This content was uploaded by our users and we assume good faith they have the permission to share this book. If you own the copyright to this book and it is wrongfully on our website, we offer a simple DMCA procedure to remove your content from our site. Start by pressing the button below!
All rights reserved. No part of this book shall be reproduced, stored in a retrieval system, or transmitted by any means, electronic, mechanical, photocopying, recording, or otherwise, without written permission from the publisher. No patent liability is assumed with respect to the use of the information contained herein. Although every precaution has been taken in the preparation of this book, the publisher and author assume no responsibility for errors or omissions. Nor is any liability assumed for damages resulting from the use of the information contained herein.
Associate Publisher Greg Wiegand
International Standard Book Number: 0-7897-2858-3
Managing Editor Charlotte Clapp
Library of Congress Catalog Card Number: 2002110538 Printed in the United States of America First Printing: April 2003 06
05
04
03
4
3
2
1
Trademarks All terms mentioned in this book that are known to be trademarks or service marks have been appropriately capitalized. Que cannot attest to the accuracy of this information. Use of a term in this book should not be regarded as affecting the validity of any trademark or service mark.
Executive Editor Rick Kughen Acquisitions Editor Rick Kughen Development Editor Todd Brakke
Project Editors Carol Bowers Sheila Schroeder Elizabeth Finney Copy Editor Lisa M. Lord Indexer Rebecca Salerno Proofreader Jessica McCarty
Windows XP is a registered trademark of Microsoft Corporation.
Technical Editor Brian Fulk
Warning and Disclaimer
Team Coordinator Sharry Lee Gregory
Every effort has been made to make this book as complete and as accurate as possible, but no warranty or fitness is implied.The information provided is on an “as is” basis.The authors and the publisher shall have neither liability nor responsibility to any person or entity with respect to any loss or damages arising from the information contained in this book or from the use of the CD or programs accompanying it.
Multimedia Developer Dan Scherf Interior Designer Anne Jones Cover Designer Anne Jones
Contents At a Glance Introduction 1 I Windows XP Overview 1 Introducing Windows XP 7 2 Common Windows XP Administrative Utilities 25 3 The Windows XP Layout 47 II Nuts and Bolts of Windows XP 4 Windows XP and Hardware 77 5 Keeping Windows XP Current 99 6 Windows XP Installation and Upgrade Secrets 119 7 Booting Windows XP 129 8 Windows XP Control Panel Utilities 151 9 Introducing the Windows XP Registry 179 10 Editing the Windows XP Registry 199 11 Important Registry Keys and Values 229 III Networking Windows XP 12 Windows XP Networking Explored and Explained 249 13 Windows XP Networking Models 261 14 Windows XP and TCP/IP 273 15 Windows XP and Legacy Protocols 307 16 Windows XP Meets Unix 331 17 Remote Access 353 18 Windows XP and Terminal Services 393
IV Managing Your Windows XP System(s) 19 Windows XP and Storage 413 20 Windows XP Backup and More 437 21 Scripting and Automation 457 22 Tuning and Optimizing Windows XP 485 23 Managing Applications 509 24 Printing with Windows XP 543 25 Managing System Security 565 26 Managing System Recovery 599 V Windows XP Goes Online: Internet or Intranet Access 27 Windows XP as a Web Client 621 28 Windows XP as an E-mail Client 643 29 Internet Services from Windows XP Professional 669 30 Sharing an Internet Connection 685 31 Maintaining Internet Security 695 VI Appendixes A Windows XP Information Resources, Online and Off 709 B Key Windows XP Utilities: Native, Resource Kit, and Downloads 719 C Windows XP Command-Line Reference 737 D Windows XP Performance Monitor Objects and Counters 789 E Windows XP Keyboard Commands and Shortcuts 819 F CD-ROM Contents 833 Index 837
Table of Contents Introduction
1
I Windows XP Overview 1 Introducing Windows XP
7
Windows XP History and Description 7 Birth of Network Operating Systems 7 Windows NT 9 Windows 2000 10 Windows XP 11 Windows XP Architecture 12 Kernel Mode 13 User Mode 19 Differences Between Windows XP Professional, XP Home Edition, and XP 64-bit Edition 21 The Many Advantages of Windows XP 23 Upgrading to Windows XP 23 For More Information 24
2 Common Windows XP Administrative Utilities 25 What Administration Really Means 25 Administering a Windows XP System 26 The Control Panel and Administrative Tools 26 The Microsoft Management Console:Where Management Begins 29 Computer Management 31 Event Viewer 32 Shared Folders 34 Local Users and Groups 35 Performance Logs and Alerts 37 Disk Management 39 Services 40 System Information 42 Backup 43
Third-Party Administrative Utilities 45 For More Information 46
3 The Windows XP Layout
47
Windows XP Directory Structures 47 System Partition 48 Boot Partition 49 Key Windows XP Executables 55 Main Windows Root Folder 55 Windows\System32 56 The Windows XP Distribution CD 71 Living with Service Packs and Hotfixes 71 For More Information 72
II Nuts and Bolts of Windows XP 4 Windows XP and Hardware
77
Plug and Play in Windows XP 77 Universal Plug and Play 79 Documenting a Current Hardware Configuration 80 Planning to Add New Hardware 82 Checking Minimum Requirements and Recommendations 84 Working with Video Devices 86 Working with Audio Devices 88 Working with Storage Devices 89 Working with Common Peripherals and New Interfaces 89 Windows XP on a Laptop 93 Multiple CPUs and Windows XP 94 Troubleshooting Hardware Problems on Windows XP 94 Third-Party Hardware Troubleshooting Utilities 96 For More Information 97
5 Keeping Windows XP Current
99
What Happens When You Install a Program? 99 Building Windows XP Systems with Room to Grow 102
Contents
Windows Update 105 The Automatic Updates Tab of System Properties 106 Controlling Access to Windows Update 109 Living with Service Packs and Hotfixes 110 The Joys of Slipstreaming 111 Keeping Up with Changing Hardware, Software, and More 112 Advanced Device Driver, DLL, and System File Management 113 Device Driver Management 113 The Driver Signing Options Dialog Box 114 Windows File Protection 117 For More Information 117
6 Windows XP Installation and Upgrade Secrets 119 Maintaining User Profiles and Configurations 119 Windows Activation 122 Dos and Don’ts of Upgrading 123 Performing a Smooth Migration 125 Automating Windows XP Installation 125 Troubleshooting Installations 126 Windows Crashes During Installation 126 My Existing OS Won’t Recognize the CD-ROM Drive 127 Windows XP Fails to Boot After Installation 127 For More Information 128
7 Booting Windows XP
129
System and Boot Partitions 129 The Windows XP Boot Sequence 130 Power On Self Test (POST) 131 Initializing the System 132 Booting the System 133 Detecting the Hardware 139
ix
x
Contents
Kernel Loading and Initialization 139 Logging in to the System 139 Building Boot Disks 139 Boot Disk Requirements 140 Creating the Boot Disk 140 Advanced Options Menu 141 Multi-Boot System Implementation 142 Troubleshooting Boot Problems 143 Ntldr Boot Errors 143 Ntdetect.com Boot Errors 144 Ntoskrnl.exe Boot Errors 144 Bootsect.dos Boot Errors 144 Boot.ini Errors 145 Third-Party Troubleshooting Tools 145 Turn Off, Restart, Hibernate, Standby 146 Logging Off and Fast User Switching 148 For More Information 149
8 Windows XP Control Panel Utilities The History of the Registry 151 A New Way to View Control Panel 152 The Control Panel Applets 156 Accessibility Options 156 Add Hardware 157 Add or Remove Programs 158 Administrative Tools 160 Date and Time 161 Display 162 Folder Options 163 Fonts 164 Game Controllers 164 Internet Options 164 Keyboard 164 Mouse 165 Network Connections 165 Phone and Modem Options 165 Power Options 165
151
Contents
Printers and Faxes 166 Regional and Language Options 166 Scanners and Cameras 166 Scheduled Tasks 166 Sounds and Audio Devices 167 Speech 167 System 167 Taskbar and Start Menu 175 User Accounts 177 For More Information 178
9 Introducing the Windows XP Registry
179
Registry Overview 179 Registry Differences 181 Windows XP Registry Hives 182 HKEY_LOCAL_MACHINE 183 HKEY_USERS 184 HKEY_CURRENT_CONFIG 184 HKEY_CLASSES_ROOT 184 HKEY_CURRENT_USER 185 Windows XP Registry Files and Structures 185 HKEY_LOCAL_MACHINE 185 Security Information in the Registry 192 Securing the Computer 192 Alternative Ways to Secure the Registry 194 How Programs Interact with the Registry 195 Group Policies 196 For More Information 198
10 Editing the Windows XP Registry
199
Backing Up the Registry 200 Editing the Registry 201 File: Import and Export 202 File: Load Hive and Unload Hive 202 File: Connect Network Registry and Disconnect Network Registry 202 Edit: New 203 Edit: Permissions 203
xi
xii
Contents
Working with Existing Keys and Values 203 The HKEY_CLASSES_ROOT Key 203 The HKEY_CURRENT_CONFIG Key 204 The HKEY_USERS Key 204 The HKEY_CURRENT_USER Key 204 The HKEY_LOCAL_MACHINE Key 204 Data Formats of the Registry 206 Binary or REG_BINARY 206 DWORD or REG_DWORD 206 Multi-String or REG_MULTI_SZ 207 Expandable String or REG_EXPAND_SZ 207 String or REG_SZ 207 Importing and Exporting Registry Data 208 Importing Registry Files 208 Exporting Registry Files 208 Avoiding Registry Problems 209 Last Known Good Configuration 209 Registry Security 210 Troubleshooting the Registry 210 Uninstalling Applications 211 Third-Party Registry Editing and Management Utilities 212 REG 213 REGINI.EXE 217 REGFIND.EXE 221 REGBACK.EXE 222 REGDMP.EXE 224 COMPREG.EXE 224 REGREST.EXE 225 RegMon 226 For More Information 226
11 Important Registry Keys and Values
229
Basic Console Operations 229 Windows XP Logon and Logoff Controls 231 Windows XP Shell 235 Mouse and Keyboard Settings 238 Device Keys and Controls 238
Contents
Important Registry Miscellany 239 Windows XP Filename Completion 240 Restore an Explorer-Like Task Manager 240 Remove Nag Prompt for File Location 240 Disable Source Routing 240 Disable 8.3 Name Creation in NTFS 240 Ghosted Connections 241 Manage the Mapped Network Drive DropDown List 241 Move Shares from One Windows XP Server to Another 241 Change the Default Spool Folder 241 Prevent Printer Popups and Event Logging 242 Activate a Screensaver from an Icon 242 Control Which Errors Pop Up in Windows XP 242 Create Separate Processes for the Desktop, the Taskbar, and Windows XP Explorer 243 Prevent Windows XP from Running an Unknown Job at Logon 243 Connect to Microsoft’s FTP Site as a Drive 244 Shareware and Freeware Tools 244 Hyena 244 HideIT! 245 WinInfo 245 For More Information 245
III Networking Windows XP 12 Windows XP Networking Explored and Explained 249 The Redirector 249 The Workstation Service 250 The Server Service 251 Protocol Stacks 252 Multiple Universal Naming Convention Provider 254 Multi-Protocol Router 255
xiii
xiv
Contents
Administrative Shares 255 Protocols and Network Bindings 256 Binding Optimization 257 Changing the Binding Order 258 For More Information 259
13 Windows XP Networking Models
261
Workgroup Networks 261 Domain-Based Networks 263 Understanding Groups 264 Administrators 266 Backup Operators 266 Guests 266 HelpServicesGroup 267 Network Configuration Operators 267 Remote Desktop Users 267 Power Users 267 Replicator 267 Users 267 Understanding the Security ID 267 Troubleshooting Techniques for Networks 268 IP Address Connection Works, but Name Resolution Fails 268 TCP/IP Connection to Remote Host Hangs 269 NET Commands 270 For More Information 271
14 Windows XP and TCP/IP
273
TCP/IP Explored and Explained 274 Understanding IP Addressing, Subnet Masks, and Domain Names 277 IP Address Classes 278 IP Subnets and Subnet Masks 280 IP Addresses on Your Network 283 Working with Network Address Translation (NAT) 283
Contents
Routers, Proxies, and Firewalls 284 Static and Dynamic Routers 285 Proxies and Firewalls 286 DNS,WINS, Active Directory, and Other IP Matters 287 Fully Qualified Domain Names (FQDNs) and DNS 288 NetBIOS Names and WINS 289 Static Name Resolution Techniques 291 Using the Dynamic Host Configuration Protocol (DHCP) 291 Installing and Configuring TCP/IP 294 IP Settings 294 DNS 295 WINS 296 Options 297 Managing Internet Connections 297 Creating and Managing a Dial-Up Connection 298 Creating and Managing an Always-On Connection 298 Managing IP Information Services 299 Managing IP-Based E-mail 299 Managing Your Web Browser 300 Serving the Web from Windows XP Professional 301 FTP Utilities 301 Troubleshooting IP 302 The IP Connectivity Drill 303 For More Information 305
15 Windows XP and Legacy Protocols NetBEUI and Windows XP 307 NetBIOS Versus NetBEUI 308 When to Use NetBEUI 309 Managing NetBEUI 311 Mixing and Matching Protocols 312
307
xv
xvi
Contents
Keeping NetBEUI Secure 312 Troubleshooting NetBEUI 312 Performance Monitoring and NetBEUI 313 Integrating Windows XP with Older Versions of NetWare 314 What Is the NWLink Protocol? 314 Installing NWLink 315 CSNW Versus GSNW 316 Microsoft Clients Versus Novell Clients 322 Windows Services for NetWare Version 5 324 File Migration Utility (FMU) 324 Microsoft Directory Synchronization Services (MSDSS) 325 File and Print Services for NetWare (FPNW) 325 The Realities of Integrating NetWare and Windows 2000 325 Dealing with Duplicate Names 326 Dealing with Supervisor Rights 326 Dealing with File Migration 326 Best Practices for Migration 328 Mechanics of NDS Versus Active Directory 328 Troubleshooting NetWare-to-Windows XP Connections (and Vice Versa) 329 Performance Tuning When Using Multiple Protocols 329 For More Information 330
16 Windows XP Meets Unix
331
Windows XP Strengths and Weaknesses 331 Unix Strengths and Weaknesses 334 Hybrid Environments 335 The OSI Model 336 IEEE 802 Networking Specifications 336 Name Resolution 338 DHCP 340
Contents
Windows 2000 Server and Unix Integration 341 The Realities of Integrating Unix and Windows 2000 342 Microsoft Windows 2000 Services for Unix 342 Server Message Block (SMB) 343 Common Internet File System (CIFS) 343 Samba 344 Other SMB/CIFS Implementations 344 Unix File Services Running on Windows XP 345 The Domain Name System 346 Unix DNS 348 Windows 2000 Server DDNS 349 Troubleshooting Windows XP-to-Unix Connections (and Vice Versa) 350 For More Information 352
17 Remote Access
353
Connecting to Remote Systems 353 Working with Modems, ISDN, Cable Modems, and More 354 Working with Analog Modems 355 WinModems 356 Using Unsupported Modems with Windows XP 357 Working with ISDN 360 Setting Up ISDN 362 Troubleshooting Remote Access Problems with Modems 365 Using HyperTerminal to Test Modem Connections 366 Special Information for Business Users 368 Working with Cable Modems 368 DSL and ADSL 369 Looking to the Future: Satellite Technology 371 The Dark Horse Entry:Wireless 372
xvii
xviii
Contents
Broadband:Which One Should You Choose? 373 Security Issues for Always-On Connections 373 Connecting Broadband to Your Computer 374 Troubleshooting Broadband Connections 376 Remote Access Versus Remote Control 377 Remote Desktop 379 Remote Assistance 382 Problems with Remote Assistance 385 Working Across Virtual Private Networks 385 Point-to-Point Tunneling Protocol (PPTP) 385 Layer 2 Tunneling Protocol (L2TP) 386 Which VPN Protocol Should You Use? 387 Tools for Diagnosing VPN Problems 388 Third-Party DUN, RAS, and VPN Utilities and Hardware 389 For More Information 390
18 Windows XP and Terminal Services
393
Terminal Services History and Overview 393 What Is Terminal Services Good For? 395 Terminal Services Advantages and Disadvantages 396 Working with Terminal Services 398 Terminal Services in Application Mode 398 Terminal Services in Remote Administration Mode 399 Using Windows XP as a Terminal Services Client 399 Using the Remote Desktop Connection Client 400 Remote Desktop Client Configuration Options 402 Setting Up Windows XP as a Remote Management Workstation 406 Troubleshooting Terminal Services 408 Third-Party Terminal Services and Related Utilities 409 For More Information 410
Contents
IV Managing Your Windows XP System(s) 19 Windows XP and Storage
413
FAT and NTFS 413 Installing, Configuring, and Partitioning Disks 415 Basic and Dynamic Disks 416 File Management Utilities 418 Disk Quotas 420 Data Management 421 Cleaning Up Files and Folders 421 Compressing Files and Folders 422 Defragmenting Disks 423 Repairing, Replacing, or Moving Data 425 Working with Removable Media 425 Encrypting File System (EFS) 428 Encrypting Files and Folders 429 Recovery Agents 432 Third-Party Storage Management Utilities 433 Troubleshooting Disk Drives/Storage Subsystems 433 For More Information 435
20 Windows XP Backup and More
437
The Windows XP Built-in Backup Utility 437 Backup Options 439 Backing Up Data 442 Restoring Data 442 Other Backup Alternatives 443 Iomega Zip Drives and the Like 443 Iomega Jaz Drives and Similar Products 443 CD-Recordable (CD-R) 444 CD-Rewritable (CD-RW) 444 DVD-Recordable 444 Duplicate Drives 444 Choosing an Appropriate Backup Device 445 Backup Space 445 Backup Window 446
