort by location or by
date used, or search the history list, using option buttons.
Connecting to Network Shares
Windows XP Professional allows you to map drives directly to shared subfolders on the network. In previous versions of Windows, you mapped drives to \\servername\sharename. In
Windows XP Professional, you can map drives to \\servername\sharename\subfoldername.
You can use the Add Network Place Wizard to connect to frequently accessed network
resources. Mapped network drives do not appear in My Network Places; to view mapped
drives, use My Computer or Windows Explorer.
Using Indexing Service
Indexing Service extracts information from documents on the local hard disk drive and
shared drives, and organizes it in a way that makes it quick and easy to access that information
by using the Search Assistant, the Indexing Service query form, or a Web browser. The information can include text contained in a document (its contents), and information about the
document (its properties), such as the author’s name. Indexing Service automatically stores all
the index information either in the system catalog or in the Web catalog.
Chapter 6:
Managing Files and Folders
261
After the index is created, users can search, or query, the index for documents that contain
specified words or properties. For example, a user might run a query for all documents containing the word product or run a query for all Microsoft® Office documents written by a specific author. Indexing Service returns a list of all documents that meet the search criteria.
To enable Indexing Service on a local computer
1. Click Start, and then click Search.
2. Click the Change preferences link and then click With Indexing Service (for faster
local searches).
3. Click Yes, enable Indexing Service.
Indexing Service is designed to run continuously and requires little maintenance. After it is set
up, all operations are automatic, including index creation, index updating, and crash recovery
in the event of a power failure.
Searching for Network Resources in an Active Directory Environment
When a Windows XP Professional–based computer is connected to an Active Directory
domain, users can search the directory for resources such as computers, people, and shared
folders, providing that the resource is published in Active Directory.
Active Directory contains objects, and each object is assigned specific attributes. For example,
if a printer can print double-sided pages, the Active Directory administrator might specify that
attribute for the printer object in Active Directory. If a user searches for printers that can print
double-sided pages, the search returns all printers with that attribute. If the administrator
chooses not to assign that attribute to the printer, even if it is capable of that function, the
printer cannot be found by searching only for that attribute.
To help users locate resources quickly, create custom Active Directory searches and save them
as query directory search (.qds) files. You can then distribute the .qds files to the workgroups
or organizational units that need them.
Warning
To search using Active Directory, your computer must be part of a Windows 2000
Server or Windows Server 2003 Active Directory domain.
For more information about Active Directory, see the Distributed Systems Guide of the
Microsoft® Windows® 2000 Server Resource Kit. For additional information, see the Designing
and Deploying Directory and Security Services volume of the Microsoft Windows Server 2003
Deployment Kit.
262
Part II:
Desktop Management
Searching for Computers
In Windows XP Professional, as in earlier versions of Windows, users can search for computers by using NetBIOS. In an Active Directory environment, users can also search for computers by using Active Directory. It is important to understand the difference between the two
methods.
In a NetBIOS search, if the computer the user is searching for is logged on to the network, the
user can connect to it and view its shared folders.
To search for computers using NetBIOS
1. Click Start, point to Search, and then click Printers, Computers, or People.
2. Click the A computer on the network link.
3. Type the full name of the computer you are searching for, and click Search.
In an Active Directory network search, computers in the directory are represented by objects.
Users can locate an object even when it is disconnected from the network. When a user double-clicks the icon representing a computer found by using an Active Directory search, only
the properties for that computer are displayed. Users cannot locate the actual computer and
its available shares by using an Active Directory search. To access shares in an Active Directory
domain, the shares must be published, and the user must know the name of the share.
To search for computers by using Active Directory
1. In My Network Places, double-click Entire Network.
2. Click the Search Active Directory link.
3. In the Find box, click Computers.
4. Type the full name (or a portion of the name) of the computer you want to find, and
click Find Now.
Note
You might need to specify an object in the In box.
Searching for Shared Files and Folders
For users to access files and folders in an Active Directory domain, the Active Directory administrator must first publish them. Folders that are shared but not published do not appear in
the Search Results window. If a user searches for a computer by using an Active Directory
search, no shared folders that might reside on that computer are accessible or visible. To view
and access shared files and folders, the user must run a NetBIOS search.
While users can use the Search Assistant in Active Directory to locate shared folders, they
must specify the exact folder name. Users cannot browse a list of shared folders. To find a
Chapter 6:
Managing Files and Folders
263
shared folder in Active Directory, follow these steps:
1. In My Network Places, double-click Entire Network.
2. Click the Search Active Directory link.
3. In the Find box, click Shared Folders.
4. Type the full name (or a portion of the name) of the shared folder you want to find, and
click Find Now.
Note
You might need to specify an object in the In box.
Troubleshooting Files and Folders Management
This section presents some common situations that might arise when managing files and folders and the most likely causes for these problems.
Folder Redirection Registry Keys
To help troubleshoot problems with Folder Redirection, you can view the registry settings to
determine whether folders are redirected and see the path to the redirected location.
Caution
Do not edit the registry unless you have no alternative. The Registry Editor
bypasses standard safeguards, allowing settings that can damage your system or even require
you to reinstall Windows. If you must edit the registry, back it up first and see the Registry Reference in the Microsoft Windows 2000 Server Resource Kit at http://www.microsoft.com/reskit.
To view redirected folder information in the registry
1. In the Run dialog box, type regedit.exe, and then click OK.
2. Navigate to the registry subkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
If a folder has not been redirected, the Data value will be the default location in the user profile, as shown in Table 6-4.
264
Part II:
Desktop Management
Table 6-4
Registry Keys for Redirected Folders
Registry Key Name
Type
Data
AppData
REG_EXPAND_SZ
%USERPROFILE%\Application Data
Desktop
REG_EXPAND_SZ
%USERPROFILE%\Desktop
Personal
REG_EXPAND_SZ
%USERPROFILE%\My Documents
My Pictures
REG_EXPAND_SZ
%USERPROFILE%\My Documents\My Pictures
Start Menu
REG_EXPAND_SZ
%USERPROFILE%\Start Menu
If a folder has been redirected, the Data value will be the redirected path.
Folders Are Not Redirected
Using Group Policy, you configure a user managed by a Group Policy object to have the user’s
My Documents folder redirected to the server share \\ServerName\MyDocs\Username. When
the user logs on to the network, the My Documents folder is not redirected to this server.
Possible causes
■
The client computer is running Windows NT 4.0, Windows 95, or Windows 98.
■
Group Policy is not applied.
■
The network share is unavailable and Offline Files is not enabled.
■
The user does not have sufficient access rights to the share on which you have redirected
the folder.
■
There is a disk quota that has been exceeded on the target folder.
■
You use a mapped drive for the target path rather than a UNC path.
Diagnostic tests
To help determine the cause of the problem use the following tests.
■
Operating System. Confirm that the client computer is running Windows XP Professional or Windows 2000 Professional. Group Policy does not work on earlier versions of
the Windows operating system.
■
Group Policy. Run Gpresult.exe in verbose mode to check whether the correct GPOs
containing Folder Redirection configuration information are applied and that the
expected folders are redirected.
At the command line, type: gpresult /v
This displays the Group Policy setting applied to the current computer for the currently
logged-on user. The following output illustrates the results of this command. If similar
results are not present, no Group Policy is applied for Folder Redirection.
Chapter 6:
Managing Files and Folders
265
The user received “Folder Redirection” settings from these Group Policy objects:
EU-RedirectedDesktop-Marketing
Revision Number:
16
Unique Name:
{C19SADC-A8E8-11D2-9BEB-00A024070A22}
Domain Name:
ntdev.reskit.com
Source:
Domain
EU-FolderRedirection-Building26
Revision Number:
11
Unique Name:
{FBEE2508-BCAA-11D2-B3EE-00C04FA3787A}
Domain Name:
ntdev.reskit.com
Source:
Domain
Desktop is redirected to \\policy1\desktop\%username%
My Documents is redirected to \\policy1\mydocs1\%username%
My Pictures is redirected to \\policy1\mydocs1\%username%\My Pictures
■
Network Connectivity. Ping the server by its IP address to test base-level IP connectivity;
ping the server by name to test Domain Name System (DNS) name resolution.
If the server that contains the redirected folders is offline and Offline Files is disabled,
users cannot access their data. For more information about how to enable Offline Files,
see “Implementing Offline Files” earlier in this chapter.
If the server that contains the redirected folders is offline and Offline Files is enabled,
users should have access to their data if those files were accessed when the users were
previously online. If these files and folders are not available, see “Files Available When
Online Are Not Available When Offline” later in this chapter.
Verify that the user has enough file security to access folders
to which his or her data is redirected. You should assign a user Full Control security
access on the access control lists (ACLs) of the root of the share where he or she redirects data.
■
Insufficient Access Rights.
■
Disk Quota.
■
Mapped Drive. Check the folder redirection target in the applicable GPO. If it is a
mapped drive, change it to the UNC path for the share location. Folder redirection is
processed before drive mappings, so mapped drives are not recognized by the folder
redirection component.
Check whether there is a disk quota enabled on the volume that contains
the redirected folder. If there is a quota enabled, make sure that this quota is not
exceeded. If it is exceeded, increase the quota or have the user delete files.
Folder Redirection Is Successful but Files and Folders Are Unavailable
Using Group Policy, you configure a user managed by a Group Policy object to have his or her
My Documents folder redirected to the server share \\ServerName\MyDocs\Username. When
the user logs on, the folders are successfully redirected, but are not available to the user on
this redirected share.
266
Part II:
Desktop Management
Possible causes
■
The network share is unavailable, and Offline Files is not enabled or the items are not
available in the local cache.
■
The user does not have sufficient access rights to the share on which you have redirected
the folder.
■
When using applications, open and save operations have hard-coded locations and do
not use the redirected path.
Diagnostic tests
■
To help determine the cause of the problem use the following tests.
Network Connectivity. Ping the server by its IP address to test base-level IP connectivity;
ping the server by name to test DNS name resolution.
If the server that contains redirected folders is offline, and Offline Files is disabled, users
cannot access their data. For more information about how to enable Offline Files, see
“Implementing Offline Files” earlier in this chapter.
If the server that contains the redirected folders is offline, and Offline Files is enabled,
users should have access to their data if those files were accessed when the users were
previously online. If these files and folders are not available, see “Files Available When
Online Are Not Available When Offline” later in this chapter.
■
Insufficient Access Rights. Verify that the user has enough file security to access folders
to which his or her data is redirected. You should assign a user Full Control security
access on the access control lists (ACLs) of the root of the share where he or she will
redirect data. At a minimum, the user should have Read and Write access if he or she is
saving and retrieving documents.
■
Applications Using Hard-Coded Paths.
Check the applications that the user is using.
Older applications might not be able to recognize the redirected folders.
Offline Files Do Not Synchronize
A user cannot synchronize certain files or folders.
Possible causes
■
Files with the file name extensions .mdb, .ldb, .mdw, .mde, and .db are not synchronized by default.
■
You have configured a Group Policy setting to specify additional file name extensions
that cannot be synchronized.
■
Network connection problems prevent accessing the files the user wants synchronized.
■
Insufficient disk space exists on the client computer to synchronize files.
■
The user does not have Read or Write permissions on files he or she wants synchronized.
Chapter 6:
Diagnostic tests
■
Managing Files and Folders
267
To help determine the cause of the problem use the following tests.
Check the file name extensions of the files that were not
synchronized to confirm that they are not on the list of files to exclude.
Extensions Not Synchronized.
Check whether you have applied any Group Policy settings that restrict other extensions
from being synchronized.
Check the following Group Policy setting:
Computer Configuration\Administrative Templates\Network\Offline Files\Files
not cached
Using this Group Policy setting, you can designate additional file name extensions that
cannot be synchronized. You can check this on your client by running the Gpresult.exe
tool and looking for the following in the output:
KeyName:
ValueName:
ValueType:
Value:
Software\Policies\Microsoft\Windows\NetCache
ExcludeExtensions
REG_SZ
*.xls
Any file name extensions listed in the Value line are not synchronized. In this example,
any files with the extension .xls are not synchronized. The user cannot override this
Group Policy setting.
■
Network Connectivity. Ping the server by its IP address to test base-level IP connectivity;
ping the server by name to test DNS name resolution.
Use the net view \\servername command to view the server and its shared resources.
You should be able to see the share name that stores the files. This also confirms that the
user has rights to access the share.
■
Insufficient Disk Space. Check the amount of free disk space on the client to make sure
there is sufficient disk space to synchronize the missing files.
■
Insufficient Access Rights.
Check user permissions on the unsynchronized files.
User Cannot Make Files and Folders Available Offline
The user right-clicks a file or folder to make it available for offline use, but Make Available
Offline does not appear.
Possible causes
■
The file or folder selected is actually a local file or folder and not on a network file share.
■
The user is trying to make his or her redirected My Documents folder available offline
but does not have access to the file share.
■
Offline Files is not enabled, or a Group Policy setting was applied to disable Offline Files.
268
Part II:
■
Desktop Management
User is in a multiconcurrent user environment, such as Terminal Services or Fast User
Switching. These environments are not compatible with Offline Files.
Diagnostic tests
■
To help determine the cause of the problem use the following tests.
Local File or Folder.
Validate that the file or folder is on a network file share and not a
local share.
■
Insufficient Access to My Documents File Share. If the Make Available Offline option
appears when you right-click a file or folder but not when you right-click a redirected My
Documents folder, you should check that the My Documents folder is actually redirected successfully and is not local. Then verify that the user has appropriate file security
to read and write to the location where the My Documents folder is redirected.
■
Offline Files Not Enabled.
Check whether Offline Files is enabled.
To verify that Offline Files is enabled
1. Click My Computer.
2. Click Tools, and then select Folder Options.
3. Click the Offline Files tab.
4. Select the Enable Offline Files check box.
If this procedure does not enable Offline Files, there might be a Group Policy setting
that prevents Offline Files from being enabled. The Group Policy setting that controls
this is:
Computer Configuration\Administrative Templates\Network\Offline Files\Allow
or Disallow use of the Offline Files feature
To see if this Group Policy setting is applied, run Gpresult.exe in verbose mode on the
client computer. Compare the output of this tool to the following sample:
KeyName: Software\Policies\Microsoft\Windows\NetCache
ValueName: Enabled
ValueType: REG_SZ
Value:
If the output of Gpresult.exe on your client looks like the example, this Group Policy setting is applied and Offline Files is disabled. You must change this Group Policy setting to
enable Offline Files.
Note
When the Group Policy setting Enable Offline Files is configured with a setting of
Disable, the Offline Files feature is disabled.
Chapter 6:
Managing Files and Folders
269
Files Available When Online Are Not Available When Offline
Documents and programs that are accessible when connected to the network are not synchronized with the local cache for offline use.
Possible causes
■
The files reside on a computer that is not running Windows XP Professional or Windows 2000 Professional. Computers running previous versions of Windows do not support automatic caching of files and folders.
■
Offline files are not enabled on the local computer.
■
Allow caching of files in this shared folder is not enabled on the file share where the
documents are being accessed or Allow caching of files in this shared folder is enabled
but is not set to Automatic Caching.
Diagnostic tests
To help determine the cause of the problem use the following tests.
■
Windows Version. Check whether the server containing the file share is running Windows 2000 Server or Windows Server 2003. Check that the client is running Windows
XP Professional or Windows 2000 Professional.
■
Offline Files Not Enabled.
■
Caching Not Enabled or Not Automatic. Use the following procedure to check caching
Navigate to a network file share, right-click a file or folder,
and then check whether there is a Make Available Offline shortcut menu.
settings on the file share.
To check the configuration of the file share
1. On the file server containing the file share, click My Computer.
2. Navigate to the folder that is shared, right-click the folder, and then select Properties.
3. Click the Sharing tab, and then click Caching.
4. Make sure the Allow caching of files in this shared folder check box is selected.
5. In the box, select one of the following:
❑
Automatic Caching for Documents if this share contains documents.
❑
Automatic Caching for Programs if this share contains application files.
270
Part II:
Desktop Management
Additional Resources
These resources contain additional information related to this chapter.
Related Information
■
The Designing a Managed Environment book in the Microsoft Windows Server 2003 Deployment Kit, for information about deploying Group Policy
■
The Deployment Guide of the Microsoft Windows 2000 Server Resource Kit, for information
about deploying Group Policy and Active Directory
■
The Distributed Systems Guide of the Microsoft Windows 2000 Server Resource Kit, for more
information about implementing and troubleshooting IntelliMirror technologies
■
The Change and Configuration Management Guide link on the Web Resources page at
http://www.microsoft.com/windows/reskits/webresources, for information about
deploying IntelliMirror
■
The Designing a Managed Environment volume of the Microsoft Windows Server 2003
Deployment Kit
■
The Designing and Deploying Directory and Security Services volume of the Microsoft Windows Server 2003 Deployment Kit
■
The “Group Policy Settings Reference for Windows XP Professional Service Pack 2”
spreadsheet, which is available from the Microsoft Download Center (http://
www.microsoft.com/downloads)
■
Group Policy Help, for information about Group Policy
■
“IntelliMirror” in Windows XP Professional Help and Support Center, for information
about user data management, software installation and maintenance, user settings management, and Remote Installation Services (RIS)
Chapter 7
Supporting Mobile Users
For organizations that support mobile users, important considerations are hardware, power
management, and security on portable computers. In addition, some administrative concerns
are relevant to roaming users in organizations that use roaming user profiles or Folder Redirection. Microsoft® Windows® XP Professional can be configured and administered to provide
support for mobile users, and it includes features and tools that are designed specifically for
portable computer users.
In this chapter:
Overview of Windows XP Professional Support for Mobile Users . . . . . . . . . . . .272
Setting Up a Portable Computer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .274
Managing Hardware on Portable Computers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .277
Configuring Power Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .279
Configuring Roaming User Profiles and Folder Redirection . . . . . . . . . . . . . . . . .290
Configuring Offline Files for Portable Computers. . . . . . . . . . . . . . . . . . . . . . . . . .295
Securing Portable Computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .303
Using Infrared Hardware and Video Devices with Portable Computers . . . . . . .305
Wireless Networking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .307
Additional Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .310
Related Information
■
For more information about remote networking, see Chapter 25, “Connecting Remote
Offices.”
■
For more information about IntelliMirror® management technologies such as Offline
Files, Folder Redirection, and roaming user profiles, see Chapter 6, “Managing Files and
Folders.”
■
For more information about implementing security for mobile users, see “Securing
Mobile Computers” in the Microsoft® Windows® Security Resource Kit, Second Edition and
Chapter 21, “Wireless Networking,” in this book.
271
272
Part II:
Desktop Management
Overview of Windows XP Professional Support for
Mobile Users
Windows XP Professional offers several new features for mobile users. In addition, several
Microsoft® Windows NT® version 4.0 and Microsoft® Windows® 2000 features, as well as processes such as starting, hibernating, standby, and resuming, are enhanced in Windows XP
Professional to increase functionality for mobile users.
Fast system startup Windows XP Professional provides improved system boot and resume
performance, resulting in fast system startup. The standby feature reduces power consumption by turning off the display, hard disk, and other system components while preserving the
contents of memory. Standby also allows you to return to work quickly after waking the system. The hibernate feature saves the entire system state to the hard disk and turns off the computer. When the system restarts from hibernation, the desktop and all applications are
restored to their previous state.
Folder Redirection Folder Redirection allows the administrator to direct the contents of special shell folders, such as My Documents, to an alternate location on a server or a network
share. When Folder Redirection is applied to these special folders, the redirection is transparent to the user; he or she can continue to work with documents on the server as if the documents are on the local drive. Folder Redirection is best used in conjunction with Offline Files.
Offline Files The Offline Files feature allows users to disconnect from the network and work
as if they are still connected. When the computer is offline, files and folders appear in the
same directory that they appear in online. By using Offline Files, users can continue to work
with copies of files that are available on a network when they are not connected to the network. Offline Files stores the data in the computer’s cache to make network files available
offline. When users reconnect to the network, Offline Files synchronizes the files stored on
the local drive with the files on the network.
Hibernation The hibernation feature allows the Microsoft® Windows® desktop to be
restored quickly after a computer is shut down. When a computer is put into hibernation, the
current system state is saved to the hard disk before the computer is turned off. Then, when a
user restarts the computer, Windows restarts any programs that were running when the computer entered hibernation, and it restores all previous network connections.
ACPI and APM support Windows XP Professional supports the Advanced Configuration
and Power Interface (ACPI) specification for robust power management and system configuration. Windows XP Professional also provides some power management features for portable
computers with a legacy Advanced Power Management (APM) version 1.2–based BIOS.
Enhanced battery life Windows XP Professional provides several new features to enhance
battery life. Windows XP Professional automatically dims a laptop’s display when it is
switched to battery power and turns off the display panel when the laptop’s lid is closed. In
Chapter 7:
Supporting Mobile Users
273
addition, Windows XP Professional features intelligent processor throttling to reduce CPU
power consumption. Windows XP Professional also provides more accurate estimates of
remaining battery life.
Processor performance control Windows XP Professional provides native support for processor performance control technologies such as Intel® SpeedStep® Technology, AMD® PowerNow!™, and Transmeta® LongRun™. Windows XP Professional also features an adaptive
processor performance control algorithm that dynamically balances system performance and
power consumption, based on the current CPU workload and remaining battery life.
Battery and processor metrics Windows XP Professional displays information about processor performance and battery activity in System Monitor. The processor performance data
available includes the current processor frequency and power consumption. Battery information provided includes the charge and discharge rates, voltage, and remaining capacity.
Wake-on-critical battery Windows XP Professional supports wake-on-critical battery for
portable computers that implement this feature. This allows a computer to awaken from
standby when battery power becomes critically low and switch to hibernation to prevent data
loss.
Dynamic configuration of hot added devices When you insert and remove devices such as
CardBus cards or Universal Serial Bus (USB) devices, Windows XP Professional detects and
configures them without requiring you to restart the computer.
Hot and cold docking or undocking With your portable computer fully powered, you can
dock to a docking station and undock from a docking station without shutting down the computer.
Table 7-1 lists the new or enhanced features in Windows XP Professional that support mobile
users and indicates which of these features are available in Microsoft® Windows® 95,
Microsoft® Windows® 98, Microsoft® Windows NT® Workstation 4.0, and Microsoft® Windows® 2000 Professional.
Table 7-1
Mobile User Profile Computing Features in Windows XP Professional
Windows XP
Professional
Feature
Windows 2000
Professional
Windows XP
Professional
Offline Files
X
X
Folder
Redirection
X
X
X
X
X
X
X
X
X
X
Windows 95
Windows 98
Roaming User
Profiles
Briefcase
Hibernate
X
X
Windows
NT 4.0
274
Part II:
Desktop Management
Table 7-1
Mobile User Profile Computing Features in Windows XP Professional
Windows XP
Professional
Feature
Power
management
Windows 2000
Professional
Windows XP
Professional
X
X
X
X
X
X
Windows 95
Windows 98
X
ACPI support
Windows
NT 4.0
APM support
X
X
X
X
Standby (APM
and ACPI only)
X
X
X
X
X
X
X
Battery management (APM
and ACPI only)
Dynamic
configuration
of PC Cards
X
X
X
X
Hot and cold
docking or
undocking
X
X
X
X
X
X
X
Hot insertion
and removal of
devices in
hot-swappable
module bays
Setting Up a Portable Computer
Before you can make use of mobile computing in your organization, you need to identify the
critical operating system components, properties, and features that you will need to configure
on your portable computers. You must also ensure that you address critical configuration
issues that are specific to portable computers.
Check BIOS Compatibility
Windows XP Professional supports the Advanced Configuration and Power Interface (ACPI)
specification, which enables reliable system configuration and power management features. If
a portable computer has an ACPI-compliant BIOS, use the Windows Catalog to verify that it is
compatible with Windows XP Professional. If it is not, upgrade the BIOS to the latest available
version. If you upgrade to an ACPI-based BIOS on your portable computer after you install
Windows XP Professional, and your old BIOS was either not ACPI-compliant or not compatible with Windows XP Professional, you must reinstall Windows XP Professional to enable
ACPI and the power management features that it supports. For more information about hardware compatibility, see the Windows Catalog at http://www.microsoft.com/windows/catalog.
Chapter 7:
Supporting Mobile Users
275
If a portable computer has an APM-based BIOS, run the Apmstat.exe support tool to determine whether the BIOS has any known problems. If the APM BIOS is known to be compatible
with Windows XP Professional, APM power management is enabled by default. You can install
Apmstat by running Setup.exe, which is located in the \Support\ Tools folder on the Windows XP Professional operating system CD.
Grant Installation and Configuration Rights
If you configure a portable computer for a user who travels frequently, add this user to the
Power Users group. The user can then install, uninstall, and configure software. If a hardware
device fails or needs to be reinstalled while not connected to the network, a member of the
Power Users group can reinstall the device, but only if the driver package meets the following
conditions:
■
Is present on the system (that is, it does not need to be installed from media, such as a
CD provided by a vendor).
■
Is digitally signed. For more information about driver signing, see Chapter 9, “Managing
Devices.”
■
Can be installed without any user interface.
If a user must be able to add hardware even if the driver package does not meet these conditions, add this user to the Administrators group.
All other types of users should be members of the Users group, which does not allow them to
install, uninstall, or configure software and hardware, except when the preceding three conditions are true. In general, no Users should be members of the Administrators group unless
they need to install, uninstall, and configure non–Plug and Play hardware and drivers. For
more information about driver signing or configuring hardware and drivers, see Chapter 9,
“Managing Devices.”
Verify Hardware Configuration
After you install new hardware on a portable computer, you need to verify that all devices
function when the computer is both docked and undocked. Log on in turn as a member of the
Power Users and Users groups to test the devices, as well as the docking and undocking functionality. This testing is necessary because some hardware can be fully installed only by a
member of the Administrators group. When members of the Power Users or Users group add
the devices, the driver packages might not be installed.
Windows XP Professional uses one hardware profile to load drivers when the portable computer is docked (the Docked Profile) and another when the computer is undocked (the
Undocked Profile). Verify that the properties are set correctly for both the Docked Profile and
the Undocked Profile. For more information about docked and undocked profiles, see “Managing Hardware on Portable Computers” later in this chapter.
276
Part II:
Desktop Management
Configure Power Management Options
Windows power management is based on the concept of power schemes. A power scheme is a
group of preset power options that are passed to the operating system to control a computer’s
power management behavior. Power schemes are presented to the user in Power Options in
Control Panel.
The power policy used when the computer is powered by AC (utility) power can be different
than the policy that is used when the computer is powered by a battery.
Verify that the power schemes that are available are appropriate for the target user environments. The most useful power schemes for portable computers are Portable/Laptop, Presentation, and Max Battery. Using the default power scheme settings might not always be the best
configuration. You might need to explore the best configuration for the user’s needs.
Install Applications
All software and software components must be installed locally and run locally on portable
computers. You must therefore make sure that you do not have any partially installed programs or distributed programs installed on a portable computer that is frequently used
offline. Only Administrators can install software for personal digital assistants (PDA) because
some PDA software cannot be installed by members of the Power Users group. Also, only
members of the Administrators group can use the Internet Connection Wizard to configure
an Internet connection.
Configure Offline File Storing
If you have files and folders that you want to make available offline for mobile users, enable
and configure file-storing settings on the server or network share. This is particularly important for folders such as My Documents that have been redirected to a network share or a
server. Also, make sure that you have configured all offline files settings, including synchronization settings, on the portable computer.
If a user uses an e-mail program or a Web browser, be sure to configure the e-mail program
and the Web browser for offline content.
Configure Security
Because portable computers are vulnerable to theft, you must ensure that they are configured
securely. Format all hard disks as NTFS and apply the appropriate permissions to files and
folders that contain sensitive data. Also, encrypt files and folders that contain sensitive data,
and require users to use strong passwords for logging on both locally and on the network. You
might also want to encrypt the Offline Files cache so that any network files made available
offline are also encrypted. For more information about encrypting files and folders, see Chapter 18, “Using Encrypting File System.”
Chapter 7:
Supporting Mobile Users
277
Configure Roaming User Profiles and Folder Redirection
If you are supporting roaming desktop users or portable computer users who are connected
directly to a network most of the time, configuring roaming user profiles and Folder Redirection can provide a number of advantages, such as fast computer replacement and the storage
of backup copies of data on the network. If portable computers in your organization are rarely
connected to the network or are connected remotely most of the time, however, do not use
roaming user profiles or Folder Redirection. For more information about roaming user profiles and Folder Redirection, see “Configuring Roaming User Profiles and Folder Redirection”
later in this chapter.