xix
xx
Contents
Downtime 447 Affordability 447 Rules for Backing Up 448 Temporary Files 448 The Page File 448 Managing Backup Media 449 Son 449 Father-Son 450 Grandfather-Father-Son 451 Benefits of Offsite Storage 452 Third-Party Backup Tools and Utilities 452 Ultrabac 453 ARCserve 2000 453 Backup Exec 453 Networker 454 Tivoli Storage Manager (TSM) 454 Other Backup Tools and Utilities 454 Troubleshooting Backup Problems 455 Hardware Problems 455 Software Configuration 456 Permissions 456 For More Information 456
21 Scripting and Automation
457
The Computer Can Take Care of Itself 457 Windows Batch Files and Commands 458 Windows Script Host 462 Working with CScript 463 Working with WScript 464 Working with the WSH 464 AT and the Scheduled Tasks Service 468 AT 468 The Scheduled Tasks Applet 470 SCHTASKS 473 Scripting and Automation Scenarios 475 Adding a Shortcut to a User’s Desktop 475 Modifying the Registry 475
Contents
Windows Remote Installation Service (RIS) 476 Troubleshooting Scripting and Automation 478 Troubleshooting Problems with Scripts 479 Troubleshooting Problems with the Scheduled Tasks Applet 479 Third-Party Scripting and Automation Alternatives 481 Arcana Scheduler 481 Macro Scheduler 481 OpalisRobot 481 Opalis JobEngine 482 ScriptLogic 482 Perl 482 Python 482 For More Information 482
22 Tuning and Optimizing Windows XP Establishing a Baseline 485 Working with System Monitor 487 Graph View 488 The Report View 490 Histogram 491 The Alerts Container 491 Counter and Trace Logs 492 Trace Logs 494 Characterizing System Performance 494 Key Objects and Counters 495 Memory Object 496 Processor Object 498 Disk Objects 499 Network Objects 500 Identifying Bottlenecks 501 Troubleshooting System Monitor Problems 502 Process Time Starvation 502 Process and Thread IDs 502 Zero Measurements and Logging 502 Resource Kit Performance Tools 503
485
xxi
xxii
Contents
Other Windows XP Performance Tools 503 Task Manager 504 Windows XP System Information 504 Virtual Memory Management 505 Third-Party Performance Monitoring Tools 505 Monitoring Tools 507 Third-Party Network Monitoring Tools 508 For More Information 508
23 Managing Applications
509
Understanding Foreground Priority 509 Managing Application Priority 511 Using the Run and Run As Commands 513 Using the Run Command to the Max 514 Using the Run As Command 516 Environment Subsystems 517 Win32 517 VDMs 518 Win16 (WOW) 525 Making the Most of Virtual Memory 526 The Virtual Memory Manager 527 Optimizing the Page File 527 Using Compatibility Mode 533 Using the Program Compatibility Wizard 534 Configuring Program Compatibility Manually 536 The Application Compatibility Toolkit 537 Third-Party Application Management Tools 537 Troubleshooting Application Difficulties 537 MS-DOS Applications 538 General Applications 538 Using DualView to Display the Desktop Across Two Monitors 539 For More Information 542
Contents
24 Printing with Windows XP
543
The Windows XP Print Architecture 543 Adding Printers 548 Locally Attached Printers 548 Plug and Play Printers 550 Network-Shared Printers 550 Network-Attached Printers 552 Updating Print Drivers and Determining Who Needs Them 556 Printer Pooling 556 Managing Printer Users, Queues, and Priorities 557 Server Management 557 Print Job Management 558 Web-Based Print Management 560 Third-Party Print Management Tools 560 Troubleshooting Printing Problems 561 For More Information 563
25 Managing System Security
565
Windows XP Security Components 565 Windows 2000 Security Overview 567 The Windows XP Security Model 567 Certificate Services 570 Encrypting File System (EFS) 571 TCP/IP Security Enhancements 573 Using Policies to Manage Windows XP Security 574 Establishing a Windows XP Security Regimen 576 Managing Users and Groups 576 Establishing Secure Account Controls 577 Avoiding Internal Attacks 580 Applying Service Packs and Hotfixes 582 Securing Well-Known Windows XP Vulnerabilities 585 Auditing as a Security Tool 587
xxiii
xxiv
Contents
Security Is a Way of Life 589 Exposure to Theft 590 Raising Users’ Security Consciousness 590 Viruses Threaten Security,Too 591 Interesting Security Tools 592 Security Tweaks for ACLs, Events, and the Registry 592 Resource Kit Nonpareils 593 Security Scanners 594 For More Information 595
26 Managing System Recovery
599
Some Preventive Techniques 600 Repairing a Damaged Windows XP System 601 Common Recovery Tools 603 Boot Options 608 Preparation for Recovery 610 Working with the Recovery Console 611 Using IntelliMirror 613 User Data Management 614 Software Management 615 User Settings and Desktop Environment Management 616 Remote Installation Services 616 Third-Party System Recovery Tools 618 For More Information 618
V Windows XP Goes Online: Internet or Intranet Access 27 Windows XP as a Web Client Types of Internet Access 621 Dial-Up Connection 621 DSL 622 Cable 623 Selecting an ISP 623
621
Contents
Equipment to Use 623 Modem Installation 624 Using the New Connection Wizard 624 Internet Explorer 6.x 627 Customizing the Toolbar 628 Selecting Your Options 628 Exploring Other Browsers (Netscape, Opera) 632 Exploring Netscape 633 Exploring Opera 633 Working Outside the Web with E-mail, Newsgroups, and FTP 633 Using E-mail Programs 633 Using Newsgroups 635 File Transfer Protocol 637 The Internet Explorer Administration Kit (IEAK) 638 Troubleshooting Internet or Intranet Access Problems 639 Verify Your Network Connection 639 Check the Hardware 640 Check the Configuration 640 Check the Network 641 Don’t Forget the Modem 641 For More Information 641
28 Windows XP as an E-mail Client Outlook Express and Outlook 2002 643 Outlook Express 644 Outlook 2002 646 Configuring E-mail Access 647 Multiuser Support 648 Address Books 648 Directory Services 649 Customizing and Configuring Your Messages 650
643
xxv
xxvi
Contents
Managing and Searching E-mail Folders 651 Encryption 652 Searching E-mail Folders in Outlook Express 652 Searching E-mail Folders in Outlook 2002 653 Filtering E-mail 653 Filtering E-mail in Outlook Express 653 Filtering E-mail in Outlook 2002 655 Creating Calendars 657 Handling Appointments 659 Building Outlook Applications 660 Integrating Newsgroups and Mailing Lists 661 Newsgroups 662 Mailing Lists 663 Troubleshooting E-mail Problems 664 E-mail Messages Stay in the Outbox 664 General Problems Sending E-mail 665 Corrupted E-mail 665 Third-Party E-mail Tools 665 For More Information 667
29 Internet Services from Windows XP Professional 669 IIS Limitations and Options in Windows XP 669 Internet Information Services (IIS) 670 IIS Management 671 Setting Up a Web Site with IIS 671 Creating and Managing Content 673 Creating Virtual Directories 673 Managing Virtual Directories 674 Managing the Default Web Site 675 Tools for Web Success 676 Microsoft Office 676 FrontPage 677 Visual Studio 677 Site Builder 677
Contents
Static Versus Dynamic Content 677 Push Versus Pull Publishing 678 Personal Web Site Tools 679 Third-Party Personal Web Tools 680 Troubleshooting Personal Web Sites 681 For More Information 682
30 Sharing an Internet Connection
685
Using XP as a NAT Proxy 685 What Are the Benefits of NAT? 686 Internet Connection Sharing 686 Enabling ICS 687 Configuring the ICS Client 690 Tradeoffs of Sharing a Link 691 Controlling the Flow of Data 692 Creating a Service Definition 693 For More Information 694
31 Maintaining Internet Security
695
Using Firewalls 695 Internet Connection Firewall 697 ICS and ICF 698 Enabling ICF 698 Third-Party Firewall Options 700 Controlling the Flow of Data 700 Watching Out for Violations and Vulnerabilities 702 Watching Out for Attacks 703 Closing Down Common Access Points 704 Testing for Weakness 705 For More Information 706
VI Appendixes A Windows XP Information Resources, Online and Off 709 Internet Resources 709 Listservers 713
xxvii
xxviii
Contents
Newsletters 714 Publications 714 Training 717
B Key Windows XP Utilities: Native, Resource Kit, and Downloads 719 Windows XP Support Tools 719 Active Directory Tools 720 Computer Management Tools 720 Deployment Tools 721 File and Disk Tools 721 Network Management Tools 722 Performance Tools 722 Security Tools 722 Windows 2000 Professional Resource Kit 723 Administration Scripts 723 Debugging Utilities 725 Deployment Utilities 726 Desktop Management Utilities 726 File and Disk Utilities 727 Management Utilities 728 Network Utilities 730 Performance Tuning Utilities 732 Scripting Utilities 733 Security Utilities 733 System Diagnostic Utilities 734 Microsoft Power Toys for Windows XP 735
C Windows XP Command-Line Reference 737 APPEND ASSOC AT
About the Author Stu Sjouwerman is the founder of Sunbelt Software, an international company providing best-of-breed system, network, and security management software to keep mission-critical Windows NT/2000 and Server 2003 servers up and running. He is the Editor-in-Chief of W2Knews, which goes to 500,000 subscribers every week, and the publisher of WinXPnews, which has well over two million readers. James Michael Stewart is a partner of ITinfo Pros, Inc., a technology-focused writing and training organization. His work focuses on Windows NT/2000/XP/.NET, certification, and security. Michael has coauthored numerous books on Microsoft and security certification and administration and written articles for several print and online publications. He has developed and presented certification courseware and training materials. He is also a regular speaker at Networld+Interop.With nearly 20 years of experience with computers, he has also been an MCSE since 1997 and holds the following certifications: CISSP,TICSA, CIW SA, CCNA, MCSE NT and W2K, and iNet+.You can reach Michael by e-mail at [email protected]. Lee Scales, BSEE, MCSE + I, has been working in the computer industry for more than 20 years, including stints with IBM and Microsoft. He is currently employed as a senior consultant with a Microsoft Gold Partner, where his duties include designing Windows networks. He has also been developing courseware for the Windows platform for several years and has been a contributing author to titles in the Exam Cram and the Windows Power Toolkit series. Gale Pomper has 20 years of experience installing and designing computer networks and holds CompTIA’s newest network certification, Server+. She is a certified trainer and engineer for both Microsoft (MCT, MCSE) and Novell (CNI, CNE). For the past 10 years she has been an independent consultant providing network design services and customized training. In 2001 she filmed a Web-based course on Windows 2000 Server. She is the principal author for an exam guide for Windows 2000 Active Directory published in December 2001. She has recently returned from an 8-month sailing hiatus in the Bahamas with her family. Diana Huggins, B.Ed., MCSE, MCT, A+, Server+, and I-NET+, is an independent trainer and technical writer who has coauthored several certification books on Windows Server 2003,Windows 2000 Directory Services Design, ISA Server, Server+, and Windows XP Professional.
Dawn Rader has been a networking writer, editor, and researcher since 1993. Before joining LANWrights, Inc. in 1995, she was the Managing Editor at NetWare Solutions magazine. Since joining LANWrights full time, she has performed duties as Managing Editor on more than 85 books. She is a contributing author on numerous titles, including the Windows 2000 Power Toolkit (New Riders), Windows 2000 Server Exam Prep (Certification Insider Press), Computer Telephony (AP Professional), The PC Networking Handbook (AP Professional), and the Networking Essentials Exam Cram (Certification Insider Press). Todd Klindt is an Infrastructure Associate for EDS PLM Solutions. His day-to-day activities include the care and feeding of Windows servers. He spends his free time riding his motorcycle, trying to do martial arts, and spending time with his new bride, Jill.
Acknowledgements Stu Sjouwerman: Grateful acknowledgements to Tom Shinder, the editor of WinXPnews.Without his help, this would never have been possible. James Michael Stewart: Thanks to Ed Tittel and LANWrights, Inc. for allowing me to contribute to this book.Working with you guys is and always has been a pleasure. Thanks to my editor, Dawn Rader, for putting up with bad grammar and sporadic submission schedules.To my parents, Dave and Sue, thanks for your love and consistent support.To my sister, Sharon, and nephew,Wesley, it’s great having family like you to spend time with.To Mark, you are the best friend a guy could ever have.To HERbert and Quin, it is all because of you I have to dust every week to keep the cat hair from congealing into world-dominating fuzz monsters. And finally, as always, to Elvis—I just got your latest release of the top-30 #1 hits. I can’t believe you are still making so much cash from beyond! By the way, can I get a cut? Lee Scales: Thanks to our editor, Dawn Rader, a fellow Scorpio, for all her hard work in keeping us focused. In addition, thanks to my son, Davin, who was very understanding on those days when Daddy couldn’t come out and play. Gale Pomper: I would like to thank Dawn Rader for all her kindness and support during this project. I appreciate the reformatting and graphics work you were doing for me on the side. I would also like to express my appreciation to all the editorial staff at LANWrights for the behind-the-scenes work that we know takes place but never have to see.Thank you, Ed Tittel, for allowing me to join your team again. As always, I owe the most gratitude to my family, Gardner and Clara, for taking all those deadlines in stride. Diana Huggins: First and foremost, I’d like to thank my agent, David Fugate of Waterside Productions, and Dawn Rader of LANWrights, Inc. for bringing me on board this project. A special thanks as well to my family and friends for being so supportive. Dawn Rader: As always, thanks to my friends and coworkers at LANWrights: Ed Tittel, Michael Stewart, Mary Burmeister, Kim Lindros, and Bill Brogden—I couldn’t ask for a better bunch of folks to work with. I would also like to thank John Davidson for sticking by me and for being a mighty, mighty good man. Todd Klindt: I would to thank the LANWrights team for including me in this book, especially Dawn Rader and her Job-like patience. I would also like to thank my new bride, Jill, for her patience and support.
We Want to Hear from You As the reader of this book, you are our most important critic and commentator.We value your opinion and want to know what we’re doing right, what we could do better, what areas you’d like to see us publish in, and any other words of wisdom you’re willing to pass our way. As an associate publisher for Que, I welcome your comments.You can e-mail or write me directly to let me know what you did or didn’t like about this book—as well as what we can do to make our books better. Please note that I cannot help you with technical problems related to the topic of this book.We do have a User Services group, however, where I will forward specific technical questions related to the book. When you write, please be sure to include this book’s title and author as well as your name, e-mail address, and phone number. I will carefully review your comments and share them with the author and editors who worked on the book. E-mail:
Greg Wiegand Que 201 West 103rd Street Indianapolis, IN 46290 USA
For more information about this book or another Que title, visit our Web site at www.quepublishing.com.Type the ISBN (excluding hyphens) or the title of a book in the Search field to find the page you’re looking for.
Introduction
W
ELCOME TO THE Windows XP Power Pack! This book is designed to help Windows XP users at all levels—from novice to expert—function like a power user on steroids! We’ve designed this book to be easy to read, easy to use, and a great source of tips, tools, and techniques to enhance your Windows XP user experience.Windows XP features are also introduced and explained.
Who This Book Is For If you use the Windows XP operating system, this book is for you. By and large, this book is not aimed at the types of problems and topics that network or system administrators must solve on a day-to-day basis (but even those folks should find it useful). Rather, this book is aimed at helping those people who must work with Windows XP to get their work done on a day-in, day-out basis.Therefore, it provides information about what Windows XP is, how it works, and how to get the best use out of your system. But whether you’re a seasoned professional or a newbie, you’ll find a lot to help you improve your productivity in this book, including the following: n n n n n n n n
Lots of useful overview and orientation information How to manage Windows XP hardware and software The most useful Windows XP Registry tweaks Networking tips and tricks Making the most of the Windows XP file systems and utilities Scripting and automating everyday tasks Tweaking and tuning Windows XP for maximum performance And (as the saying goes) “much, much more!”