Managing Hardware on Portable Computers
The Plug and Play support in Windows XP Professional allows devices to be configured on
the system without the computer having to be restarted. You can therefore add or remove a
device from the computer while it is running, and Windows XP Professional will automatically allocate resources, install or uninstall the appropriate device drivers, and enable or disable the device. Full Plug and Play support is useful for portable computers because the
device configuration on portable computers changes frequently to accommodate the user’s
environment (docked or undocked) and the user’s needs (such as working remotely online or
working offline). For portable computers that are ACPI-enabled, Plug and Play makes the following functionality possible:
■
Dynamic configuration of devices, such as PC Cards and CardBus
■
Hot swapping of Integrated Drive Electronics (IDE) devices in device bays, such as hard
disks, floppy drives, and CD-ROM drives
■
Hot docking and undocking
For more information about installing, configuring, and troubleshooting devices, see
Chapter 9, “Managing Devices.”
Warning
Full Plug and Play support is possible only if both the device and the device
drivers support Plug and Play, and the computer is ACPI-based.
Hardware Profile Creation
Windows XP Professional uses hardware profiles to determine which drivers to load when the
system hardware changes. Hardware profiles are an important feature for portable computers
that use a docking station. Windows XP Professional uses one hardware profile to load drivers
when the portable computer is docked (the Docked Profile) and another (the Undocked Profile) when the computer is undocked. Windows XP Professional creates these two hardware
profiles for portable computers when the computer is docked and undocked.
278
Part II:
Desktop Management
The hardware profiles are created when Windows XP Professional queries the BIOS for a dock
serial ID and then assigns names for the docked and undocked configurations. You do not
need to reconfigure the Docked Profile or the Undocked Profile if your system is Plug and
Play–compliant. If a portable computer is fully Plug and Play–compliant, you need only these
hardware profiles, and you do not need to designate which profile to use when the computer
starts. The computer detects the docked or undocked state and uses the appropriate profile.
If a portable computer is not fully Plug and Play–compliant, you might need to create a new
hardware profile. You can then configure the profile by enabling and disabling devices. For
more information about configuring hardware profiles, see Windows XP Professional Help
and Support Center.
Dynamic Device Configuration
With dynamic device configuration, portable computer users can add or remove PC Cards,
CardBus cards, USB and IEEE 1394 devices, and so forth without restarting the computer.
The device and the device drivers must support Plug and Play for users to take advantage of
dynamic configuration.
Warning Some ACPI-enabled computers might not be fully ACPI-compliant or support hot
addition and removal of devices in hot-swappable module bays. Removing such devices on
these computers without first shutting down the system can physically damage the device.
Docking and Undocking
Docking and undocking of portable computers can be done either hot or cold. In a cold dock
or undock, the computer is shut down before it is inserted into or removed from the docking
station. In a hot dock or undock, the computer is running, with or without programs and documents open, when it is inserted into or removed from the docking station. Computer manufacturers can design the docking stations and BIOS of their mobile computers in different
ways resulting in different docking and undocking behaviors. For specific information about
the docking and undocking behavior of your portable computers, see the manufacturer’s documentation.
Hot Docking and Undocking
Hot docking and hot undocking can be performed only on computers that are ACPI-enabled.
To hot dock a system, insert the fully powered system into the docking station. To hot undock
a system, click Eject PC on the Start menu before removing the system from the docking station. The Eject PC command appears only if a computer is ACPI-enabled.
Removing a portable computer without using the Eject PC command is not recommended.
Use the Eject PC command to perform a hot undock. Note that undocking a portable computer while it is in standby or hibernation is not recommended. If a system is in standby or
Chapter 7:
Supporting Mobile Users
279
hibernation, first resume the system, and then follow the hot undock procedure. Some portable computer manufacturers support other methods of hot undocking. See manufacturer documentation for details about a given system.
Caution
Data loss or system instability can occur if a user does not use the Eject PC
command before undocking in a fully powered state or from standby or hibernation.
You can use Group Policy to disable hot undocking, in which case the Eject PC command does
not appear on ACPI-enabled computers. For more information about using Group Policy to control undocking privileges, see “Securely Undocking Portable Computers” later in this chapter.
Cold Docking and Undocking
Cold docking takes place when the computer is completely shut down before it is docked or
undocked. It is recommended that you use cold docking and undocking if you have an APMbased system or other non-ACPI–based computer. To perform a cold dock, insert the computer into the docking station while the computer is shut down. To perform a cold undock,
shut down the computer, and then remove or eject it from the docking station. When you shut
down the computer before a cold dock or undock, you must use the shut down command.
Do not use the hibernate or stand by commands.
Configuring Power Management
Configuring power management allows you to control how a computer consumes energy.
Windows XP Professional supports the Advanced Configuration and Power Interface (ACPI)
specification. The ACPI architecture is designed to provide for Operating System–Directed
Power Management (OSPM). Windows XP Professional also supports the legacy Advanced
Power Management (APM) version 1.2 BIOS architecture; however, APM provides only limited
power management support.
If you do not have an APM-based or ACPI-based computer, it might still be possible to manage
some aspects of power consumption. For example, depending on the capabilities of your
hardware, you can reduce the power consumed by the computer by setting timers to turn the
display or disk drives off.
ACPI Power Management
Using features supported by ACPI, Windows XP Professional allows the operating system to
direct and manage power usage on a systemwide basis. The operating system’s power policy
determines what devices to turn off and when to put the computer into a low-power state. Power
policy is based on a combination of application requirements, the user’s preferences, and the
computer’s hardware capabilities. To conserve energy and prolong battery life, when the computer is idle the operating system can turn off devices such as the display panel or hard disk
drive, or it can put the computer into a low-power sleep state such as standby or hibernation.
280
Part II:
Desktop Management
Each device class on the computer has a power policy owner. The policy owner for a particular
device class is the component that is best aware of how the device is used. Typically this is the
device class driver. Each policy owner must manage power appropriately for its class and work
consistently with the operating system’s policy for putting the computer into a low-power
state. For example, a network adapter might sense that no network cable is plugged in, and
therefore request that the operating system put the adapter in a low-power state because it is
not being used.
To use the ACPI power management features in Windows XP Professional, your computer
must have an ACPI-compliant BIOS that is compatible with Windows XP Professional.
During setup, Windows XP Professional determines which hardware abstraction layer (HAL)
to install on the computer. If the computer has an ACPI-compliant BIOS, an ACPI HAL is
installed and you are able to use ACPI power management features. If the computer does not
have an ACPI-compliant BIOS, a non-ACPI HAL is installed and ACPI power management features are not available.
Note
The HAL directs information from the operating system and device drivers to specific
devices.
To determine which HAL to install, Windows XP Professional performs the following process
during setup:
1. Windows XP Professional checks the ACPI BIOS tables during startup. These tables list
the devices that are installed on the computer and their power management capabilities.
If this information is missing or if the information is in the wrong form, a non-ACPI HAL
is installed.
2. If the tables are correct, Setup determines whether the computer’s BIOS is known to be
incompatible with the ACPI standard.
If the BIOS is on the incompatible list, a non-ACPI HAL is installed.
3. If the BIOS is not on the incompatible BIOS list, Setup checks the BIOS date.
If the BIOS is not on the incompatible BIOS list and the BIOS date is later than 1/1/99,
an ACPI HAL is installed.
4. If the BIOS is not on the incompatible BIOS list and the BIOS date is earlier than 1/1/99,
Setup determines whether the BIOS is known to be compatible with Windows XP
Professional.
If the BIOS is compatible, an ACPI HAL is installed.
If the BIOS is not compatible, an earlier HAL is installed.
Chapter 7:
Supporting Mobile Users
281
For more information about BIOS compatibility, see the Windows Catalog at http://
www.microsoft.com/windows/catalog.
You can use Device Manager to determine whether your computer is operating in ACPI mode.
To determine whether Windows XP Professional is running in ACPI mode
1. In Control Panel, click Performance and Maintenance, and then click System.
2. In the System Properties dialog box, click the Hardware tab, and then click Device
Manager.
3. In the details pane, click Computer.
If Advanced Configuration and Power Interface (ACPI) PC is listed under Computer,
the computer is operating in ACPI mode.
If you have an ACPI BIOS but Windows XP Professional is not installed in the ACPI mode,
your ACPI BIOS might be noncompliant. Check with your computer manufacturer to see
whether a more recent, ACPI-compatible BIOS is available. If Windows XP Professional is
installed in non-ACPI mode on your computer and you upgrade to a new BIOS version, you
must reinstall Windows XP Professional to enable ACPI mode.
You must be a member of the Administrators group to view the Hal.dll file to determine which
hardware abstraction layer is installed.
APM Power Management
Windows XP Professional support of APM power management is intended to provide compatibility with legacy notebook computers. The APM power management system is not designed
to run on desktop computers because power management support for the APM system is limited to battery status, suspend, resume, and auto-hibernate functions.
APM does not work with every APM-compatible system running Windows XP Professional.
Microsoft has tested APM-capable systems to determine how well each system and BIOS combination supports APM.
Mobile systems can support APM if they meet the following criteria:
■
Hardware must meet basic Windows XP Professional requirements.
■
An ACPI-compliant BIOS is not available for end-user system upgrade.
■
The APM 1.2-compliant BIOS is not on the “Disable APM List” for a particular BIOS version number and date.
■
All user-defined CMOS power control features are disabled or minimized, time-outs are
set to Off or to the longest possible time allowed, and the APM BIOS is enabled.
282
Part II:
Desktop Management
Determining APM BIOS Compatibility
For you to use APM-based power management features with Windows XP Professional, the
APM-based BIOS on your computer must be compatible with Windows XP Professional.
Windows XP Professional supports APM version 1.2 on portable computers. The portable
computer, however, must have an APM-compatible BIOS for APM features to work properly.
Windows XP Professional determines whether a BIOS is APM-compatible during setup, and
on the basis of this determination, does one of the following:
■
Installs APM support (Ntapm.sys and Apmbatt.sys), and enables APM if the computer’s
BIOS is found on the auto-enable APM list.
■
Does not install or enable APM support if the computer’s BIOS is found on the disable
APM list. APM on these systems does not work reliably, and if used, data loss might
occur.
■
Installs APM support, but does not enable APM support if the computer’s BIOS is not
on the auto-enable APM list or the disable APM list. APM might work properly, but you
must enable APM in the Windows XP Professional graphical user interface (GUI). For
more information about enabling APM, see “Configuring APM BIOS” later in this chapter.
Warning
APM must be enabled in the BIOS before Windows XP Professional is installed. If
APM is disabled in the BIOS before installation, Windows XP Professional does not install
power management support even if the APM BIOS is on the auto-enable APM list.
If APM is not enabled after you install Windows XP Professional, either the computer’s BIOS is
on the disable APM list, or it is not on the auto-enable APM list. You can determine whether
either of these is the case by using the Apmstat.exe tool, which is included with the Windows XP
Professional Support Tools on the Microsoft® Windows® XP Professional operating system CD.
To determine APM BIOS compatibility by using Apmstat.exe
1. At the command prompt, type:
apmstat
Caution
If Apmstat.exe reports that an APM BIOS is known to be incompatible or that an
APM BIOS is known to have problems, do not attempt to circumvent Windows XP Professional
Setup by forcing it to install APM support. This might cause a computer to behave erratically
and even lose data. Also, if an APM BIOS is known to be incompatible, make sure that APM is
disabled in the BIOS.
If Apmstat.exe reports that an APM BIOS is not known to be compatible and it is not known
to be incompatible, you might still be able to use APM, but you must enable and configure
Chapter 7:
Supporting Mobile Users
283
APM so that it works properly on your computer.
To verify that APM support is installed on a computer
1. In Control Panel, click Performance and Maintenance, and then click System.
2. Click the Hardware tab, and then click Device Manager.
3. On the View menu, click Show hidden devices.
If NT Apm/Legacy Support is listed in the details pane, APM support is installed.
To enable APM
1. In Control Panel, click Performance Maintenance, and then click Power Options.
2. Click the APM tab.
3. Under Advanced Power Management, select the Enable Advanced Power Management support check box.
Note
The APM tab is present only if an APM BIOS is detected that is either APM 1.2–compliant or that might work with APM even if it is not APM 1.2–compliant. It is not recommended
that you enable APM support on a computer that has a BIOS that is not APM-compliant. If
problems occur after you enable APM support, disable APM and contact the computer manufacturer for an updated BIOS. The APM tab is not present if a computer has multiple processors
because Windows XP Professional does not install APM support on multiprocessor computers.
Configuring APM BIOS
To utilize APM power management on your system, you must configure an APM-based BIOS
so that power management works properly with Windows XP Professional. This might
involve configuring the APM BIOS in the following way:
1. Set BIOS time-outs to the maximum time or disable them. This allows the operating system (instead of the BIOS) to control time-outs. Because some APM BIOSs turn off or
refuse to function if all time-outs are disabled, you might want to set time-outs to the
maximum allowed time instead of disabling them.
2. Make sure that screen blanking is turned off in the BIOS. Typically, you can turn off
screen blanking in the BIOS by disabling the time-out for the display or by setting the
time-out to the maximum value. Screen blanking reduces power to the display, which
causes the computer to appear to be shut down.
Activating a pointing device typically wakes the system and restores power to the display.
However, USB and other external pointing devices do not wake the system or restore power to
the display.
Do not use a supplemental video card with a portable computer if you use APM. Use only the
video card included with the portable computer. The APM BIOS might not detect a video card
284
Part II:
Desktop Management
that is added to the system or a video card that is in a docking station. If the adapter is not discovered by the APM BIOS, the suspend feature does not work.
Power Management Schemes and Options
Whether you have an ACPI-based or an APM-based computer, several power management
options are available for you to configure. These include choosing and configuring a power
scheme, enabling the battery status indicator, configuring the power and sleep buttons, and
setting low-battery alarms.
Configuring Power Schemes
Using power schemes, you can configure how and when a computer turns off devices, enters
a suspend state, or changes processor performance levels on mobile systems that support this
function. You can configure these settings according to the power source in use—whether the
computer is plugged into a wall outlet or powered by battery. Depending on the hardware
capability, you might be able to configure some of these settings even if the computer is not
ACPI- or APM-enabled.
The following default power schemes are available in Windows XP Professional: Home/Office
Desk, Portable/Laptop, Presentation, Always On, Minimal Power Management, and Max Battery. You can customize any scheme, or add or delete new schemes to fit a specific situation.
For more information about configuring the standby feature and the hibernate feature, see
“Configuring Hibernation and Standby” later in this chapter.
The default power scheme on portable computers is Portable/Laptop; the Home/Office Desk
scheme does not optimize battery power. You might need to change the power scheme based
on how the computer is used. For example, you might choose the Presentation scheme to prevent the computer from turning off the display during a presentation.
To configure a power scheme
1. In Control Panel, click Performance and Maintenance, and then click Power Options.
2. Click the Power Schemes tab.
3. Select a power scheme. You can then change the settings in the power scheme to best
meet your needs.
Configuring Hibernation and Standby
When a computer enters hibernation, the current state of the computer is saved to disk, and
the power to the computer is turned off. When a computer wakes from hibernation, it reads
the current state data from the disk and restores the system to the state that it was in before it
entered hibernation. All programs that were running are restarted, and network connections
are restored.
Chapter 7:
Supporting Mobile Users
285
Hibernation is enabled by default. All ACPI-compatible and most APM-compatible computers
can be set to enter hibernation.
Because the contents of the computer’s memory are written to disk when the computer enters
hibernation, you must have at least as much available disk space as you have memory.
To disable hibernation
1. In Control Panel, click Performance and Maintenance, and then click Power Options.
2. Click the Hibernate tab.
3. Clear the Enable hibernate support check box.
Note
You must have the proper hardware to use hibernation. If the Hibernate tab is not
available, the computer does not support hibernation.
When a computer enters standby, the computer’s state is saved to memory and most circuitry
and devices are turned off. When a computer resumes from standby, the state is restored from
memory and power is restored to all devices. If power is interrupted when the computer is in
standby, data might be lost. All installed devices and device driver software must properly
support power management for standby to be available.
To provide security, you can have the computer prompt the user for a user name and password after it resumes from hibernate or standby. Password protection is enabled by default.
To disable password protection when a computer resumes from standby
1. In Control Panel, click Performance and Maintenance, and then click Power Options.
2. Click the Advanced tab.
3. Clear the Prompt for password when computer goes off standby check box.
Note
When you must turn off your portable computer to comply with airline regulations,
you must shut down the computer rather than allowing it to remain in standby. While in
standby, the operating system can reactivate itself to run preprogrammed tasks or to conserve
battery power. For more information about shutting down a computer, see Windows XP Professional Help and Support Center.
286
Part II:
Desktop Management
Configuring the Group Policy Refresh Interval for Hibernation or Standby
You can configure the refresh interval by using Group Policy, which controls how often policies are applied on the computer. By default, the refresh interval is 90 minutes, but it can be
set to any value between 0 and 64,800 minutes. You can also set an interval offset, which is a
random period of time that is applied to the refresh interval. Randomizing the refresh interval
prevents clients with the same refresh interval from overloading the server by simultaneously
requesting policy updates. By default, the interval offset is 30 minutes, meaning that a random
time between 0 and 30 minutes is applied to the refresh interval.
In some cases, Group Policy refresh settings can prevent a computer from entering hibernation or standby. This is because a policy update resets the hibernation or standby timer (as
moving the mouse or pressing a key does). For example, if a computer is set to enter hibernation or standby after being idle for 45 minutes but the Group Policy refresh interval is set at 30
minutes, the hibernation or standby timer never reaches 45 minutes. To ensure that the
standby timer reaches 45 minutes (or whatever time you set), set the Group Policy refresh
interval so that it is greater than the hibernation setting or standby setting in Power Options.
You can also configure Group Policy so that it does not apply settings while the computer is
being used.
To change the Group Policy refresh interval and the interval offset for User
Configuration settings
1. In the Run dialog box, type gpedit.msc.
2. In the details pane of Group Policy, under User Configuration, open the Administrative Templates folder, and then open the System folder.
3. Click Group Policy.
4. In the details pane, double-click Group Policy refresh interval for users.
5. Click Enabled.
6. Change the settings for the refresh interval and the interval offset.
To change the Group Policy refresh interval and interval offset for Computer
Configuration settings
1. In the details pane of Group Policy, under Computer Configuration, open the Administrative Templates folder, and then open the System folder.
2. Click Group Policy.
3. In the details pane, double-click Group Policy refresh interval for computers.
4. Click Enabled.
5. Change the settings for the refresh interval and the interval offset.
Chapter 7:
Supporting Mobile Users
287
To disable policy updates while a computer is running
1. In the Run dialog box, type gpedit.msc.
2. In the details pane of Group Policy, under Computer Configuration, open the Administrative Templates folder, and then open the System folder.
3. Click Group Policy.
4. In the details pane, double-click Turn off background refresh of Group Policy.
5. Click Enabled.
Configuring Battery Monitoring and Management
Windows XP Professional allows you to monitor and manage a portable computer’s battery by
using Power Meter. Windows XP Professional can also monitor multiple batteries. Battery monitoring and management are available only on ACPI-enabled and APM-enabled computers.
By default, the battery status icon will appear on the taskbar whenever the computer is operating on battery power. You must enable the battery status icon to make it appear on the taskbar at all times. This icon gives users direct access to the power meter feature, allows selection
of the current power scheme, and offers direct access to power properties by means of the
Power Options Control Panel option.
To add the battery status icon to the taskbar
1. In Control Panel, click Performance and Maintenance, and then click Power Options.
2. Click the Advanced tab.
3. Select the Always show icon on the taskbar check box.
Note
The display icon changes from a battery to a plug depending on the computer’s
power source—battery power or wall outlet. The display also changes to indicate that the battery is charging or fully charged and shows the remaining battery capacity when the computer
is operating on battery power.
If your portable computer uses multiple batteries, you can also configure the battery meter to
display the status of multiple batteries.
To configure the battery meter for multiple-battery computers
1. In Control Panel, click Performance and Maintenance, and then click Power Options.
2. Click the Power Meter tab.
3. Click Show details for each battery.
You can set alarms to indicate low-battery and critical-battery levels. You can select visual and
audible alarm notifications, specify an action to take such as making a change in power state
288
Part II:
Desktop Management
(standby, hibernation, shutdown), and specify the execution of a program to be run.
To configure alarms to indicate low-battery and critical-battery levels
1. In Control Panel, click Performance and Maintenance, and then click Power Options.
2. Click the Alarms tab.
3. Set the battery activation levels that you want.
4. Click Alarm Action to configure the behaviors of an activated alarm.
Configuring Power Button, Sleep Button, and Lid Switch Behavior
ACPI-enabled mobile computers can have up to three buttons for controlling system power: a
Power button, a Sleep button, and a Lid Switch. Windows XP Professional allows you to configure the action of each button as follows:
■
Do nothing
■
Ask me what to do
■
Sleep
■
Hibernate
■
Shut down
To configure power system button functionality
1. In Control Panel, click Performance and Maintenance, and then click Power Options.
2. Click the Advanced tab.
3. Under When I close the lid of my portable computer, select a lid-switch action.
4. Under When I press the power button on my computer, select a power-button action.
Under When I press the sleep button on my computer, select a sleep-button action.
Enabling Devices to Wake the Computer
On ACPI-compatible systems, Windows XP Professional can enable some devices to wake the
system from hibernation or standby. Windows XP Professional supports wake events such as
modem wakeon-ring, wakeon-LAN, and wakeon-critical battery. Windows XP Professional
also supports wakeon-LAN for CardBus network adapters. Note that for the wake features to
function, they must be supported by the appropriate computer hardware.
To enable a device to wake the computer
1. In Control Panel, click Performance and Maintenance, and then click System.
2. Click the Hardware tab, and then click Device Manager.
Chapter 7:
Supporting Mobile Users
289
3. Select the device that you want to wake the system, and then double-click to open the
Properties dialog box.
4. On the Power Management tab, click Allow this device to bring the computer out of
standby.
If no Power Management tab appears, the device does not support system wake.
Hiding Power Options
You can prevent users from configuring power options by specifying Control Panel settings in
Group Policy. You can disable Control Panel entirely, hide specific Control Panel tools, and
show specific Control Panel options. Hiding Power Options can be beneficial if you have configured the power options and you do not want users to change those options. However, if you
hide Power Options, users have no means to reconfigure power management settings if they
need to be changed while they are away from the office. For example, portable computer users
frequently use the Portable/Laptop power scheme. When they use the portable computer for
a presentation, however, it is recommended that they switch to the Presentation scheme to
prevent the portable computer from turning off the display or entering standby or hibernation during the presentation. Users cannot change power schemes or any other power option
if Power Options is not available.
To hide Power Options by using Group Policy settings
1. In the Run dialog box, type gpedit.msc.
2. In the Group Policy console tree, under User Configuration, open Administrative
Templates.
3. Click the Control Panel folder.
4. In the details pane, double-click Hide specified control panel applets.
5. In the Hide specified Control Panel applets Properties dialog box, click Enabled, and
then click Show.
6. Click Add.
7. Type either the name of the Control Panel utility (power options) or its associated .cpl
file (powercfg.cpl).
Typically, Power Options appears in the Show Contents dialog box, under List of disallowed control panel applets.
To disable Control Panel by using Group Policy settings
1. In the Run dialog box, type gpedit.msc.
2. In the Group Policy console tree, under User Configuration, open the Administrative
Templates folder.
290
Part II:
Desktop Management
3. Click the Control Panel folder.
4. In the details pane, double-click Prohibit access to the Control Panel.
5. Click Enabled.
Warning Disabling Control Panel in Group Policy prevents Control.exe from starting. This
removes Control Panel from the Start menu and removes the Control Panel folder from My
Computer.
Configuring Roaming User Profiles and Folder
Redirection
A user profile is a group of settings and files that defines the environment that the system
loads when a user logs on.
A user profile contains:
■
A portion of the registry that stores registry settings such as Windows Explorer settings,
persistent network connections, taskbar settings, network printer connections, userdefined Control Panel and Accessories settings, and application settings.
■
A set of profile folders that store information such as shortcut links, desktop icons, and
startup applications.
User profiles are located by default on the local computer; one profile is created for each user
who has logged on to that computer. When administrators configure profiles to roam, the
data and settings in a user’s profile are copied to a network server when the user logs off of the
computer. The data and settings are then available to the user no matter where he or she next
logs on to the network.
While useful for mobile users, roaming user profiles are also beneficial for users who always
use the same computer. Roaming user profiles provide a transparent way for such users to
back up their profiles to a network server, thus protecting the information from individual system failure. If a user’s primary workstation needs to be replaced, the new computer receives
the user’s profile from the server as soon as the user logs on.
You can use roaming user profiles together with Remote OS Installation and Software Installation and Maintenance when you replace a computer. If a computer system fails and loses its
data, you can use Remote OS Installation to install Windows XP Professional, use Software
Installation and Maintenance to restore applications, and use roaming user profiles to restore
critical information. Because a network copy of the data exists, you can easily reestablish links
to critical information.
Chapter 7:
Supporting Mobile Users
291
Roaming user profiles are configured by means of the user object contained in the Active
Directory® directory service on the domain controller. For more information about configuring roaming user profiles on Microsoft® Windows® 2000 Server, see the Distributed Systems
Guide of the Microsoft® Windows® 2000 Server Resource Kit.
Roaming user profile considerations for mobile users The following guidelines can be used
when planning profile configurations for users of mobile computers:
■
If the user regularly connects to the network via fast link, consider using a roaming user
profile.
■
If the user rarely connects via fast link, use a local profile. By default, roaming user profiles do not roam over slow links. For example, if a user in the field generally connects
via a dial-up connection but comes into the office twice a year and connects via the LAN,
a roaming profile offers little advantage because the server copy would be up-to-date
only on those two occasions.
■
If the user roams to LAN-connected computers in the domain and also has a laptop
computer, use a roaming user profile for the user. For the laptop computer, enable the
Group Policy setting Only allow local user profiles. Note that a Computer Configuration Group Policy setting takes precedence over a User Configuration setting, so the
user will receive his or her User setting on desktop computers but will receive the Computer setting on the laptop computer.
Roaming User Profiles in Windows XP Professional
Windows XP Professional includes new Group Policy settings, support for Windows XP Professional fast network logon, and more robust roaming. These features increase the usability,
resilience, and performance of roaming user profiles.
New Group Policy Settings
The Group Policy settings that you use to manage user profiles have been moved to their own
folders in the Group Policy snap-in, under Computer Configuration\Administrative Templates\System\User Profiles and User Configuration\Administrative Templates\System\User Profiles. In addition, three new Computer Configuration settings are available with
Windows XP Professional.
Prevent roaming-profile changes from propagating to the server Determines whether
changes users make to their roaming profiles are merged with the server copy of the profile. If
this policy is set, users receive their roaming profiles when they log on, but any changes they
make to their profiles will not be merged to their roaming profiles when they log off.
Add the Administrators security group to roaming user profiles In Windows XP Professional, the default file permissions for newly generated roaming profiles are full control for the
user and no file access for the Administrators group. By default, an administrator must take
292
Part II:
Desktop Management
ownership of a user’s profile folder to gain access to it. Because taking ownership is an audited
event, this increases the security of the profile folder. This policy allows the Administrators
group to have full control of the user’s profile directories, as in Windows NT 4.0.
Only allow local user profiles Determines whether roaming user profiles are available on a
particular computer. By default, when a roaming profile user logs on, his or her roaming profile is copied from the server to the local computer. If the user has already logged on to this
computer in the past, the roaming profile is merged with the local profile. Similarly, when the
user logs off of this computer, the local copy of his or her profile, including any changes that
have been made, is merged with the server copy.
Using the Group Policy setting, you can prevent users configured to use roaming profiles from
receiving their profile on a specific computer.
Support for Windows XP Professional Fast Network Logon
To speed the startup and logon process, Windows XP Professional does not require that the
network be fully initialized before a client computer can start up or before a user can log on.
If a user has previously logged on to a particular client computer, he or she is subsequently
logged on using credentials cached on that computer.
When a user switches from using a local profile to using a roaming profile, Windows XP Professional copies relevant portions of the user’s registry from the server instead of from the
local computer, to prevent an older local copy from overwriting the server copy. Thereafter,
whenever the roaming user logs on, the computer always waits for the network, so the profile
can be downloaded from the server.
When fast network logon is enabled (as it is by default in Windows XP Professional), if administrators remove the profile path from a user’s object, it is recommended that they also either
rename or delete the corresponding profile folder. If they do not and an administrator later
reenters the same path, the user will receive the older copy of the registry from the server.
More Robust Roaming
In Windows 2000, certain applications and services keep registry keys open after the user
logs off, preventing Windows from unloading the user’s registry. When this occurs, profiles
become locked and changes that users have made to their profiles are not saved to the server.
This situation creates three problems for users:
■
The user experience is affected because users might wonder why changes have not been
saved when they log on to another computer.
■
Because locked profiles are never unloaded, they use excessive memory on computers
on which many users must log on (such as terminal servers).
■
Profiles that are marked for deletion when users log off (to clean up the computer or for
temporary profiles) are not deleted.
Chapter 7:
Supporting Mobile Users
293
Windows XP Professional provides the following solutions to these problems:
■
Sixty seconds after a user logs off, Windows XP Professional saves the user’s registry
and roams the profile correctly. In Windows 2000, if the profile is locked when a user
logs off, Windows polls the profile for 60 seconds and then quits.
■
When the application or service closes the registry key that unlocks the profile, Windows XP Professional unloads the user’s registry, freeing the memory used by the profile.
■
If a profile is marked for deletion when the user logs off, it is deleted when the reference
count drops to zero. If the application does not release the registry key, Windows XP
Professional deletes all profiles marked for deletion the next time the computer starts.
Combining Folder Redirection with Roaming User Profiles
The Folder Redirection feature of IntelliMirror allows an administrator to redirect the location
of certain folders in the user profile to a network location. Combining Folder Redirection with
roaming user profiles allows you to decrease logon and logoff times for roaming and mobile
users. A common practice is to redirect My Documents and My Pictures, and allow Application Data, Desktop, and Start Menu to roam with the profile. In addition to the benefits of
improved availability and secure backup that having the data on the network provides, users
also realize performance gains over low-speed network connections and in subsequent logon
sessions. Because only some of their documents are copied, performance is improved when
users’ profiles are copied from the server. Not all the data in the user profile is transferred to
the desktop each time the user logs on—only the data that user accesses during a session.
When you combine the use of Folder Redirection and roaming user profiles, you can also provide fast computer replacement. If a user’s computer needs to be replaced, the user’s data can
quickly be reestablished from the server location(s) to a replacement computer.
Note
When implementing roaming user profiles or Folder Redirection for users of laptop
computers, keep in mind that the user must log on at least once over a fast link for these features to apply. If an administrator configures the laptop in the office, he or she should make
sure the user of the laptop logs on to it while still connected via fast link before taking it into
the field. An alternative is to use Group Policy to change the slow link speed temporarily.
Note that Folder Redirection can be used with all types of user profiles: local, roaming, or
mandatory. Using Folder Redirection with local profiles can provide some of the benefits of
roaming profiles (such as having a user’s data available at any computer, and maintaining data
on the server) without the need to implement roaming profiles. Using Folder Redirection with
a local profile, however, means that only the user’s documents and files are available from all
computers. To allow settings and configurations to move with the user, you need to use roaming profiles.
294
Part II:
Desktop Management
For more information about using Group Policy to configure Folder Redirection on an Active
Directory network, see the Step-by-Step Guide to User Data and User Settings link on the Web
Resources page at http://www.microsoft.com/windows/reskits/webresources. For more information about alternate means of configuring Folder Redirection for non–Active Directory
environments, see Chapter 6, “Managing Files and Folders.”
Table 7-2 lists the folders in a user profile, provides the default behavior for each folder, and
indicates whether the folder can be redirected using Folder Redirection. For more information
about selecting which folders to redirect and which to leave in the profile, see Chapter 6,
“Managing Files and Folders.”
Table 7-2
Default Behavior of Profile Folders
Folder
Name
Description
Roams with
Profile by
Default
Can Be
Redirected
Using Folder
Redirection
Application
Data*
Stores application state data, such as toolbar
settings and other non-registry-based settings.
Application vendors decide what to store here.
Yes
Yes
Cookies
Contains user’s Microsoft® Internet Explorer
cookies.
Yes
No
Desktop
Contains user-specific contents of the desktop.
Yes
Yes
Favorites
Contains user’s Internet Explorer favorites.
Yes
No
Local
Settings*
Contains temporary files and per-user nonroaming application data. It is a container for
application settings and data that do not roam
with the profile, and cannot be redirected. This
information is usually computer-specific or too
large to roam effectively. Application vendors
can also opt to store temporary data here in
addition to or instead of in the Application
Data folder.
No
No
History*
Contains the Internet Explorer history. This is a
subfolder under Local Settings.
No
No
Temp*
Contains temporary files. This is a subfolder
under Local Settings.
No
No
Temporary
Internet
Files*
Contains the Internet Explorer offline cache.
This is a subfolder under Local Settings.
No
No
My Documents (and
its subfolders
My Pictures,
My Music,
My Videos)
The default location for documents that the
user creates. Applications need to be written to
save files here by default.
Yes
Yes
Chapter 7:
Table 7-2
Supporting Mobile Users
295
Default Behavior of Profile Folders
Folder
Name
Description
Roams with
Profile by
Default
Can Be
Redirected
Using Folder
Redirection
NetHood*
Contains shortcuts to My Network Places
items.
Yes
No
PrintHood*
Contains shortcuts to printer folder items.
Yes
No
Recent*
Contains shortcuts to the most recently used
documents, such as Most Recently Used (MRU)
lists in applications.
Yes
No
Send To*
Contains shortcuts to document storage locations and applications.
Yes
No
Start Menu
Contains shortcuts to program items.
Yes
Yes
Templates*
Contains shortcuts to per-user customized
template items, such as templates that a user
creates in Microsoft Word or Microsoft Excel.
Yes
No
*These folders are hidden by default.
To view hidden folders
1. In My Computer, on the tools menu, select Tools, and then click Folder Options.
2. Select the View tab, and click Show Hidden Files and Folders.
Configuring Offline Files for Portable Computers
By using Offline Files, users can disconnect from the network and work as if still connected.
When the computer is offline, the files and folders appear in the same directory that they
appear in online—as if they are still in the same location on the network. This allows the user
working offline to edit files. The next time the user connects to the network, the offline
changes are synchronized with the network share. Any changes that were made while the user
was working offline are updated to the network.
Offline Files is especially useful for mobile users with portable computers because they can
use it to access their files when they are not connected to the network. Thus users can always
open, update, and work with current versions of network files when they are not connected to
the network.
Offline Files stores the data in the computer’s cache to make network files available offline.
The cache is a portion of disk space that a computer accesses when it is not connected to the
network. The view of shared network items that you make available offline is the same as the
view online, even if users lose a connection to the network or remove a portable computer
from the docking station. Users have the same access permissions to those files and folders
that they have when they are connected to the network.
296
Part II:
Desktop Management
If two users on the network make changes to the same file, they can save their own version of
the file to the network, keep the other user’s version, or save both.
You can make shared files or folders available for offline use from any computer that shares
files by using server message block (SMB)–based file and printer sharing, which includes any
computer running Windows 2000, Windows 95, Windows 98, or Windows NT 4.0. The
Offline Files feature is not available on Novell NetWare networks. When configuring a shared
folder, you have the option to choose whether all the files in the folder are automatically available offline, or whether a user must explicitly mark a file to be available offline.
Offline Files is a stand-alone technology, which means that you do not need to pair it with
Folder Redirection and set up and configure network shares. However, pairing the two technologies works well. By default, any folder that is redirected is available offline as well.
In Windows XP Professional, all the files in a redirected folder, including subfolders, are automatically made available offline. You can disable automatic caching of redirected folders by
using the Group Policy setting Do not automatically make redirected folders available
offline, under User Configuration\Administrative Templates\Network\Offline Files.
Note In Windows 2000 Professional, redirected folders are not automatically made available
offline. To make folders available offline, administrators use the policy setting Administratively
assigned offline files, or the users manually make all files available offline.
Configuring Files on a Network Share for Offline Use
Before you can have offline access to the files on a shared network folder, you must specify
how the files in the folder are stored in a cache on the client computer—in this case, the user’s
portable computer. For nonexecutable files, such as word processing documents, spreadsheets, and bitmaps, there are two options for storing files: automatic caching, and manual
caching.
Automatic Caching
Automatic caching makes a file available offline by creating a locally stored copy of the file
when a user opens the file on a portable computer. Automatically stored files might not always
be available in the cache because Offline Files might remove, or purge, them when the cache
becomes full. Offline Files will purge files based on frequency of use. Automatic caching is
most useful when you have an unreliable or unpredictable network connection. For example,
if a user is working on an automatically stored file and the portable computer is disconnected
from the network, the user can continue working on the file without interruption. To make a
file available offline at all times, you can use My Computer to mark the file as Always available offline. For more information about making files available offline, see Chapter 6, “Managing Files and Folders.”
Chapter 7:
Supporting Mobile Users
297
Manual Caching
Manual caching makes a file or a folder available offline, but only when it is pinned, that is,
manually marked on the user’s computer. A manually stored file or folder that is not pinned
on the user’s computer is not available offline. Manual caching is useful for users who need
access to a file or folder all the time or for users who need access to entire folders, especially
folders that contain documents created by or modified by other users. For example, manual
caching works well for users who frequently use a portable computer away from the office
without a network connection but still need access to many files on the network. In this case,
you can manually pin folders on the user’s portable computer to make those folders available
to the user when away from the office. Automatic caching is not ideal in this case because the
files in the network folder are not locally stored unless the portable computer user opens each
file while the portable computer is connected to the network share.
To configure automatic or manual caching on a shared network folder
1. Right-click the shared folder that you want to configure, click Properties, and then click
the Sharing tab.
2. In the Properties dialog box, click Caching.
3. In the Setting box, select a type of storing.
On the Setting box menu, you can also choose Automatic caching of programs and
documents, which is useful if a user runs programs from the network. This option
stores a copy of a network program on the user’s hard disk so that the user can run the
program offline. However, users of portable computers must be careful when using this
feature because only the program files that are executed are stored on the local computer. For example, if you run Microsoft Word from a network share but you do not use
the spelling checker, the spelling checker is not stored. If you then run Word offline and
try to run the spelling checker, the tool is not available. To avoid this problem, you can
load all programs and associated tools locally on a portable computer and not use the
Automatic caching of programs and documents option.
Configuring Synchronization for Offline Files
Synchronization ensures that any changes made to offline files and folders are propagated
back to the network and that any changes that have occurred on the network are propagated
to the user’s computer. Some synchronization features and options relate specifically to portable computers. For more information about all synchronization options, see Chapter 6, “Managing Files and Folders.”
For synchronization to occur, the hard disk on a user’s portable computer must be turned on
so that files can be copied from the network to the local cache and files in the local cache can
be copied to the network. Synchronization might not be an optimum use of power for a portable computer running on battery power. However, certain options allow you to set synchro-
298
Part II:
Desktop Management
nization to occur when a computer runs on battery power. You can also use Group Policy to
synchronize all offline files before logging off.
Synchronizing Offline Files by Using Group Policy
To ensure that all offline files are fully synchronized, you must enable the Group Policy setting
Synchronize all offline files before logging off in the Administrative Templates\Network\Offline Files folder. When this Group Policy setting is enabled, all files in the user’s redirected folder are available when the user is working offline. If this setting is not enabled, the
system performs only a quick synchronization, and as a result only files that were used
recently are cached. This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.
Enabling Synchronization During an Idle State
By default, offline files are not synchronized when a computer is in an idle state and using battery power. This is because portable computers rely on a low-power idle state to conserve battery power, and you might not want to use battery power to synchronize files. You can change
the default so that synchronization occurs when the computer is idle and running on battery
power.
To enable synchronization when a computer running on battery power is idle
1. In All Programs, point to Accessories, click Synchronize, and then click Setup.
2. In the Synchronization Settings dialog box, click the On Idle tab, and then click
Advanced.
3. In the Idle Settings dialog box, clear the Prevent synchronization when my computer
is running on battery power check box.
Preventing Scheduled Synchronization
You can schedule synchronization to occur on specific days and at specific times. Because a
scheduled synchronization is often a low-priority task that consumes power, Windows XP
Professional allows you to prevent scheduled synchronization from occurring when a computer is running on battery power.
To prevent scheduled synchronization from occurring when a computer is running on
battery power
1. In All Programs, point to Accessories, click Synchronize, and then click Setup.
2. In the Synchronization Settings dialog box, click the Scheduled tab.
3. Click a scheduled task, and then click Edit.
4. On the Settings tab, under Power Management, select the Don’t start the task if the
computer is running on batteries check box.
Chapter 7:
Supporting Mobile Users
299
If a scheduled synchronization is in progress and a portable computer is switched from alternating current to battery power, you can have Windows XP Professional cancel synchronization. This might occur if scheduled synchronization starts on a docked portable computer
that is using a wireless network connection and the user performs a hot undock.
To stop scheduled synchronization when the computer is running on battery power
1. In All Programs, point to Accessories, and then click Synchronize.
2. In the Items to Synchronize dialog box, click Setup.
3. Click the Scheduled tab.
4. Click a scheduled task, and then click Edit.
5. On the Settings tab, under Power Management, select the Stop the task if battery
mode begins check box.
Enabling Automatic Connection During Scheduled Synchronization
If a computer is not connected to a network when a synchronization is scheduled to start, you
can configure Windows XP Professional to connect so that synchronization can occur. In this
case, Windows attempts to connect to the designated network, detects that the computer is
not connected to the network, and then informs the user that the network is not available. By
default, Windows does not connect if there is no network connection at the time of synchronization. Although you might use this option for portable computer users who are normally
connected to the network, you might not want to enable it for users who frequently use the
portable computer while it is disconnected from the network.
To enable automatic connection for scheduled synchronization
1. In All Programs, point to Accessories, click Synchronize, and then click Setup.
2. On the Scheduled tab, under Current synchronization tasks, click a scheduled task,
and then click Edit.
3. On the Synchronization Items tab, select If my computer is not connected when this
scheduled synchronization begins, automatically connect for me.
Synchronizing over a Slow Link
Windows does not provide a system-wide definition or threshold for a slow link. Instead, it
allows every system component to define a slow link according to its own capabilities and
requirements. For example, one component might define a slow link as 28.8 kilobits per second (Kbps) while another might define it as 56 Kbps. For Offline Files and synchronization in
an Active Directory environment, you can use Group Policy settings to define file synchronization behavior over a slow link. The default slow link threshold value is 64 Kbps.
300
Part II:
Desktop Management
A slow-link connection affects synchronization by preventing the following:
■
Automatic transition of shared network folders from an offline to an online state
■
Copying of newly added files from the network share to the user’s computer
Defining the slow link threshold In Windows XP Professional and Windows 2000 Server
or later, you can use the Configure slow link Group Policy setting located in Computer Configuration\Administrative Templates\Network\Offline Files to define the threshold value at
which Offline Files considers a network connection to be slow.
For more information about the Group Policy settings associated with Offline Files, see Chapter 6, “Managing Files and Folders.”
Transitioning from an offline state to an online state After a network share has been
offline to a user—for example, if a server goes offline and is then brought back online, or a user
undocks a portable computer and then docks it—the share becomes available online for the
user if the following three conditions are true:
■
No offline files from that network share are open on the user’s computer.
■
None of the offline files from that network share have changes that need to be synchronized.
■
The network connection is not considered a slow link.
When these conditions are true and a user opens a file on the network share, the user is working online on that network share. Any changes that the user makes are saved to both the file
on the network share and the file stored in the Offline Files folder. If any one of the conditions
is not true and a user opens a file on the network share, the user is still working offline even
though the network share is available. Any changes that the user makes are saved only to the
offline version of the file.
When a user first connects to a network over a slow-link connection, the user is only working
offline on any shared network folders even though the online folders are available. To start
working online with a shared network folder, the user must synchronize the shared network
folder. Synchronization shifts the folder to an online state and pushes any offline files that
have changed to the shared network folder. To pull files from the shared network folder to the
Offline Files folder, the user must perform a second synchronization, which pulls files that
have changed from the network share to the Offline Files folder.
Note
When you use a slow-link connection, a second synchronization does not pull newly
created files from the network share to the Offline Files folder. To make new files on the network share available offline during a slow-link connection, you must pin the files.
Chapter 7:
Supporting Mobile Users
301
Making network shares available without synchronization Slow-link connections can
prevent a network share from coming online even though the network share is available.
Although you can bring the network share online by synchronizing it, this method might not
be ideal. For example, when a user’s portable computer is disconnected from the network and
the user requires access to a file on a shared network folder that has been made available
offline, a file to which the user has made several changes offline might not be ready to synchronize with the network share. Or, the user might be in a hurry and does not want to take the
time to synchronize files. The user wants only to connect to the network, get the new file from
the network share, and then log off. Windows XP Professional provides a way for the user to
make a folder available online without synchronizing offline files.
To make a folder available online without synchronizing offline files
1. In the notification area, click the Offline Files icon to open the Offline Files Status dialog box.
2. Select Work online without synchronizing changes.
Note
The Offline Files icon appears in the notification area when users are working offline.
Securing Offline Files
Windows XP Professional provides several methods of protection for offline files. The Offline
Files folder, including the Offline Files database and the stored offline files, is secured against
unauthorized access by administrator permissions. Additionally, the same permissions that
protect their network counterparts protect offline files and folders. Windows XP Professional
also supports encryption of offline files.
Offline Files Folder Security
Offline files are stored (cached) in the Offline Files folder. Each computer has only one Offline
Files folder, even if the computer is shared by multiple users, and all offline files are stored in
this folder. By default, this folder is protected by administrator permissions so that unauthorized users cannot view the contents. However, these permissions are applied to the folder
only if the folder is located on a drive that is formatted to use NTFS. Windows XP Professional
notifies you of this limitation when you first cache an offline file on a FAT or FAT32 drive. For
more information about file system security, see Chapter 13, “Working with File Systems.”
Offline File and Folder Permissions
In addition to the protection afforded by the permissions on the actual Offline Files folder,
offline files and folders retain the permissions set for them on the network share. This type of
security is important if multiple users share a single computer. For example, if a user creates a
file on a network share, changes its permissions so that only that user has access to the file,
302
Part II:
Desktop Management
and then makes the file available offline, another user who tries to open the offline version of
the file on the user’s computer is denied access, just as if the second user tried to open the file
directly on the network share.
This type of security is applied to offline files regardless of the formatting of the user’s hard
disk. Thus, if you set permissions on a file on a network share that is formatted to use NTFS
and you make that file available offline on a computer that has a FAT or FAT32 drive, the permissions carry over to the offline version of the file, even though the drive is formatted to use
FAT or FAT32.
Encrypting Offline Files
You can secure data on portable computers by encrypting the offline files. Windows XP Professional provides Encrypting File System (EFS) support for Offline Files. The local cache of
Offline Files can be encrypted if the cache directory resides on an NTFS volume. When the
cache is encrypted, the local copy of a cached file is automatically encrypted.
To encrypt offline files
1. In Folder Options, click the Offline Files tab.
2. Select the Encrypt Offline files to secure data check box.
You can also use Group Policy to apply this option to groups of users. In the Group Policy
snap-in, go to Computer Configuration\Administrative Templates\Network\ Offline Files.
Offline files stored on local hard disks are secured by EFS; however, the files are encrypted in
the system context and the encryption applies to all users of the local computer. If both the
local computer and the remote computer where the files are stored are encrypted, files are
encrypted at all times. If the local computer is encrypted but the remote location of the files is
not, the files are encrypted while they are stored locally.
If the remote location is encrypted and the local computer is not, however, you are warned
when you try to make a file available offline that it will not be encrypted on the local computer. You can override the default and make the files available; when you attempt to synchronize the files, the local copy will be deleted.
Managing the Offline Files Folder
Portable computer users who frequently work offline might accumulate hundreds of files in
the Offline Files folder on their hard disk. Because many of these files might be out of date,
rarely used, or no longer needed offline, you might want to delete them from the Offline Files
folder (the cache) to maximize the available disk space. Users might also want to delete files
in the Offline Files folder if a network share has been deleted or is no longer available. In addition to deleting individual files, you can reinitialize the Offline Files cache, which deletes the
entire contents of the Offline Files folder and resets the Offline Files database. Reinitializing
the Offline Files cache is useful when you transfer a computer to a new user or when a user
Chapter 7:
Supporting Mobile Users
303
has been working offline with sensitive or proprietary documents and you want to ensure that
they are no longer available offline or that they are not in the cache.
You can safely remove offline files from the cache without affecting network files or folders by
deleting files from the Offline Files folder or by reinitializing the cache. Do not delete or move
any files directly from the systemroot\CSC folder. For more information about deleting offline
files from the cache without affecting network files or folders, see Chapter 6, “Managing Files
and Folders.”
Securing Portable Computers
Because portable computers are vulnerable to theft, it is important that you provide security
for portable computers and the data that is stored on them. You can do this by formatting
hard disks to use NTFS so that permissions can be set and encryption can be enabled on files
and folders by means of Encrypting File System. You can also add portable computer users to
the Power Users group so that they have maximum control of the portable computer without
having full control of the system. Ensuring that users use strong passwords to log on to their
portable computers and that administrators use strong passwords for the local administrator
account is another important security measure. Also, Group Policy settings can be used to
restrict access to the computer and any data that is stored on it. For more information about
these security features, see Chapter 16, “Understanding Logon and Authentication,” Chapter 6,
“Managing Files and Folders,” and Chapter 18, “Using Encrypting File System.”
Securely Undocking Portable Computers
Portable computers can be undocked in two ways, depending on the type of docking station,
the type of portable computer, and the permissions and Group Policy settings that have been
implemented on the computer. A portable computer can be undocked in the following circumstances:
■
While the portable computer is shut down and the power is off, a user physically ejects
it or removes it from the docking station (a cold undock).
■
While the portable computer is running, a user uses the Eject PC command in Windows XP Professional to eject the computer from the docking station, before physically
removing the computer (a hot undock).
To prevent an unauthorized user from undocking a portable computer from a docking station, the portable computer or docking station must include some type of physical lock. Portable computers might simply use a keyed lock that must be manually unlocked to prevent
undocking by unauthorized users. Docking stations can include a lock as well, some of which
can be programmatically controlled. For example, some docking stations allow administrators to require that an authorized user log on and select Eject PC before freeing the lock and
allowing physical removal of the portable computer from the docking station.
304
Part II:
Desktop Management
You can choose a local Group Policy setting that controls who has undocking privileges on a
portable computer. If a user has undocking privileges, he or she is able to use the Eject PC
command. If the user does not have undocking privileges, the Eject PC command is not available. However, any program can call the application programming interface (API) that controls the Eject PC command, which means that any program can have its own button or menu
item that tries to eject a portable computer. If a user tries to use such a button or menu item
and does not have undocking privileges, the command fails.
By default, undocking permissions are granted to a user during a clean installation of Windows
XP Professional and during an upgrade from Windows 95, Windows 98, or Windows NT 4.0.
To prevent a user from undocking, you must use Group Policy to set undocking privileges.
To set undocking privileges by using Group Policy
1. In the Run dialog box, type gpedit.msc.
2. In the details pane of Group Policy, under Computer Configuration, open Windows
Settings, Security Settings, Local Policies, and open the User Rights Assignment
folder.
3. In the details pane, right-click Remove computer from docking station, and then click
Properties.
4. In the Properties dialog box, click Add to add users and groups to the list.
– or –
Click Remove to remove users and groups from the list.
Warning
Restricting undocking privileges offers no security benefits if the docking station
in question does not provide a programmatically controlled locking mechanism.
Windows XP Professional BIOS Security
Some computers allow you to implement system security or device security at the BIOS level.
Typically, equipment manufacturers implement this type of security by requiring a password
at startup while the BIOS is loading. If the user enters an incorrect password, the BIOS does
not finish loading and the computer does not start; or the BIOS might finish loading, but it
does not transfer control of the computer to Windows XP Professional. Although this type of
security is designed to control access to the computer at startup, it might also control access
when the computer resumes from a low-power state such as standby or hibernation. In these
cases, users might have to enter the BIOS password when the system resumes from either
standby or hibernation.
To implement BIOS security on a portable computer, contact the portable computer manufacturer to verify that it operates properly with the standby and hibernate features of Windows XP
Professional. Also be aware that BIOS security can supercede Windows XP Professional security
by preventing Windows XP Professional from taking control of the computer or other devices.
Chapter 7:
Supporting Mobile Users
305
Using Infrared Hardware and Video Devices with
Portable Computers
You can use infrared hardware and video devices with portable computers. Some devices and
device types, however, have known compatibility problems with Windows XP Professional or
have conflicts and limitations when they are used with Windows XP Professional.
Using Infrared Devices with Portable Computers
Windows XP Professional supports the IrTran-P image exchange protocol, which allows a
computer to receive images and files from a digital camera or other digital image capture
device. However, Microsoft® ActiveSync® version 3.0, the desktop synchronization technology
for Microsoft® Windows® CE–based handheld computers, disables the IrTran-P service. If you
must use ActiveSync 3.0 and the IrTran-P service, you need to toggle between the two services
to use them. You can toggle between these services either by using Wireless Link in Control
Panel or by using ActiveSync 3.0.
Note
By default, the IrTran-P protocol is turned on in Windows, meaning that you can
download images and files from a digital camera to a computer.
To turn IrTran-P protocol on and off
1. In Control Panel, click Printers and Other Hardware, and then click Wireless Link.
2. On the Image Transfer tab, select Use Wireless Link to transfer images from a digital
camera to your computer to turn on the IrTran-P protocol.
– or –
Clear Use Wireless Link to transfer images from a digital camera to your computer
to turn off the IrTran-P protocol.
To turn ActiveSync 3.0 on and off
1. Open ActiveSync 3.0.
2. On the Tools menu, click Options.
3. On the Rules tab, select Open ActiveSync when my mobile device connects to turn on
ActiveSync.
– or –
Clear Open ActiveSync when my mobile device connects to turn off ActiveSync.
Windows XP Professional also supports the IrDial protocol, which gives infrared devices
access to the Internet and other networks by using the Point-to-Point Protocol (PPP). Cellular
306
Part II:
Desktop Management
telephones that use IrDial do not require special installation and configuration because IrDial
network connections are managed entirely by using the Network Connections folder.
To configure a connection for IrDial
1. Double-click the connection that you want to configure.
2. Click Properties.
3. Under Connect Using, select Infrared Modem Port, and then click OK.
4. Enter your user name and your password, and then click Dial.
For more information about infrared device configuration and Wireless Link in Control Panel,
see Windows XP Professional Help and Support Center, or see Chapter 9, “Managing
Devices,” and Chapter 25, “Connecting Remote Offices.”
Using Video Devices with Portable Computers
You can use the Windows XP Professional multiple monitor feature with a docked portable
computer, but only if the docking station allows you to install Peripheral Component Interconnect (PCI) or Accelerated Graphics Port (AGP) video adapters. Also, the on-board video
adapter (the one that is a part of the portable computer’s motherboard) must be designated as
the VGA display device. Typically, this is not a problem, although the BIOS on some computers allows you to choose the video adapter that you want to use as the VGA device. In this
case, you must designate the on-board video adapter.
Windows XP Professional does not support hot undocking of portable computers while they
are using multiple monitors. To perform a hot undock on a computer using multiple monitors, you must first stop using all but one monitor. You can do this by detaching the secondary
display before performing the hot undock.
To detach a secondary monitor
1. In Control Panel, click Appearance and Themes, and then click the Display icon.
2. Click the Settings tab, double-click the secondary monitor, and then click Attach.
3. Click Apply to detach the monitor.
Typically, the secondary monitor turns off, leaving the primary monitor running.
After you detach the secondary monitor, you can perform a hot undock.
Chapter 7:
Supporting Mobile Users
307
Wireless Networking
With the rapid growth of wireless networking, users can access data from anywhere in the
world, using a wide range of devices. Wireless networks offer additional benefits by reducing
or eliminating the high cost of laying expensive fiber and cabling and by providing backup
functionality for wired networks. Microsoft® Windows® XP Professional provides extensive
support for wireless networking technology so that businesses can extend the capabilities of
their enterprise networks to wireless devices.
Wireless networking for Windows XP Professional can be categorized by the size of the area
over which data can be transmitted. Wireless Personal Area Networking (WPAN) operates
over a small coverage area (approximately 10 meters). Wireless Local Area Networking
(WLAN) operates to a larger coverage area (approximately 100 meters). This chapter provides
an overview of WPANs and WLANs and describes how you can use the wireless networking
support in Windows XP Professional to exchange data over WPANs and WLANS. It does not
discuss wireless wide area networks (WWANs) or wireless metropolitan area networks
(WMANs).
WPAN
A Wireless Personal Area Network (WPAN) includes data communication technology that
allows devices that are in very close proximity to each other to access resources and exchange
data, without the use of cables. These devices can automatically create an ad hoc network, an
informal network of devices, often by using wireless connectivity. Because of their small size
and limited processing power, WPAN devices lend themselves well to ad hoc networking. In
an ad hoc network scenario, the wireless devices connect to each other directly rather than
through wireless access points, which are used in infrastructure networks. In infrastructure
networks, wireless stations (devices with radio network cards, such as portable computers)
connect to wireless access points rather than directly to each other. These access points function as bridges between the devices and the existing network backbone.
The key WPAN technology supported in Windows XP Professional is Infrared Data Association (IrDA). IrDA is a WPAN technology that allows users with infrared-enabled devices to
transfer files and images and to establish dial-up network connections and LAN access network connections.