2
Introduction
What’s in This Book Each chapter is designed to cover some topic or technique related to Windows XP, from the fundamentals of its architecture to the ins and outs of remote access, printing, protocols, and system security.Throughout the book, you’ll find pointers to built-in Windows XP software, Resource Kit utilities, new Windows features, and third-party software products designed to improve your ability to get your work done.Whenever possible and practical, you’ll find copies of this software on the CD that accompanies this book. To help organize the voluminous material this book contains, it’s organized into six parts, described in the following sections.
Part I: Windows XP Overview This part of the book contains three chapters, which together provide an overview of Windows XP capabilities and a roadmap to its visible contents. Chapter 1, “Introducing Windows XP,” covers a bit of Windows history, compares various versions of the software, and discusses upgrade and migration issues. Chapter 2, “Common Windows XP Administrative Utilities,” covers the common administrative utilities in Windows XP, and Chapter 3, “The Windows XP Layout,” provides a roadmap to various Windows XP directory structures, files, and elements and explains how to live with the routine of change so common on modern systems.
Part II: Nuts and Bolts of Windows XP This part of the book contains eight chapters.The first chapter, Chapter 4, “Windows XP and Hardware,” covers how Windows XP interacts with hardware. Chapter 5, “Keeping Windows XP Current,” discusses how to keep Windows XP current. Chapter 6, “Windows XP Installation and Upgrade Secrets,” covers how to install and upgrade to Windows XP. Chapter 7, “Booting Windows XP,” explains how Windows XP boots itself during startup. Chapter 8, “Windows XP Control Panel Utilities,” examines how to control and configure your system with the Windows XP Control Panel utilities.The remaining three chapters focus on that all-important Windows data repository—the Registry. Chapter 9, “Introducing the Windows XP Registry,” includes an overview of its structures and functions. Chapter 10, “Editing the Windows XP Registry,” discusses safe editing techniques to manipulate Registry contents. Chapter 11, “Important Registry Keys and Values,” contains a slew of details about important Registry keys and values.
Part III: Networking Windows XP This part of the book contains seven chapters, beginning with a Windows XP networking overview in Chapter 12, “Windows XP Networking Explored and Explained.” Chapter 13, “Windows XP Networking Models,” follows with a discussion of Windows
Introduction
XP networking. Chapter 14, “Windows XP and TCP/IP,” provides coverage of TCP/IP. Chapter 15, “Windows XP and Legacy Protocols,” explores working with legacy protocols, such as NetBIOS and NWLink. In Chapter 16, “Windows XP Meets Unix,” issues related to Windows XP support for Unix interoperability are explored. Chapter 17, “Remote Access,” covers the Remote Access Service. Chapter 18, “Windows XP and Terminal Services,” discusses the use of a Windows XP system as a Terminal Services client.
Part IV: Managing Your Windows XP System(s) This part of the book contains eight chapters, starting with coverage of Windows XP file systems and storage capabilities in Chapter 19, “Windows XP and Storage.” Chapter 20, “Windows XP Backup and More,” covers Windows XP backup hardware, software, and recommended backup methods and techniques. Chapter 21, “Scripting and Automation,” includes a discussion of the Windows XP built-in scripting facilities, along with batch files and commands.We also provide information on third-party automation alternatives to help you turn routine work over to your computer instead of performing tasks repeatedly by hand. Chapter 22, “Tuning and Optimizing Windows XP,” covers tuning and optimizing Windows XP, and Chapter 23, “Managing Applications,” explains what’s involved in managing newer 32-bit applications along with older 16-bit applications in a Windows XP environment. Chapter 24, “Printing with Windows XP,” surveys printing in the Windows XP environment, starting with an overview of the Windows XP print architecture and moving on to installing, configuring, and updating printers on a Windows XP system. Chapter 25, “Managing System Security,” discusses Windows XP security, documents well-known holes and backdoors in the system, and provides some tips and tricks on how to close them for good! Part IV concludes with Chapter 26, “Managing System Recovery,” which provides a discussion of system recovery of a failed Windows XP system.The chapter also introduces you to the built-in Recovery Console and IntelliMirror and lists some third-party tools.
Part V: Windows XP Goes Online: Internet or Intranet Access The five chapters in this part cover the software components in Windows XP that support Internet or intranet access and services. Chapter 27, “Windows XP as a Web Client,” documents the Windows XP capabilities as a Web client, primarily using Internet Explorer. Chapter 28, “Windows XP as an E-mail Client,” switches its focus to the Windows XP capabilities as an e-mail client, primarily using Outlook 2000. Chapter 29, “Internet Services from Windows XP Professional,” explores the Windows XP Webserving software, namely Internet Information Services (IIS). Chapter 30, “Sharing an Internet Connection,” looks into the use of Windows XP as a NAT proxy to share an Internet connection with a network.To round out coverage of Internet utilities and services, Chapter 31, “Maintaining Internet Security,” covers essential Internet security issues so that you can keep your environment safe from malicious people and software.
3
4
Introduction
Part VI: Appendixes These six elements cover a variety of useful explanatory and supplementary information related to Windows XP. Appendix A, “Windows XP Information Resources, Online and Off,” offers a concise but useful compendium of Windows XP information resources, both online and off. Appendix B, “Key Windows XP Utilities: Native, Resource Kit, and Downloads,” provides an overview of some built-in and Resource Kit utilities. Appendix C, “Windows XP Command-Line Reference,” supplies a command-line reference, and Appendix D, “Windows XP Performance Monitor Objects and Counters,” has a comprehensive list of Performance Monitor objects and counters. Appendix E, “Windows XP Keyboard Commands and Shortcuts,” describes important Windows XP keyboard commands, shortcuts, and equivalents. Finally, in Appendix F, “CD-ROM Contents,” you’ll find a list of all the software and information included on the CD-ROM that accompanies this book. All in all, there’s a tremendous amount of information, along with a great collection of tools and utilities to help you use what you learn.
How to Use This Book You can use this book in any of a variety of ways. If you’re a relative newcomer to Windows XP, you’ll probably benefit from reading the book in sequence because many of the later chapters reference information in earlier chapters. If you’re an intermediate user, look for chapters on topics of interest and tackle them as you please. Just remember that for some topics—such as the Windows XP Registry covered in Chapters 9, 10, and 11—you might have to read more than one chapter to cover the necessary ground. If you’re a Windows XP expert, we recommend that you use the book’s Index and Table of Contents to point your reading to more precise topics. But no matter what your level of expertise is, we also suggest that you investigate the contents of the CD that accompanies the book, simply because you’ll find so much good stuff there. So roll up your sleeves, dust off your favorite reading chair, and get down to it. Also, please feel free to share your comments with the authors. Send your comments, suggestions, questions, and criticisms to [email protected]; we’ll do our best to answer all e-mail within 24 hours (by noon the next working day if sent on weekends or holidays). Thanks for buying our book, and enjoy your reading experience!
I Windows XP Overview 1
Introducing Windows XP
2
Common Windows XP Administrative Utilities
3
The Windows XP Layout
1 Introducing Windows XP
O
N OCTOBER 25, 2001, MICROSOFT OFFICIALLY launched Windows XP, the newest member of the Windows family.With this release of Windows, Microsoft realized a goal that had been eluding it for years: combining the home and corporate versions of Windows, using the same architecture.Windows XP unites the friendliness of its ancestors in the Windows family line with the robustness of its corporate heritage.This combination makes Windows XP the best desktop OS yet.
Windows XP History and Description In its earliest form, Microsoft Windows was simply a desktop operating system built as an extension to MS-DOS that provided a graphical interface for users to access applications. Over the years, and through many iterations,Windows has grown to encompass the latest and greatest computing advances. In recent years, with the rise of the Internet and business networks,Windows has embraced networking technology for sharing resources.
Birth of Network Operating Systems These days, computer networks are a normal part of any advanced computer user’s working environment. Most of us use a computer network every day without thinking twice about it. But computer networks have not been around very long. Before the wonderful features of today’s networks were so broadly available, most users relied on a networking technology known as sneakernet. Sneakernet was a great invention. It almost never failed, was easy to upgrade, and was extremely scalable. Every time you added a computer system to your organization, that machine automatically joined your current network and configured itself.
8
Chapter 1
Introducing Windows XP
In case you haven’t already guessed, using sneakernet meant copying the information you needed to transfer to a floppy disk, taking that floppy disk to the destination computer, and copying the information onto that system.The key mode of transportation for this network was its users’ shoes, hence the name sneakernet.To some users, sneakernet is a fond memory; to others, it’s a relic of a bygone era; to a surprising number, it’s still business as usual. The first commercially available local area network (LAN) was the Attached Resource Computer Network (ARCNet) architecture from Datapoint Corporation, which was developed in 1977. It was based on a scheme of file and application processors, servers, and clients. More than 500,000 ARCNet systems were in use before Ethernet (a LAN technology developed by the Xerox Palo Alto Research Center) was a commercial product. The first commercially successful network operating system was Novell’s NetWare, which hit the streets in 1984. Because of its success, many believe that Novell was the first company to offer a system that allowed users to share information and resources across a network. Not to be outdone, Microsoft released its first version of a network operating system in early 1985 under the name MS-NET. MS-NET worked hand-inhand with MS-DOS 3.10.When MS-NET was released, Microsoft was still a relatively small company and did not choose to market the software aggressively. It did, however, establish a relationship with IBM that helped move the MS-NET networking software into the marketplace. In 1985, there were really only two mainstream options for organizations that wanted to implement PC-based networks: MS-NET and NetWare. Unfortunately for Microsoft, although MS-NET was inexpensive and easy to implement, NetWare outperformed MS-NET and offered corporate users more powerful file and print services. In this first networking encounter between the two companies, Novell carried the day. Microsoft realized that it needed to close the gap between its products and Novell’s if it was to succeed in the networking market.To accomplish this goal, the company designed a second-generation network operating system based on the OS/2 1.0 operating system. This network operating system, called Microsoft LAN Manager, involved extensive collaboration with the networking giant 3Com Corporation. As with MS-NET, Microsoft did not intend to market LAN Manager directly, but hoped that IBM and other partners would sell the product. Although IBM did sell LAN Manager, some of those other partners (including Compaq Computer Corporation) decided not to participate in this venture.This prompted Microsoft to enter the marketplace directly to market and sell LAN Manager. Unfortunately, NetWare had a head start on LAN Manager and continued to outperform it.When Microsoft released LAN Manager version 2, however, the new product further closed the gap, in terms of both market acceptance and adoption, between the two network operating systems.
Windows XP History and Description
Windows NT While working on the OS/2 operating system with IBM, Microsoft was developing a new operating system intended to replace LAN Manager.This new operating system was initially designed to run on OS/2. It was Microsoft’s intention to develop a processorindependent operating system. Processor independence would allow this new operating system to venture into the Unix world and permit it to run on processors—such as RISC—that, until then, could run only Unix. In October 1988, Microsoft hired David Cutler, an operating system guru who had worked for Digital Equipment Corporation (DEC) and helped that company develop its VMS operating system. Microsoft decided to call this project its “New Technology” operating system. The product’s original name was to be OS/2 NT. In early 1990, however, Microsoft decided that it would base the interface for this operating system on its current desktop operating system, Microsoft Windows 3.0, instead of on OS/2. Because Windows 3.0 gained a large installed base rather quickly, we can only speculate that Microsoft wanted to leverage the success of that product with the introduction of the new product. In early 1991, IBM learned that Microsoft was planning to base its new operating system on Windows rather than on OS/2, and withdrew from its development. IBM continued to work on the OS/2 operating system for several years and ultimately developed the OS/2 Warp product family before giving up and switching its focus to Windows NT in 1997 and 1998. Finally, on July 17, 1993, Microsoft released LAN Manager NT, calling it Windows NT Advanced Server. Although this product was a new operating system, Microsoft marketed it as version 3.1.Two powerful factors helped motivate this strategy: n
n
Microsoft was already marketing its Microsoft Windows 3.1 desktop operating system and felt that users might not adopt Windows NT Advanced Server if it had a 1.0 version number. NetWare was already on version 3.11 and Microsoft’s marketing wizards believed that people might assume Windows NT Advanced Server was an inferior product, solely because of its lower version number.
What’s in a Name? There is some discussion as to how the name “New Technology” was derived. Some think that Microsoft (and David Cutler) decided on the name and called it Windows NT (WNT). Others believe that the initials WNT were decided on first, and that Windows New Technology was derived from the initials. Here’s one explanation we find interesting, be it gospel truth or imaginative fiction. Anyone who has seen the movie 2001: A Space Odyssey cannot help but remember that one of the main characters in the movie is named HAL. Many people wonder where that name came from. But if you take
9
10
Chapter 1
Introducing Windows XP
each letter in that name and increase its letter value by one, you will see immediately where the name comes from—that is, the next letter after H is I, the next letter after A is B, and the next letter after L is M. You can apply the same technique to the Windows NT characters, WNT. The next letters in this sequence are VMS, which is, of course, the operating system that David Cutler worked on when he was with DEC. Conspiracy theorists are welcome to find significance here! We simply find it amusing.
In September 1994, Microsoft released a new version of the Windows NT operating system and dropped the word Advanced from its name (although this is not the last you will see of Windows Advanced Server).This new version, called Microsoft Windows NT 3.5, was a tuned-up version of 3.1.Windows NT 3.5 required less memory, included built-in NetWare and TCP/IP connectivity, and was separated into Server and Workstation versions.Windows NT 3.5 also included new administration tools that could be run from a Microsoft Windows for Workgroups (version 3.11) system. In 1995, Microsoft released Microsoft Windows NT 3.51, which fixed some bugs from the previous version and added new functions, including file and directory compression and support for new hardware.Version 3.51 also represented a turning point for Windows NT sales and marketplace acceptance and marked the beginning of its incredible ramp up to the market share that Windows NT/2000/XP enjoys today. In August 1996, Microsoft released Windows NT 4.0. Many people at that time believed it was simply version 3.51 with the Windows 95 interface grafted on. Nothing could be further from the truth:Windows NT 4.0 added significant functionality to its predecessor, including Domain Name System (DNS) services, and its graphics-handling architecture was modified to increase overall performance.
Windows 2000 In the nearly four years between the release of Windows NT 4.0 and Windows 2000, Microsoft released six different service packs.With the service packs, it adopted the practice of releasing not only bug fixes but also product enhancements. Each subsequent service pack included new administrative utilities and enhancements to existing tools and services. As you will see, administrators did not adopt this practice as Microsoft had hoped they would (because installing 60+MB service packs every several months on many systems became a nightmare for many administrators). On February 17, 2000, Microsoft released Windows 2000. More than one billion dollars was spent on developing and testing the new operating system. Unlike previous releases, Microsoft decided not to succumb to external pressure to release the operating system, opting instead to wait until it felt the OS was stable and relatively bug free and could deliver what Microsoft had been promising for years.
Windows XP History and Description
Windows 2000 added major new functionality, including the following features:
n
Active Directory (a data structure that allows any network object to be tracked) Full Plug and Play support COM+, a major improvement to Microsoft’s Component Object Model File system improvements, including disk quotas, encryption, and defragmentation capabilities Improved security using certificates, IP Security (IPSec), and Kerberos FAT32 file system support (FAT stands for file allocation table)
n
More flexible upgrade paths from previous operating systems
n n n n
n
With Windows 2000, the term workstation is no longer used. Instead, the following names have been assigned to the different flavors of Windows: n n n
Windows 2000 Professional. Equivalent to Windows NT Workstation. Windows 2000 Server. Equivalent to Windows NT Server. Windows 2000 Advanced Server. Equivalent to Windows NT Server— Enterprise edition.
Microsoft also created a new category of the server operating system, called Windows 2000 Datacenter Server.This was Microsoft’s high-end server product, which supported up to 32 processors simultaneously in a system with 64GB of RAM.
Windows XP October 25, 2001 was the release date for Microsoft’s most ambitious desktop OS to date,Windows XP. Microsoft chose the letters XP to stand for eXPerience.With Windows XP, Microsoft is not just selling an OS and applications; it is selling an entire experience. Windows XP started its existence as a project code-named Whistler. It merged the home line of Windows 95, 98, and Me and the corporate line of Windows, NT, and 2000.The internal version of Windows XP is NT 5.1, which suggests it is a point upgrade to Windows 2000, or NT 5.The following upgraded features are included with Windows XP: n n n n n
New “Luna” skinnable interface Faster boot times Internet Connection Firewall Support for burning CDs Support for 64-bit Intel Itanium processors
Windows XP came out in three flavors:Windows XP Professional,Windows XP Home Edition, and Windows XP 64-bit Edition.Windows XP Professional corresponds to
11
12
Chapter 1
Introducing Windows XP
Windows 2000 Professional, and Windows XP Home Edition corresponds to Windows 98 and Windows Me. Microsoft has not yet released a corresponding server OS; Windows .NET Server is currently slated for release in Q1 of 2003. You can learn more about the Windows XP product line by visiting the Web sites listed at the end of this chapter in “For More Information.”