308
Part II:
Desktop Management
Infrared Data Association
IrDA specifies a networking protocol that allows computers, printers, mobile phones, personal digital assistants, digital cameras, and other devices to exchange information over short
distances by using infrared light. Infrared light is electromagnetic radiation covering a spectrum of wavelengths between 850 and 900 nanometers. These wavelengths are somewhat
longer than visible light and are invisible to the human eye.
Because of the propagation properties of light, a clear line of sight is required between the
devices communicating by infrared light. The clear line of sight requirement has some advantages (for example, when making a purchase with a mobile device, the required proximity
between the devices ensures that you are communicating with the correct payment device)
and some drawbacks (for example, you cannot connect a phone in your pocket to a portable
computer on a desk), but there are numerous clear advantages to using infrared light for communication:
■
Infrared light offers large bandwidth.
■
The exchange of data by means of infrared light is not regulated by the FCC or any other
governmental agency.
■
Infrared light does not interfere with radio frequency (RF) wireless networks.
■
All infrared radiation is confined to a room, preventing easy eavesdropping.
IrDA is a short-range, half duplex, asynchronous serial transmission technology. Furthermore,
IrDA specifies three distinct modes of transmission for different data transmission rates: Serial
Ir (SIR), Fast Ir (FIR), and Very Fast Ir (VFIR). The SIR specification defines a maximum data
rate of 115.2 kilobits per second (Kbps). FIR specifies a data rate of 4 megabits per second
(Mbps), and VFIR specifies a data rate of 16 Mbps. A number of intermediate speeds are also
available. For more information about the intermediate speeds that are available over infrared,
see the Driver Development Kits link on the Web Resources page at http://
www.microsoft.com/windows/reskits/webresources.
IrDA User Profiles
The IrDA implementation in Windows XP Professional supports the following five user
profiles:
■
File transfer (IrOBEX) enables easy file transfer between IrDA devices.
■
Printing (IrLPT) enables printing directly from IrDA devices to IrDA printers.
■
Image transfer (IrTran-P) enables point-and-shoot, one-step image transfer between
digital cameras and Windows devices.
Chapter 7:
Supporting Mobile Users
309
■
Dial-up networking (IrCOMM) enables dial-up Internet access through IR-enabled cellular phones.
■
LAN access and peer-to-peer networking (IrNET) enables network access through IR
access points or through a direct network connection between two Windows devices.
These supported profiles provide the following advantages:
It is impossible to mismatch connectors and wiring
with IrDA. The speed and configuration parameters are negotiated transparently at connect time and a common set is used for connection. IrDA at 16 Mbps is compatible with
IrDA at 9.6 Kbps. Also, the IrDA connector is completely sealed, inexpensive, and available from multiple vendors.
■
IrDA does not require use of cable.
■
IrDA and WinSock provide a common user-space API. The combination of IrDA and
Windows Sockets (WinSock) presents the application programmer with a powerful yet
simple Win32® user-space API that exposes multiple, fully error-corrected data streams.
Serial and parallel ports are the only other point-to-point technologies that have a commonly available user-space API. IrDA defines rich functionality that does not exist with
serial and parallel cables, and it borrows from the very successful client/server connection and programming model defined by the TCP/IP family of protocols and the WinSock APIs.
■
The open protocols of IrDA support other devices. WinSock exposes the IrDA TinyTP
protocol to the application writer. A device that implements the TinyTP protocol can
easily exchange data with Windows applications.
■
IrDA is uniquely suited for ad hoc point-to-point networking. The core IrDA services are
similar to those exposed by the popular TCP protocol. Applications running on two different computers can easily open multiple reliable connections to send and receive data.
As with TCP, client applications connect to a server application by specifying a device
address (TCP host) and an application address (TCP port). Thus, the combination of
IrDA and WinSock supports easy-to-use, zero configuration, ad hoc point-to-point networking.
For more information about installing, configuring, and using IrDA for wireless networking in
Windows XP Professional, see “Wireless Networking” in Windows XP Professional Help and
Support Center.
310
Part II:
Desktop Management
Additional Resources
These resources contain additional information related to this chapter.
Related Information
■
Chapter 25, “Connecting Remote Offices”
■
Chapter 6, “Managing Files and Folders”
■
Chapter 9, “Managing Devices”
■
“Desktop Configuration Management” in the Distributed Systems Guide of the Microsoft
Windows 2000 Server Resource Kit
■
“Wireless Networking” in Windows XP Professional Help and Support Center.
■
“Securing Mobile Computers” in the Microsoft Windows Security Resource Kit
■
Chapter 20, “Implementing Security for Mobile Computers”
■
Chapter 21, “Wireless Networking”
Chapter 8
Configuring Remote Desktop
Remote Desktop provides access from a remote location to a computer running the
Microsoft® Windows® XP Professional operating system, giving you the flexibility to work on
your Windows XP Professional–based computer from anywhere, at any time. Remote Desktop
in Windows XP Professional is an extension of the Terminal Services functionality formerly
available only in the Microsoft Windows 2000 Server family of operating systems. This chapter will help you to install, configure, and use Remote Desktop software.
In this chapter:
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .311
Deploying Remote Desktop . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .316
Troubleshooting Remote Desktop . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .326
Additional Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .327
Related Information
■
For more information about Remote Assistance, see Appendix C, “Tools for
Troubleshooting.”
Overview
Remote Desktop provides access to the desktop of a computer running Windows XP Professional from a computer at another location. For example, connect to your office computer
from home and use all your applications, files, and network resources just as if you were actually in your office, using your office computer.
Using Remote Desktop, you can run applications on a remote computer running Windows XP
Professional from any other client running a Windows operating system. The applications run
on the Windows XP Professional–based remote computer and only the keyboard input,
mouse input, and display output data are transmitted over the network from the local computer, as shown in Figure 8-1.
311
312
Part II:
Desktop Management
Keyboard and Mouse
RDP TCP/IP
Client
Terminal Server
Keyboard and Mouse
Figure 8-1
How Remote Desktop works
Remote Desktop is based on Terminal Services technology, which is also used for Remote
Assistance. For more information on Remote Assistance, see Appendix C, “Tools for
Troubleshooting.”
Remote Desktop Components
Remote Desktop consists of the following components, which are discussed in detail in this
section:
■
Remote Desktop Protocol
■
Client software
❑
Remote Desktop Connection
❑
Remote Desktop Web Connection
Remote Desktop Protocol
The Remote Desktop Protocol (RDP) is a presentation-layer protocol that allows a Windowsbased terminal (WBT) or other Windows-based client to communicate with a Windows XP
Professional–based computer. RDP works across any TCP/IP connection, including local area
network (LAN), wide area network (WAN), dial-up, Integrated Services Digital Network
(ISDN), digital subscriber line (DSL), or virtual private network (VPN) connections. RDP
delivers to the client computer the display and input capabilities for applications running on
a Windows XP Professional–based computer.
When using Remote Desktop Protocol from a Windows XP Professional–based client or other
RDP 5.1–enabled client, many of the client resources are available within the session, including the client drives, audio sources, serial and parallel ports, and printers. See “Resource Redirection” later in this chapter for details.
In addition, the local and the remote computer share a clipboard, allowing data to be interchanged between applications running on the remote computer and applications running on
the client computer. You can find additional information about the commands for using the
shared clipboard in the “Using Remote Desktop Web Connection” section later in this chapter.
Chapter 8:
Configuring Remote Desktop
313
Client Software
The Windows XP Professional CD includes Remote Desktop Connection client software,
which you can install on computers that are not running Windows XP Professional. You can
connect using various types of client software based on the client computer’s operating system and your organizational needs. Client software is available for a wide variety of hardware
devices, including personal computers and Windows-based terminals.
Remote Desktop Connection The Remote Desktop Connection tool connects your computer (the client computer) to another computer running Windows XP Professional that has
Remote Desktop enabled (the remote computer). These computers can be located anywhere—
across the hall, across town, or across an ocean from each other—provided you have network
access from the client to the remote computer, and the appropriate permissions at the remote
computer. The Remote Desktop Connection tool is installed by default when you install Windows XP Professional or Microsoft Windows XP Home Edition. You can also install this tool
manually on a computer running Microsoft Windows 95, Microsoft Windows 98, Microsoft
Windows Millennium Edition (Windows Me), Microsoft Windows NT, or Microsoft Windows
2000 Professional operating system.
Tip Always download the latest version of Remote Desktop Connection software when
installing on any version of Windows earlier than Windows XP. Go to the Microsoft Download
Center (http://www.microsoft.com/downloads) and search for “Windows XP Remote Desktop
Connection software” to find the latest version. To use Remote Desktop to connect to a remote
Windows XP computer from an Apple Macintosh computer, search the Microsoft Download
Center for “Remote Desktop Connection Client for Mac.”
Remote Desktop Web Connection Remote Desktop Web Connection works like Remote
Desktop Connection except that the features are delivered over the Web using Microsoft
ActiveX® technologies. When embedded in a Web page, the Remote Desktop Web Connection
ActiveX control can establish a Remote Desktop session with a remote computer running
Windows XP Professional even if Remote Desktop Connection is not installed on the client
computer. As described later in this chapter, the Remote Desktop Web Connection ActiveX
control must be installed from a Web server with Internet Information Services (IIS) that has
Active Server Pages (ASP) enabled.
Remote Desktop Web Connection includes the following features:
■
Efficient deployment of Remote Desktop
Deploying a connection can be as easy as
sending a URL.
■
Users who are away from their computers can use Remote
Desktop Web Connection to gain secure access to their primary workstation from any
computer running Windows and Internet Explorer, provided you can reach the target
computer on a network.
Support for roaming users
314
Part II:
Desktop Management
■
A lowest-common-denominator, cross-platform system Remote Desktop Web Connection can meet the needs of organizations that have multiple Windows operating systems
and want identical client software on all their Windows-based computers.
■
Delivery of extranet applications Corporations that want to deploy Remote Desktop
functionality to vendors, suppliers, or customers can use Remote Desktop Web Connection
to distribute this functionality easily, inexpensively, and efficiently over the Internet.
Note
For the latest version of Remote Desktop Web Connection, go to the Microsoft
Download Center (http://www.microsoft.com/downloads) and search for “Remote Desktop
Web Connection.”
Remote Desktop Features
Remote Desktop features include console security, enhanced color support, and resource
redirection.
Console Security
Remote Desktop allows the user to connect to a remote console from a client location. Console
is defined as the keyboard, mouse, and video monitor of the computer running Windows XP
Professional with Remote Desktop enabled. When you enable a Remote Desktop session, the
remote console “locks down” (disables display of the session on the remote computer’s monitor, and disables input via the remote computer’s keyboard and mouse).
Enhanced, Flexible Color Support
Remote Desktop supports as many colors as the client computer will support, up to 24-bit
color. It automatically detects the color depth of the remote and local computer and adapts as
required. Users can modify color settings in the Display Properties sheet.
Resource Redirection
You can use resource redirection features to enhance your Remote Desktop session.
File system redirection Remote Desktop provides client drive redirection, making the local
file system available to the Remote Desktop session. These local drives appear in the remote
computer’s Windows Explorer as driveletter on clientmachinename.
When you enable Remote Desktop, client-drive mapping is enabled by default. To disable it, you
can use Terminal Services Group Policies, found at Computer Configuration\Administrative
Templates\Windows Components\Terminal Services and User Configuration\Administrative
Templates\Windows Components\Terminal Services. To disable it on an individual client
Chapter 8:
Configuring Remote Desktop
315
computer, click the Start menu, point to All Programs, Accessories, Communications, and
then select Remote Desktop Connection. On the Local Resources tab, clear the Disk drives
check box.
Audio redirection Audio redirection enables a client computer to play sounds from any
application that plays .wav files on the Remote Desktop. With this feature, a user running an
audio-enabled application at the remote desktop can hear the audio output from the local
speakers as if the application were running on the client computer.
Audio redirection includes the following features:
■
Audio mixing
When two or more applications play sounds, the resulting stream is an
audio mix.
■
Minimized impact of the audio stream input/output (I/O) on the RDP session If there is a
change in the network bandwidth between the client and remote computers, Remote
Desktop renegotiates the sound-stream quality and uses the best sound quality for the
existing bandwidth. No user action is required.
Printer redirection Remote Desktop provides printer redirection, which routes print jobs
from the Remote Desktop session to a printer attached to the client computer. When the user
logs on to the remote computer, the remote computer detects the client’s local printer and
automatically installs the appropriate printer driver. If the local printer requires a driver that
does not ship with Windows XP Professional, you will need to manually install the driver on
the remote computer. Remote Desktop also redirects network printers on the client computer.
If multiple printers are connected to the client computer, Remote Desktop will send print jobs
to the client printer’s default printer.
The printer redirection feature is enabled by default in Windows XP Professional when you
enable Remote Desktop. To disable it, use Terminal Services Group Policies. Use Remote
Desktop Connection to disable printer redirection on an individual computer. On the Local
Resources tab, clear the Printers check box.
Port redirection Port redirection lets applications running in the session have access to the
serial and parallel ports on the client, allowing them to access and manipulate devices such as
bar-code readers or scanners.
Port redirection is enabled when you enable Remote Desktop. To disable it, use Terminal
Services Group Policies. To disable port redirection on an individual computer, use Remote
Desktop Connection. On the Local Resources tab, clear the Serial ports check box.
316
Part II:
Desktop Management
Deploying Remote Desktop
To deploy Remote Desktop, you must perform the following tasks:
■
Enable Remote Desktop on a remote computer running Windows XP Professional.
■
Enable users to connect to the remote computer running Windows XP Professional.
■
Set up your client computer.
■
Install Remote Desktop Connection software on your client computer.
■
Install Remote Desktop Web Connection (if your Windows-based client is not running
Windows XP Professional).
Enabling Remote Desktop on a Computer Running Windows XP
Professional
When you install Windows XP Professional, Remote Desktop is disabled by default. To enable
Remote Desktop, follow these steps:
1. Log on to your Windows XP Professional–based computer using an Administrator
account.
2. Click Start, right-click My Computer, and then click Properties.
3. In the System Properties sheet, click the Remote tab.
4. Select the Allow users to connect remotely to this computer check box.
Note
You must be logged on as an Administrator (or be a member of an Administrators
group) to enable Remote Desktop.
Adding Users to the Remote Desktop Users Group
It’s not enough to enable remote access on the computer; you also have to specify the users or
groups that can remotely connect to the computer. To add or delete users or groups to the
Remote Desktop Users group, follow these steps:
1. Log on to your Windows XP Professional–based computer as an Administrator.
2. Click Start, right-click My Computer, and then click Properties.
3. Click the Remote tab.
4. Click Select Remote Users.
5. In the Remote Desktop Users dialog box, click Add.
Chapter 8:
Configuring Remote Desktop
317
6. In the Select Users dialog box (shown in Figure 8-2), type the name of the user or group
to add or click Advanced to search for objects.
Figure 8-2
Adding users to the Remote Desktop Users group
7. Click OK.
The names of the selected users appear in the Remote Desktop Users dialog box.
Installing Client Software
To set up your computer as a Remote Desktop client, you need to install Remote Desktop Connection (or Terminal Services Client). A Web-based version of the client software, Remote
Desktop Web Connection, can also be installed on the client computer. Also, your computer
must be able to connect to the remote computer by means of a local area network (LAN), wide
area network (WAN), dial-up, or Internet connection.
Note
Terminal Services clients use TCP port 3389 to communicate with the remote computer.
Table 8-1 lists Windows operating systems and the corresponding client software that is
required for deploying Remote Desktop.
Table 8-1
Client Software Versions for Various Operating Systems
Operating System
Client Software
How to Access
Windows XP
(all versions)
Remote Desktop Connection
(installed by default)
Start/Programs/Accessories/
Communications/Remote Desktop
Connection.
Windows 2000
Professional
Remote Desktop Connection
(installed by the user)
Install from the Windows XP Professional
operating system CD, or obtain the latest
version from the Microsoft Download Center.
Microsoft Windows
2000 Server
Terminal Services Client (installed by default if Terminal
Services is installed)
Start/Programs/Terminal Services Client
Recommended: Install from the Windows
XP Professional operating system CD, or
obtain the latest version from the Microsoft
Download Center.
318
Part II:
Desktop Management
Table 8-1
Client Software Versions for Various Operating Systems
Operating System
Client Software
How to Access
Windows 95,
Windows 98, and
Windows Me
Remote Desktop Connection
(installed by the user)
Install from the Windows XP Professional
operating system CD, or obtain the latest
version from the Microsoft Download Center.
Windows NT 4.0
Remote Desktop Connection
(installed by the user)
Install from the Windows XP Professional
operating system CD, or obtain the latest
version from the Microsoft Download Center.
Installing Remote Desktop Connection
For a client computer that is running Windows 95, Windows 98, Windows Me,
Windows NT 4.0, or Windows 2000 Professional, you need to install Remote Desktop
Connection from your Windows XP Professional operating system CD or obtain the latest
version of Remote Desktop Connection client software from the Microsoft Download Center
(http://www.microsoft/com/downloads).
To install Remote Desktop Connection on computers running earlier versions of
Windows
1. Insert the Windows XP Professional operating system CD into your CD-ROM drive.
2. From the Start page, click Perform Additional Tasks, and then click Set up Remote
Desktop Connection.
3. In the Remote Desktop Connection-InstallShield Wizard, follow instructions until
installation is complete.
Even though you can install Remote Desktop Connection on earlier Windows platforms by
using the procedure just described, the preferred approach is to download the latest version
of Remote Desktop Connection software from the Microsoft Download Center (http://
www.microsoft.com/downloads). Simply go to the site and search for “Windows XP
Remote Desktop Connection software.”
Installing Remote Desktop Web Connection
Remote Desktop Web Connection is a Web application that consists of an ActiveX control,
sample ASP pages, and HTML pages. When Remote Desktop Web Connection is deployed on
a Web server, it allows users to connect to a Windows XP Professional–based computer by
using Internet Explorer, even if Remote Desktop Connection or Terminal Services Client software is not installed on the computer from which the user is connecting.
Remote Desktop Web Connection is an optional World Wide Web service component of
Internet Information Services (IIS), which is included in Windows XP Professional. Remote
Desktop Web Connection must be installed by using Add or Remove Programs. For more
information about installing Remote Desktop Web Connection on a Web server, see “Remote
Desktop” in Windows XP Professional Help and Support Center.
Chapter 8:
Configuring Remote Desktop
319
When you install Remote Desktop Web Connection, the files are copied by default to the
%systemroot%\Web\Tsweb directory of your Web server. You can use the included sample
(Default.htm and Connect.asp) pages or modify them to meet the needs of your application.
Remote Desktop Web Connection requires that the client computer have a TCP/IP connection
to the Internet or a network, and that it run Microsoft Internet Explorer version 4.0 or later.
When a user accesses a Web page on the IIS server that contains the embedded Remote Desktop Web Connection ActiveX Client control, this control is downloaded to the client computer
and is stored in the default location for downloaded controls in Internet Explorer. The default
connection page appears on the client computer, asking the user for server (specifically, the
name or IP address of the remote computer) and user information. The Remote Desktop session opens in the Web page. Depending on the parameters passed and the settings of the
remote computer, the Windows logon screen might appear.
Figure 8-3 illustrates the processes for downloading and using the Remote Desktop Web
Connection client.
Download ActiveX Control
from IIS Server
port 80
IIS server with Remote
Desktop Web Connection
Client computer
port 3389
Windows XP Professional
(remote computer)
Client connects to
the remote desktop
using the downloaded
ActiveX control.
Figure 8-3
Note
Downloading and using Remote Desktop Web Connection client
Although the IIS server must download the ActiveX control to the client computer, the
IIS server does not connect to the Windows XP Professional–based remote computer at any
time when you use Remote Desktop Web Connection. The client computer must connect to
the remote computer over a TCP/IP connection.
320
Part II:
Desktop Management
Establishing a Remote Desktop Session
After installing the appropriate client software on the client computer, you can connect to the
remote computer. The following discussion includes tips for using Remote Desktop components, keyboard shortcuts you can use during a Remote Desktop session, information about
security enhancement by using encryption levels, and configuring of Remote Desktop by
using group policies.
You can establish a session with the Windows XP Professional–based computer that has
Remote Desktop enabled by using one of the following clients:
■
Remote Desktop Connection
■
Remote Desktop Web Connection
To create a new connection by using Remote Desktop Connection
1. Click Start, point to Programs, Accessories, Communications, and then click Remote
Desktop Connection.
2. In the Remote Desktop Connection dialog box, in the Computer box, type the name or
IP address of a computer running Windows XP Professional for which you have Remote
Desktop permissions.
3. Click Connect.
4. In the Log On to Windows dialog box, type your user name, password, and domain (if
required), and then click OK.
In Remote Desktop Connection, you can preconfigure your Remote Desktop sessions:
■
If you want all your Remote Desktop sessions to respond exactly the same each time you
establish a session, click the Options button, preconfigure the desired settings, and
click Save As under Connection Settings, as seen in Figure 8-4. Enter filename and
click Save. Each time you want to open that session, click Open, and then double-click
filename.
■
If your video adapter does not support higher resolutions, you can set the display size of
the Remote Desktop session to fit your display configuration. On the Display tab, move
the Remote desktop size slider. Select the resolution that best fits your needs, and then
click Connect.
■
If you need to print information or check disk status from your Remote Desktop session,
you can have the remote computer automatically connect to your computer’s disk drives
or printers. On the Local Resources tab, in Local devices, click Disk drives or Printers,
and then click Connect.
Figure 8-4 illustrates the client logon interface and Table 8-2 lists the features for the interface.
Chapter 8:
Figure 8-4
Configuring Remote Desktop
321
Remote Desktop Connection interface
Note Configurations on the client logon interface are local policy settings; they can be overridden by Group Policy settings.
Table 8-2
Features Available on the Remote Desktop Connection Logon Interface
Tab
Settings to Configure
Notes
General
Enter or change logon and
connection settings.
Enter remote computer name, network user name,
network password, and network domain.
Selecting Save my password allows you to enter the
password at connection time and store it for future
Remote Desktop sessions.
Saving connection settings allows you to use a
configuration throughout an enterprise.
Display
Change remote desktop size
(resolution) and colors.
Local
Resources
Control sound, keyboard, and Enabling sounds at the client computer enhances the
local devices.
session.
Selectable session resolution and color depth allow
you to adjust for specific needs.
Applying Windows key combinations within the
Remote Desktop session enhances the session.
Allowing the session to control local devices
automatically boosts productivity.
Programs
Start a program and change
an icon.
Setting the session to start a specific program upon
connection can improve efficiency. (This tab is available only for terminal server sessions.)
Experience
Set bitmap caching and
compression.
Allowing certain features in this tab will provide a
richer visual experience at higher bandwidths.
322
Part II:
Desktop Management
Using Remote Desktop Web Connection
To use Remote Desktop Web Connection, you need to ensure that it is installed and running
on the Web server. Your client computer must also have an active network connection and
Internet Explorer version 4.0 or later installed.
To connect to a remote computer by using Remote Desktop Web Connection
1. On your client computer, open Internet Explorer.
2. In the Address box, type the Uniform Resource Locator (URL) for the home directory of
the Web server hosting Remote Desktop Web Connection. The URL is “http://” followed
by the Windows Networking name of your server, followed by the path of the directory
containing the Remote Desktop Web Connection files (default = /Tsweb/. Note the forward slash marks). For example, if your Web site is registered with the DNS server as
“admin1.northwind.com”, in the Address box you type: http://admin1.northwind.com
/tsweb/, and then press ENTER.
3. From the Remote Desktop Web Connection page, in the Server box, type the name of
the remote computer to which you want to connect.
You can specify the screen size and logon information for your connection.
4. Click Connect.
Keyboard Shortcuts in a Remote Desktop Session
You can apply Windows key combinations to your Remote Desktop sessions, or you can use
the following Remote Desktop keyboard shortcuts (shown in Table 8-3) to perform many of
the same functions.
Table 8-3
Keyboard Shortcuts in a Remote Desktop Session
Windows Key
Combinations for
Client Computer
Equivalent Keys for
Remote Desktop
Session
Description
ALT+TAB
ALT+PAGE UP
Switches between programs from left to right.
ALT+SHIFT+TAB
ALT+PAGE DOWN
Switches between programs from right to left.
ALT+ESC
ALT+INSERT
Cycles through the programs in the order they were
started.
CTRL+ESC
Switches the client between a window and full
screen.
ALT+HOME
Displays the Start menu.
ALT+DELETE
Displays the Windows menu.
CTRL+ALT+MINUS
(–) symbol on the
numeric keypad
Places a snapshot of the active window in the
Remote Desktop session on the clipboard.
CTRL+ESC
PRINT SCREEN
Chapter 8:
Table 8-3
Configuring Remote Desktop
323
Keyboard Shortcuts in a Remote Desktop Session
Windows Key
Combinations for
Client Computer
Equivalent Keys for
Remote Desktop
Session
CTRL+ALT+DEL
CTRL+ALT+END
ALT+PRINT SCREEN
CTRL+ALT+PLUS (+) Places a snapshot of the entire Remote Desktop
symbol on the
session window on the clipboard.
numeric keypad
Description
Displays the Task Manager or Windows Security
dialog box. (Only use CTRL+ALT+END to issue this
command. CTRL+ALT+DEL is always interpreted by
the client computer.)
Security and Encryption in Remote Desktop
You can enhance the security of a Remote Desktop session by using any or all of these methods:
■
Setting encryption levels to secure data communications between client and remote
computer host
■
Enabling password authentication of users at logon time
■
Disabling clipboard sharing for Web-based clients
■
Disabling printer redirection for Web-based clients
■
Disabling file redirection for Web-based clients
These five security-enhancing methods, discussed in the following sections, use Group Policy
settings. For more information about using Group Policy with Remote Desktop, see “Using
Group Policy with Remote Desktop” later in this chapter.
Setting Encryption Levels
Data encryption can protect your data by encrypting it on the communications link between
the client and the Windows XP Professional–based computer. Encryption protects against the
risk of unauthorized interception of transmitted data. By default, Remote Desktop sessions
are encrypted at the highest level of security available (128-bit). However, some older versions
of Terminal Services client software do not support this high level of encryption. If your network contains such “legacy” clients, you can set the encryption level of the connection to send
and receive data at the highest encryption level supported by the client.
There are two levels of encryption available:
■
High This level encrypts data sent from the client to the remote computer and from the
remote computer to the client by using strong 128-bit encryption. Use this level only if
you are sure that your client computer supports 128-bit encryption (for example, if it is
running Windows XP Professional). Clients that do not support this level of encryption
will not be able to connect.
324
Part II:
■
Desktop Management
Client Compatible This level encrypts data sent between the client and the remote computer at the maximum key strength supported by the client. Use this level if your client
computer does not support 128-bit encryption.
You can set the encryption level of the connection between the client and the remote computer by enabling the Set client connection encryption level Terminal Services Group Policy
setting.
Enabling Password Authentication at Logon Time
To enhance security of a Remote Desktop session over the Internet, you might want to prevent
automatic password passing. To do this, you can enable the Always prompt client for password
Terminal Services Group Policy setting. When this setting is enabled, you must supply your
password in the Windows Logon dialog box whenever you start a Remote Desktop session.
Disabling Clipboard Redirection
For enhanced security, you might choose to disable Remote Desktop clipboard redirection for
clients that connect via the Remote Desktop Web Connection client. You can disable clipboard
redirection by using the Do not allow clipboard redirection Terminal Services Group Policy.
Disabling Printer Redirection
For enhanced security, you might choose to disable the printer redirection feature for clients
that connect via the Remote Desktop Web Connection client. You can disable printer redirection by using the Do not allow printer redirection Terminal Services Group Policy.
Disabling File Redirection
For enhanced security, you might choose to disable the file redirection feature for clients that
connect via the Remote Desktop Web Connection client. You can disable file redirection using
the Do not allow drive redirection Terminal Services Group Policy.
Using Group Policy with Remote Desktop
In Windows XP Professional, you can use Group Policy to configure Remote Desktop Connection settings, set user policy, and manage Remote Desktop sessions. You can enable Group
Policy for users of a computer, for individual computers, or for groups of computers belonging
to an organizational unit of a domain. To set policy for users of a particular computer, you
must be an Administrator for that computer or have equivalent rights. To set policies for an
organizational unit in a domain, you must be an Administrator for that domain or have equivalent rights.
Chapter 8:
Configuring Remote Desktop
325
Enabling Group Policy on an Individual Computer
To set Terminal Services policies settings for a particular computer or for users of that computer, open the Group Policy snap-in to edit the Local Group Policy Object (LGPO).
The Terminal Services group policies are not configured by default. You can configure each
Group Policy to be either disabled or enabled.