Windows XP Architecture To understand how and why Windows XP operates the way it does, you must understand its architecture. Knowing the “lay of the land” also allows you to understand why some programs run better than others on Windows XP and why some applications do not run at all.This section covers the Windows XP architecture in detail. Windows XP is designed around a modular architecture, which means it incorporates a collection of separate and distinct components.This separation of components allows the operating system to be ported from one processor platform to another without requiring its developers to rewrite or recompile the entire system (although currently,Windows XP is available only for the Intel platform, including 64-bit Itanium processors, whereas Windows NT was available for the Intel, PowerPC, Mips, and Alpha platforms). The Windows XP architecture can be divided into two main components: the Kernel mode and the User mode (see Figure 1.1). Note If you understand the Windows 2000 architecture, you are well on your way to grasping Windows XP architecture because they are nearly identical.
The Kernel mode represents a highly privileged mode of system operation. Components that run in this mode have direct access to all hardware components and memory on the system.This includes all address spaces for all User mode processes. The User mode, on the other hand, is a less privileged mode that has no direct access to hardware.This is why you cannot run a lot of older software, such as games, that require direct access to hardware on Windows XP. Components that run in this mode can access only whatever address space is assigned to them. But to access even their own assigned address space, components must request access from the Kernel mode.When the User mode requires access to system resources, it uses operating system application programming interfaces (APIs) to request them and waits for those APIs to grant (or deny) their requests.
Windows XP Architecture
WOWEXEC
NTVDM
NTVDM
POSIX Application
Win32 Application
OS/2 Application
Win32
Win32
POSIX Subsystem
Win32 Subsystem
OS/2 Subsystem
Security Subsystem
User Mode Kernel Mode
Executive Services
I/O Manager
Security Reference Monitor
Memory Manager
Plug and Play Manager
Power Manager
Process Manager
IPC Manager
Window Manager
Object Manager File Systems
Device Drivers
Microkernel
Graphics Device Drivers
Hardware Abstraction Layer (HAL)
Hardware
Figure 1.1 The Windows XP architecture.
These two modes can be described as being similar to a bank. Everything behind the bank counter represents the Kernel mode, whereas everything in front of the counter represents the User mode. Assuming that you have an account at a bank, you can access any information about your account, but you must ask a bank teller to access the bank’s systems on your behalf. Just being a client of the bank does not give you access to any other clients’ information.Tellers operate in Kernel mode.They can access information about any bank client, handle funds for deposits and withdrawals, and transfer funds between accounts.The following sections explain the Kernel and User modes in more detail.
Kernel Mode The primary component of the Kernel mode is the Windows XP Executive.The Executive is further divided into four major components: n n
Hardware Abstraction Layer (HAL) Device drivers
13
14
Chapter 1
n n
Introducing Windows XP
Microkernel Executive services
It is important that you understand these four components, what they enable Windows XP to accomplish, and how they communicate with one another. Hardware Abstraction Layer (HAL) The Hardware Abstraction Layer (HAL) is the component that makes Windows XP a truly portable operating system. By portable, we do not mean that it runs on a laptop computer. Being portable means that it can be easily translated, or ported, to operate on a variety of processor platforms. In fact, the HAL is simply a library of routines that enables Windows XP services to access and manipulate a system’s primary hardware component: its central processing unit (CPU).Windows XP is also capable of operating on systems with more than one CPU, again by invoking a special version of the HAL and the Microkernel. Microsoft provides the library of routines that makes up the HAL; this library is installed during the Windows XP setup process.The HAL lies at the bottom of the Windows XP Executive between the physical hardware and the operating system. The HAL gets its name from the fact that it hides, or abstracts, the physical characteristics of the processor platform behind a standard interface.This standard interface allows the Windows XP Executive to make calls to the hardware without any need to know the specifics of the hardware it is addressing.The Executive simply makes a call, and the HAL translates it to match the characteristics of whatever hardware is in use and then passes this information to that hardware. The HAL allows the same operating system to run different processor platforms without having to be completely recompiled.That’s because the HAL for the Intel x86 CPU family is different from the HAL for other processors, but all HALs share a common interface to the rest of the Windows XP Executive; therefore, the rest of the system can remain oblivious to CPU differences. As previously mentioned, the HAL is installed during the setup process. It is rare that you will need to change the HAL, but such modification is required in some cases. For example, if a dual-processor–capable system had only one processor when Windows XP Professional was first installed and a second processor was added later, changing from the uniprocessor HAL to the multiprocessor HAL would be necessary. Device Drivers Simply put, the device drivers are the bits of the operating system that allow the Executive services to communicate with the hardware, or devices, installed on the
Windows XP Architecture
system.They are the same device drivers that are normally installed when adding or changing a hardware component. When a device driver is added, it simply acts as the interface between the Windows XP system and the hardware device.This interface enables multiple devices to be added to the system without having to teach each application how to use the device. Microkernel The Microkernel is the heart and soul of Windows XP. It lies just above the HAL and operates in close cooperation with the HAL.The Microkernel schedules all threads—a thread is a unit of processor execution—in the system and takes care of all interrupts and exceptions.The Microkernel really starts to earn its keep in multiple-processor systems. In such systems, the Microkernel schedules and synchronizes activity between all available processors. The Microkernel operates like a dispatcher at a trucking office. It’s up to the dispatcher to ensure that all truckers are kept busy. If one trucker is constantly working while others sit idle, the organization suffers.The same is true with a multiple-processor system. If a single processor is utilized while others stay idle, the system’s resources are not being used to their maximum potential. When threads are ready to be executed by the processor, the Microkernel schedules them based on their dynamic priority, a numerical value that ranges from 1 to 31.This number indicates the importance of a thread: 1 is the lowest importance and 31 is the highest.Threads with the highest priority assigned always run first on the processor.This is true even if a thread with a lower priority must be interrupted so that the higherpriority thread can run. When a process is executed, it is assigned a priority. Normally, this priority remains constant unless one of two things happen: n
n
An administrator increases the priority of the process by using Windows Task Manager (as shown in Figure 1.2). The Process Manager modifies the process priority level up or down by two levels to improve process performance or restrict it.
Under Windows XP, most user applications are assigned Normal priority (set between 6 and 10), as shown in Figure 1.2. User mode priorities generally occur in the range of 1 to 15; Kernel mode priorities generally occur in the range of 16 to 31. Among other things, this means that User mode execution invariably takes a back seat to Kernel mode execution.The priorities for Windows XP are listed in Table 1.1.
15
16
Chapter 1
Introducing Windows XP
Figure 1.2 Modifying the process execution priority.
Table 1.1 Windows XP Thread Priorities Priority
Priority Level
Thread Priority
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 22 23 24
Idle Idle Idle Idle Idle Idle/Normal Normal Normal Normal Normal High High High High High Real-Time Real-Time Real-Time Real-Time
Idle Lowest Below normal Normal Above normal Highest/lowest Below normal Normal Above normal Highest Lowest Below normal Normal Above normal Highest/time critical Idle Lowest Below normal Normal
Windows XP Architecture
Table 1.1 Continued Priority
Priority Level
Thread Priority
25 26 31
Real-Time Real-Time Real-Time
Above normal Highest Time critical
Note: 31 is the highest priority, whereas 1 is the lowest.
Note Setting an application’s priority too high can render your system unusable for the remainder of that session because it could bring certain critical system processes to a halt. In addition, these settings affect only the current session. When you reboot the computer, the system default settings are restored.
You can use several tools to modify an application’s priority.The tool that you should use most often to control priority settings is Windows Task Manager.To modify an application’s priority—in this case, explorer.exe—follow these steps: 1. To run Windows Task Manager, press Ctrl+Alt+Delete. Alternatively, you can right-click on the taskbar and choose Task Manager from the pop-up menu or press Shift+Ctrl+Esc. 2. Click the Processes tab, shown in Figure 1.3.
Figure 1.3 You can halt processes or alter process priority through the Processes tab in Task Manager.
3. Select the process whose priority you want to change, and then right-click its entry in the list. (In this case, it appears as explorer.exe.)
17
18
Chapter 1
Introducing Windows XP
4. Click Set Priority on the shortcut menu, and then choose the priority.You can select Realtime, High, AboveNormal, Normal, BelowNormal, or Low. (Realtime is available only if you log on with administrative privileges.) Windows XP Executive Services The Windows XP Executive Services are really a collection of services that can be invoked by any operating system component.These services include the following: n
Object Manager. This component handles all objects in the Windows XP system, including their creation, management, and deletion. Because every aspect of Windows XP is considered an object, the Object Manager handles all actions performed on the system.
n
I/O Manager. This provides a consistent interface for the majority of I/O operations on a Windows XP computer.
n
Security Reference Monitor. This fields all requests for system objects or resources from other Windows XP processes, regardless of whether they are in User or Kernel mode.
n
Memory Manager. This maps virtual addresses on a process’s 4GB address space—2GB for the process’s use and 2GB for system use.Windows XP 64-bit Edition supports 16 terabytes of memory—8TB for User mode and 8TB for Kernel mode.
n
Plug and Play Manager. This controls all Plug and Play capabilities on the system, including device detection, installation, and management.
n
Power Manager. This controls all of Windows XP power management capabilities.
n
Process Manager. This creates and deletes processes, tracks process and thread objects, and provides services for creating processes and threads.
n
Interprocess Communication (IPC) Manager. This component is responsible for all communication between clients and servers on the network. Window Manager. This handles user interaction with the Windows XP GUI, moving and resizing windows, selecting icons, and moving the cursor.
n
n
File Systems. This component controls all the file systems supported by Windows XP, including FAT12, FAT16, FAT32, NTFS, Compact Disc File System (CDFS), and Universal Disk Format (UDF) 2.01.
n
Graphics Device Drivers. This supplies the necessary software that permits the operating system to communicate with hardware.
Situated just above these service groups are the System Services, which act as the interface between User and Kernel mode components.
Windows XP Architecture
User Mode When Microsoft created the Windows NT operating system, it knew that the only way the computer and networking market would embrace the operating system was if a large software base existed.The company had two primary options it could adopt: It could work with independent software vendors (ISVs) to build applications for release with the operating system, or it could make Windows NT as compatible with previous operating systems as possible. For obvious reasons, Microsoft chose both options. It encouraged developers to build native, 32-bit multithreaded applications that could take full advantage of Windows NT, but it also chose to support as much backward-compatibility with 16-bit Windows and DOS applications as possible.The same is true with Windows XP. Although Windows XP is a major upgrade to Windows NT and 2000, it is still backward-compatible with these versions, and most applications run on Windows XP as well as (if not better than) on Windows NT or 2000. Microsoft accomplished its goal of supporting modern 32-bit applications alongside legacy 16-bit applications by creating User mode components named environment subsystems. These components enable different applications to run seamlessly on the same desktop. In fact,Windows XP can run multiple instances of applications that are written for the following operating systems: n n n
MS-DOS Windows 3.x Win32
Because these subsystems emulate different operating systems, they allow Windows XP to support a variety of runtime environments.You might notice that unlike its predecessors,Windows XP no longer supports OS/2 or POSIX subsystems. If you need Unix support in Windows XP, you can purchase Windows Services for Unix, which includes the Internix subsystem. For additional information, go to the Windows Services for Unix Web site at http://www.microsoft.com/windows/sfu/default.asp. One of the best features of this model is that each of these subsystems runs in its own “playground.”Therefore, each application runs in its own space on the system.This separation protects each subsystem from being shut down as a result of a misbehaving application in another subsystem.Think of placing four toddlers in a single playground with one toy. How long before an all-out fight breaks out? This fighting problem is solved by placing each toddler in a separate area with his or her own toy. For applications written for older Microsoft operating systems (such as MS-DOS and Windows 3.x),Windows XP creates what is known as a Virtual DOS Machine (VDM). Windows XP provides the following protected subsystems and VDMs:
19
20
Chapter 1
n n n
Introducing Windows XP
MS-DOS NTVDM Win16 NTVDM Win32 subsystem
These systems are covered in detail in the following sections. The MS-DOS Environment When MS-DOS applications run on a Windows XP system, a process called the Windows NT Virtual DOS Machine (NTVDM) is created.The NTVDM is simply an application that emulates the environment an MS-DOS application would experience on an Intel 486–based system. In native MS-DOS, you are limited to running one application at a time (excluding terminate-and-stay-resident, or TSR, applications—that is, applications that remain in memory after they are opened).When MS-DOS applications run under Windows XP, this limitation is eliminated because each MS-DOS application runs in its own separate NTVDM. As stated earlier, each NTVDM emulates an Intel 486–based system. Likewise, because each NTVDM is assigned its own virtual address space, whichever MS-DOS application occupies that NTVDM believes it is running on its own Intel 486–based system.This protects each MS-DOS application from other such applications, while protecting the operating system from corruption or damage. The number of NTVDMs that can run on a Windows XP system at any one time is limited only by the system’s hardware. If this limit is ever reached, you can simply upgrade the CPU or install more memory. Note Although each MS-DOS application runs in its own NTVDM, all active NTVDMs appear as NTVDM.EXE in Task Manager.
The Win16 Environment Like MS-DOS applications, 16-bit Windows applications also run in an NTVDM.The main difference lies in the way these applications run. Because most 16-bit Windows applications are better behaved than MS-DOS applications (mostly because they are somewhat aware of one another),Windows XP runs them within a single NTVDM process with a shared address space by default. Another name for the Win16 NTVDM is WOW, which is an acronym for Windows-on-Windows (or Win16-on-Win32).When you run a Win16 application within an NTVDM, the WOWEXEC.EXE process shows up beneath that instance of NTVDM.EXE in Task Manager.
Differences Between Windows XP Professional, XP Home Edition, and XP 64-bit Edition
Note Windows XP isolates programs from resources, such as the display adapter, printers, and COM ports. Programs written to take direct control of such resources (for example, most DOS-based games) will not work under Windows XP. Only programs that use standard APIs to communicate with resources will run properly.
The Win32 Subsystem The Win32 subsystem is the system Windows XP uses when it runs native applications. In Windows NT/2000, the Win32 subsystem also included windows, graphics, and messaging support.With Windows XP, these services have moved into the Kernel mode or, more specifically, Executive Services. Win32 has two primary built-in functions: n
Console. The console simply gives Windows XP the capability to handle hard errors and shutdowns and to support text windows.
n
Miscellaneous environment functions. The Miscellaneous environment functions support highly specialized functions that let 32-bit Windows XP applications create and delete processes.
Differences Between Windows XP Professional, XP Home Edition, and XP 64-bit Edition Windows XP is Microsoft’s answer to the question of how to develop an operating system that serves the needs of both business and home desktop users.Windows XP Professional is geared mostly toward organizations, whereas Windows XP Home Edition is geared toward individuals using their systems at home.With its heritage from Windows 2000,Windows XP is considerably more stable than Windows 9x or Me (Millennium Edition). It also outperforms both of these “home” operating systems on the same hardware.Windows XP also has an Application Compatibility program that enables it to run legacy programs; this makes it more appealing to home users who want to play games or use other non-work-related software. Windows XP 64-bit Edition is geared to run on 64-bit Intel processors, such as the Itanium. For now, these processors are found only in high-end workstations.These machines are used for tasks such as computer-aided drafting (CAD), 3D graphics, and animation. Windows XP Home Edition is a subset of Windows XP Professional. So instead of comparing the features of each, the following lists the features that are available only in Windows XP Professional:
21
22
Chapter 1
Introducing Windows XP
n
Remote Desktop: Both Windows XP Pro and Windows XP Home Edition have Remote Assistance capabilities, but only Windows XP Pro can also host a Terminal Services connection, allowing one inbound connection to the system. . For more information on the Remote Desktop feature, see Chapter 17, “Remote Access,” p. 353.
n
Multiprocessor support: Windows XP Home Edition supports only one processor, whereas Windows XP Pro supports two. Automatic System Recovery (ASR): With Windows XP Professional, you can use Backup to configure ASR to recover your machine in case of a catastrophic failure.Windows XP Home Edition does not include a backup utility. It can, however, be installed from the CD, if you can find it in the \valueadd folder. (Many OEM versions of Windows do not have this folder.)
n
.
n
Dynamic Disks: Windows XP Home Edition supports only standard disks. Windows XP Pro, if not installed on a portable computer, supports Dynamic Disks. .
n
For more information on IIS, see Chapter 29, “Internet Services from Windows XP Professional,” p. 669.
Encrypted File System (EFS): Windows XP Pro enables you to encrypt files, which renders them inaccessible except to the person who created them. .
n
For more information on Dynamic Disks, see Chapter 19, “Windows XP and Storage,” p. 413.
Internet Information Services (IIS): You cannot install IIS on your computer with Windows XP Home Edition. It is an option with Windows XP Pro. .
n
For more information on ASR, see Chapter 26, “Managing System Recovery,” p. 599.
For more information on EFS, see Chapter 19, p. 413.
Domain membership: You cannot join a Windows domain with Windows XP Home Edition.You can access Windows domain resources, but all Windows XP Home Edition computers are in the workgroup MSHOME, and this cannot be changed. .
For more information on Windows domains, see Chapter 13, “Windows XP Networking Models,” p. 261.
Windows XP 64-bit Edition is feature-equivalent to Windows XP Professional.
Upgrading to Windows XP
The Many Advantages of Windows XP We could easily dedicate entire chapters to all the new features and advantages of Windows XP over Windows 2000. Instead, a list of some of the most important and substantial features are listed: n n n n n n n n n n n n n n n
Skinnable interface that supports Visual Styles Remote Desktop Remote Assistance Simultaneous user logons .NET integration Most recently used programs on Start menu Built-in CD burning Faster boot time Faster recovery from standby or hibernation Support for digital cameras and scanners Movie Maker video editor Internet Connection Firewall Built-in 802.11b support System restoration Error reporting
Upgrading to Windows XP Fortunately, the upgrade path from previous versions of Windows to Windows XP is relatively smooth.The Windows XP Setup program automatically detects any installed version of Windows. Upon finding an existing installation, the Windows XP Setup program gives you the options of upgrading the existing installation or installing a new copy. If you choose to install a new copy of Windows XP, you must be aware of these issues: n
n
If you install Windows XP in the same directory as an existing installation, the Windows XP Setup program attempts to upgrade the system (even though you have instructed it otherwise). If you choose to install Windows XP into a different directory, you will be required to reinstall all applications, re-create all user and group accounts, and reconfigure all security information on the new system.This is because the Windows XP Setup program does not migrate any old settings when a new installation is performed.
23
24
Chapter 1
Introducing Windows XP
If you choose to upgrade your current installation of Windows to Windows XP, it must be one of the Windows versions that is eligible for a Windows XP upgrade.Table 1.2 lists the Windows versions that support upgrading to XP. Table 1.2 Potential Windows XP Upgrade Paths Current Version of Windows
XP Professional
XP Home Edition
Windows Windows Windows Windows Windows
Yes Yes Yes Yes Yes
Yes Yes No No No
98 and 98SE Me NT Workstation 2000 Professional XP Home Edition
The following is a list of operating systems that do not currently have an upgrade path; instead, a full installation of the operating system is required: n n n n n n n
MS-DOS Windows 3.x Windows 3.1x Windows 95 Windows NT Server 3.51 Windows NT Server 4.0 Windows 2000 Server
For More Information For more information about the Windows XP architecture, consult the following references: n
Microsoft KnowledgeBase: A compilation of questions to and answers from the Microsoft technical support operation. It is available online at http:// support.microsoft.com, but is also included on CD with a TechNet subscription.
n
Microsoft Windows XP Web site: http://www.microsoft.com/WindowsXP. TechNet: A monthly, CD-based technical subscription service from Microsoft that includes most Resource Kits and related software, service packs, a KnowledgeBase, and a great deal more useful information. For information about obtaining a subscription and access to online information, you can register for the TechNet Subscription CD online at http://technet.microsoft.com. Windows XP Resource Kit. Microsoft Press, October, 2001. ISBN: 0735614857, or online at http://www.microsoft.com/WindowsXP/pro/techinfo/ productdoc/resourcekit.asp.
n
n
2 Common Windows XP Administrative Utilities
M
ICROSOFT WINDOWS XP INCLUDES SEVERAL UTILITIES to aid system configuration and administration.These tools are accessed via the Administrative Tools folder in Control Panel.This chapter takes a look at the Windows XP administrative tools as well as several third-party tools that can make maintaining a Windows XP system a little easier.
What Administration Really Means Keeping a Windows network functioning encompasses many activities, ranging from maintaining user accounts to configuring security, monitoring network traffic, correcting system problems, and enabling local and remote access.The number of tasks required to keep a network up and running is directly related to its size and complexity. For example, all networks require managing user accounts, applying security controls, and backing up data. Other networks might also require remote access management, performance monitoring, and error tracking. Administration really means planning the network, mapping out configurations, implementing decisions, and monitoring network activity over time. As the network grows, you need to adjust various settings and configurations to support the changes.You might find that your original decisions sustain a growing network adequately, or you may need to make adjustments unexpectedly. In either case, vigilance is your primary asset for sustaining the network. To minimize downtime, you must anticipate problems that are likely to occur and correct problems when they occur.That’s why it’s so important to learn your system, understand your tools, and plan. Otherwise, you could find yourself working over the weekend or pulling an all-nighter to get the network running smoothly again.
26
Chapter 2
Common Windows XP Administrative Utilities
Administering a Windows XP System Not all administration takes place at the network level. Individual systems on a network require at least some of the same administrative tasks, if not more.Windows XP system administration is a task-based responsibility that requires you to rely on the tools and utilities at your disposal. If you are unfamiliar with your tools, you cannot perform the required tasks. Just as a handyman needs the right tool for a job, you need to know which tools can perform which functions. In the following sections, we walk you through the administrative, management, monitoring, and related tools included with Windows XP. In addition to reviewing the discussion in this chapter, you should take the time to work with the tools themselves. Hands-on experience is invaluable and cannot be replaced.You might also want to review the tools’ online help documentation as well as materials from the Windows XP Professional Resource Kit,Windows 2000 Server Resource Kit, and TechNet (discussed in the following sidebar, “Microsoft Resources”). Microsoft Resources The resources Microsoft provides are among the best for product documentation, troubleshooting information, and general, all-around information. Following are two items you cannot live without: n
Microsoft Technical Information Network (TechNet). A monthly CD-based publication that delivers numerous electronic titles on Windows products. Its offerings include all the Microsoft Resource Kits (see next bullet), product facts, technical notes, tools, utilities, the entire Microsoft KnowledgeBase, service packs, drivers, and patches. A single user license to TechNet costs $299 per year (TechNet Plus, which includes Beta versions of Microsoft products, costs $429), but it is well worth the price. For more details, visit http://www.microsoft.com/technet/ and check out the information under the TechNet Subscription heading in the About TechNet menu entry.
n
Microsoft Resource Kits. These kits are available on nearly all major products from Microsoft. The Microsoft Resource Kits are essential references for Windows information. The book sets come with CDROMs that contain useful tools. Visit http://mspress.microsoft.com for additional information on the resource kits. The Windows 2000 Server Resource Kit contains eight volumes and nearly 7,300 pages.
Additional resources that provide information about Windows XP are also available. For instance, a quick search at http://www.amazon.com using the phrase “Windows XP” turns up a list of more than 100 additional references on this subject.
The Control Panel and Administrative Tools The Windows XP Control Panel is the folder containing the majority of the tools you use for system configuration and administration.The common tools you use for administration of Windows XP are contained in a subfolder of Control Panel aptly named Administrative Tools.
The Control Panel and Administrative Tools
Note You must have administrative rights to use all the tools mentioned in this chapter.
To determine whether Control Panel is displayed on your Start menu, follow these steps: 1. Right-click the Start button and select Properties. 2. Click the Customize button in the Start Menu tab. 3. In the Customize Start Menu dialog box, click the Advanced tab (see Figure 2.1).
Figure 2.1 Customizing the Start menu properties.
In the Start Menu Items section, you have three choices that control how you access Control Panel: n
Display as a Link. This option places a Control Panel icon on your Start menu. Clicking this icon opens the Control Panel folder.
n
Display as a Menu. This option places a Control Panel icon on your Start menu. Clicking or hovering over this icon displays a submenu, listing all the icons contained in the Control Panel folder.
n
Don’t Display This Item. The Control Panel icon is not displayed.This option is useful on shared machines where you don’t want inexperienced users fiddling with the system configuration.
Farther down in the same list box are similar options available for the Administrative Tools folder: n
Display on the All Programs Menu. This option places the Administrative Tools icon on your All Programs section of the Start menu. Clicking this icon opens the Administrative Tools folder.This is similar to the configuration in Windows 2000.
27
28
Chapter 2
n
n
Common Windows XP Administrative Utilities
Display on the All Programs Menu and the Start Menu. This option places the Administrative Tools icon on the Start menu and the All Programs menu. Clicking or hovering over this icon displays all the icons in the folder (see Figure 2.2). Don’t Display This Item. The Administrative Tools icon is not displayed.This option is useful on machines that will be used by inexperienced users.
Figure 2.2 You can configure the Administrative Tools to be displayed on the Start menu.
Of course, you’re probably wondering how you can access Control Panel or Administrative Tools if the tools’ icons are not displayed. Microsoft has provided a way for the system administrator to open the folders from the command line. Control Panel can be opened by entering control on the command line. Most applets and folders in Control Panel can be opened by entering the commands listed in Table 2.1. Table 2.1 Commands to Open Control Panel Applets Command
Folder or Applet
control
Opens Control Panel Opens the Administrative Tools folder Opens the Add Hardware applet
control admintools control hdwwiz
The Microsoft Management Console: Where Management Begins
Table 2.1 Continued Command
Folder or Applet
control appwiz
Opens Opens Opens Opens Opens Opens
control timedate control desk control inetcpl control netconnections control sysdm
the Add or Remove Programs applet the Date and Time applet the Display applet the Internet Options applet the Network Connections applet the System applet
To see a complete list of the Control Panel applets that can be started from the command line, look in the %systemroot%\system32 folder for files with the .cpl extension. For more information, consult the Microsoft KnowledgeBase article “How to Open Control Panel Folders from the Command Prompt.” Note The number of items in Control Panel and the Administrative Tools folder varies by machine, depending on the installed hardware and software options. .
For more information on working with the applets and utilities in Control Panel, see Chapter 8, “Windows XP Control Panel Utilities,” p. 151.
The Microsoft Management Console: Where Management Begins When Microsoft released the Windows NT Option Pack version 4.0, it introduced the Microsoft Management Console (MMC).The Microsoft vision was that it would become the de facto tool for administration in future versions of Windows NT.This vision has become a reality in Windows XP. What makes the MMC different from earlier versions of Windows NT administration tools is that it performs none of the administration tasks. Instead, it is simply a shell into which administration tools can be added, modified, and removed. As you can see in Figure 2.3, when the MMC is started (by issuing the mmc.exe command), a blank window opens.
29
30
Chapter 2
Common Windows XP Administrative Utilities
Figure 2.3 The Microsoft Management Console window allows you to create a custom console for managing Windows XP.
The administrative tools that can be added to the MMC are known as snap-ins.The capability to pick and choose which administrative tools a console will have makes MMC extremely flexible, especially in an environment in which several administrators perform different tasks. Each administrator can create (or have the system administrator create) an MMC that has only the tools he or she requires. For example, Sue is responsible for monitoring server performance, the event logs, and the Domain Name System, and Joe’s job is to create users and groups and set security policies for users.To create Joe’s MMC, follow these steps: 1. Click Start, Run, type mmc in the Open text box, and click OK to open the MMC window. 2. Choose File, Add/Remove Snap-In from the menu, and click the Add button. 3. Select the Group Policy Snap-In, and click the Add button to launch the Select Group Policy Object Wizard. 4. Specify whether the Group Policy is for this computer or another computer, and click the Finish button. 5. Select the Local Users and Groups Snap-In, and click the Add button. 6. Specify the target machine for the snap-in, and click the Finish button. 7. Click the Close button. 8. Click OK.The MMC shown in Figure 2.4 should appear. You can access the rest of the tools covered in this chapter through their own administrative tool or by creating a custom MMC and adding the corresponding snap-in.
Computer Management
Figure 2.4 You can customize the MMC to suit your administrative needs.
Computer Management The Computer Management snap-in comes populated with the following commonly used administrative tools (see Figure 2.5): n n n n n n n n n n n
Event Viewer Shared Folders Local Users and Groups Performance Logs and Alerts Device Manager Removable Storage Disk Defragmenter Disk Management Services WMI Control Indexing Service
Note This list can change depending on the machine’s configuration. For example, IIS will appear if it is installed on the machine.
31
32
Chapter 2
Common Windows XP Administrative Utilities
Figure 2.5 The Computer Management snap-in provides a central location for most administrative tools.
The purpose of the Computer Management snap-in is to group a selection of Windows utilities in a single MMC that can be connected to a local or remote computer.To connect the Computer Management snap-in to a remote computer, follow these steps: 1. Click Start, Control Panel, Administrative Tools, Computer Management to open the Computer Management snap-in. 2. In the left pane, right-click Computer Management. 3. Click Connect to Another Computer from the shortcut menu to open the Select Computer dialog box. 4. In the Select Computer dialog box, click Browse to locate the other computer, or enter its name. 5. Click OK.
Event Viewer The Event Viewer in Windows XP is available in the Computer Management snap-in or as a standalone MMC snap-in (see Figure 2.6).This Windows XP utility records information about various system occurrences. As in previous versions of Windows, there are three log files: System, Security, and Application.These three logs still exist in Windows XP, but the Event Viewer has been expanded to allow other components or third-party applications to use the Event Viewer as the global location for log files.The logs appearing in your installation of Windows XP will vary depending on the components that are installed. DNS, for example, maintains its own log in the Event Viewer.
Computer Management
Figure 2.6 The Event Viewer shows information on application, security, and system events.
All Windows XP systems have at least the three logs mentioned earlier, described in the following list: n
The System log file records events related to system operation, most often associated with device drivers and services.
n
The Application log file records events related to applications, programs, and utilities, not native Windows XP tools.
n
The Security log file records events related to security and auditing.The Security log does not record any information until an audit policy is enabled.
Anyone can view the System and Application logs, but only administrators can view the Security log.To view a log file, select it from the list in the left pane of the window. .
For information to be recorded in the Security log, auditing must be turned on and configured. For complete details on Windows XP security, see Chapter 25, “Managing System Security,” p. 565.
The default settings for logs restrict each log file to a maximum of 512KB and a time period of seven days.When the fixed file size is reached, events older than the specified day length are overwritten by new events. If you need to retain events for longer periods, you should increase the file size and day limit.You can change these options by right-clicking the log and selecting Properties from the shortcut menu. Each log file has its own size and day limit settings. You can view log files from a remote system on your network by choosing Action, Connect to Another Computer from the menu. Being able to diagnose a system remotely via Event Viewer instead of having to sit at the other computer’s keyboard simplifies your administrative tasks.
33
34
Chapter 2
Common Windows XP Administrative Utilities
You can save logs to a file or use them with other applications.When saved, they get the .evt file extension.You can load the .evt file type into another Event Viewer.The log’s .txt file can be in standard monospace-columned or comma-delimited format. Use the View, Filter command to quickly locate events of a certain type or those pertaining to a particular source, category, user, computer, or event ID.To search through the selected log’s contents for an event by keywords, use the View, Find command. A handy feature of the Windows XP Event Viewer is its capability to sort logs based on the columns displayed in the utility. For example, to sort the logs based on event ID, simply click on the Event column heading in the pane on the right. If you don’t understand an error message, write down the event ID.You can use it to perform a search using the Microsoft KnowledgeBase at http://support. microsoft.com.The articles in the KnowledgeBase can sometimes be useful in figuring out a problem or at least giving you more information to work with. Event Viewer can record a significant amount of useful, if not vital, information, but extracting or even locating the data in the log files can be daunting.You might want to invest in an intrusion detection solution that can automatically and semi-intelligently scan Event Viewer.These tools look for patterns of system failure, intrusion, or degradation and report the findings to you in a concise format. Please look for recommendations in the “Third-Party Administrative Utilities” section at the end of this chapter.
Shared Folders The Shared Folders MMC snap-in in Windows XP is available in the Computer Management snap-in or as a standalone MMC snap-in, accessed by typing fsmgmt.msc at the command line.The Shared Folders utility enables you to manage file shares, not only on your machine, but on any machine on the network to which you have the appropriate rights (see Figure 2.7).
Figure 2.7 You can manage file shares from the Shared Folders MMC snap-in.
Computer Management
When you connect to a computer, either your local computer or a remote computer, all the shared folders are displayed.You can right-click on a folder to display a list of options, such as stopping sharing or configuring the folder’s properties.The properties for the folder include share security and the number of users who can access it concurrently. You can also create a new file share and add security options by right-clicking a folder and selecting Sharing and Security from the shortcut menu. Some of the shares are displayed with a name ending in a dollar sign. (For example, a hidden C drive appears as C$.) These are administrative shares that the operating system has created. Any share name ending in a dollar sign is invisible to the browse list.You can use this dollar sign character in shares that you create but want to keep hidden from most users. Any users who need to connect to one of these shares have to know the name because they won’t be able to locate it via browsing. You can use the Sessions folder to view all the users who are connected to your computer.The following statistics are displayed: n n n
n n n n
User. The user who is connected. Computer. The name of the computer the user is on. Type. The type of client connected to the share—Windows, Macintosh, or NetWare. #Open Files. The number of files the user has open. Connected Time. The length of time the user has been connected. Idle Time. The length of time the user has been inactive. Guest. Yes or No notes whether the user is connected as a Guest.