To access Terminal Services Group Policy
1. From the Start menu, click Run, type mmc, and then click OK.
2. On the File menu, click Add/Remove Snap-in.
3. In the Add/Remove Snap-in dialog box, click Add.
4. In the Add Standalone Snap-in dialog box, click Group Policy, click Add, and then
click Finish.
5. In the Add Standalone Snap-in dialog box, click Close.
6. In the Add/Remove Snap-in dialog box, click OK.
7. In the console pane, double-click Computer Configuration, click Administrative Templates, click Windows Components, and then click Terminal Services.
Terminal Services Group Policies are organized individually and in folders. Table 8-4 lists
some of the Terminal Services Group Policy folders, policies, and functions that affect Remote
Desktop.
Table 8-4
Group Policy Settings That Affect Remote Desktop
Folder
Group Policy
Function
Terminal
Services
Allow users to connect
remotely using Terminal
Services
Enables Remote Desktop on computers targeted by
this policy.
Automatic reconnection
Allows Remote Desktop Connection clients to automatically reconnect if the network link is temporarily
lost.
Limit maximum color
depth
Sets a limit on the color depth of any connection to a
terminal server or Remote Desktop.
Client/Server
Allow audio redirection
Data Redirection
Allows users to play the remote computer audio at
the local computer during a Remote Desktop session.
Do not allow clipboard
redirection
Disables sharing of clipboard contents.
Do not allow drive redirection
Disables mapping of client drives in Remote Desktop
sessions.
Do not allow COM port
redirection
Disables redirection of data from the remote
computer to client COM ports during the Remote
Desktop session.
326
Part II:
Desktop Management
Table 8-4
Group Policy Settings That Affect Remote Desktop
Folder
Group Policy
Function
Do not allow client printer Disables mapping of client printers in Remote
redirection
Desktop sessions.
Encryption and
Security
Client
Do not allow LPT port
redirection
Disables redirection of data from the remote
computer to client LPT ports during the Remote
Desktop session.
Do not set default client
printer to be default
printer in a session
Directs Terminal Services to automatically not specify
the client printer as the default printer in the Remote
Desktop session.
Always prompt client for
password upon
connection
Directs Terminal Services to always prompt users for
passwords at logon.
Set client connection
encryption level
Directs Terminal Services to enforce the specified
encryption level for all data sent between the client
and the remote computer during Terminal Services
connections.
Do not allow passwords
to be saved
Controls whether passwords can be saved on this
computer from Terminal Services clients. This setting
is available only for Window XP Service Pack 2.
Troubleshooting Remote Desktop
This section contains troubleshooting information for Windows XP Professional Remote
Desktop.
Server Name Not Found Error Message
If the remote computer cannot be found, the following message appears:
“The specified remote computer could not be found. Verify that you have typed the correct computer
name or IP address, and then try connecting again.”
The problem might be in the computer name or IP address that you are using to connect. To
solve this problem, verify that you have the correct computer name for the remote computer
and that you have typed it in correctly. The correct computer name can be obtained from your
administrator. If you have the correct computer name and are still unable to connect, try to
connect using the actual IP address of the computer. This information can be obtained from
your administrator.
A Specified Program Will Not Open
If you are having problems opening a specified program on the host computer (on the Programs tab of the Remote Desktop Connection), you might be connecting to a computer running Windows XP Professional. Specified programs will open only when connecting to a
Chapter 8:
Configuring Remote Desktop
327
terminal server, not when starting a Remote Desktop session. Remote Desktop provides
access to the actual console session of the remote computer. You cannot specify programs that
open in a Remote Desktop session.
Cannot Log On to the Remote Computer
If you do not have the correct permissions to access a remote computer running Windows XP
Professional, the following message appears:
“The local policy of this system does not permit you to log on interactively.”
You must add yourself to the Remote Desktop Users group (or to a group with administrative
rights) so that you can use Remote Desktop.
Session Ends with a Data-Encryption Error Message
If a data encryption error prevents your client computer from communicating properly with
the remote computer, the following message appears:
“Because of error in data encryption, this session will end. Please try connecting to the remote computer again.”
Try again to connect to the remote computer.
Additional Resources
These resources contain additional information and tools related to this chapter.
Related Information
■
The Remote Desktop Protocol (RDP) Features and Performance link on the Web
Resources page at http://www.microsoft.com/windows/reskits/webresources
■
“Remote Desktop” in Windows XP Professional Help and Support Center
Chapter 9
Managing Devices
The Microsoft® Windows® XP Professional operating system provides features that simplify
installing, configuring, and managing computer hardware. Plug and Play is a feature that automatically configures devices, loads device drivers, and works with other Plug and Play devices
to allocate resources, all without user intervention. Windows XP Professional supports
devices that use the USB and IEEE 1394 buses, as well as devices that connect over other buses.
Understanding hardware management features and support in Windows XP Professional helps
you install, configure, and troubleshoot hardware devices.
In this chapter:
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .330
Device Manager. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .332
Plug and Play Device Detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .336
Device Drivers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .341
Supported Hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .347
Device Installation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .368
Configuring Device Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .371
Power Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .382
Hardware Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .385
Additional Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .394
Related Information
■
For information about Universal Plug and Play, see Chapter 25, “Connecting
Remote Offices.”
■
For more information about using printers, see Chapter 11, “Enabling Printing and
Faxing.”
■
For more information about power management on portable computers, see Chapter 7,
“Supporting Mobile Users.”
■
For more information about troubleshooting hardware problems that prevent your
system from starting, see Chapter 29, “Troubleshooting the Startup Process.”
329
330
Part II:
Desktop Management
Overview
Plug and Play in Windows XP Professional allows a user to simply connect a hardware device
and leave the job of configuring and starting the hardware to the operating system. However,
computer hardware, device drivers, and the system BIOS must all be designed properly in
order to install new devices without user intervention. For example, although Windows XP
Professional provides Plug and Play functionality, if no Plug and Play–capable driver is available
for a given device, the operating system cannot automatically configure and start the device.
When a hardware device is connected, as when a user plugs a USB camera into a USB port,
Plug and Play Manager goes through the following steps to successfully install the device:
■
After receiving an insertion notification, Plug and Play Manager checks what hardware
resources the device needs (such as interrupts, memory ranges, I/O ranges, and DMA
channels) and where to assign those resources.
■
Plug and Play Manager checks the hardware identification number of the device. It then
checks the hard drive, floppy drives, CD-ROM drive, and Windows Update for a driver
that matches the hardware identification number of the device.
■
If multiple drivers are found, Plug and Play Manager chooses the optimal driver by looking for the closest hardware ID or compatible ID match, driver signatures, and other
driver features, and then installs the driver and starts the device.
Device drivers included with or installed under Windows XP Professional must meet the standards of the Designed for Windows XP Logo Program (http://www.microsoft.com/winlogo).
Device drivers that have passed the Windows Hardware Quality Lab (WHQL) compatibility
tests (http://www.microsoft.com/whdc/whql) are digitally signed, and Windows XP Professional detects the digital signature. For system stability, it is recommended that you use only
signed device drivers with Windows XP Professional. A message notifies the user if an
unsigned driver is being installed.
When multiple drivers are available for a given device, Windows XP Professional uses driverranking schemes to determine the optimal driver to load. Driver rank is established based on
whether the driver is signed and how closely the driver’s Plug and Play ID matches the
device’s Plug and Play ID.
For more information about Driver Signing, see “Windows Update” and “Driver Signing” later
in this chapter. For more information about driver-ranking schemes, see “Driver Ranking”
later in this chapter.
The extent of Plug and Play support depends on both the hardware device and the device
driver. For example, an older device that is not Plug and Play—such as a manually configured
Industry Standard Architecture (ISA) sound card or an Extended Industry Standard Architecture (EISA) network adapter—can gain functionality from a Plug and Play driver.
Chapter 9:
Managing Devices
331
If a driver does not support Plug and Play, its devices behave as non–Plug and Play devices.
This might result in the loss of some operating system functionality. For example, power management features such as hibernation might not work.
Note For monitors, Windows XP Professional supports Plug and Play installation only when
the monitor, display adapter, and display driver are Plug and Play; otherwise, the monitor is
detected as “Default Monitor.”
If you connect the monitor by using a switch box, Plug and Play attributes of the monitor
might be lost.
In Windows XP Professional, Plug and Play support is optimized for computers that include
an Advanced Configuration and Power Interface (ACPI) BIOS. The ACPI BIOS is responsible
for tasks such as describing hardware that is not visible to Plug and Play because the hardware
is connected to a bus that does not support Plug and Play. For example, the ACPI BIOS
describes and helps in configuring devices such as system timers and programmable interrupt controllers on the motherboard, which is not on a bus that supports Plug and Play.
For all Plug and Play features to work on a given system, the system must include an ACPI
BIOS and hardware devices and drivers that are Plug and Play compliant. An Advanced Power
Management (APM) BIOS or a Plug and Play BIOS does not enable all Plug and Play features
and is not as robust as ACPI.
When you troubleshoot or manually change resource settings, it is helpful to know whether
Plug and Play functionality is provided by the operating system or by the BIOS. If Plug and
Play is handled by the BIOS and you manually change resources that are allocated to hardware
devices (such as interrupts or memory ranges), these changes become fixed and the operating
system cannot reallocate those resources. When any hardware resource is fixed, Windows XP
Professional loses some of its ability to optimally allocate resources among all devices in the
system. When Windows XP Professional cannot optimally allocate all resources, the likelihood is increased that one or more devices might not function properly as a result of resource
allocation problems.
For more information about ACPI, see the ACPI link on the Web Resources page at http://
www.microsoft.com/windows/reskits/webresources and “Power Management” later in this
chapter.
On x86-based computers, the way that the system BIOS code interacts with Plug and Play
devices depends on whether the system BIOS or the operating system configures hardware. If
your computer has this option, the setting for the Enable Plug and Play operating system
switch can affect this interaction.
332
Part II:
Desktop Management
For more information about setting Plug and Play BIOS settings, see “Setting Plug and Play
BIOS Settings” later in this chapter.
Some Plug and Play devices can be installed or removed while the system is running. For
example, USB, IEEE 1394, and PC Card devices can be added to and removed from a fully
powered system. When such hardware is added or removed, the operating system automatically detects insertion or removal of the device and manages system and/or hardware configuration as required. If the device is not designed to be removed while the system is running,
it is recommended that you notify the operating system in advance to avoid problems. The
Safely Remove Hardware application notifies the operating system that a device will be removed.
Table 9-1 shows the different types of Plug and Play devices and whether they can be removed
while the system is turned on.
Table 9-1
Plug and Play Device Connections and Installation Guidelines
System must be turned off
before device is added/
removed from system
Devices on these buses
or connectors
Can be added to or removed from a
running system
USB, IEEE 1394,
PC Card devices,
CardBus devices
Yes. Remove hardware by using the
No
Safely Remove Hardware application if it
appears in the notification area.
PCI, ISA, EISA
No
Docking station
Varies among computer manufacturers;
most support docking and undocking
while the computer is running.
Yes
For more information about the Safely Remove Hardware application, see “Safe Removal of
Plug and Play Devices” later in this chapter. For information about the Hot Undocking feature
for portable computers, see Chapter 7, “Supporting Mobile Users.”
Device Manager
Device Manager displays all devices installed in the system as shown in Figure 9-1. The
devices shown in Device Manager represent the computer’s hardware configuration information. The Device Manager display is re-created each time the computer is started, or whenever
a dynamic change to the computer configuration occurs, such as addition of a new device
while the system is running. You can use Device Manager to enable or disable devices, troubleshoot devices, update drivers, use driver rollback, and change resources such as interrupt
requests (IRQs) assigned to devices.
You can open Device Manager as follows:
■
On the Start menu, right-click My Computer, select Manage, and then select Device
Manager under System Tools.
Chapter 9:
Managing Devices
333
– or –
■
In Control Panel, click Performance and Maintenance, and then click System. On the
Hardware tab, click Device Manager.
To view the property sheet for a device in Device Manager, double-click the device type.
Right-click the individual device, and select Properties. The following types of information are
shown for the device type:
■
Driver name, vendor, date, version, and digital signature information
■
System resources allocated to the device, such as interrupt request (IRQ) lines, memory
ranges, and I/O address ranges
■
Options to update the driver, roll back the driver, and uninstall the driver
■
Other options specific to the type of device being considered
Figure 9-1 shows a Device Manager listing of system devices.
Figure 9-1
System devices in Device Manager
From the View menu in Device Manager, you can select one of four views of system devices.
Devices by type This is the default device tree view for Device Manager. Device types include
hardware such as disk drives, keyboards, Human Interface Devices (HIDs), or system devices.
Double-clicking on a device type displays a list of the devices of that type on the system.
Devices by connection This view shows how devices are connected to each other. This might
be useful, for example, when you connect devices to a USB hub, and then connect other
devices to the devices on the hub. You can see where each device fits into the chain of connection.
334
Part II:
Desktop Management
Resources by type This view shows the four default resource types (and any others that are
configured on your system). The four default system resource types are direct memory access
(DMA), input/output (IO), interrupt request (IRQ), and reserved memory. Double-clicking
on a resource type displays a list of the devices that are using a resource of that type.
Resources by connection This view shows the four default resource types (and any others
that are configured on your system). Double-clicking on the system resource type shows the
device types that are using a resource of that type, and how they are connected. This view
might be particularly useful when you need to see whether a child device requires more memory resources than are available to a parent device.
Specific icons in Device Manager indicate device types and indicate any device problems, such
as resource conflicts, or whether a device is disabled. The icons that denote device problems
or disabled status are:
■
A yellow exclamation point, which means that the device has a problem.
■
A red “X,” which means that the device is disabled.
■
A blue “i” for “information,” which means that the device has forced resource configurations. This icon is seen only in the two resource views.
Error codes that describe the type of problem a device might be experiencing are also displayed on the Properties pages of the device. For a list of these error codes, see Microsoft
Knowledge Base article 310123 “Explanation of error codes generated by Device Manager”
found at http://support.microsoft.com/kb/310123.
To update the driver for the device, disable or uninstall the device, scan for hardware changes,
or view the device properties, right-click the device and then make your selection on a menu.
Administrators can use Group Policy settings to prevent user access to Device Manager. For
more information about Group Policy, see Chapter 5, “Managing Desktops.”
More Info
For information about using Device Manager to configure devices, see “Configuring Device Settings” later in this chapter.
Viewing Hidden Devices
Two types of devices are hidden by default in Device Manager. Non–Plug and Play drivers,
printers, and other classes of devices that are not typically useful in configuring or troubleshooting hardware issues are hidden. Also hidden are devices that were previously attached
but are not connected to the computer at the present time, also known as nonpresent devices.
Typically you will not need to view hidden devices unless you need to configure or troubleshoot hardware. Each category of hidden device requires a different procedure for Device
Manager to display the devices in that category.
Chapter 9:
Managing Devices
335
To view currently attached non–Plug and Play drivers, printers, and other devices
■
In Device Manager, on the View menu, select Show hidden devices.
The following procedure shows nonpresent devices for this instance of Device Manager only.
To view a list of previously attached (nonpresent) devices
1. At the command prompt, type:
Devmgmt.msc set DEVMGR_SHOW_NONPRESENT_DEVICES=1
2. In Device Manager, on the View menu, select Show hidden devices.
The following procedure sets the option in Device Manager to show nonpresent devices whenever Device Manager is run.
To set Device Manager to always show previously attached (nonpresent) devices
To view the list of nonpresent devices with Device Manager, you must select Show hidden
devices in Device Manager, as described earlier.
1. In Control Panel, click Performance and Maintenance, and then click System.
2. Click the Advanced tab.
3. Click Environment Variables.
The Environment Variables dialog box contains two sections, User variables and
System variables. The changes made by adding a variable in the User variables section
apply only to a specific user. If another user logs on to this computer, this variable will
not be set for him. If you want this variable to apply to all users that log on to this computer, add it to System variables instead.
4. In the User variables or System variables dialog box, click New.
5. In the New User Variable or New System Variable dialog box, in Variable Name, type
the following (including the underscores):
DEVMGR_SHOW_NONPRESENT_DEVICES
6. In Variable Value, type 1.
7. Click OK, and then in the Environment Variables dialog box, click OK to apply this
change.
For more information about environment variables, see Chapter 29, “Troubleshooting the
Startup Process.” For more information about using Device Manager, see Windows XP Professional Help and Support Center.
336
Part II:
Desktop Management
Plug and Play Device Detection
Plug and Play in Windows XP Professional provides the following services:
■
Detects a Plug and Play device, and determines its hardware resource requirements and
device identification number
■
Allocates hardware resources
■
Dynamically loads, initializes, and unloads drivers
■
Notifies other drivers and applications when a new device is available
■
Works with power management to install and remove devices
■
Supports a range of device types
After Windows XP Professional detects a Plug and Play device, the device driver is configured
and loaded dynamically, typically without requiring user input. Some buses, such as Peripheral Component Interconnect (PCI) and USB, take full advantage of Plug and Play. Older
buses, such as ISA, do not take full advantage of Plug and Play and require more user interaction to ensure devices are correctly installed.
Plug and Play Detection on ACPI Systems
ACPI is a hardware and software interface specification that combines and enhances the Plug
and Play and Advanced Power Management (APM) standards. ACPI also shifts many power
management tasks to the operating system.
When a new device is plugged in, the following steps occur:
1. The function driver for the bus detects a new device on the bus.
2. The bus driver notifies Windows Plug and Play that its set of devices has changed.
3. Windows Plug and Play queries the driver for the current list of devices on the bus.
4. When Windows Plug and Play obtains the current list of devices, it determines whether
any devices have been added or removed.
5. Windows Plug and Play gathers information about the new device and begins configuring it.
6. Windows Plug and Play checks the registry to determine whether the device has been
installed on this computer before and if not, it stores information about the device in the
registry.
7. Windows Plug and Play attempts to find and load the function and filter drivers for the
device if any exist.
Chapter 9:
Managing Devices
337
8. Windows Plug and Play assigns resources to the device if needed and issues an I/O
request packet (IRP) to start the device.
For more information about device detection, see the Driver Development Kits link on the
Web Resources page at http://www.microsoft.com/windows/reskits/webresources.
Plug and Play Detection on Non-ACPI x86-Based Systems
On non-ACPI x86-based computers, the system BIOS configures Plug and Play and performs
the following steps:
1. Isolates any Plug and Play ISA devices for configuration.
2. Builds a map of the resources allocated to non–Plug and Play devices.
3. Maintains a list of previous resource configurations in nonvolatile storage or memory.
4. Selects and enables input and output devices required during the startup process.
5. Initializes the device ROM if the device is a boot device.
6. Allocates conflict-free resources to devices that have not yet been configured.
7. Activates appropriate devices.
8. Initializes any option ROMs that are detected.
9. Starts the bootstrap loader.
Allocating System Resources
Each installed device must be allocated a set of operating system resources to operate properly. Some of these resources can be shared, while others cannot, depending on the capabilities of the hardware and drivers. System resources allow hardware components to gain access
to CPU and memory resources without conflicting with each other.
System resources include:
■
Interrupt request (IRQ) lines
■
Direct memory access (DMA)
■
Input/output (I/O) port addresses
■
Memory resources
Windows Plug and Play determines the system resources required by each device and assigns
them appropriately. Windows Plug and Play can reconfigure resource assignments as necessary, such as when a new device is added that requires resources that are already in use. It can
also detect ISA devices and configure non–Plug and Play hardware.
338
Part II:
Desktop Management
Interrupt Request Lines
IRQ lines are used by hardware devices to communicate with the CPU. The traditional architecture for x86-based computers uses 16 IRQs (numbered from 0 to 15), some of which are
reserved for devices such as the system clock, keyboard, and math co-processor. As new
expansion cards are added to the computer, the remaining free IRQs are allocated to these
new devices as needed. However, not all devices require IRQs to operate. Certain ISA and PCI
multimedia peripherals, for example, do not require use of IRQs. Also, traditional secondary
bus types (such as SCSI) and more recent types (such as USB and IEEE 1394) require only a
single IRQ regardless of the number of devices connected to the host adapter.
ISA devices that use IRQs require sole access to interrupt lines to function properly, so one
interrupt cannot be shared by multiple ISA devices. Because of this restriction, any system
that includes ISA devices has a higher likelihood of running out of IRQs. And, once all IRQs
are allocated, if a new device is added, it cannot start because no IRQ is available for it to operate. One of the major benefits of PCI over ISA is that PCI allows x86-based systems to share
IRQs. Although some problems with IRQ sharing exist, most are related to high-bandwidth
devices. Windows XP Professional manages IRQs using a first in, first out (FIFO) stack. The
more devices that share a single IRQ, the longer it takes to traverse this stack, which can have
a systemwide performance impact. Performance problems might be reduced if high-bandwidth devices such as high-speed network adapters and high-end Small Computer Systems
Interface (SCSI) controllers, for example, use different IRQs. More flexible interrupt handling
models are available on newer x86-based ACPI systems that support the Advanced Programmable Interrupt Controller standard. Systems that incorporate the Advanced Programmable
Interrupt Controller have access to more interrupts, which avoids the need to share interrupts.
Most x86-based systems do not support manual configuration of IRQ settings. However, a few
do offer this capability as a troubleshooting feature. If you are experiencing problems with system lockups or stability, you have two alternatives:
1. If your system firmware supports manual configuration of IRQ settings, as a troubleshooting method, try manually assigning IRQs to specific PCI slots by using the configuration options in the BIOS. If you need to manually assign IRQ addresses for an ACPIcompliant computer and the BIOS option to disable ACPI is available, disable ACPI
before installing Windows XP Professional. However, remember that it is best not to
change the BIOS default or automatic settings unless you have a specific reason to do so.
2. If your system does not support manual configuration of IRQ settings, try moving highperformance peripherals to another slot.
For more information about PCI devices and IRQ sharing, see article 314068, “General
Description of IRQ Sharing in Windows XP,” in the Microsoft Knowledge Base. To find this
article, see the Microsoft Knowledge Base link on the Web Resources page at http://
www.microsoft.com/windows/reskits/webresources.
Chapter 9:
Managing Devices
339
Caution Changing default settings such as IRQs can cause conflicts that might make one or
more devices unavailable on the system.
IRQ assignments can be reviewed using Device Manager. For more information about Device
Manager, see “Device Manager” earlier in this chapter.
Direct Memory Access Channels
Direct memory access (DMA) channels allow devices to write and read directly to and from
physical memory without placing a load on the CPU. This enhances system performance for
devices such as network cards, because the CPU does not need to move blocks of data from
memory to a device and back again. For x86-based systems, there are eight DMA channels,
with several reserved for certain devices such as the DMA controller and floppy disk drive.
Typically, x86-based systems have five or six available DMA channels.
I/O Port Address and Reserved Memory
Data passed between the CPU or RAM and a device must be moved through a dedicated block
of memory. I/O port address ranges and memory address ranges denote a reserved area of
memory that is dedicated to a specific device. Typically, these memory ranges are determined
by the operating system. Manual changes are necessary only in specific cases (when using
non–Plug and Play ISA hardware, for example).
Safe Removal of Plug and Play Devices
Some buses allow devices to be hot-plugged—added or removed while a system is running.
Examples of such buses include USB, IEEE 1394, PC Card, and CardBus. For devices on
other buses, such as ISA and PCI, the computer must be turned off before devices are added
or removed.
Note
While primarily intended for servers, Windows XP also supports the Hot-Plug PCI
specification through ACPI. This specification allows users to install and remove PCI devices
while the computer is running for compliant PCI devices and controllers. For more information,
see http://www.microsoft.com/whdc/system/pnppwr/hotadd/hotplugpci.mspx.
When removing a device from a bus that supports hot plugging, if the Safely Remove Hardware icon appears in the notification area, use the Safely Remove Hardware application as
explained later to ensure a safe removal of hardware from the system. The Safely Remove
Hardware application informs Windows that the user intends to remove a device. This gives
Windows an opportunity to prepare for the removal by taking steps such as halting data transfers to the device and unloading device drivers.
340
Part II:
Desktop Management
When hardware is removed from a running system without using the Safely Remove Hardware application, it is often referred to as surprise removal because the operating system is not
notified in advance of the removal. Surprise removal is particularly a concern for storage
devices for which write caching is enabled, because when such devices are surprise removed,
data loss or corruption might occur. To reduce the likelihood of data loss or corruption as a
result of surprise removal of consumer-oriented storage devices, Windows XP Professional
disables write caching by default for these devices (such as cameras that include IEEE 1394 or
USB storage, small form factor storage devices such as compact flash, and so on). While write
caching policy addresses this particular issue, it is recommended that users continue to use
the Safely Remove Hardware application when it appears in the notification area. Also, disabling write caching might slow the performance of consumer-oriented storage devices.
Write caching is enabled by default for high-performance external storage devices such as
IEEE 1394 hard drives and SCSI hard drives, in addition to being enabled for storage devices
inside the computer that cannot be surprise removed.
Caching policy defaults can be changed in Device Manager for high-performance external
storage devices. In Device Manager, on the property sheet for the removable storage device,
click the Policies tab to view the default write caching settings for the device. If the Policies tab
does not display, this option is not provided for the device. If the write caching settings are
enabled, you can change the settings based on your performance and safe removal needs as
follows:
■
Click Optimize for quick removal to disable write caching on the storage device and in
Windows. This allows you to remove the device without using the Safely Remove Hardware application, but it can have an impact on the performance of the device.
■
Click Optimize for performance to enable write caching in Windows, which can
improve the performance of the storage device. However, you must use the Safely
Remove Hardware application to disconnect the device from the computer.
If these write caching options are not available, your storage device is not removable without
turning off the computer and a different option displays in the dialog box. This option allows
you to disable write caching for your storage device, which can affect the performance of
the device.
Users should also inform the operating system before removing a portable computer from a
docking station. For more information about docking and undocking procedures, see
Chapter 7, “Supporting Mobile Users.”
Safely Remove Hardware Application
Before you remove a device from a bus that supports hot plugging, check to see whether the
Safely Remove Hardware icon appears in the notification area. If it does, it is recommended
that you use the Safely Remove Hardware application to notify the operating system that the
device is about to be unplugged.
Chapter 9:
Managing Devices
341
To notify the operating system about removing a Plug and Play device
1. Click the Safely Remove Hardware icon in the notification area. The icon displays a
notification bubble with a list of devices currently attached to the system.
2. Click the device you want to remove. The device is stopped and can then be unplugged.
Device Drivers
Windows XP Professional includes many features that help ensure that the device drivers
installed on your computer are reliable and up to date. Drivers are signed by Microsoft after
they pass a series of tests for reliability. Windows XP Professional checks for a digital signature
whenever a driver is installed and issues a message if the driver is not signed. In addition, drivers that are known to cause problems in Windows are blocked from loading or installing,
because Windows XP Professional checks a database of known problem drivers when the
computer is started or when a device driver is loaded. If the driver is located in the database
of known problem drivers, it cannot be installed or used on your computer. Another feature is
Windows Update, a Web site where updated versions of signed drivers are available for download. These and other Windows XP Professional features for device drivers contribute to a stable computing environment and are discussed here in more detail. Device Manager provides
details about device drivers on the device’s Properties page. Click the Driver tab and select
Driver Details to list all the drivers the device is using. Driver details displayed include
whether the driver is signed, its version, and whether it has been blocked from loading. For
more information about Device Manager, see “Device Manager” earlier in this chapter.
Driver Signing
Microsoft uses a multistage process to test device drivers. Drivers are subjected to compatibility tests administered by the Windows Hardware Quality Lab (WHQL), and drivers that successfully complete the process are digitally signed. Because of this testing, signed drivers are
typically more robust and reliable. Once a driver is digitally signed, Windows XP Professional
recognizes it when it is loaded. Windows XP Professional notifies the user if a driver is not
signed or if a driver file has been changed since its inclusion in the Windows Catalog, which
contains an up-to-date list of hardware that is supported for Windows XP by Microsoft.
Tip
The Windows Catalog at http://www.microsoft.com/windows/catalog replaces the
older Hardware Compatibility List (HCL), but you can still access text-only versions of the HCL
for different Windows versions from Windows Hardware and Driver Central at http://
winqual.microsoft.com/download.
The digital signature is associated with individual driver versions, and it certifies to users that
the driver provided with the device is identical to the driver that was tested.
342
Part II:
Desktop Management
The following three driver-signing policy settings in the operating system enforce signature
verification and determine what the operating system does with an unsigned driver:
■
Warn Checks the signature on the driver before installation, and displays a warning if
the signature verification fails. The driver can still be installed, although installation is
not recommended.
■
Block Checks the signature on the driver before installation, and blocks installation of
the driver if the signature verification fails.
■
Ignore Silently checks the signature on the driver, logs any unsigned driver files to a
log file, and allows the installation of the driver.
Note The computer displays the Warn dialog box if you try to replace a signed driver with
an unsigned driver, even if the policy is set to Ignore.