You have the option of disconnecting all users from the sessions.You use the Open Files folder to view lists of open files, named pipes, or active print jobs. As with the open sessions, you have the option of disconnecting all users listed in the Open Files folder. Fortunately, if you right-click the Shared Folders item, you get the option to send a console message to connected users.This option enables you to warn them that they are going to be disconnected, thus allowing them to save their work.
Local Users and Groups User management in Windows XP differs from that in Windows NT. In Windows NT, you used one of two tools: User Manager or User Manager for Domains. User Manager was used on Windows NT workstations or Windows NT standalone servers to control user and group information, whereas User Manager for Domains was used on domain controllers to control user and group information for the domain.The tool you use in Windows XP varies depending on your configuration. In Windows NT, User Manager and User Manager for Domains were essentially the same tools, but in Windows XP, they are radically different.
35
36
Chapter 2
Common Windows XP Administrative Utilities
In Windows XP, you use either the Local Users and Groups or the Active Directory Users and Groups administrative tools.This section introduces both, but concentrates on the Local Users and Groups tool. .
Windows XP includes the User Accounts utility, which can also be used to create and manage group and user permissions. For a complete description, see Chapter 8, “Windows XP Control Panel Utilities,” p. 151.
These two tools are the administration methods you use to perform the following functions: n n
Manage user accounts Manage groups
In Windows XP, the Local Users and Groups administration tool is found as one of the snap-ins in the Computer Management snap-in (see Figure 2.8).
Figure 2.8 You manage user and group settings from the Local Users and Groups administration tool.
Local Users and Groups is an extremely simple tool. One of its helpful features is the capability to create Taskpad views.These views enable you to modify the tool’s interface to simplify creating and configuring users. Figure 2.9 illustrates a Taskpad view of the Users container. Notice that the tasks of creating a user, deleting a user, renaming the user account, setting the password, and viewing the user’s properties are now simple buttons. When you are in a quandary about what to do with old user accounts, we recommend disabling rather than deleting them. Deleting a user account completely removes it from the system, which means it never existed. Even if you created another account with the same name and permissions, it would still have a different security ID (SID) and Windows XP would treat it as a different account.
Computer Management
Figure 2.9 A Taskpad view of the Users container.
In addition, if you need to perform a security audit or create a duplicate account, you’ll be unable to do so with a deleted user account. By disabling the account, however, you not only remove it from use, but also retain it for security audits and to be used as a template if duplicates are required. When giving a user membership in a group, be sure to think about the results of multigroup membership. In some cases, you might overlap group purposes, which can result in granting some users too much access. Also, if you use the No Access setting, you could end up blocking access to someone who legitimately needs it.
Performance Logs and Alerts The Windows XP Performance Monitor is known simply as “Performance” on the Administrative Tools menu.The Performance utility is Windows XP’s built-in investigation tool. Although it has some limitations and few automated capabilities, it is a useful tool in a system administrator’s arsenal.The Performance utility can measure the operations of a standalone system or an attached network, or it can manage measurements from multiple remote systems. The Performance utility is actually a combination of two MMC snap-ins (see Figure 2.10). One, the System Monitor, is available only by accessing the Performance utility. The other, Performance Logs and Alerts, is available via any MMC console. Take a look at the System Monitor component to see how both real-time and historical measurements operate.This component is used to view real-time measurements (refer to Figure 2.10) or to review data stored in a log file. Each counter is displayed as a colored line. Multiple counters from the same system or from remote systems can be viewed simultaneously. The Performance Logs and Alerts section has three containers: Counter Logs,Trace Logs, and Alerts.The Alerts container, shown in Figure 2.11, is used to define threshold alerts. An alert is issued when a specific counter crosses a defined threshold value.When this occurs, a trigger event is initiated.
37
38
Chapter 2
Common Windows XP Administrative Utilities
Figure 2.10 The Windows XP Performance utility enables you to monitor system efficiency.
Figure 2.11 Use the Windows XP Alerts container to view information about system events that triggered an alert.
Although threshold alerts can be used with real-time measurements or historical log files, they are most often used to monitor systems in real time.You can set an alert to notify you when a specific event or condition occurs, such as low disk space, swap file usage, and task queues for network cards and CPUs. Any of these items can point to a current or potential system problem. .
The Performance utility is a tool no system administrator can live without. For more information, see Chapter 22, “Tuning and Optimizing Windows XP,” p. 485.
Computer Management
Disk Management Like the Local Users and Groups tool, Disk Management is available in the Computer Management snap-in or as its own snap-in (as diskmgmt.msc). Disk Management is the primary tool for managing partitions (see Figure 2.12).When you add a new hard drive to your computer, use Disk Management to create primary and extended partitions and logical drives and to assign drive letters.You can also use Disk Management to create simple volume and striped volumes (RAID).The Windows XP versions of Disk Management cannot create fault-tolerant disk configurations. Only the Server versions of Windows 2000/.NET can create mirrored volumes, duplexed volumes, and RAID-5 volumes.
Figure 2.12 You can monitor and manage disk space in the Disk Management utility.
You cannot alter the boot or system partitions with the Disk Management tool. If you try to format or delete the partition where key Windows XP files reside, an error is displayed and the tool won’t allow the operation to take place. However, there is no such protection for other partitions. Be careful not to destroy partitions containing important data. A new type of disk was first introduced with Windows 2000: the dynamic disk. Any disk formatted before Windows 2000 is known as a basic disk. Disks can be converted from basic to dynamic and back. However, the only way to convert a dynamic disk back to basic requires repartitioning it, which means you lose your data.To convert a basic disk to a dynamic disk, right-click it in Disk Management and select Convert to Dynamic Disk from the shortcut menu. Dynamic disks can be moved from one system to another without reconfiguring them. For example, a RAID-5 volume created on one system can be imported by another without requiring a system reboot.
39
40
Chapter 2
Common Windows XP Administrative Utilities
The following operating systems cannot access dynamic disks locally: n n n n n
DOS Windows Windows Windows Windows
9x Me NT XP Home Edition
However, these operating systems can access a dynamic disk over the network. Unlike the disk utilities used in the Windows 9x and NT families, most operations can be completed without a reboot.
Services Like the Local Users and Groups tool, Services is available in the Computer Management snap-in or as its own snap-in (see Figure 2.13). Services is the tool used to manage system services.
Figure 2.13 The Services tool.
A service is a background task or application that runs without user intervention.These are typical services: n n n n n
Mail servers Database servers Web servers Print spoolers Security managers
Computer Management
The Services tool enables you to perform the following functions on a service: n n n n n n
Start Stop Pause Resume Restart Disable
You can use the Services tool to manage services on a local or remote computer and configure the account that each service uses to log on to the system. Depending on the type of service, it can be the Local System account or an account with domain privileges.The tool also enables you to configure what recovery actions to take if the service should stop unexpectedly. For example, if a service fails, you can configure it by right-clicking the service, and selecting one of the following from the Recovery tab (see Figure 2.14): n n n n
Taking no action Restarting the service Running a selected program Restarting the computer
Figure 2.14 You can configure recovery settings in the Recovery tab of a service’s Properties dialog box.
In addition, you have the option to configure the service’s characteristics for each hardware profile in the Log On tab.This feature is useful when configuring services for laptop users who spend part of their time roaming and part in a docking station.
41
42
Chapter 2
Common Windows XP Administrative Utilities
System Information The old Windows Diagnostics tool has been completely redesigned for Windows XP (actually, it was adopted from Windows 98) and is now known as the System Information tool (see Figure 2.15). It still contains the read-only information that its counterpart did (only in much more detail).The tool contains information about the hardware and environmental configuration of Windows XP systems.This MMC snap-in contains six different sections, described in Table 2.2.
Figure 2.15 The System Information tool enables you to view information about hardware, software, and other system components.
To access System Information, perform the following steps: 1. 2. 3. 4.
Click Start, Help and Support. In the Help and Support dialog box, click the Support button. Click the Advanced System Information link in the left pane. Click the View Detailed System Information (Msinfo32.exe) link in the right pane to open the System Information tool.
Table 2.2 System Information Sections and Details Section Name
Details Provided
System Summary Hardware Resources
Displays an overview of the system’s configuration Contains information on system interrupt requests (IRQs), I/O ports, direct memory access (DMA) channels, and memory Contains all the devices (hardware-wise) installed in the system and their configuration and settings
Components
Backup
Table 2.2 Continued Section Name
Details Provided
Software Environment
Contains the program groups, services, drivers, tasks, and startup programs existing on the system Contains all the properties and settings for Internet Explorer 5 Contains the application-specific information stored on the system
Internet Settings Applications
You cannot use the System Information tool to change or modify any displayed settings, but simply being able to view these items can help locate problems quickly.This tool also includes several utilities for diagnosing and troubleshooting your system: n n n n
n
Dr. Watson. A tool for capturing the error output of failed applications. DirectX Diagnostic Tool. A tool for troubleshooting DirectX installations. Net Diagnostics. Displays and diagnoses network connections on the system. File Signature Verification Utility. Ensures that applications and drivers are signed as tested with Windows XP. System Restore. Restores your Windows XP system to a previous state.This tool collects configuration information at specified intervals so that the system can be restored to that point in case of a failure. See Chapter 26, “Managing System Recovery,” for additional information on system restoration.
Backup Windows XP includes an advanced built-in backup tool. Microsoft opted to license software from Veritas Software (formerly Seagate Software) instead of developing the backup program. Although Backup is a big improvement over the previous versions included with Windows, it still has some limitations. Backup comes with the Backup or Restore Wizard that automates the process of backing up the following items: n
n n
Documents and settings for the current user, including the My Documents and Favorites folders, the contents of the desktop, and cookies Documents and settings for all users All information on the computer (also prompts you to create a system recovery disk)
The Backup or Restore Wizard includes an option allowing you to select what to back up.
43
44
Chapter 2
Common Windows XP Administrative Utilities
Scheduling backups with the native backup utility no longer requires the use of the Task Scheduler service.You no longer need to use the AT.EXE and WINAT.EXE utilities to schedule the backup. Instead, you simply click the Schedule Jobs tab and configure the backup (see Figure 2.16).
Figure 2.16 Scheduling backup jobs in Windows XP.
Aside from its ability to back up and restore files (including the Registry) to and from non-tape devices, such as floppy disks, Zip disks, Jaz disks, or hard drives, and to schedule these tasks, Backup includes a new feature, the Automated System Recovery Wizard. .
For more information about working with Windows Backup, see Chapter 20, “Windows XP Backup and More,” p. 437.
The Automated System Recovery Wizard enables you to create a disk containing the configuration settings for your computer.This disk, along with a media backup of your computer, will allow you to recover from a disaster. When selecting a third-party backup solution, make sure it exhibits the following features: n n n n n n
Backs up to tape, disk, floppy, and other media types Backs up and restores local and network resources Backs up and restores local and remote Registries Includes internal automation and scheduling of backups Fully supports Windows XP security, including Active Directory Supports backup tape locking, encryption, or other media security features
With these requirements, you are sure to find a backup product that meets your needs and can keep up with an expanding network. Note that many backup programs are
Third-Party Administrative Utilities
rated as “enterprise solutions.”This term is often used to indicate that the product can support a large network.You might also notice that these products have a price tag of over $1,000.That doesn’t mean you’ll have to shell out that much money to obtain good backup software.You should take the time to shop around. For example, Backup Exec from Veritas has a desktop version available online for under $100. You’ll find specific third-party backup utility recommendations in the next section.
Third-Party Administrative Utilities A number of third-party utilities are available to simplify the administration of Windows XP.There are commercial products as well as a wide variety of shareware and freeware utilities.We recommend the following backup software: n n n
According to Microsoft, NTFS partitions are not accessible from MS-DOS or nonWindows NT/2000/XP operating systems. However, several third-party utilities and file drivers are available that make such access possible. Reading data from NTFS partitions was previously restricted to Windows NT/2000/XP. Now, with NTFSDOS from Systems Internals, you can read, rename, and even copy over files from an NTFS partition (providing the new file is exactly the same size) using MS-DOS.You can download this tool from the Systems Internals Web site at http://www.sysinternals.com/. Caution Note that use of these tools opens a potential security risk. Both tools enable you, or any other user, to bypass the security on NTFS files.
Note In addition to NTFSDOS, Systems Internals offers many other great tools. You should take the time to review this site and all the utilities available.
For More Information If the information about Windows XP native administration tools in this chapter has increased your desire to learn more, here are some resources you can research: n n
n
Microsoft TechNet: http://www.microsoft.com/technet. Microsoft Windows XP Professional Resource Kit. Microsoft Press, 2001. ISBN: 0735614857. Microsoft Windows 2000 Server Resource Kit. Microsoft Press, 2000. ISBN: 1572318058.
3 The Windows XP Layout
W
HEN COMPARED TO OTHER MICROSOFT operating systems,Windows XP has many important differences, ranging from capabilities to functions and security, but one rarely discussed area is the layout of Windows XP files and components.
Note Although the terms folder and directory are synonymous, Microsoft typically prefers to use folder. This falls in line with its endeavor to simplify computing for nontechnical users who might more readily understand the concepts of files and folders (like a filing cabinet) rather than files and directories.
This chapter looks at the file and folder structure created by a Windows XP installation, provides a roadmap for important programs, and discusses other issues related to file structure and layout.
Windows XP Directory Structures The Windows XP installation routine makes several changes to your hard drives. Windows XP uses two different partitions to store its information: a system partition and a boot partition.These partitions can exist on a single physical partition or on two physical partitions. Unfortunately, the way these terms are used is the reverse of common sense usage.The system partition is the partition containing the initial bootstrap components and the boot menu.The boot partition is the partition hosting the Windows XP root folder and all operational drivers and files. The boot and system partition files can be located on the same partition, on different partitions, or even on different hard drives. However, the system partition must always be on the first hard drive in the system and must be an active primary partition.The boot partition can be a primary partition or a logical drive within an extended partition.
48
Chapter 3
The Windows XP Layout
System Partition Table 3.1 shows the files contained on the system partition for an x86 computer. Table 3.1 Files Located on the System Partition for an x86 Computer File
Description
NTLDR
Controls the operating system boot selection process and hardware detection before the actual Windows XP Kernel is launched. It requires that boot.ini, ntdetect.com, bootsect.dos (if dual booting), and ntbootdd.sys (if booting on a non-BIOS enabled SCSI drive; that is, scsi() is used instead of multi() in the ARC name in boot.ini) exist in the root system partition. Contains the contents of the boot menu displayed by NTLDR.This file contains the default operating system selection, the timeout period for the selection, and an ARC name or pathname for each listed operating system boot selection. Detects the major components of the computer before NTLDR selects a configuration and loads the Kernel. Present only on dual-boot systems. NTLDR uses this file when the selected operating system is not Windows XP. Bootsect.dos in turn seeks out the OS-specific operating system loader file, such as io.sys for MS-DOS or os2ldr.exe for OS/2. Used only on systems with SCSI drives that do not have on-board BIOS translation enabled. It is a copy of the device driver for your particular SCSI drive. Available if hibernation is enabled on the computer.
boot.ini
ntdetect.com bootsect.dos
ntbootdd.sys
hiberfil.sys
Note When BOOTSECT.DOS is installed using the DOS-mode setup (for example, a Windows 98 startup disk), the file will still appear, even though it is not really a dual-boot system, meaning there is no COMMAND.com to boot into DOS. In this scenario, there is only one OS entry in the boot.ini file, and the boot selection menu does not appear. .
For more information on the boot.ini file, see Chapter 7, “Booting Windows XP,” p. 129.
Other files can appear in the system partition on x86 dual-boot and multi-boot systems. The addition of these files does not affect the function or capabilities of the required Windows XP boot files in the system partition. Installing multiple operating systems on a single computer with Windows XP Professional (or Home Edition) often requires a specific installation order or manual post-installation configuration changes. Both the Microsoft Windows XP documentation and TechNet include detailed articles on
Windows XP Directory Structures
performing multi-boot setups with Windows XP Professional,Windows 2000 Professional,Windows Server 2003,Windows 95,Windows 98, MS-DOS, and OS/2. Multi-booting Windows XP with non-Microsoft operating systems, such as Linux, often requires third-party boot and partition managers. For popular tools, see the “For More Information” section at the end of this chapter. Red Hat Linux contains two boot loaders—LILO and GRUB—that can also be used for a dual-boot configuration with Windows XP. The system partition does not include any folders. It exists as a root folder only with three or more files. Having additional folders in the system partition does not affect the operation of boot files. You might notice that the files in the system partition are among the files found on an Emergency Repair Disk (ERD).This should not be surprising because an ERD is used to restore files to the system partition if these files are corrupted, deleted, or otherwise destroyed.
Boot Partition The directory structure and subsequent files installed into the boot partition are quite a bit more complex than those of the system partition.Table 3.2 describes the five folders created in the boot partition’s root folder (normally the C:\ drive) during the installation of Windows XP. Table 3.2 Folders Created by Windows XP in the Boot Partition’s Root Folder Directory
Description
Documents and Settings
This folder is used to hold the configurations for each user who accesses the system. In Windows NT, this information was stored in the \Windows\profiles folder. This folder is the default installation location for Windows applications. This folder stores all disk permission and security information.
Program Files System Volume Information Recycler
Windows
This is not a true folder; instead, it is the system-controlled temporary repository for deleted files.You can access its contents by launching the Recycle Bin tool from the desktop.Note that this folder does not appear until a file is deleted. This is the main folder containing all the Windows XP system files, and the default folder for Windows XP.
49
50
Chapter 3
The Windows XP Layout
The root of the boot partition is also the default location for pagefile.sys, which is the page file the Windows NT virtual memory system uses. .
For information on how to tune Windows XP performance by placing and configuring the page file, see Chapter 22, “Tuning and Optimizing Windows XP,” p. 485.
Note The file and folder structure discussed in this chapter is derived from a fresh installation of Windows XP on an x86 desktop system with Service Pack 1 integrated. The typical installation method was chosen. No other applications from Microsoft or any third-party vendors were present on the system. That means no additional services or applications were installed from the Windows XP distribution CD, no hotfixes were applied, and Internet Explorer was not updated.
The Program Files folder is home to 16 subfolders: n n
Common Files. This folder contains files shared with the Microsoft applications. ComPlus Applications. This folder contains files used by ComPlus applications. If there are no ComPlus applications installed on your XP machine, this folder will be empty. COM+ builds on the Microsoft Component Object Model (COM) integrated services and features, making it easier for developers to create and use software components in any language, using any tool.
n
Internet Explorer. This folder contains the files and executables for Internet Explorer, a Web-browsing tool.
n
Messenger. This folder contains files and executables for the new Windows Messenger Service.This service combines features found in MSN Messenger with an improved communications infrastructure.
n
Movie Maker. This folder contains the files and executables for the Movie Maker application.
n
MSN. This folder contains the files and executables for MSN Explorer, the new Internet connectivity tool from Microsoft that combines Web, e-mail services, and Internet setup services.
n
MSN Gaming Zone. This folder contains the files and executables for the MSN Gaming Zone.
n
NetMeeting. This folder contains all the files used by Microsoft NetMeeting. Online Services. This folder contains files used to establish Internet connectivity. These files enable you to set up Internet access through MSN or to select another available Internet service provider.
n
n
Outlook Express. This folder contains all the files and executables needed by Microsoft Outlook Express, a simple e-mail application.
Windows XP Directory Structures
n
n
n
n
n
Uninstall Information. This is a hidden folder containing files and information for uninstall services. Windows Media Player. This folder contains the Microsoft Media Player application. Windows NT. This folder contains any applications that have been ported over from other Windows operating systems (such as Pinball).This folder has empty folders in it if the ported components were not selected during installation. Windows Update. This folder contains all the files used by the Windows Update Service. Xerox. This folder contains all the files used by Xerox applications. By default, this folder is empty.
The Windows root-level folder contains an extensive subfolder hierarchy but very few files.The Windows\System32 folder is the main repository of all files required to launch and operate Windows XP.The following files are among those stored in the Windows folder:
n
Wallpaper and tiling images (.bmp) Initialization and configuration files for backward-compatibility with various 16-bit utilities and applications (.ini)
n
Readme, log, and documentation files (.txt, .log, and .wri)
n
The following is a listing of the subfolders under the Windows folder: n n n
Addins. ActiveX controls files. AppPatch. Contains application compatibility .dlls and Appfix packages. Config. Contains configuration .idf files used by the MIDI sound system. Depending on system configuration, this folder might be empty.
n
Connection Wizard. Files used for establishing Internet connectivity. Can be an empty folder.
n
CSC. The Client Side Cache is where contents of mapped network drives are cached so that the contents of these drives will be available offline. By default, this folder contains empty folders.
n
Cursors. Contains static and animated cursor files.You can use these files by configuring the Mouse applet.
n
Debug. Contains .log files that can be used to debug network connectivity and other setup functions.
n
Downloaded Program Files. Contains ActiveX controls and Java applets that have been downloaded from the Internet.
51
52
Chapter 3
n
n n
n
The Windows XP Layout
Driver Cache. Contains a platform subdirectory and a copy of the driver.cab file so that new devices can be easily installed without needing the Windows XP CD. Might contain SP1.cab if installing an integrated copy of the operating system. Fonts. Contains all installed fonts. Help. Contains the help files used by the Windows XP Help system and all its native utilities. Ime. Files to support the Input Method Editor. Provides language support for Windows XP.
n
Inf. Contains the .inf (system information) files used to install software components.This is a hidden folder.
n
Installer. The location for temporary files used by the Windows Installer program. This is a hidden folder.
n
Java. Folder structure for Java files. Media. Contains media files (sound and video) used by sound themes. Msagent. Microsoft agent files, which are software services that support using animated characters in the Windows interface to assist users in manipulating the operating system.
n n
n
Msapps. Contains files for backward-compatibility with applications that use shared components.
n
Mui. MUI (Multilingual-User Interface) Packs give companies flexibility in making language options available to users.
n
Offline Web Pages. Any Web pages designated as offline accessible are stored in this folder, along with any images and other files that go with it.
n
PCHEALTH. Contains files and subfolders to support the Microsoft Help Center Service.These files support all the Windows XP Help services, including features such as Remote Desktop Assistance.
n
Prefetch. Contains the files that XP is tracking for prefetch execution. Caching frequently used files decreases startup time for applications and optimizes XP performance.
n
Registration. Contains files that support COM+ applications. Repair. Contains backup copies of the permanent Registry hives.The NTBackup program updates this directory with the System State option.
n
n n
n
Resources. Contains files to support the user’s shell interface. Security. Contains subfolders and files related to security. Includes log files that define the default security applied during setup and templates for assigning new security privileges. Srchasst. Contains files and subfolders for Search Companion, the updated search assistant included with XP. Includes files to support an indexing function that improves search performance.
Windows XP Directory Structures
n
n n n n
System. Contains 16-bit versions of protected and real mode drivers and .dll files used by applications.These files are provided for backward-compatibility with older applications. Additional 16-bit driver files can be stored in this folder. System32. Contains the core operating system files and subfolder trees. Tasks. Contains scheduled tasks that run without operator intervention. Temp. Contains any temporary files used by the system and applications. Twain_32. Contains files to support Twain technology, enabling a scanner document to be inserted into a file.
n
Web. Contains files and subfolders to support Internet printing and document access.
n
WinSxS. A folder to store the shared components of side-by-side applications. These can be multiple versions of the same application or the same assembly.
The System32 subfolder contains most of the files used by Windows XP.This is the primary storage location for DLLs, Control Panel applets (.cpl), device drivers (.drv), help files (.hlp and .cnt), MS-DOS utilities (.com), language support files (.nls), screensavers (.scr), setup information files (.inf), and a handful of other files used for support, configuration, or operation. The most commonly accessed subfolders in Windows\System32 are described in the following list: n
n n n n
1025, 1028, 1031, 1033, etc. Contains locationization languages files. Most of these folders will be empty.The English language is 1033.The complete list of locale IDs can be found at http://www.microsoft.com/globaldev/ win2k/setup/lcid.asp. CatRoot. Contains security catalog files. CatRoot2. Contains catalog database files. Com. Contains COM object information. Config. Contains the Registry hives used during bootup and is the storage location for the System, Security, and Application log files viewed through Event Viewer. Config now contains a new folder called \systemprofile that holds a standard profile for the local system.
n
DHCP. This is an empty folder used to hold Dynamic Host Configuration Protocol (DHCP) database files if the host becomes a DHCP server.
n
DirectX. Contains files to support the accelerated performance features of game devices.
n
Dllcache. Contains backup copies of the operating system files that are under the Windows File System Protection system.
n
Drivers. Contains driver files (.sys); the \etc folder contains sample copies of the TCP/IP text-based configuration files, such as Hosts and LMHosts files.
53
54
Chapter 3
n n
n n n n n
The Windows XP Layout
Export. This is an empty folder. IAS. If there is no Internet connection capability, this is an empty folder used to hold configuration files for the Internet Authentication Service.This service is typically found on servers. If the machine has a device capable of connecting to the Internet, the IAS folder should not be empty. It will contain two files: DNARY.MDB (used to phrase IAS log files) and IAS.MDB (used to store remote access policies). Icsxml. Contains files for Univeral Plug and Play. IME. Contains files for Input Method Editors. Intsrv. Contains files used by the World Wide Web service.This folder is empty. Macromedia. Contains a subfolder with the Shockwave Flash .ocx file. MsDTC. Contains Microsoft Distributed Transaction Coordinator files that control transaction output and message delivery between two different applications or processes.
n
MUI. Contains Multilingual-User Interface files that are created by applications, such as Service Pack 1.
n
Os2. Contains drivers used by the OS/2 subsystem. NPP. Contains files to support collecting network traffic from an XP PC by a Network Monitor server.
n
n
Oobe. Contains “Out of Box Experience” files that prompt users to complete product activation and registration and to create a new user other than Administrator.This feature is activated only after setup.
n
Ras. Contains the default scripts used by Dial-Up Networking. Restore. Contains a list of files to be monitored and saved to an alternative location in case of file corruption.The System Restore service takes snapshots of the XP system periodically to enable the system to be restored from a previous set of data.This folder also contains the machine GUID.
n
n
Setup. Contains setup files for additional services, such as FrontPage Server Extensions and Microsoft Fax.
n
ShellExt. By default, this folder is empty. Spool. Used by the printing system to store spooled print jobs and related files. The Printers subfolder is used to store spool files.The other folders found here vary based on printer drivers and configuration.
n
n
USMT. USMT stands for User State Migration Tool.This folder contains files to support both USMT and the File and Settings Transfer Wizard. Both tools enable user files and settings to be copied to another PC.
n
WBEM. Used by Web Based Enterprise Management to store its data and executable files and utilities.The Microsoft implementation of WBEM is the Windows
Key Windows XP Executables
n
Management Instrumentation (WMI) Service.With WMI, programmers can create applications that control network devices, using the same commands regardless of platform. Wins. Contains files to support the Windows Internet Name Service (WINS). This folder is empty.
As you can see, the folder structure that the Windows XP setup process creates is quite extensive. If you add services and applications from the Windows XP distribution CD, install service packs and hotfixes, upgrade Internet Explorer, add Microsoft Outlook, or install other Microsoft and third-party applications, this folder structure increases in depth and complexity.
Key Windows XP Executables The range and number of files included in the Windows XP folder structure are enormous. Most of these files are drivers, DLLs, or some type of configuration storage. Driver, configuration, and DLL files sustain the operating environment. However, most of the executable (.exe) files and the MS-DOS utilities (.com) are quite useful.You can launch them from the Start menu or other standard GUI launch site (when applicable), or you can launch them from Windows Explorer, My Computer, or a command prompt or through the Run command from the Start menu.The following sections list the files you can launch manually and briefly describe each utility or application.
Main Windows Root Folder The following executables reside in the main Windows root folder: n
EPLORER.EXE (Windows XP Explorer). Used to interact with the file systems hosted by Windows XP. It is also the program responsible for creating the Start button and associated objects. If you ever lose the desktop, the Start button, and the taskbar, you can usually restore them by pressing Ctrl+Alt+Delete, selecting Task Manager from the pop-up menu, and starting Explorer back up with the Run command, accessed by choosing File, New Task (Run) from the menu.
n
HH.EXE (HTML help). Opens an HTML-based Help window. NOTEPAD.EXE (Notepad). Used to edit text files. REGEDIT.EXE (Registry Editor). A 16-bit Registry-editing tool that you can use to search the entire Registry at once.
n n
n
TASKMAN.EXE (Task Manager). Used to view active applications and processes and view CPU and memory performance.
n
TWUNK_16.EXE (Thunking Server). Allows 16-bit DOS applications to make 32-bit calls.
55
56
Chapter 3
n
n n
The Windows XP Layout
TWUNK_32.EXE (Thunking Server). Allows 32-bit DOS applications to make 16-bit calls. WINHELP.EXE (Windows Help). A 16-bit Windows Help reader. WINHLP32.EXE (Windows Help). A 32-bit Windows Help reader.
Windows\System32 The following list of executables resides in the Windows\System32 folder: n
ACCWIZ.EXE (Accessibility Wizard). Used to configure the different accessibility options of your system.
n
ACTMOVIE.EXE (DirectShow Setup Tool). Part of the the DirectX series of tools. Used for media capture and playback.
n
AHUI.EXE (Application Compatibility User Interface). Used to configure the different accessibility options of your system.
n
ALG.EXE (Application Layer Gateway Service). Used to configure the different accessibility options of your system.
n
APPEND.EXE (Append). Allows applications to open or access files in folders other than the current working, or active, folder by appending the path parameter. This utility is from MS-DOS 5.0.
n
ARP.EXE (ARP). The Address Resolution Protocol command-line utility used to manage the ARP cache on TCP/IP systems.
n
ASR_FMT.EXE (ASR). The Automated System Recovery utility. ASR_LDM.EXE (ASR). The Logical Disk Manager ASR utility. ASR_PFU.EXE (ASR). The Automated System Recovery Protected Files utility.
n n
n
n n n
AT.EXE (AT). Used to schedule tasks to occur at a specific time and date. It requires that the Scheduler service be running. ATIEVXX.EXE (ATI). The ATI Hotkey Polling utility. ATMADM.EXE (ATM). The ATM Call Manager utility. ATTRIB.EXE (Attributes). Displays or changes file attributes (read-only, archive, hidden, or system).
n
AUTOCHK.EXE (Auto Check Disk). Launches automatically during Windows XP bootup if a volume is marked as dirty (has bad clusters, has error blocks, or is otherwise damaged).
n
AUTOCONV.EXE (Auto Convert). Used by the Windows XP setup routine to convert a FAT volume to NTFS.
n
AUTOFMT.EXE (Auto Format). The Auto File System conversion utility.
Key Windows XP Executables
n
n
n
n
AUTOLFN.EXE (Auto Long Filenames). Used by the Windows XP setup routine to repair, copy, or enable long filenames on drives that have been converted from another file system (usually FAT) to NTFS. Also capable of converting long filenames to the 8.3 format. BOOTCFG.EXE (Boot Configuration Tool). A command-line tool for editing the boot.ini file. BOOTOK.EXE (Boot Acceptance). Used with the Last Known Good Configuration process to save the configuration parameters after a successful logon. BOOTVRFY.EXE (Boot Verify). Used with the Last Known Good Configuration process to verify a boot selection.
n
CACLS.EXE (Change ACLs). A command-line utility used to change or edit permissions for files and folders.
n
CALC.EXE (Calculator). A GUI calculator that can act as a standard or scientific calculator.
n
CHARMAP.EXE (Character Map). A GUI utility that displays the characters in each font installed on the system.
n
CHKDSK.EXE (Check Disk). A disk inspection tool that can search for and repair disk errors.
n
CHKNTFS.EXE (NTFS Drive Checker). Used to verify the integrity of Windows XP NTFS partitions.
n
CIDAEMON.EXE (Content Index Filter Daemon). Process that determines which files will be indexed on the hard disk for faster search queries.
n
CIPHER.EXE (Encrypted File System Configuration Manager). A command-line utility used to encrypt/decrypt files and folders using EFS.
n
CISVC.EXE (Content Index Service). The Content Index engine that performs file indexing to improve performance of resource searches.
n
CKCNV.EXE (Cookie Converter). A supporting process that controls how cookies are handled under Windows XP.
n
CLEANMGR.EXE (Disk Space Cleaner). A utility used to remove unused temp files from a hard drive to reclaim used space.
n
CLICONFG.EXE (SQL Server Client Network Utility). Used to configure connections from network clients to SQL servers.
n
CLIPBRD.EXE (Clipboard Viewer). Used to view the contents of the object or data currently copied into memory (also known as the Clipboard).
n
CLIPSRV.EXE (Clipboard Server). The network dynamic data exchange (DDE) clipboard service used by Clipboard Viewer to access objects or data copied into memory.
n
CMD.EXE (Command Prompt). An executable that provides the command prompt (MS-DOS shell interpreter) for Windows NT.