“Warn” is the default setting. You can change the driver-signing policy for a user without
administrator permissions, but you must have administrator permissions to change the
driver-signing policy setting for a computer. Group Policy settings can be used to change the
driver-signing policy from the defaults. For more information about using Group Policy, see
Chapter 5, “Managing Desktops.”
To set signature verification options
1. In Control Panel, open Performance and Maintenance, and then open System.
2. Click the Hardware tab, and then click Driver Signing.
3. Under What action do you want Windows to take?, click the option for the level of
signature verification that you want to set.
For more information about file signature verification and signature checking, see Appendix C,
“Tools for Troubleshooting.”
Note
If you are logged on as a member of the Administrators group, you can apply the
selected driver-signing setting as the default for all users who log on to a computer by clicking
Make this action the system default.
Windows Update
Windows Update is an online extension of Microsoft® Windows® and provides a central location for product enhancements, such as Service Packs, device drivers, and system security
updates. Windows XP Professional users can install or update drivers from the Windows
Update Web site. When a user accesses the Windows Update Web site, Windows Update
Chapter 9:
Managing Devices
343
compares the drivers installed on the user’s system with the latest updates available. If newer
drivers are found, Windows Update offers the list of applicable drivers to the user. The user
can then choose whether to download and install the newer drivers.
Because installing drivers not included on the Windows XP Professional installation CD-ROM
requires administrative rights, you must be logged on as an administrator to update a driver
from Windows Update. In addition, administrators can use Group Policy to restrict users’
access to Windows Update. For more information about restricting access to or configuring
Windows Update, see Appendix C, “Tools for Troubleshooting.”
Drivers are included on Windows Update only if they are digitally signed, have passed the
testing requirements for the Designed for Windows XP Logo Program, and the vendor has
given Microsoft redistribution rights for those drivers. This ensures that the drivers offered to
users from Windows Update are of high quality and reliable.
Using Automatic Updates, an administrator can configure a computer to notify a user about
new updates, so the user can then download and install them, if desired, when they become
available. This feature takes advantage of Windows Update to check the availability of critical
updates that apply to your computer. Drivers are offered through Automatic Updates only if
the driver is marked critical and no other driver is installed for a device.
You can access Windows Update by using any of the following methods:
■
Open Internet Explorer, and on the Tools menu, select Windows Update.
■
Open Help and Support Center and select Windows Update.
■
Open Programs and select Windows Update.
■
Use Update Driver in Device Manager.
■
Run the Add Printer Wizard for printer drivers.
Devices have a hardware ID that uniquely identifies the device. The Plug and Play IDs of
devices include hardware IDs and compatible IDs. The list of hardware IDs and compatible
IDs supported by an individual driver is listed in its .inf file. If the hardware ID of the device
exactly matches one of the hardware IDs supported by the driver, there is a hardware match. If
some other match occurs (for example, device hardware ID to driver compatible ID), there is
a compatible match. Drivers that have a hardware or compatible match with the device are candidates for download and installation. If a hardware or compatible match exists, Windows
Update determines whether the driver on Windows Update is newer than the installed one. If
it is newer, the driver is presented to the user. Also, if the hardware ID for the driver on
Windows Update is a better match than the installed one, Windows Update offers that driver
to the user. If the user chooses to install the offered driver, the file is downloaded, and the
Windows Update ActiveX control points the Device Manager to the .inf file for installation.
For more information about hardware IDs and compatible IDs, see “Driver Ranking” later in
this chapter.
344
Part II:
Desktop Management
For more information about Windows Update, see the Windows Update link on the Web
Resources page at http://www.microsoft.com/windows/reskits/webresources.
Enterprise-Wide Driver Update Using Windows Update
IT administrators can standardize the updates made to device drivers and other software by
using the Microsoft® Windows Update Catalog site, which is accessible from the main Windows Update site. This site provides a comprehensive catalog of updates that can be downloaded for distribution to other computers or over a corporate network. To ensure that
updates are synchronized enterprise-wide, you can download updates, and then test and
approve the new software before distributing it. After the updated drivers are downloaded,
tested, and approved, they can be prepared for enterprise-wide installation using standard
software deployment tools and techniques such as Windows Update Services (WUS),
Software Update Services (SUS), or Microsoft® Systems Management Server (SMS). For more
information on these solutions, see Chapter 15, “Managing Software Updates.”
Administrators who want to download updated device drivers for deployment to Windows
XP computers on their network can use the Windows Update Catalog on the Windows
Update Web site to do this as follows:
1. Open the Windows Update Web site at http://windowsupdate.microsoft.com.
2. Select Administrator options, click Windows Update Catalog, and click Find
hardware driver updates.
3. Add the device drivers you want to your download basket.
Driver Ranking
Windows XP Professional uses driver-ranking schemes to determine which driver to load
when multiple drivers are available for a device. Drivers are ranked by whether they are signed
and how closely their Plug and Play ID matches the device’s Plug and Play ID. The Plug and
Play ID of a driver or device consists of hardware IDs and compatible IDs. If the hardware ID
of the driver exactly matches one of the hardware IDs of the device, there is a hardware match.
If some other match occurs (for example, device hardware ID to driver compatible ID), there
is a compatible match. Driver rank also depends on whether the device information file (.inf
file) for the device includes information specifically for installations in a Microsoft® Windows
NT® environment. If multiple drivers for a device exist, the lowest ranking driver is installed.
The following list summarizes the driver-ranking scheme for Windows XP Professional from
lowest (best match) to highest rank:
1. Signed driver with a hardware match to the device
2. Signed driver with a compatible match to the device
3. Unsigned driver with a hardware match to the device (with Windows NT–targeted INF
section)
Chapter 9:
Managing Devices
345
4. Unsigned driver with a compatible match to the device (with Windows NT–targeted
INF section)
5. Unsigned driver with a hardware match to the device (without Windows NT–targeted
INF section)
6. Unsigned driver with a compatible match to the device (without Windows NT–targeted
INF section)
Windows Driver Protection
Windows Driver Protection features in Windows XP Professional prevent users from installing,
loading, or running drivers on their system that are known to cause problems in Windows.
Microsoft maintains a database of known problem drivers that is used to determine which
drivers Windows Driver Protection prevents from being installed or loaded. A driver is
included in the database if there is a high probability that it will cause the system to hang or
crash. The driver is identified in the database by file name, driver version, and link date.
Updates to the database are downloaded to your computer from Windows Update.
If you try to install a driver that is listed in the known problem driver database, you will get a
message notifying you that this is a driver that will cause system problems and the driver is
not installed. The message also contains a link to a Web page that gives you more information
and might offer updates to the drivers.
Note
If you install drivers by using a custom executable, the problem driver database might
not be checked during installation and notices about problem drivers might not be displayed.
However, drivers that are missed by installation detection will be detected at load time and
blocked successfully regardless of installation method.
The known problem driver database is also checked each time the computer is started and
each time a driver is loaded to catch any problem drivers that might be loaded at startup. If a
problem driver is installed after the computer is started, the next time you start the computer
the loading process prevents the problem driver from being loaded.
When you log on to a computer where a driver has been blocked, an icon and a Help balloon
display in the notification area. Clicking the icon accesses the My Computer Information—
Health page in the Tools Center of Windows XP Professional Help and Support Center, where
details are provided for the list of drivers blocked since the last time the computer was started.
For each driver in the list, a link is provided that opens an appropriate help file that describes in
more detail the problem with the driver and contact information for the device manufacturer.
Each time a known problem driver is blocked, an entry is made in the computer’s event log.
346
Part II:
Desktop Management
Driver Search Policy
When a new device is installed, Windows XP Professional searches four different locations for
device drivers in this order: the hard drive, the floppy drive, the CD-ROM drive, and Windows
Update. The default is to search all four locations in order for a device driver until the correct
one is found, but you can configure the driver search locations to remove any or all of these
locations. For example, you might want to prevent users from going to Windows Update to
search for an updated driver.
To change driver search locations
1. Click Start, and then click Run. Type gpedit.msc and click OK to open the local Group
Policy object (LGPO) in the Group Policy snap-in.
2. Select Local Computer Policy, select User Configuration, select Administrative Templates, and then expand the System item.
3. In the list of configuration options, double-click Configure driver search locations.
4. On the Setting tab, make sure that Enabled is selected.
5. Select the check boxes for the options you want to disable. Click Apply, and then click
OK.
Device Drivers in the Driver.cab File
The Windows XP Professional device drivers included on the Setup CD are stored in a single
cabinet file named Driver.cab. This file is used by Setup and other system components as a
driver file source. You can view the contents of the Driver.cab file by double-clicking it in
Windows Explorer.
Information files (.inf files) are searched when Windows XP Professional starts or new hardware is detected. These text files provide the names and locations (typically Driver.cab) of
driver-related files and the initial settings required for new devices to work. During setup,
Driver.cab is copied from the installation CD to the local hard disk in the %windir%\Driver
Cache\I386 directory. The folder where the file can be found is specified in the registry entry
DriverCachePath in the subkey HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft
\Windows\CurrentVersion\Setup.
Caution
Do not edit the registry unless you have no alternative. The registry editor
bypasses standard safeguards, allowing settings that can damage your system, or even require
you to reinstall Windows. If you must edit the registry, back it up first and see the Microsoft®
Windows® XP Registry Guide by Jerry Honeycutt (Microsoft Press, 2003).
Copying a large Driver.cab file to the local hard disk instead of leaving it on the CD or network
has the following advantages:
Chapter 9:
Managing Devices
347
■
With the driver set on the local hard disk, users do not need the Setup CD to install new
devices, which especially benefits mobile users. Exceptions are products with Windows
drivers that are not included on the Setup CD.
■
Users do not need local administrator rights to install new hardware because all device
drivers stored in Driver.cab are on the hard disk and are digitally signed.
■
For network-based setups, copying the Driver.cab file to the local hard disk reduces
bandwidth requirements in these ways:
❑
During setup, less system and network overhead is required to copy the single
large Driver.cab file than many small files.
❑
During subsequent hardware installations, driver files already reside on the local
hard disk and do not need to be copied over the network.
A new device requires corresponding driver files in order to work. Setup reads the Drvindex.inf file to find entries for the device. If an entry exists, Setup searches the following paths:
■
systemroot\Driver Cache\I386\Driver.cab
■
systemroot\Driver Cache\I386\servicepack.cab (for example sp2.cab when Windows XP
Service Pack 2 is installed).
■
The original Windows XP Professional installation source, such as a network share or a
local CD-ROM drive. The Windows XP Professional source location is stored in the registry entry SourcePath in the subkey HKEY_LOCAL_MACHINE\Software\Microsoft
\Windows\CurrentVersion\Setup.
If the required files do not exist in any of the preceding locations, or if references are not
located in the Drvindex.inf file, Setup prompts the user to supply the required files.
Supported Hardware
Windows XP Professional supports a broad range of hardware, including system buses such
as Universal Serial Bus (USB) and Institute of Electrical and Electronics Engineers (IEEE)
1394. Other system buses are also supported, in addition to devices such as network adapters
and other internal adapters, modems, digital audio devices, DVD, Human Interface Devices
(HID), still-image devices, smart cards, and video-capture devices.
Note
Additional hardware support for new kinds of devices might have been added to
Windows XP in the most recent service pack released. For a complete and up-to-date list of
all hardware and types of devices supported by Windows XP, see the Windows Catalog at
http://www.microsoft.com/windows/catalog. For troubleshooting information concerning different kinds of devices supported by Windows XP, search the Microsoft Knowledge Base for that
device type. For example, to find detailed technical information and troubleshooting help concerning USB devices, search the Knowledge Base for “USB” using the Microsoft Knowledge Base
link on the Web Resources page at http://www.microsoft.com/windows/reskits/webresources.
348
Part II:
Desktop Management
Universal Serial Bus
Universal Serial Bus (USB) is a standards-based, external serial bus for the computer. USB is
universal in that many types of peripheral devices can be connected to a computer by plugging them into USB ports, using standard USB cables, connectors, and sockets. USB fully supports Plug and Play, which means peripheral devices can be plugged in and unplugged while
the computer is running. The operating system immediately detects a device that is plugged in
and tries to load device drivers for the device.
USB hubs can be used to connect several devices to one computer. A hub provides multiple
USB ports for Plug and Play devices. The hub is then plugged into the computer, directly or
through another hub, using a single USB cable.
Windows XP Professional has built-in support for many USB devices. (See “USB Devices” later
in this chapter.) When a user plugs in a USB device for which Windows XP Professional does
not have built-in support, a dialog box is displayed that allows the user to manually point the
Plug and Play subsystem to the location of the device drivers for that device (typically independent hardware vendor [IHV]–provided drivers on a floppy disk or CD-ROM).
USB has the following advantages:
■
All USB devices connect to the computer by using either the standard USB port or an A
connector.
■
A USB controller supports up to 127 devices. Hubs are used to obtain ports in addition
to those supported by the root hub.
■
USB supports hot plugging—plugging in or unplugging a USB device while the computer
is running.
■
USB supports the selective suspend feature, which allows USB device drivers to selectively
shut down their devices when they detect that the devices are idle. When the device is
put back in use, such as when a user moves a USB mouse, the driver turns the device
back on. This is particularly important for power management of mobile computers.
USB Topology
As illustrated in Figure 9-2, USB uses a tiered topology so that you can simultaneously attach
up to 127 devices to the bus. USB supports up to seven tiers, including the root tier and five
nonroot hubs. The lowest tier supports only a single nonhub device. Under the USB specification, each device can be located up to 5 meters from the hub or port it is connected to.
Chapter 9:
Tier 2
Hub 1
Hub 2
Tier 3
Tier 4
Hub 4
Tier 5
Hub 5
Hub 6
349
Tier 1
(Host controller, root tier, root hub)
Host
Root Hub
Hub 3
Managing Devices
Hub 7
Tier 6
Tier 7
Figure 9-2
USB tiered topology
There are three types of USB components:
■
Host controller Also known as the root, the root tier, or the root hub, the host controller
can be built into the motherboard of the computer or installed as an add-in CardBus or
PCI card in the computer to gain additional ports and bandwidth. The host controller
controls all traffic on the bus and also functions as a hub.
■
Hub Provides multiple ports, for attaching devices to the USB bus. Hubs are also
responsible for detecting devices that are plugged in or unplugged, and for providing
power for attached devices. Hubs are either bus-powered, drawing power directly from
the USB bus, or self-powered, drawing power from an external AC adapter. Bus-powered
hubs are capable of providing 100 milliamperes (mA) of power per port for attached
devices, and they can provide a maximum of four ports for devices to be plugged into.
Self-powered hubs, on the other hand, typically provide 500 mA of power per port, and
they can provide more than four ports. Hubs can be stand-alone devices, or they can be
integrated into other devices such as keyboards and monitors.
■
Device A USB device, which is attached to the bus through a port. A USB device can be
any kind of peripheral device, such as a keyboard, mouse, game controller, printer, and
so forth. Certain USB input devices such as keyboards and mice require only 100 mA of
power to function. Thus, they can be plugged into both bus-powered and self-powered
hubs, in addition to being plugged directly into a root port. Other devices such as print-
350
Part II:
Desktop Management
ers, scanners, storage devices, and video-conferencing cameras might require 500 mA of
power to function. These kinds of devices can only be plugged into root ports or selfpowered hubs. If the device requires more than 500 mA of power, it includes a wall plug
provided by the vendor for power.
USB Devices
A USB device typically implements a single function, as a keyboard or mouse does. However,
a USB device can also implement multiple functions, such as scanning, printing, and faxing.
When such a multifunction device, or USB composite device, is plugged in, the operating system enumerates all the functions in the device and loads device drivers for each function.
A USB device might also include a built-in hub to enable additional devices to be plugged into
it. Such a device is known as a USB compound device.
Each USB device contains configuration information that describes its capabilities and
resource requirements. This information is read from the device by the operating system during the enumeration process.
USB devices are recognized, initialized, and ready for use when plugged in. No additional
installation or configuration steps are necessary.
Windows XP Professional features built-in support for USB device types, including integrated
USB 2.0 support beginning with SP1, such as:
■
Hubs
■
Uninterruptible power supply (UPS) devices
■
Input devices, such as keyboards, mice, and other pointing devices
■
Game controllers, such as joysticks and game pads
■
Printers
■
Storage devices, such as hard disk drives, CD-ROM drives, high-density disk drives, and
compact flash readers
■
Speakers and microphones
■
Scanners
■
Still image cameras
■
Video-conferencing cameras (also known as “webcam” cameras)
■
Modems
■
USB-to-Ethernet network adapters
Chapter 9:
Managing Devices
351
Windows XP Professional supports only devices that are compliant with applicable USB
device class specifications as developed and published by the USB Implementers’ Forum. For
more information about USB specifications, see the USB link on the Web Resources page at
http://www.microsoft.com/windows/reskits/webresources.
The only exception to this rule is USB-to-Ethernet adapters, which must be compliant with
the Microsoft Remote Network Driver Interface Specification (Remote NDIS) to benefit from
built-in support in Windows XP Professional. For more information about Remote NDIS, see
the Remote NDIS link on the Web Resources page at http://www.microsoft.com/windows
/reskits/webresources.
Data Transfer Types and Rates Supported by USB
USB supports two different data transfer modes: isochronous and asynchronous modes. Asynchronous mode uses three asynchronous data transfer types: interrupt, control, and bulk. Isochronous mode uses the isochronous transfer type.
The USB host controller determines the data transfer rate and the priority assigned to a data
stream. USB supports the following maximum data transfer rates, depending on the amount
of bus bandwidth a device requires:
■
1.5 megabits per second (Mbps) for low-speed devices that do not require a large
amount of bandwidth, such as mice and keyboards
■
12 Mbps for full-speed, higher-performing, such as storage devices, speakers, scanners,
and video cameras
■
400 Mbps for high-speed devices, higher-performing devices, such as hard drives, CD,
and DVD drives that support the USB 2.0 specification
Asynchronous transfer mode An asynchronous transfer employs a handshake system and
allows data streams to be broken at random intervals. The three asynchronous data transfer
types are described as follows.
Interrupt Interrupt transfers reserve bandwidth and are guaranteed access to transfer data
at the established rate. They are used when a device transfers unsolicited data to a host.
Control Control transfers are used to service devices and to handle specific requests. They
are typically used during device configuration.
Bulk Bulk transfers are used to transfer large blocks of data that have no periodic or transfer
rate requirement. Printers and storage devices typically deploy bulk transfers.
Isochronous transfer mode An isochronous transfer requires a constant bandwidth within
certain time constraints. Constant bandwidth is required to support the demands of streaming multimedia devices such as speakers or video cameras. Unlike asynchronous transfers, no
handshaking occurs and data delivery is not guaranteed.
352
Part II:
Desktop Management
USB Support for Plug and Play
Windows XP Professional supports Plug and Play configuration of USB devices by using the
following USB features.
Hot plug-in capability You can plug a USB device into the system at any time. The USB
driver stack enumerates the device and notifies the system that the device is present.
Persistent addressing USB devices use descriptors to identify the device, its capabilities, and
the protocols it uses. A device descriptor contains a Vendor ID (VID), a Product ID (PID), and
a version number that tell the computer exactly which drivers to load. An optional serial number differentiates one device from another of the same type.
Power options
USB supports three power modes: On, Suspend, and Off.
User Interfaces for USB Device Properties
Windows XP Professional provides user interfaces to display relevant information about the
status of USB devices. The information provided by the USB user interface in Device Manager
provides the advanced user with property sheets for hubs and controllers that give specific
USB power and bandwidth information.
In addition, an event-driven interface allows error detection and correction by notifying the
user about a problem on the bus. The interface provides details about the error and suggests
solutions. For information about the USB troubleshooting user interface, see “Troubleshooting a Universal Serial Bus Device” later in this chapter.
For more information about using Device Manager to display device properties, see “Device
Manager” earlier in this chapter.
USB Root Hub Power Properties The Power Management tab in the USB Root Hub Properties dialog box displays information about power usage on that hub. The Hub information
box indicates the hub type and the amount of power available from each port (determined by
hub type).
The Attached devices box lists devices attached to the hub’s ports and the power each device
requires to function. If a device requires more power to function properly than the hub’s ports
supply, a message notifies the user. The user can view the Device Manager property dialog box
for the hub by double-clicking the device. Clicking Refresh updates the information in the
dialog box, which shows devices that are attached or removed.
USB Host Controller Advanced Properties The USB Host Controller dialog box displays
information about bandwidth usage on the USB host controller and gives the user the option
of turning off USB error detection. The Advanced tab in the USB Universal Host Controller
Properties dialog box shows the bandwidth allocation page. The Bandwidth section of the
dialog box describes USB bandwidth and how it pertains to what the user sees displayed on
Chapter 9:
Managing Devices
353
the property page. The list box displays all devices attached to the controller that consume isochronous bandwidth (typically, USB video cameras and USB speakers), along with the bandwidth each takes. To maintain bandwidth for control transfers, the amount of bandwidth
reserved by the “System Reserved” device listing will change, depending on what devices are
installed or removed. For every device that consumes one percent or more of the controller’s
bandwidth, there is a corresponding section in the Bandwidth Used column, which displays
cumulative bandwidth usage. However, HID-compliant devices do not display here, although
they do cause an increase in the System Reserved percentage.
Checking the Don’t tell me about USB errors check box and clicking OK disables the display
of the USB error detection and correction messages. For more information, see “USB User
Interface Error Detection” later in this chapter. The default state for this button is unchecked.
IEEE 1394
Windows XP Professional supports the Institute of Electrical and Electronics Engineers (IEEE)
1394 bus, which is designed for high-bandwidth devices, such as digital camcorders, digital
cameras, digital VCRs, and various storage devices. The IEEE 1394 bus is a digital, peer-topeer interface that supports data transport speeds from 100 to 400 Mbps. It provides a highspeed Plug and Play–capable bus that reduces the amount of power that peripheral devices
require and provides support for isochronous data transfer.
IEEE 1394 can connect up to 63 devices to one IEEE 1394 bus and link up to 1023 buses to
form a network of more than 64,000 devices. Each device can have up to 256 terabytes of
memory available over the bus. A built-in mechanism ensures that all devices have equal
access to the bus.
Windows XP Professional supports three protocol standards for data transport over the IEEE
1394 bus:
■
SBP-2 Protocol Used for block transfer–type devices, such as storage devices, scanners, and printers.
■
61883 Protocol Used with streaming data–type technologies, such as networking,
digital camcorders, DVD, and audio. Windows XP Professional supports the 61883-1
through 61883-4 protocols.
■
IP over 1394 Protocol Provides high-speed TCP/IP connectivity between PCs and is a
good solution for home networking. Windows XP Professional supports IP over 1394
for both IPv4 and IPv6.
Note Microsoft® Windows® XP Professional x64 Edition only supports the SBP-2 protocol.
It does not support the 61883 or IP over 1394 protocols.
354
Part II:
Desktop Management
Windows XP Professional supports IEEE 1394 by allowing IEEE 1394 device drivers to communicate with the IEEE 1394 bus class driver. In compliance with the Open Host Controller
Interface (OHCI) 1.0 standard, Windows XP Professional includes the IEEE 1394 bus class
driver with hardware-specific minidriver extensions for add-on and motherboard-based host
controllers.
IEEE 1394 Bus Connector and Cable
The IEEE 1394 specification defines a standard connector and socket, which includes three
interfaces: a 6-pin connector and cable, a 4-pin connector and cable, and a 6-pin-to-4-pin connector and cable. The 6-pin cables can supply power to a device over the bus, while a 4-pin
cable can only carry data. An IEEE 1394 bus cable contains two pairs of twisted-pair cabling
to accommodate the serial bus.
Data Transfer Rates Supported by IEEE 1394
IEEE 1394 supports both isochronous and asynchronous data transfer protocols. The IEEE
1394 specification currently supports the following bus transfer rates:
■
S100 (98.304 Mbps)
■
S200 (196.608 Mbps)
■
S400 (393.216 Mbps)
You can link devices with different data rates; communication takes place at the highest rate
supported by the lowest-rate device.
Support for Plug and Play and Other Devices
Windows XP Professional provides additional support for the IEEE 1394 bus in use with the
following specifications and devices.
Plug and Play Windows XP Professional supports hot plugging of devices that use the
IEEE 1394 bus. All IEEE 1394 devices can be plugged in while the computer is on, and the
device is detected and configured. For more information, see “Plug and Play Overview” earlier
in this chapter.
A/V devices Windows XP Professional supports streaming digital video and transfer of
MPEG-2 data to and from IEEE 1394 devices. An application of this is video editing, where the
data is retrieved from a digital camera, edited, and then written back to the camera, to a digital
VCR, or to a storage device.
Storage and other devices Support for IEEE 1394 storage devices, printers, and scanners
is implemented by using the SBP-2 protocol. For example, SCSI class drivers can use SBP-2
to connect and use IEEE 1394 devices. Devices that use the SBP-2 protocol must be OHCI
compliant.
Chapter 9:
Managing Devices
355
Other Bus Support
Most buses supported by previous versions of Windows function under Windows XP Professional. The buses that are supported include PCI, AGP, PC Card, CardBus, SCSI, ISA, and
EISA buses.
Note Windows XP Professional does not support the Micro Channel bus. Micro Channel
architecture is found mainly in older IBM PS/2 computers.
PCI Bus
The Peripheral Component Interconnect (PCI) bus, included in all computers, is used for
transferring data between the CPU and hardware devices, adapters, or non-PCI bus-circuit
boards. PCI is a local bus system that allows up to 10 PCI-compliant expansion cards to be
installed in the computer. The PCI bus system requires the presence of a PCI controller card,
which can exchange data with the system’s CPU either 32 bits or 64 bits at a time, depending
on the implementation, and controls data transfers between main memory and all the other
devices on the PCI bus. Because of its high bandwidth, the PCI bus is capable of high-speed
data transfers.
The PCI specification allows for multiplexing, a technique that permits more than one electrical signal to be present on the bus at one time. The PCI controller also allows intelligent, PCIcompliant adapters to perform tasks concurrently with the CPU using a technique called bus
mastering. This improves performance in tasks because it frees the CPU for other work by
enabling devices to take temporary control of the PCI bus for data transfer.
AGP Bus
The Accelerated Graphics Port (AGP) bus is a dedicated video bus that provides fast, highspeed data transfers from system memory to the display adapter. For more information about
AGP, see Chapter 10, “Managing Digital Media.”
PC Card and CardBus
Windows XP Professional supports the features of products designed for the PC Card standard. The 16-bit version of the PC Card is also known as PCMCIA. These products include
multifunction cards, 3.3-V cards, and 32-bit PC Cards. Major advantages of PC Cards are small
size, low power consumption, and Plug and Play support.
Windows XP Professional supports CardBus (also called PC Card 32), which is a combination
of PC Card 16 and PCI. CardBus brings the advantages of 32-bit performance and the PCI bus
to the PC Card architecture.
356
Part II:
Desktop Management
CardBus allows portable computers to perform high-bandwidth functions such as capturing
video. For more information about PC Cards and CardBus in portable computers, see
Chapter 7, “Supporting Mobile Users.”
SCSI Bus
The Small Computer Systems Interface (SCSI) standard defines a high-speed parallel bus that
carries data and control signals from SCSI devices to a SCSI controller. It is an intelligent bus
most often used for high-performance hard disks on multi-user systems. It is also flexible and
can be used with lower throughput devices such as CD-ROMs, tape drives, or scanners.
ISA Bus
The Industry Standard Architecture (ISA) bus is based on a design specification introduced
for the IBM PC/AT. The specification allows components to be added as cards plugged into
standard expansion slots, and it has a 16-bit data path. Plug and Play ISA devices can be used
on existing computers because Plug and Play does not require any change to ISA buses. Windows XP Professional does not support non–Plug and Play ISA devices, although they work if
manually configured.
EISA Bus
The Extended Industry Standard Architecture (EISA) bus is based on a design specification
for x86-based computers introduced by an industry consortium. EISA maintains compatibility with ISA, but it provides additional features. These include a 32-bit data path and the use
of connectors that can accept cards made for both EISA and ISA buses.
Other Hardware Support
In addition to USB and IEEE 1394 bus devices, Windows XP Professional supports standards
for a number of other hardware devices ranging from network adapters to digital media devices.
Bluetooth
Windows XP Service Pack 2 adds native support for Bluetooth devices, with built-in drivers
for a number of Bluetooth transceivers. The list of currently supported drivers can be found at:
http://support.microsoft.com/kb/841803. Bluetooth is used for connecting low power, short
distance devices to your computer, and for adding devices to a Personal Area Network (PAN).
Bluetooth devices use a low-power radio signal in the 2.4-GHz band to transmit data at up to
700 kbps over short distances to and from devices such as a keyboard, mouse, Personal
Digital Assistant (PDA), or phone.
Network and Other Internal Adapters
An adapter is a printed circuit board that allows a computer to use a peripheral device for
which it does not already have connections or circuit boards. For example, a network adapter
Chapter 9:
Managing Devices
357
provides the physical interface (connector) and the hardware (circuitry) to connect a node or
host to a local area network. A network adapter is also called an adapter card, a card, or a network adapter. Microsoft Windows XP includes support for traditional wired adapters, IEEE
1394 network adapters, and wireless network adapters.
For information about troubleshooting network and other internal adapters, see “Troubleshooting Network and Other Internal Adapters” later in this chapter.
For more information about networks, see Chapter 23, “Connecting Clients to Windows
Networks.”
Modems
A modem is a communications device that enables a computer to transmit information over a
standard telephone line. Modems convert a digital signal from a computer to an analog signal
on the telephone line, and vice versa.
Modems fall into two distinct categories, standard and controller-less modems. Although
both types offer similar functions and features, the back-end hardware and the drivers used in
their implementation differ significantly.
■
Standard modems Internal and external standard modems incorporate processing
devices or chips in the modem itself and are independent of the operating system. These
modems do not rely on the CPU for their internal processing. External models connect
to an existing serial port and therefore do not use additional system resources. Many
external models have separate on/off switches, so their power source can be cycled independently of the computer’s power.
■
Controller-less modems Controller-less modems have only generic on-board processing devices. They rely on operating-system-specific code executed by the CPU to
function.
■
Other modems Windows XP also supports high-speed DSL modems, cable modems,
and ISDN modems.
Human Interface Devices
Windows XP Professional supports devices that are compliant with the Human Interface
Device (HID) firmware specification. HID devices are devices used by humans to control the
operation of computer systems. Examples of HID devices include keyboards and pointing
devices such as mouse devices and touch screens; panel controls such as knobs, switches, and
buttons; consumer appliance devices such as audio/video appliances and remote controls;
and devices that might not require human interaction but provide data in a similar format,
such as bar code readers or voltmeters.
358
Part II:
Desktop Management
The HID specification was developed by the USB Implementers Forum and is mainly implemented in devices connected by USB. However, Windows XP Professional includes HID support for devices connected by using other ports or buses. For example, HID devices
connected by IEEE 1394 can be developed and supplied by vendors but are not common.
An HID device is Plug and Play compliant if its underlying bus is Plug and Play compliant, and
it indicates its class and HID information when plugged into the host system. Plug and Play
HID devices do not require installation of additional software drivers, but non–Plug and Play
HID devices might. The use of Windows Driver Model (WDM)–compliant drivers provides
operating system support. Windows XP Professional supplies the HID class driver, the HID
minidriver for the HID USB miniport, and the HID parser. Support for Plug and Play and
power management for USB/HID devices takes place within the USB driver stack that is part
of the WDM-based architecture.
From the perspective of a computer program, any HID device can be accessed either through
HID application programming interfaces (APIs) or through DirectInput® Component Object
Model (COM) methods. DirectInput, which is part of DirectX® digital media architecture, provides an input device API to support HID devices.
For more information about the USB Implementers Forum and HID usage, see the USB link
on the Web Resources page at http://www.microsoft.com/windows/reskits/webresources.
For more information about Input and HID Devices, see the Input and HID Devices link at
http://www.microsoft.com/windows/reskits/webresources.
For more information about developing minidrivers and filter drivers, see the Driver Development Kits link on the Web Resources page at http://www.microsoft.com/windows/reskits
/webresources.
DVD
DVD (digital video disc) is an optical disc storage technology that can hold video, high-quality
CD audio, and computer data in a single digital format. DVD devices can read multiple, digitally stored data streams concurrently for playback of digital media applications and fulllength motion pictures. Two major compression technologies, MPEG-2 and AC-3 (also called
Dolby Digital), are used to store from 4.7 gigabytes (GB) to 17 GB of data on a single DVD disc.
DVDs also offer copy and distribution protection. This is accomplished by encrypting the content on a disc and by restricting playback of discs to specified geographical regions. For more
information about copy and distribution protection offered by DVD, see Chapter 10, “Managing Digital Media.”
Chapter 9:
Managing Devices
359
Windows XP Professional supports DVD in the following ways.
DVD video and audio playback If the proper decoding hardware or software is present,
Windows XP Professional supports playback of DVD video. This support is important for
entertainment computers and any digital media platform intended to play movies. Windows
XP Professional support includes the same interactivity and high-quality playback found on a
standard DVD video player. DVD devices can also play most audio CDs.
DVD as a storage device You can use DVD as a storage device on most computers that support DVD. DVD-ROM discs and devices provide cost-effective storage for large data files. The
UDF file format is used to store data on most DVDs.
In Windows XP Professional, different types of DVD drives have differing capabilities, as follows:
■
DVD-ROM devices can read CDs or DVD-ROM discs in both UDF and FAT32 formats.
■
DVD-R/RW devices can read CD or DVD content in both UDF and FAT32 formats, but
they do not support DVD writing.
■
DVD-RAM devices can read any CD or DVD, can write content in FAT32 format, and can
read UDF and FAT32 formats. These discs cannot be read in most DVD-ROM devices.
For more information about DVD, see Chapter 10, “Managing Digital Media.” For more information about the UDF and FAT32 file formats, see Chapter 13, “Working with File Systems.”
Digital Audio Devices
Windows XP Professional uses the Windows Driver Model (WDM) audio architecture to support digital audio devices. The operating system can manage multiple audio streams, and two
or more applications can play sounds simultaneously. For example, if you are listening to
music on your computer, you can also hear the notification that a message has arrived. The
WDM audio architecture performs audio processing in kernel mode, which significantly
reduces latency, the time required for a signal to travel from one point to another.
Windows XP Professional also supports the Audio Codec ‘97 (AC ‘97) specification for digital
audio, which defines a widely adopted audio architecture. The AC ‘97 controller that is typically integrated into the chipset handles the digital aspects of audio, while the AC ‘97 codec
handles the analog aspects of audio. The AC ‘97 specification describes the architecture of the
codec and the digital interface between the controller and the codec. Windows XP Professional includes AC ‘97 audio drivers to support the integrated AC ‘97 controllers from four
major computer chipset manufacturers. As a general rule, these AC ‘97 audio drivers support
any manufacturer’s AC ‘97 controller when paired with any codec that is AC ‘97 compliant.
360
Part II:
Desktop Management
Because digital audio is processed by the operating system, a separate sound card is not
required to process digital audio. Digital audio is supported on several bus types, including
PCI, ISA, and PCMCIA, and on external digital audio devices connected with USB and IEEE
1394.
Windows XP Professional supports the following digital audio features and devices:
■
Audio chipsets and sound cards implemented on the PCI, ISA, and PCMCIA buses.
■
USB audio devices, such as USB microphones, speakers, and MIDI devices.
■
Multichannel audio output and playback of various audio formats. Volume can be set
for each speaker in a multichannel configuration.
■
Acoustic echo cancellation (AEC).
■
Global Effects Feature (GFX), which enhances USB audio support by allowing filter
drivers to support devices such as USB array microphones.
■
IEEE 1394 audio devices.
■
Copying of the audio capture stream so that multiple applications can have access to the
stream.
■
Support for Digital Rights Management (DRM) in the WDM audio architecture to allow
audio drivers to be authenticated as trusted. Some DRM content can be rendered only
on trusted audio devices.
■
Digital Signal Processors (DSPs).
Windows XP Professional also supports DRM technology that allows content providers such
as artists and record companies to protect proprietary music or other data by encrypting digital content and attaching usage rules to it. These rules determine restrictions such as the
number of times content plays and the types of devices that play it. Using Windows XP Professional, you can ensure that a device or driver is trusted not to violate usage rules or allow a
user to circumvent security. Trusted drivers are only relevant to DRM content that requires
this security.
Driver modules that handle audio content must include a DRM signature before they can render protected content that requires a trusted audio device. Windows XP Professional uses a
DRM signature in the driver’s catalog files to identify a trusted device. This is not the same as
the signature required for Windows drivers. To play DRM-encrypted content requiring a
trusted audio device, WDM audio drivers and any associated filter components must be DRM
compliant.
Chapter 9:
Managing Devices
361
Still Image Devices
Windows XP Professional supports still-image devices through Windows Image Acquisition
(WIA), which uses the WDM architecture. WIA provides robust communication between
applications and image-capture devices, allowing you to capture images efficiently and transfer them to your computer for editing and use.
WIA supports SCSI, IEEE 1394, USB, and serial digital still image devices. Support for infrared, parallel, and serial still image devices, which are connected to standard COM ports, is provided by standard infrared, parallel, and serial interfaces. Image scanners and digital cameras
are examples of WIA devices. WIA also supports Microsoft DirectShow®–based webcams and
digital video (DV) camcorders to capture frames from video.
WIA supports a camera class driver that is based on Picture Transfer Protocol (PTP), a standard that enables digital cameras to communicate with each other, with printers, and with
computers. WIA automatically recognizes all PTP digital still cameras that support the PTP
class ID and provides all the basic still image functionality as with any other WIA device. PTP
cameras that do not support the PTP class ID can also be recognized by means of a third-party
.inf file that maps the device Plug and Play identifier to the WIA PTP class driver.
WIA provides a driver model for manufacturers to write drivers for cameras with proprietary
protocols. When such a WIA driver is installed, all WIA features are available to this camera.
WIA also provides Mass Storage Class (MSC) device support. The storage on MSC cameras
can be accessed using a drive letter that appears in My Computer. If the camera uses the MSC
driver provided with the operating system, the AutoPlay dialog box is displayed when it is
connected to the computer, which allows the user to select the Scanner and Camera Wizard.
Support for Microsoft DirectShow-based webcams and digital video camcorders is provided
by a generic DirectShow filter, which identifies itself as a source of images.
WIA architecture WIA architecture describes both an API and a device driver interface
(DDI). The WIA architecture includes components provided by the software and hardware
vendor, in addition to Microsoft. Figure 9-3 illustrates the WIA architecture.
362
Part II:
Desktop Management
Windows
Explorer
User
Interface
Class
Installer
Scanner
and Camera
Wizard
Visual
Basic and
Others
Application
TWAIN DSM
Automation
Layer
Compatibility
Data Source
Common/HV Dialogs
Client
Process
COM
Server
Process
Interface
Device Driver
Device Object
Interface
Optional
Extensions
WIA Device
Mgr. Object
Driver Services
Library
User Mode
Kernel Mode
WDM Driver
BUS
Device
Figure 9-3
Components of WIA architecture
Windows Explorer user interface Windows Explorer extensions such as My Computer and
My Pictures, as well as Scanners and Cameras in Control Panel, provide a user interface by
which users can access WIA devices. For example, an icon for each installed WIA device
appears in the My Computer folder. If a still image camera is installed, clicking the camera
icon opens an interface that shows thumbnail pictures, controls for saving pictures, and a live
preview that you can capture if the camera is a supported webcam or Digital Video (DV)
camcorder.
The My Pictures folder includes thumbnails of images, a link to the WIA Scanner and Camera
Wizard, a built-in slide show, an enhanced preview window called the Windows Picture and
Fax Viewer, and the option to print pictures from the preview window.
Microsoft Paint also supports WIA. When a WIA device is present, From Scanner or Camera
is enabled on the File menu, and users can retrieve pictures from WIA devices.
Chapter 9:
Managing Devices
363
Class installer The imaging class installer supports easy removal and installation of WIA
devices. The installer also supports Plug and Play devices for USB, SCSI, IEEE 1394 buses,
and serial-based digital still cameras.
Scanner and Camera Wizard Using the Scanner and Camera Wizard, users can retrieve
images from any of the supported devices installed on the system. The wizard provides a preview page where the user can select from several scanning options and adjust image settings.
It is opened by default when WIA-enabled scanners are activated (a “scan event”) and when
Plug and Play still digital cameras are connected (a “connect event”). By using the AutoPlay
dialog box, the wizard can also be opened when media, such as flash memory cards, that contain image files are inserted into the computer (a “media-insertion event”). Note, however, that
the wizard is not opened by default for video cameras.
Using the wizard for a digital still camera, the user can select one or more pictures, rotate
them, and view information such as picture size and resolution.
With a video camera, the user can select previously captured still images, rotate them, view
picture information, and even see live video and capture still images. The user can also name
the pictures, save them in the My Pictures folder, categorize pictures by using subfolders, and
publish them on the Web.
For non–Plug and Play devices, the user can start the wizard by opening Scanners and
Cameras in Control Panel and clicking the Add an imaging device link.
Note The WIA driver for DirectShow-supported webcams and digital video camcorders
stores captured pictures in a temporary file. As a result, when you capture pictures with a webcam or DV camcorder, be sure to save the pictures you want to keep to the My Pictures folder
or some other location on the PC. This ensures that the pictures are not deleted from the drive
when clearing out the Temp folder, either manually or using the Disk Cleanup utility.
Visual Basic and other scripting languages WIA includes a scripting model, which allows
advanced users and IT professionals to develop WIA applications by using Microsoft Visual
Basic® and other scripting languages. For more information about developing WIA applications, see the MSDN Library’s Windows Development section using the MSDN Library link
on the Web Resources page at http://www.microsoft.com/windows/reskits/webresources.
WIA applications Users can start image acquisition and manipulate images by using either
the WIA Wizard or another application. Two primary types of WIA applications use still images:
■
Image editing applications
Picture It!®
Examples include Adobe PhotoShop and Microsoft®
■
Image display applications These applications are for authoring documents that
include image data, but they provide no editing or limited editing of image data. Examples include Microsoft Word and Microsoft® PowerPoint®.
364
Part II:
Desktop Management
TWAIN Data Source Manager The TWAIN Data Source Manager (DSM) is an industry-standard software library used to abstract TWAIN applications from still image devices. WIA uses
the TWAIN DSM implementation in Microsoft® Windows® XP together with the TWAIN compatibility driver to provide a compatibility layer for applications that support TWAIN version
1.7 or later, but don’t yet support WIA.
WIA common system dialogs All scanner and camera device drivers that ship in Windows
XP Professional use the WIA common system dialogs. There are four system dialogs that are
used in WIA imaging applications to access WIA-enabled scanners and cameras. The dialog
that displays is tailored to the device type used. For example, when scanning an image into
Paint using a WIA-enabled scanner, Paint displays a WIA dialog that allows you to preview the
scanned image; crop the image; set the color, contrast, and brightness; and so on. Specific dialogs for still camera and video camera are displayed when those devices are accessed. The
device selection dialog displays when more than one WIA device is active on the system.
Device object When the WIA device driver is started, it creates a device object that allows the
application to communicate with the hardware. There are four types of device objects: full
WIA minidriver, WIA flatbed scanner microdriver, WIA generic PTP camera driver, and WIA
video camera driver.
WIA Device Manager object When an application first communicates with a device, the
WIA Device Manager detects all the devices, creates the device objects, establishes the link
between the application and the device object, and retrieves and sets device properties.
WIA event model As discussed earlier, Still Image devices can generate various events.
Some devices, such as scanners, can support multiple events, which are traditionally mapped
to the buttons on the scanner itself. The most common event for scanners is Scan, which is
normally mapped to the scan button.
By default, the Scanner and Camera Wizard is associated with the Scan event (for scanners)
and the Connect event (for still digital cameras). Consequently, when the scan button is
pressed on a WIA scanner that uses a driver supplied with Windows XP Professional, the
Scanner and Camera Wizard appears.
The WIA event model includes a set of predefined events that can be associated by means of
WIA device drivers or .inf files. At the same time, these predefined events are available to applications so that they can automatically start when the event takes place.
An application can register itself to be the default event handler by calling the WIA APIs documented on the SDK. The application has three handler options: global, device-specific, and
device- or event-specific.
When an application registers as a global or device-specific event handler, a dialog appears
when the event takes place. This dialog prompts the user to choose which application is to be
the default event handler. The Scanner and Camera Wizard is presented as one of the options.
Chapter 9:
Managing Devices
365
When an application registers as a combination device or event handler, the dialog does not
appear.
When multiple applications are registered for the same event, a user can manually switch
between them by using the Events tab on the device Properties page, which can be accessed
by right-clicking the device icon from My Computer and selecting Properties.
Image Color Management 2.0 Because colors can vary by monitor or printer, Image Color
Management (ICM) version 2.0 ensures that images have accurate colors by storing standard,
objective color characteristics for each output device that produces an image. As a result, a
photograph taken by a digital camera looks the same on the monitor as when it was captured.
In turn, the printed version of the same image accurately represents the image and colors seen
through the camera and on the monitor.
Software for color management uses profiles, which are data about how each device represents color. These profiles provide the information that allows the color management software
to prepare an accurate color reproduction.
ICM is based on the industry standard ICC profile, the standardized Color Management Module (CMM), and the default Standard RGB (red, green, blue) color space. Although this flexible system allows the use of any CMM, ICM uses LinoColor CMM by default. This makes
Windows applications that use ICM 2.0 compatible with other platforms with respect to color
management.
ICM 2.0 on Windows XP Professional is set up to run transparently for printing, which benefits users who do not need advanced color configuration options for devices. However, ICM
provides full manual control with a selection of alternative color profiles—a benefit to users
who need color consistency on devices and platforms that might otherwise be incompatible.
ICM supports sRGB, which complements current color management strategies by enabling a
default method of handling color in the operating system and on the Internet. It efficiently
provides good quality color representation and backward compatibility. Standard RGB (sRGB)
is the default color space in Windows XP Professional for all color images that do not have
another embedded profile or are not specifically tagged with other color information. If a specific color profile is assigned to an image or a device, that color profile is used. If no color profile is assigned, the default sRGB profile is assumed.
Video Capture
Video Capture under Windows XP Professional is based on the WDM streaming-class driver.
Windows XP Professional provides minidrivers for USB and IEEE 1394 cameras, as well as
PCI and videoport analog video devices. Support includes DirectShow® filters for WDM video
capture interfaces and a Video for Windows (VFW)–to–WDM mapper for compatibility with
previous interface versions. The mapper, also called the VFWWDM mapper, allows WDM
video capture devices to take advantage of existing 32-bit VFW applications.
366
Part II:
Desktop Management
Capturing video with WDM has the following advantages:
■
Full integration with DirectShow and streaming architecture
■
Single-class driver architecture for hardware (such as video ports and chip sets), which
is shared by video-capture devices and DVD or MPEG devices
■
Support for vertical blanking interval (VBI), and video port extensions
Capture applications are available that use both DirectShow and VFW. Code samples for
DirectX® version 9.0c can be found in the MSDN Library’s Graphics and Multimedia section
by using the MSDN Library link on the Web Resources page at http://www.microsoft.com
/windows/reskits/webresources.
Video Capture provides real-time and step-frame modes for capturing video sequences.
Real-time capture Real-time capture of video images demands a fast computer and hard
disk. A video source for real-time capture (such as a video camera or videodisc) provides an
uninterrupted stream of information to the capture hardware. The capture hardware copies
each frame of the video sequence and the audio portion and transfers it to the hard disk
before the next frame of data enters the capture hardware. Each video frame contains one
image. If the system lags during capture, frames of video data are lost.
Step-frame capture Step-frame capture collects video frames from a video sequence in a
series of steps, capturing frames one at a time, typically from a paused video device. Stepframe capture causes the video source to pause as it collects each image. If an audio source is
also selected, the capture mode rewinds the media in the video source and collects audio data
as the video source plays a second time. You can perform step-frame capture manually,
advancing the video source by using the controls on the video device. Windows XP Professional
Video Capture also provides automatic step-frame capture for video devices that support the
Media Control Interface. With this method, Video Capture issues frame-advance commands
to the source device and captures the sequence frame by frame. When Video Capture finishes
capturing the current frame, it advances the video source to the next capture point.
Step-frame capture provides an alternative for systems that cannot process a video sequence
in real time because of a slow I/O subsystem. Because the system can fully process a video
frame before contending with the next frame, you can use larger frame sizes and color formats, and you can compress the video sequence during capture.
Step-frame capture is also available by using WIA technology. For more information about
WIA, see “Still Image Devices” earlier in this chapter.
Smart Cards
Smart Card technology is fully integrated into Windows XP Professional, and is an important
component of the operating system’s public-key infrastructure (PKI) security feature. A smart
card is a small electronic device, often the size of a credit card, that contains an embedded
Chapter 9:
Managing Devices
367
integrated circuit. The smart card serves as a secure store for public and private keys and as a
cryptographic engine for performing a digital signature or key-exchange operation. Smart
card technology allows Windows XP Professional to authenticate users by using the private
and public key information stored on a card.
Smart cards provide the following benefits:
■
Tamper-resistant storage for protecting private keys and other forms of personal
information
■
Isolation of security-critical computations involving authentication, digital signatures,
and key exchange from other parts of the system
■
Portability of credentials and other private information between computers at work,
home, and elsewhere
The Smart Card subsystem on Windows XP Professional supports industry standard Personal
Computer/Smart Card (PC/SC)–compliant cards and readers, and it provides drivers for commercially available Plug and Play smart card readers. Smart card readers attach to standard
peripheral interfaces, such as RS-232, PS/2, PCMCIA, and USB. Windows XP Professional
detects Plug and Play–compliant smart card readers and installs them using the Add Hardware Wizard.
To install a smart card reader driver, follow the directions in the Add Hardware Wizard for
installing device driver software. The process requires that you use either the Windows XP
Professional CD or media from the smart card reader manufacturer that contains the appropriate device driver.
Note Microsoft does not support or recommend using non–Plug and Play smart card readers. If you use a non–Plug and Play reader, you must obtain installation instructions and associated device driver software directly from the manufacturer of the smart card reader.
For information about Windows XP Professional–compatible smart card readers, see the
Windows Catalog at http://www.microsoft.com/windows/catalog.
Before using a smart card to log on, a user must be enrolled to do so by a user who has the
privilege to enroll other users. This is required because enrollment for a smart card certificate
is a controlled procedure in the same manner that employee badges are controlled for identification and physical access. Enrollment provides the user with the public encryption key and
certificate that is required for authentication and secure exchange of information. The user
also needs a Personal Identification Number (PIN) to complete the logon process. Usually the
user sets the PIN during enrollment or is given a default PIN with instructions to change it as
soon as possible.
368
Part II:
Desktop Management
Using a smart card to log on to Windows XP Professional requires at least one service provider
so that applications can access card-based services. A cryptographic service provider (CSP)
makes available the cryptographic services of the smart card, such as key generation, digital
signature, and key exchange. A Smart Card Service Provider (SCSP) makes the noncryptographic services of a smart card available to an application.
For more information about installing a smart card reader and smart card certificate enrollment, see Windows XP Professional Help and Support Center. For more information about
using smart cards for logon and authentication, see Chapter 16, “Understanding Logon and
Authentication.”
Device Installation
In Windows XP Professional, how you install a device depends on whether the device and the
computer are Plug and Play compatible. When installing Plug and Play devices, Windows XP
Professional detects and configures the device with little or no user intervention. Device driver
installation also requires little user involvement because Windows XP Professional uses
driver-ranking schemes and driver search location policies, among other features, to determine which drivers are loaded.
Installing a Device in Windows XP Professional
Windows XP Professional Setup performs an inventory of all devices on the computer and
records the information about those devices in the registry. Setup gets configuration information for system devices from the .inf file associated with each device and, for Plug and Play
devices, from the device itself.
When a new device is installed, Windows XP Professional uses the device’s Plug and Play ID
to search Windows XP Professional .inf files for an entry for that device. Windows XP Professional uses this information to create an entry for the device under the Hkey_Local_Machine
subtree in the registry, and it copies the drivers needed. Registry entries are then copied from
the .inf file to the registry entry for the driver.
When you install a new device, rely first on Plug and Play to detect and configure it. How you
install hardware depends on the type of device:
For Plug and Play external devices, plug in the device.
■
For Plug and Play internal devices, turn the computer off and install the device according to the manufacturer’s documentation. You can, however, typically insert and remove
PC Card, CardBus, and other Plug and Play devices without turning the computer off.
■
For PCI and ISA Plug and Play cards, turn the computer off and then install the device.
When you restart the computer, Windows XP Professional detects the device and starts
the Plug and Play installation procedures.
Chapter 9:
■
Managing Devices
369
For non–Plug and Play devices, turn the computer off and then install the device. When
you restart the computer, run the Add Hardware Wizard and let Windows XP Professional detect the device. This requires administrator permissions. If Windows XP Professional cannot detect the device, you might need to manually configure it. Consult the
hardware vendor’s documentation if this is necessary.
Note Whenever possible, use Plug and Play devices even in computers that do not have an
ACPI BIOS in order to make available any additional Plug and Play functionality.
Installing Drivers
Many device drivers are installed with no user intervention. For example, when you plug in a
USB mouse device, the drivers are automatically detected and installed.
Drivers are installed without user intervention if certain conditions are met:
■
Installing the driver does not require showing a user interface.
■
The driver package contains all files needed to complete the installation.
■
The driver package is available on the system in the Driver.cab file, or it was previously
installed.
■
The driver package is digitally signed.
■
No errors occur during installation.
If any of these conditions is not met, the device installation restarts and the user might need
to respond to dialog boxes or messages. Manual installation of a driver requires administrator
permissions.
Note
Drivers that support features specific to Windows XP Professional are not compatible
with Microsoft® Windows® 98 or Microsoft® Windows® Millennium Edition (Me).
Windows XP Professional determines which device driver to load for a device by using these
features:
■
Driver-ranking schemes
■
Driver search location policies
■
Windows Driver Protection
■
Windows Update
370
Part II:
Desktop Management
For more information about device drivers, including driver-ranking schemes, Windows
Driver Protection, driver search location policy, and Windows Update, see “Device Drivers”
earlier in this chapter.
Setting Plug and Play BIOS Settings
For x86-based systems, the way that the system BIOS code interacts with Plug and Play
devices can vary, depending on whether the system BIOS or the operating system is responsible for configuring hardware. Whether the system BIOS is set to enable Plug and Play can
affect this interaction if this option exists for your system. System conditions and recommended BIOS settings are listed in Table 9-2.
Table 9-2
Recommended Plug and Play BIOS Settings for x86-Based Systems
Condition
Recommended BIOS Setting
Fully compliant ACPI system
(ACPI BIOS present; ACPI
Hardware Abstraction Layer
[HAL] installed)
Windows XP Professional assigns device resources and ignores BIOS
settings. This includes re-assigning IRQ, DMA, and Input Output (I/
O) resources and arbitrating conflicts for all PCI devices. Because
Windows XP Professional ignores the Plug and Play BIOS setting and
uses ACPI, the BIOS setting can be left at either Yes/Enabled or No/
Disabled. However, it is recommended that you set this option to
No/Disabled.
Noncompliant ACPI system
(ACPI BIOS present;
compliance problems
prevented ACPI HAL
installation)
The system BIOS assigns device resources prior to the loading of the
operating system, and the Plug and Play BIOS setting must be No/
Disabled. If your devices have a static configuration, you must turn
off your computer before removing or attaching most devices. For
more information about whether to turn your computer off when
installing a device, see “Installing a Device in Windows XP
Professional” earlier in this chapter.
Non-ACPI systems
The system BIOS assigns device resources prior to the loading of the
operating system, and the Plug and Play BIOS setting must be No/
Disabled. If your devices have a static configuration, you must turn
off your computer before removing or attaching most devices.
Dual boot Windows XP
Professional and Microsoft®
Windows® 95, Windows 98,
or Windows Me operating
systems
The Plug and Play BIOS setting must be No/Disabled. Disabling Plug
and Play in the BIOS is recommended to prevent errors that might
arise. For example, if the system check for Plug and Play on a
Windows 98 ACPI system passes, the system check for Plug and Play
might fail on a Windows XP Professional ACPI system.
For information about viewing or modifying your computer’s BIOS settings, consult your
computer’s documentation or manufacturer’s support Web site.
Note Motherboards based on Itanium-based architecture rely on ACPI and the operating
system to configure resources. The option to enable or disable ACPI settings is not available on
Itanium-based computers.
Chapter 9:
Managing Devices
371
Configuring Device Settings
Windows XP Professional identifies devices and their hardware resource requirements. The
operating system allocates the optimal resources and attempts to resolve conflicts when two
or more devices request the same resource. Consequently, you must not manually change
resource settings for a Plug and Play device unless it is absolutely necessary to resolve a problem with the device. Doing so fixes its settings, preventing Windows XP Professional from
granting another device’s request to use that resource. Changed resource settings can be
returned to the original values by selecting the Use automatic settings check box on the
Resources tab of the Device Properties Page in Device Manager. See the procedure “To
change resource settings for a device by using Device Manager” later in this section.
Note
Windows XP Professional might allocate a single resource to more than one device.
For example, multiple PCI devices might share the same IRQ.
During setup, Windows XP Professional detects non–Plug and Play devices that have fixed
resource requirements. For example, some ISA modems require fixed I/O port settings and
cannot operate at any other I/O setting. After running Setup, you can use the Add Hardware
Wizard to install non–Plug and Play devices. This is the only instance in which you need to
use the Add Hardware Wizard to install a device.
Certain circumstances might require you to change resource settings after Windows XP
Professional configures a device. For example, Windows XP Professional might not be able to
configure one device without creating conflicts with another. Typically a message explains
that a conflict exists and suggests a solution, such as turning off or disabling a device or
assigning nonconflicting resources.
For more information about troubleshooting devices, see “Hardware Troubleshooting” later
in this chapter or Appendix C, “Tools for Troubleshooting.”
To manually change the configuration of a device, use Device Manager. Use the following
strategies when using Device Manager to resolve device conflicts manually:
■
Identify a free resource, and assign it to the device.
■
Disable or remove one of the conflicting devices to free resources.
■
Remove non–Plug and Play hardware and device drivers.
■
Rearrange resources used by a device or devices to free resources that the conflicting
device requires.
■
Use Device Manager to select nonconflicting resource values. Use device configuration
software, jumpers, or DIP switches to adjust actual hardware values to match those used
by Device Manager.
372
Part II:
Desktop Management
You can print a report about your system and device resource settings. In Device Manager,
highlight the device that you are interested in. On the Action menu, select Print. In the
Report Type section of the Print dialog box, select a system summary report, a report of the
selected class or device, or a report of all devices with a system summary. Click Print to send
the report to the printer.
The following procedure explains how to change a device’s resource settings by using Device
Manager.
Caution
Change resource settings only if absolutely necessary. Changing resource settings
can cause conflicts and can cause you to lose Plug and Play functionality.
To change resource settings for a device by using Device Manager
Some devices do not have a Resources tab on their property sheet. You cannot manually
change the resources for these devices.
1. In Device Manager, expand the device class to show the available devices.
2. Right-click a device, and then click Properties.
3. On the Resources tab, notice that the Conflicting device list shows conflicting values
for resources used by other devices.
4. In the Resource type list, select the setting you want to change, clear the Use automatic
settings check box, and then click Change Setting.
If there is a conflict with another device, a message is displayed in Conflict Information.
5. If an error message says, “This resource setting cannot be modified,” browse for a configuration that you can use to change resource settings without conflicting with other
devices.
6. Click OK, and then restart Windows XP Professional.
7. Verify that the settings are correct for the device.
Note Many legacy devices have jumpers or DIP switches that set the IRQ, DMA, and I/O
addresses. If you change these settings in Device Manager, you must also change the settings
on the device to match them.
Using Hardware Profiles for Alternate Configurations
Windows XP Professional uses hardware profiles to determine which drivers to load. A computer can have different profiles that describe different hardware configurations. Hardware
profiles are especially important for portable computers that can be docked. Windows XP
Chapter 9:
Managing Devices
373
Professional uses one hardware profile to load drivers when the portable computer is docked
and another when it is undocked. For example, a different profile is used at a customer site
that has a monitor different from the one at the office.
Configurations are created when Windows XP Professional queries the BIOS for a dock serial
ID and assigns a name for the docked and undocked configurations. Windows XP Professional then stores the hardware and software associated with these configurations. Applications access and store information for each hardware configuration used by the mobile user.
Using multiple profiles enables applications to adapt to various hardware configurations.
Windows XP Professional prompts you for the name of a hardware profile only when two profiles are so similar that it cannot differentiate between them. If this happens, the operating system displays a Hardware Profile menu from which you can choose the correct profile.
For more information about hardware profiles for portable computers, see Chapter 7,
“Supporting Mobile Users.”
Changing Hardware Acceleration Settings for Digital Audio
Windows XP Professional includes a driver that provides hardware acceleration. This driver
speeds up the delivery of digital audio data, which improves Microsoft DirectSound® Audio
performance. You can change the level of hardware acceleration available to DirectSound
Audio applications by using the Hardware Acceleration option for Sounds and Audio Devices.
You can use these settings for testing or to improve the stability of the system.
Hardware Acceleration for DirectSound Audio has four settings, which are described in Table 9-3.
Table 9-3
Hardware Acceleration for DirectSound Audio
Setting Name
Description
Emulation
Forces emulation mode so that audio applications run as though no DirectSound
Audio–compatible driver is on the system and no hardware acceleration is
provided. Use this setting only if other acceleration settings do not function
properly.
Basic
Disables hardware acceleration so that applications run as though no hardware
acceleration is present. This option is useful if you want to emulate a nonDirectSound-accelerated sound card for testing purposes.
Standard
Enables hardware acceleration, but disables any vendor-specific properties so
that only standard acceleration features are used. This is the default setting for
Windows XP Professional.
Full
Enables hardware acceleration and all vendor-specific properties so that all
acceleration features are available.
374
Part II:
Desktop Management
To change the hardware acceleration setting for audio devices
1. In Control Panel, open Sounds, Speech and Audio Devices, and then open Sounds
and Audio Devices.
2. Click the Audio tab, and under Sound Playback, click the Advanced button.
3. In the Advanced Audio Properties dialog box, click the Performance tab.
4. Under Audio Playback, move the Hardware Acceleration slider to the desired setting.
Configuring the Display
The Display option in Control Panel allows you to change the settings on your monitor and
make other changes to your desktop, including the following:
■
Change the display driver.
■
Change screen resolution and color depth (without restarting the computer when using
display drivers that support this functionality).
■
Change color schemes and text styles in all screen elements, including fonts used in dialog boxes, menus, and title bars.
■
View changes in colors, text, and other elements of display appearance before the
changes are applied.
■
Configure display settings for each hardware profile, for example, docked and
undocked configurations.
■
Configure multiple monitors. For information about configuring multiple monitors, see
“Configuring Multiple Monitors” later in this chapter.
Windows XP Professional also includes mechanisms to ensure that incompatible display drivers cannot prevent a user from accessing the system. If a display driver fails to load or initialize
when Windows XP Professional is started, Windows XP Professional automatically uses the
generic VGA display driver. This ensures that you can start Windows XP Professional to fix a
display-related problem.
Changing the Display Driver
You can change or upgrade a display driver by using Device Manager to view the properties for
the monitor. When you select Update Driver from the Driver tab, the Hardware Update
Wizard installs the driver automatically, or you can choose to install a different driver from a
list of known drivers for the display. For more information about adding or changing a device
driver, see Windows XP Professional Help and Support Center.
If you install a new Plug and Play monitor, the system detects the monitor and the Found New
Hardware Wizard guides you through the installation process. After attaching the monitor,
uninstall the old monitor in Device Manager, and scan for the new hardware by clicking Scan
for hardware changes on the Action menu.
Chapter 9:
Managing Devices
375
Note
If a driver is not included with your monitor, check Windows Update for an updated
driver for your monitor. If there is no driver in Windows Update, check the manufacturer’s Web
site for the most recent driver.
If the monitor is detected as Default Monitor, either the display adapter or the monitor is not
Plug and Play. If the monitor is not detected as Plug and Play Monitor, the monitor is not
included in the monitor .inf files. Check Windows Update or contact your hardware manufacturer for an updated Windows XP Professional .inf file.
Warning
Incorrect display settings can physically damage some monitors. Check the manual for your monitor before choosing a new setting.
Changing Hardware Acceleration Settings for Graphics Hardware
Windows XP Professional uses hardware acceleration to improve display performance. If
using hardware acceleration causes a problem, such as mouse pointer problems or corrupt
images, you can turn off some or all hardware acceleration features. By turning off hardware
acceleration, you can manually control the level of acceleration and performance supplied by
your graphics hardware, which can help you troubleshoot display problems.
Hardware acceleration for your graphics hardware has six settings. Table 9-4 shows the settings and their meanings.
Table 9-4
Hardware Acceleration for Graphics Hardware
Setting
Description
None
Disables all accelerations. Use this setting only if your computer frequently stops
responding or has other severe problems.
1
Disables all but basic accelerations. Use this setting to correct more severe problems.
2
Disables all DirectX® Graphics accelerations, as well as all cursor and advanced
drawing accelerations. Use this setting to correct severe problems with DirectX
accelerated applications.
3
Disables all cursor and advanced drawing accelerations. Use this setting to correct
drawing problems.
4
Disables cursor and bitmap accelerations. Use this setting to troubleshoot mouse
pointer problems or corrupt images.
Full
Enables all acceleration features. This setting is recommended if your computer has
no problems.
376
Part II:
Desktop Management
Note If you use multiple monitors, changing hardware acceleration settings affects all
monitors.
To change hardware acceleration
1. Right-click the desktop, and then click Properties.
2. In the Display Properties dialog box, click the Settings tab, and then click the
Advanced button.
3. Click the Troubleshoot tab, and then choose the desired level of hardware acceleration.
Windows XP Professional supports write combining, which improves video performance by
speeding up the display of information to your screen. However, increased speed can also
cause screen corruption. If display problems occur, you can disable write combining to troubleshoot this problem.
To disable write combining
1. Right-click the desktop, and then click Properties.
2. In the Display Properties dialog box, click the Settings tab, and then click the
Advanced button.
3. Click the Troubleshoot tab, and then clear the Enable write combining check box.
Configuring Display Resolution and Appearance
You can configure the display resolution and colors, fonts, and backgrounds for your Windows XP Professional display. Right-click the desktop, select Properties, and make changes
from the Settings tab on the Display Properties dialog box.
You can also adjust the refresh frequency rate for your display. A higher refresh frequency rate
reduces flicker on CRT displays. On the Settings tab, click the Advanced button, and then
change the refresh frequency on the Monitor tab.
Windows XP Professional allows you to change resolution and color depth without restarting
the computer if the installed display adapter is using a video driver provided with Windows
XP Professional. You might have to restart the computer if you are not using a Plug and Play
display adapter and driver.
Configuring Power Management for the Display
The Display Properties dialog box, accessed by right-clicking the desktop and selecting Properties, allows you to set the screen saver and other desktop attributes. In addition, you can use
settings in Screen Saver properties to take advantage of power management support in Windows XP Professional if your hardware supports this feature. Windows XP Professional can
Chapter 9:
Managing Devices
377
support screen saver power management if your computer is Energy Star compliant. An
Energy Star–compliant monitor supports the Video Electronics Standards Association (VESA)
Display Power Management System (DPMS) specification. To determine whether your monitor is Energy Star compliant, look for the Energy Star logo on the Screen Saver tab of the Display dialog box.
The display monitor is typically one of the most “power-hungry” components of a computer.
Manufacturers of newer display monitors have incorporated energy-saving features based on
the DPMS specification. By using signals from the display adapter, a software control can
place the monitor in standby mode or even turn it off completely, thus reducing the power the
monitor uses when inactive.
You can adjust monitor power settings on the Screen Saver tab by clicking the Power button,
and, on the Power Schemes tab, selecting the amount of time the monitor will stay on without
any activity before it turns itself off.
Enabling Mode Pruning
Mode Pruning is a Windows XP Professional feature that is used to remove display modes that
the monitor cannot support. Display modes are the combinations of screen resolution, colors,
and refresh rates available for the selected video adapter. In Mode Pruning, the graphics
modes of the monitor and the display adapter are compared, and only modes common to
both the monitor and display adapter are available to the user.
Mode Pruning is available only if a Plug and Play monitor is detected or if a specific monitor
driver is loaded in Device Manager. Mode Pruning is not available if the monitor driver is
Default Monitor. On Plug and Play monitors, Mode Pruning is enabled by default. If Mode
Pruning is disabled, you can select display modes that are not supported by your monitor.
Warning
Choosing a mode that is inappropriate for your monitor might cause severe display problems and might damage your hardware. You must be logged on as a member of the
Administrator’s group to view unsupported modes. It is not recommended that you change
this setting. If you choose to view unsupported display modes, consult your hardware
documentation.
To disable Mode Pruning
1. Right-click the desktop, and then click Properties.
2. In the Display Properties dialog box, click the Settings tab, click Advanced, and then
click the Monitor tab.
3. Clear Hide modes that this monitor cannot display, and then click Apply.
378
Part II:
Desktop Management
Using Digital Flat Panel Monitors
Windows XP Professional supports using digital flat panel (DFP) monitors with display
adapters that have the appropriate output connectors. These connectors include Digital Video
Interconnect (DVI) and DFP. Most display adapters also have standard CRT connectors for
more common monitors.
Using Multiple Monitors
By using the Multiple Monitors feature, you can configure up to ten monitors so that the Windows XP Professional desktop display spreads across all the monitors. For each monitor, you
can adjust position, resolution, and color depth.
In the Display Properties dialog box, one monitor is designated as the primary display. This
is the default display used for prompts and pop-up windows, and it has full hardware DirectX
Graphics acceleration. It is also the only display that can run DirectX applications in fullscreen mode.
POST vs. Primary Display Device
In Windows XP Professional, any supported VGA monitor can be used as the power-on self
test (POST) device. The adapter that displays the system BIOS and system memory count
when the computer is turned on is the POST device. This is the only device that can be used
for MS-DOS mode operations in full-screen mode. The POST device does not have to be the
same as the Primary Display, which is the default display that is used for prompts and pop-up
windows. The Primary Display has full hardware DirectX Graphics acceleration, and it is also
the only display that can run DirectX applications in full-screen mode.
Configuring Multiple Monitors
A monitor must meet the following criteria to be used as a secondary monitor. It must be a PCI
or AGP device, be able to run in graphical user interface (GUI) mode without using VGA
resources, and have a Windows XP Professional driver that enables it to be a secondary display. For more information about monitors that can be used as secondary monitors, see the
Windows Catalog at http://www.microsoft.com/windows/catalog.
Note
To use multiple monitors, a working monitor capable of VGA graphics must be connected to each installed display adapter.
In a multiple monitor environment, only one graphics device can be VGA compatible. This is
a limitation of computer hardware that requires that only one device respond to any hardware
address. Because the VGA hardware compatibility standard requires specific hardware
Chapter 9:
Managing Devices
379
addresses, only one VGA graphics device can be present in a computer, and only this device
can physically respond to VGA addresses. Thus, applications that require a full-screen view
will run only on the particular device that supports VGA hardware compatibility.
If you have an on-board display device, it must be used as the VGA device. Some computers
cannot activate the onboard display when a VGA-capable PCI display device is present. In this
case, disable the on-board hardware VGA for the secondary devices so that the onboard
device runs a POST routine.
To add a second monitor to your computer
1. Verify that your primary display adapter works properly.
2. Plug in the second monitor.
Windows XP Professional detects and installs the new monitor.
3. In the Display Properties dialog box, click the Settings tab.
Icons for both monitors display in the dialog box.
4. Click the icon for the new monitor, labeled 2.
5. Select Extend my Windows desktop to this monitor, and then click OK.
6. To adjust the color depth on the new monitor, use the Color Quality drop-down list
box. To adjust the resolution, use the Screen Resolution slider.
7. Verify that the on-screen arrangement of the monitors matches the physical configuration of your monitors. This can be changed by dragging the icon of the monitor to the
location on the screen that corresponds to the location of the monitor on your desk.
Multiple Monitors and DirectX
Only the primary monitor in a multiple monitor configuration can accelerate DirectX Graphics
functions that use the full capabilities of the monitor. Additionally, only the primary monitor
can run DirectX applications in full-screen mode. For this reason, you need to make sure that
the monitor with the best DirectX Graphics performance and features is the primary monitor.
To set the primary monitor in a multiple monitor configuration
1. Right-click the desktop, and then click Properties.
2. In the Display Properties dialog box, click the Settings tab.
3. On the Settings tab, select Use this monitor as the primary display.
4. Click OK.
380
Part II:
Desktop Management
Using Multiple Monitors with Portable Computers
Dualview, another feature of Windows XP Professional, allows both portable and desktop
computers to display independent output on the onboard display and an external monitor.
Dualview is very similar to the multiple monitor feature, except that you cannot select the primary display. The portable computer display must be used as the VGA device.
Dualview requires that the display adapter provide dual outputs. The external VGA port on
the portable computer provides the second monitor connection. Dualview can be used with
docked or undocked portable computers. The display driver for the adapter must support
this feature, so it is not available in all computers.
Windows XP Professional does not support hot undocking of portable computers that have
an active multiple monitor configuration. To hot undock a portable computer, set up a nonmultiple monitor hardware profile and log on again using that profile. You can also open
Display in Control Panel to detach the secondary display before undocking.
Configuring Communications Resources
A communications resource is a physical or logical device that provides a single, asynchronous data stream. Communications ports, printer ports, and modems are examples of communications resources.
Two types of communications resources appear as ports in Device Manager:
■
■
Communications ports These ports, also called COM ports, serial ports, or RS-232
COM ports, connect RS-232-compatible serial devices, such as modems and pointing
devices, to the computer. Several types of communications ports might be listed in
Device Manager:
❑
Serial ports. Ports, also known as RS-232 COM ports, to which external serial
devices can be attached. Typically these ports require a 9- or 25-pin plug. Serial
ports designed for Windows XP Professional use the 16550A buffered UART,
which has a 16-byte FIFO that gives the CPU more time to serve other processes
and that can serve multiple characters in a single interrupt routine.
❑
Internal modem adapters. Internal modems are modems that are constructed on
an expansion card to be installed in an expansion slot inside a computer.
Printer ports These ports, also known as LPT ports or parallel ports, connect parallel
devices, such as printers, to the computer. For more information about configuring
printer ports, see Chapter 11, “Enabling Printing and Faxing.”
Note
If Windows XP Professional does not detect an internal modem, the modem must be
installed and configured by using the Modems option in Control Panel.
Chapter 9:
Managing Devices
381
When you install a communications device, Windows XP Professional assigns COM names to
communication ports, internal modem adapters, and PC Card modem cards according to
their base I/O port addresses as shown in the following list:
■
COM1 at address 3F8
■
COM2 at address 2F8
■
COM3 at address 3E8
■
COM4 at address 2E8
If a device has a nonstandard base address or if all four standard ports are assigned to devices,
Windows XP Professional assigns the modem to COM5 or higher. Some 16-bit Microsoft®
Windows® version 3.1–based applications might not be able to access ports higher than
COM4. Thus, when using the System option in Control Panel, you must adjust the base
address in Device Manager or delete other devices to free a COM port at a lower address.
Also, if some devices installed on a computer are not Plug and Play, you might need to change
resource settings for their communications ports. You can change communications port settings by using Device Manager, as described in “Device Installation” earlier in this chapter.
Tip For future reference, it is recommended that you record the settings that appear on the
Resources sheet for each communications port.
Configuring Scanners and Cameras
Configuration of scanners and cameras is completed during setup. Standard or default settings are applied when you run Setup, but you can change many of these settings by opening
the Scanners and Cameras Properties dialog box in Control Panel.
Ports
For serial devices, to view the port being used by the scanner or camera, go to the Port Settings
tab in the Scanners and Cameras Properties dialog box in Control Panel. On the Port Settings
tab, you can configure the baud rate—faster to speed image transfer or slower to accommodate
hardware limitations.
Warning Do not set the baud rate higher than the fastest speed supported by the hardware, or the image transfer will fail.
382
Part II:
Desktop Management
Image Color Management
The standard color profile is sRGB for Image Color Management (ICM 2.0) on the World
Wide Web, in Microsoft® Windows®, Microsoft® Office, and similar display environments.
However, you can add, remove, or select an alternate color profile for a device. In Control
Panel, open the Scanners and Cameras Properties dialog box, and then use the Color
Management tab.
IrTran-P
Infrared Picture Transfer (IrTran-P) is an image transfer protocol that sends images to
Windows XP Professional by using infrared technology. On a camera that supports IrTran-P,
when you press the Send button, the camera sends its stored images to Windows XP Professional. The IrTran-P server in Windows XP Professional then detects the connection the camera
is attempting to establish, begins a session, accepts the images, and stores them in the My
Pictures folder.
To use IrTran-P, you need an imaging device, typically a camera that can produce infrared
transmissions, and a computer that can receive infrared transmissions. Most IrTran-P devices
are Plug and Play and do not need any special configuration.
Pushbutton Scanning
Pushbutton scanning allows a scanner to associate a particular application with the push button on the scanner, and it is typically configured during device installation. However, you
might need to associate an application with a scanner button if this is not done automatically.
In Control Panel, open the Scanners and Cameras Properties dialog box, and then use the
Events tab to configure the button events for a scanner.
Power Management
Windows XP Professional offers enhanced power-management features for desktop and
mobile computers. The operating system supports the Advanced Configuration and Power
Interface (ACPI) specification, which provides reliable power management and system
configuration.
On an ACPI-compliant system, Windows XP Professional manages, directs, and coordinates
power so that the system is instantly accessible to users when needed but consumes the least
possible power when not actively working. In earlier power management architectures such as
APM, the BIOS controlled the power state of system devices without coordinating with the
operating system.
By contrast, devices and applications designed in compliance with the ACPI specification
work with the operating system to respond to or request a change in the system power state.
Chapter 9:
Managing Devices
383
For example, an active application or input from a device, such as a mouse, indicates to the
operating system that the computer or device is in use. The operating system’s power policy
manager then allocates full power to the system. Otherwise, the operating system attempts to
put the computer into a lower power or sleep state. For example, a fax modem can operate
while the system is in a low-power state, consuming little energy until the phone rings, at
which time the system returns to full power to receive a fax. It then transitions back into a lowpower state when the system is no longer needed.
For more information about power management, ACPI, and Advanced Power Management
(APM), see Chapter 7, “Supporting Mobile Users.”
Power Management Features
Windows XP Professional supports power management features based on ACPI and the
OnNow design initiative. The operating system also provides more limited power management support for systems based on the older APM specification. Windows XP Professional
includes the following power management features:
■
Improved boot and resume performance Reduced startup times mean the computer
is ready for use quickly when powering up from a low-power state; reduced shutdown
times allow the computer to quickly enter a low-power state.
■
Wake-on support The computer is in a low-power state when not in use, but it can
still respond to wake-up events, such as a phone call or a network request.
■
Improved power efficiency Features that improve power efficiency, especially for portable computers, include native support for processor performance control technologies, LCD dimming when on battery power, and turning off the laptop display panel
when the lid is closed.
■
Power management features in applications Applications designed to use power
management features in Windows tell the operating system what not to put into sleep
mode. For example, presentation software, which might be displaying a screen but not
actively processing, can tell the operating system not to put the monitor into a sleep
state.
■
Power policy ownership for individual devices All devices designed to use power
management features in Windows can participate in power management. When they are
not in use, they can request that the operating system put them into a low-power state to
conserve power.
■
User interface for setting power preferences In Control Panel, Power Options provide an interface through which a user can set preferences by choosing or creating
power schemes, specifying battery usage options, and setting low-power alarms. If an
Uninterruptible Power Supply (UPS) is present, Power Options can also manage the UPS.
384
Part II:
Desktop Management
■
Decreased thermal output Power reduction for unused devices results in decreased
thermal output, which can prolong the life of hardware components.
■
Decreased noise When the computer is in a low-power state, power can be reduced
sufficiently to cause cooling fans to turn off, thereby decreasing noise.
Caution
Devices or applications that are not ACPI-compliant might prevent the operating
system from putting the system into a low-power state, such as standby or hibernation. Noncompliant applications or devices might cause data loss or other failures if the computer wakes
up and the application or device is not properly designed to handle a change in the system
power state.
Power Policy Overview
The goal of power management is to conserve power while the computer is working and to
put the computer into low-power states when it is not working. The power policy manager, in
conjunction with applications and devices, implements the decisions that determine how to
save energy and when to put the computer into a low-power state. Power policies are based on
user preferences, the requirements of applications, and the capabilities of the system hardware. The implementation of power policy is distributed throughout the system, with system
components acting as policy owners for the various devices. For example, the operating
system is the policy owner responsible for determining when the computer goes into a lowpower state, the level of power reduction, and how to operate the processor to reduce power
consumption.
Each device in the computer has a power policy owner, which is the component that manages
power for that device. Each policy owner works in conjunction with the operating system’s
policy for putting the computer into low-power states.
Device drivers carry out power policy—controlling devices so that when power consumption
or capabilities change for each specific device, these changes are shared among the drivers in
the stack. Device-specific drivers save and restore device settings across transitions to and
from low-power states. When a device power policy owner detects conditions that permit or
require a change in the power state of a device, it sends a request to the power policy manager
in the operating system to put the device into the desired state. For example, if a network
cable is unplugged, the network device driver can notify the operating system that the network adapter does not need full power and can be put into a lower power state until the network cable is plugged back in.
Another instance of the use of power management is Wake on LAN. As a network administrator, you can send information over the network to run an application or configure a system
remotely. A remote system in a low-power state powers up when it receives the LAN request,
accepts the information, and then returns to a low-power state when the task is complete.
Chapter 9:
Managing Devices
385
Using the Power Management Interface
In Windows XP Professional, you can use Power Options in Control Panel to configure and
monitor power management features and set power management options called power
schemes. You can configure optional features, such as support for hibernation, and you can
monitor the status of power components, such as the remaining power in your laptop battery.
If your system has an Uninterruptible Power Supply (UPS), you can configure and view
details of the UPS.
For more information about configuring power schemes for your desktop computer or power
management for portable computers, see Chapter 7, “Supporting Mobile Users.” For procedural information about using the Power Options Properties dialog box to configure power
options, see “Power Options” in Windows XP Professional Help and Support Center.
For ways to troubleshoot power management see Appendix C, “Tools for Troubleshooting.”
Hardware Troubleshooting
Any device installed in your system can cause startup and stability problems. Thus, it is important
to become familiar with common issues so that you can diagnose and troubleshoot hardware.
This compilation of troubleshooting examples can help you resolve common hardware problems
by using Windows XP Professional features such as Device Manager. Checklists of troubleshooting suggestions included in this section might also provide solutions to hardware problems.
Troubleshooting Hardware by Using Device Manager
The list of devices shown in Device Manager can provide valuable information about hardware problems you might encounter. For example, devices that have resource conflicts or
other problems are marked with a yellow exclamation point. You can fix problems with device
drivers by updating or uninstalling the driver from Device Manager. You can view a device’s
properties and system resources to establish where a conflict originates. You can disable a
device by using Device Manager to see which device might be causing a problem.
When there is a problem with a device, Device Manager provides an error code on the device’s
properties page. For a list of Device Manager error codes and suggested solutions, see
Microsoft Knowledge Base article 310123, “Explanation of error codes generated by Device
Manager,” found at http://support.microsoft.com/kb/310123.
For more information about Device Manager, see “Device Manager” earlier in this chapter.
386
Part II:
Desktop Management
Troubleshooting Network and Other Internal Adapters
Typically, installation of new internal devices in Windows XP Professional proceeds smoothly.
If a problem occurs, Table 9-5 can help you identify the cause and find a solution.
Table 9-5
Suggestions for Troubleshooting Network and Other Internal Adapters
Suggestion
Course of Action
Check the Windows
Catalog.
Verify that the device is listed in the Windows Catalog and then check
Windows Update for newer Windows XP Professional drivers. For
unsupported devices, consult the manufacturer’s Web site for Windows XP
Professional updates.
Update device drivers.
Check Windows Update to determine whether updated drivers are
available. If your device driver is not listed on Windows Update, check the
manufacturer’s Web site. If you cannot restart the computer after installing
new drivers, see Chapter 29, “Troubleshooting the Startup Process.”
Upgrade the adapter’s
firmware.
Upgrade the computer’s firmware to the latest revision. Certain types of
network cards, such as combination modem and network cards for
portable computers and Preboot Execution Environment (PXE) adapters
used for Remote Installation Services (RIS) might require BIOS updates to
take full advantage of advanced features.
Note: To start from a PXE device into a Windows 2000 Professional or
Windows XP Professional RIS enabled network, the system firmware boot
order option must be set so that the network adapter is the first device on
the list. Typically, the floppy disk or CD-ROM is the first device, with the
network adapter set as one of the last options.
Upgrade the adapter’s firmware to the newest version. This could improve
the adapter’s stability and compatibility.
Upgrade the
computer’s firmware.
For a discussion about keeping motherboard firmware revisions current,
see Chapter 27, “Understanding Troubleshooting.”
Verify that ISA devices
operate in Plug and
Play mode.
For ISA devices, verify that they are operating in Plug and Play mode. For
non–Plug and Play devices, choose resource settings that do not conflict
with existing settings for other devices.
Replace or move the
adapter.
Replace the adapter with an identical adapter type. If problems disappear,
this indicates a hardware problem with the first device.
You can also try physically moving the adapter to another slot. Some
motherboards assign resources based on slot position, and relocating a
device from one slot to another might resolve hardware conflicts. Manuals
for some PCI network adapters strongly advise that you use a “master” slot
whenever possible to avoid problems on x86-based systems. Refer to your
computer’s documentation for the location of these master PCI slots. If
you are experienced with hardware, some x86-based motherboards have
a firmware option that allows you to assign IRQ resources manually.
Chapter 9:
Table 9-5
Managing Devices
387
Sug