57
58
Chapter 3
n
n
n
n
The Windows XP Layout
CMDL32.EXE (Auto Connection Manager). Tracks network addresses to their appropriate connection destinations to support auto-dial functions. CMMON32.EXE (Connection Manager). The Connection Manager Monitor. CMSTP (Connection Manager Installer). Installs and configures Connection Manager service profiles. COMP.EXE (Compare). An MS-DOS utility used to compare the contents of two files or sets of files.
n
COMPACT.EXE (Compact). A command-line utility used to compress individual files or directories on an NTFS volume.
n
CONIME.EXE (IME Console). The console for the Input Method Editor used to convert non-Arabic letters from a 101-keyboard.
n
CONTROL.EXE (Control Panel). Provides the Control Panel window where all Control Panel applets are displayed.
n
CONVERT.EXE (Convert). Used to convert partitions from FAT to NTFS and from NTFSv4 to NTFSv5.
n
CSCRIPT.EXE (Command Based Script Host). A command-line version of the Windows Script Host that enables you to run previously created VBScript and JScript from the command line.
n
CSRSS.EXE (Client-Server Runtime Server Subsystem). Used to maintain the Win32 system environment console and other essential functions.
n
CTFMON.EXE (CTF Loader). Supports speech recognition, handwriting recognition, and other Alternative User Input services.
n
DCPROMO.EXE (Domain Controller Promotion). Used to promote and demote a Windows NT or 2000 server. Installs Active Directory on the system.
n
DCOMCNFG.EXE (DCOM Configuration). Used to display and configure DCOM settings and configuration.
n
DDESHARE.EXE (DDE Share). Displays the active DDE shares and enables property editing for these shares.
n
DEBUG.EXE (Debugger). A command-line debugging tool. DEFRAG.EXE (Disk Defragmenter). A command-line utility that consolidates files so that they are saved in contiguous locations on the hard disk.
n
n
DFRGFAT.EXE (FAT Defragmentation Tool). Used to defragment FAT partitions.
n
DFRGNTFS.EXE (NTFS Defragmentation Tool). Used to defragment NTFS partitions.
n
DIANTZ.EXE (Cabinet Maker). Allows a file to be compressed and included in a cabinet file.
Key Windows XP Executables
n
n
n n n
DISKPART.EXE (Microsoft Diskpart). A command-line tool for disk management. DISKPERF.EXE (Disk Performance Counters). Used to switch performance counters for the disk subsystem on and off. DLLHOST.EXE (COM+ Server Process). The COM+ process manager. DLLHST3G.EXE (COM Surrogate). A COM+ process component. DMADMIN.EXE (Logical Disk Manager Administrative Service). Runs during hard disk configuration only.
n
DMREMOTE.EXE (Logical Disk Manager). A Logical Disk Manager component.
n
DOSKEY.EXE (DOS Keyboard). An MS-DOS 5.0 keyboard history utility that provides a history of command-line executions and macros.
n
DOSX.EXE (DOS Extender). A virtual DOS machine (VDM) MS-DOS extender for standard mode.
n
DPLAYSVR.EXE (Microsoft DirectPlay Helper). Supports game connections over a modem, the Internet, or a LAN.
n
DPNSVR.EXE (DirectPlay8 Server). A forwarding service for games that have multiple processes using the same IP or IPX port.
n
DRIVERQUERY.EXE (Driver Query). A command-line tool that displays a list of currently installed drivers and associated properties.
n
DRWATSON.EXE (Dr. Watson). A 16-bit GUI application failure-detection and fault-logging utility that watches over the Win16 subsystem.
n
DRWTSN32.EXE (Dr. Watson 32). A 32-bit GUI application failure-detection and fault-logging utility that watches over the Win32 subsystem and native Windows XP applications.
n
DUMPREP.EXE (Windows Error Reporting). A dump reporting tool. DVDPLAY.EXE (DVD Play). A placeholder application. DVDUPGRD.EXE (DVDUpgrd). Upgrades a non-XP compatible DVD decoder.
n n
n
DWWIN.EXE (Microsoft Application Error Reporting). The application used to report errors in Microsoft applications.
n
DXDIAG.EXE (DirectX Diagnostic Tool). A tool for troubleshooting DirectX components.
n
EDLIN.EXE (Edit Line). An MS-DOS–based line editor. ESENTUTL.EXE (Windows XP Database Tools). A collection of tools used to check and repair the Windows XP folder.
n
59
60
Chapter 3
n
n
n
n
The Windows XP Layout
EUDCEDIT.EXE (Private Character Editor). An application that enables you to create up to 6,400 unique characters, such as special letters and logos, for your font library. EVENTCREATE.EXE (Event Create). Allows creating custom events in an event log. EVENTTRIGGERS.EXE (Event Triggers). This application displays and configures event triggers. EVENTVWR.EXE (Event Viewer). The executable for the Event Viewer.
n
EXE2BIN.EXE (Executable to Binary). A programmers’ tool from MS-DOS used to convert .exe files to .bin files.
n
EXPAND.EXE (Expand). A command-line utility used to decompress individual files or folders on an NTFS volume.
n
EXTRAC32.EXE (CAB File Extract Utility). Allows cabinet files to be extracted to disk.
n
FASTOPEN.EXE (Fast Open). An MS-DOS utility that improves performance on systems that have large folders by decreasing the time it takes to open frequently accessed files.
n
FC.EXE (File Comparison). An MS-DOS utility that compares files or sets of files to reveal their differences.
n
FIND.EXE (Find). A command-line utility used to search for a string of characters in a file or files.
n
FINDSTR.EXE (Find String). A command-line utility used to search for a string of characters in a file or files.
n
FINGER.EXE (Finger). A TCP/IP utility used to obtain information about a user account via a remote system.
n
FIXMAPI.EXE (MAPI Repair Tool). Detects and resolves problems with Messaging Application Programming Interface (MAPI) files.
n
FONTVIEW.EXE (Font View). A command-line utility that displays a sample output for a font in a printable GUI window.
n
FORCEDOS.EXE (Force DOS). Instructs Windows XP to launch an application as an MS-DOS utility when it contains the code for both OS/2 and MS-DOS.
n
FREECELL.EXE (Free Cell). A GUI card game. FSUTIL.EXE (FSUtil). A volume management tool. Manages reparse points and sparse files.
n
n
FTP.EXE (FTP). A TCP/IP command-line File Transfer Protocol (FTP) utility used to transfer files between the local system and a remote FTP server.
Key Windows XP Executables
n
n
n
n
GDI.EXE (Graphical Device Interface). A core system component that provides the Win16 Graphical Device Interface API library for backwardcompatibility with Win16 applications. GETMAC.EXE (Get MAC Address). Displays the Media Access Control (MAC) address of the specified system. GPRESULT.EXE (Query RsoP Data). A tool that displays the Group Policies applied to a user or computer. GPUPDATE.EXE (Group Policy Refresh Utility). Manually applies Group Policies after the Group Policy administrator makes changes instead of waiting for the next automatic update.
n
GRPCONV.EXE (Group Convert). Converts Microsoft Windows 3.x and Microsoft Windows for Workgroups Program Manager groups into Start menu items.
n
HELP.EXE (Help). Displays basic and general help information about many Windows XP commands.
n
HOSTNAME.EXE (Hostname). A TCP/IP command-line utility that displays the hostname of the current system.
n
IE4UINIT.EXE (IE Install Utility). The IE 5.0 Per-user Install utility. IEXPRESS.EXE (Self Extracting/Installing Creator). Creates self-extracting or self-installing executable files.
n
n
IMAPI.EXE (CD-Burning COM Service). Manages CD recording using Image Mastering Applications Programming Interface (IMAPI). If this service is stopped, the computer cannot record CDs.
n
IPCONFIG.EXE (IP Configuration). A TCP/IP command-line tool that displays the IP configuration for all installed interfaces and can be used to renew and release DHCP leases.
n
IPSEC6.EXE (Ipv6 Security Configuration Utility). A tool for configuring IPv6 security.
n
IPV6.EXE (Ipv6 Configuration Utility). A tool to install and configure IPv6. IPXROUTE.EXE (IPX Route). A utility used to display and control the IPX routes when using the IPX protocol.
n
n
KRNL386.EXE (Kernel 386). Contains the core Kernel routines for Win16 enhanced mode functionality.
n
LABEL.EXE (Label Drive). A command-line tool used to display, edit, or change a drive’s volume label.
n
LIGHTS.EXE (Lights). Provides the settings for modem status lights in Windows 95/98 by monitoring the COM ports.
n
LNKSTUB.EXE (Win95-Winnt Migration Utility). The Windows 95 side of a Windows 95–to–Windows NT upgrade program.
61
62
Chapter 3
n
n
n
n
The Windows XP Layout
LOCATOR.EXE (Locator). Adds support for Remote Procedure Calls (RPCs) to the Windows XP environment. LODCTR.EXE (Load Counters). Used to add new counters to Performance Monitor. LOGAGENT.EXE (Windows Media Player LogAgent). The application that logs errors with Windows Media Player. LOGMAN.EXE (Performance Log Utility). Manager and scheduler for trace logs and performance counters.
n
LOGOFF.EXE (Session Logoff Utility). A utility to terminate a user’s session on the PC.
n
LOGONUI.EXE (Windows Logon User Interface). The user interface that appears when Windows XP first starts.
n
LPQ.EXE (Line Printer Queue). Displays printer queue information on a printer hosted on a Unix system.
n
LPR.EXE (Line Printer). Prints to a printer hosted on a Unix system. LSASS.EXE (LSA Security Service). The Local Security Authority server process.
n
n
MAGNIFY.EXE (Microsoft Magnifier). Magnifies portions of the screen for visually impaired people.
n
MAKECAB.EXE (Cabinet File Maker). Creates .cab files for install packages. MEM.EXE (Memory). A command-line utility that displays the current state of memory.
n
n
MIGPWD.EXE (Migration dll). A Windows 95–to–Windows NT migration utility.
n
MMC.EXE (Microsoft Management Console). A built-in programming interface where most administrative tasks can be added through snap-ins, ensuring the same interface for all administrative functions.
n
MNMSRVC.EXE (NetMeeting Remote Desktop Sharing). Allows authorized users to remotely access your desktop.
n
MOBSYNC.EXE (Offline Web Synchronizer). Synchronizes offline Web sites. MOUNTVOL.EXE (Volume Mounter). Creates, lists, and modifies volume mount points.
n
n n
n
MPLAY32.EXE (Multimedia Player). A GUI multimedia player. MPNOTIFY.EXE (Multiple Provider Notify). Used by the WinLogon service to notify non-Microsoft network servers about security events. MQBKUP.EXE (MSMQ Backup/Restore Utility). A backup and restore utility for Microsoft Message Queuing (MSMQ) service messages.
Key Windows XP Executables
n
n n
n
MQSVC.EXE (Message Queuing Service). A messaging service between source and destination computers running distributed applications. MQTGSVC.EXE (MSMQ Trigger Service). Message queuing trigger service. MRINFO.EXE (Multicast Information). A command-line tool to query a multicast router about its interfaces. MSCDEXNT.EXE (Microsoft CD-ROM Extensions). Provides CD-ROM extensions for the Windows XP environment, enabling data CDs to be accessed just like hard drives.
n
MSDTC.EXE (DTC Console Program). The console for the Distributed Transaction Coordinator (DTC).
n
MSG.EXE (Message Utility). A utility for sending messages to other users. MSHEARTS.EXE (Hearts Network). A multiplayer Hearts card game. MSHTA.EXE (HTML Application Host). The application used to run an HTML Application (HTA) file.
n n
n
MSIEXEC.EXE (Windows Installer). Used to create install packages for applications and programs.
n
MSPAINT.EXE (Microsoft Paint). A basic graphics creation and viewing tool. MSSWCHX.EXE (Onscreen Keyboard Program). Provides keyboard access for mobility-impaired people.
n
n n
MSTINIT.EXE (Task Scheduler Setup). Allows scheduling automated tasks. MSTSC.EXE (Remote Desktop Connection). An application that enables a computer to be accessed remotely.
n
NARRATOR.EXE (Microsoft Narrator). Reads files for people who are hearing impaired.
n
NBTSTAT.EXE (NBT Statistics). Displays NetBIOS over TCP/IP statistics. NDDEAPIR.EXE. The server-side application programming interface (API) for the Network DDE Agent.
n
n
NET.EXE (Network). Used to manage, configure, and view network-related controls, such as NET USE, NET PRINT, NET USER, and so on.
n
NET1.EXE (Network). Another network command utility that performs the same functions as NET.EXE.
n
NETDDE.EXE (Network DDE). A background network DDE provider. NETSETUP.EXE (Network Setup Wizard). A utility to help configure other PCs on your network using a floppy disk.
n
n
NETSH.EXE (Routing and Remote Access Service Configuration Tool). Used to configure RRAS settings.
NLSFUNC.EXE (National Language Support Function). Used to load country-specific language support. NOTEPAD.EXE (Notepad). The Notepad text-editing utility. NSLOOKUP.EXE (Name Server Lookup). Used to display diagnostic and statistical information from DNS servers. NTBACKUP.EXE (Windows NT Backup). The Windows XP Backup executable. NTKRNLPA.EXE (NT Kernel and System). A Windows Kernel component.
n
NTOSKRNL.EXE (Operating System Kernel). The Windows XP operating system Kernel.
n
NTSD.EXE (Symbolic Debugger). A troubleshooting utility that gives a detailed view of the system state at the moment of failure.
n
NTVDM.EXE (NT Virtual DOS Machine). An executable that provides the VDM used to host MS-DOS applications and Windows-on-Windows (WOW— support for Win16).
n
NW16.EXE (NetWare Redirector). The NetWare VDM Redirector. NWSCRIPT.EXE (Netware Logon Script Utility). A tool to allow logons to a NetWare server from a Windows PC.
n
n
ODBCAD32.EXE (ODBC Administrator). Used to administer ODBC connections.
n
ODBCCONF.EXE (MDAC Installer). Used to reconfigure and reinstall Microsoft Data Access Components (MDAC).
n
OPENFILES.EXE (Open Files). Displays and allows disconnects of open files on a system.
n
OSK.EXE (On Screen Keyboard). Displays an onscreen keyboard that can be used to enter information with the mouse.
n
OSUNINST.EXE (Uninstall Utility). A utility to uninstall Windows XP and return to an earlier Windows OS. Can be run from a command prompt in Safe mode.
n
PACKAGER.EXE (Object Packager). Used to create icon links to embedded data for use in documents.
n
PATHPING.EXE (PathPing Command). A command for verifying an IP route that enables the user to specify options to test for along the path.
n
PENTNT.EXE (NT Pentium Test). A command-line tool that tests the system for the Pentium floating-point error.
n
PERFMON.EXE (Performance Monitor). The Performance Monitor executable.
n
PING.EXE (PING). A TCP/IP utility used to test the existence of, or the capability to communicate with, remote systems.
Key Windows XP Executables
n
n
n
n
PING6.EXE (Ipv6 Ping Command). A utility that verifies connectivity to a specific IP address or hostname. PRINT.EXE (Print). A command-line print utility used to send print jobs to a port. PROGMAN.EXE (Program Manager). An alternative shell that can be used in place of Windows XP Explorer. It is the main interface used in Windows 3.x, Windows for Workgroups, and Windows NT 3.51. PROQUOTA.EXE (Profile Quota Manager). An application for limiting the size of user profiles.
n
PROXYCFG.EXE (Proxy Configuration Tool). A command-line tool to view and change your current proxy settings.
n
QAPPSRV.EXE (Query Terminal Server Utility). Identifies terminal servers on the network.
n
QPROCESS.EXE (Query Process Utility). Displays processes running on a machine. Can be sorted by username and other criteria.
n
QWINSTA.EXE (Query Session Utility). Displays session information and related statistics, such as connect and flow control settings.
n
RASAUTOU.EXE (Remote Access Dialer). A program that allows remote dial-up connections between PCs.
n
RASDIAL.EXE (RAS Command-Line Dialer). A client-side user interface. RASPHONE.EXE (RAS Phone). The Dial-Up Networking Phonebook application.
n
n
RCIMLBY.EXE (Remote Assistance). A program used to help another user with a computer problem over the network or Internet.
n
RCP.EXE (Remote Copy). A TCP/IP utility used to copy files between the current system and a remote RSHD (Remote Shell) server.
n
RDPCLIP.EXE (RDP Clip Monitor). A Remote Desktop Protocol component.
RDSHOST.EXE (RDSHost Server Module). A Remote Desktop Service module.
n
RECOVER.EXE (Recover). A command-line utility to recover readable data from a defective drive.
n
REDIR.EXE (Redirector). A Win16 network redirector. REG.EXE (Registry Console Tool). A command-line tool for querying and editing the Registry.
n
65
66
Chapter 3
n
n
n
n
The Windows XP Layout
REGEDT32.EXE (Registry Editor). A 32-bit Registry-editing tool that can set security permissions on Registry keys and values. REGINI.EXE (Registry Initializer). A utility to change Registry values from a command line or script. REGSVR32.EXE (Registry Server). A program for viewing and editing the Registry. REGWIZ.EXE (Registration Wizard). Automates the process of registering your XP operating system.
n
RELOG.EXE (Performance Relogging Utility). Displays performance counter data in other formats.
n
REPLACE.EXE (Replace). A command-line tool used to replace files. RESET.EXE (Reset Utility). A Terminal Services reset utility. REXEC.EXE (Remote Execute). Used to issue commands on remote systems running the REXEC service.
n n
n n
ROUTE.EXE (Route). Used to view and edit the local routing table. ROUTEMON.EXE (Router Console Monitor). A utility that is no longer supported. Refers you to the netsh command.
n
RSH.EXE (Remote Shell). Issues commands on remote systems running the RSH service.
n
RSM.EXE (Removable Storage Manager). Command-line interface for the Removable Storage Manager.
n
RSMSINK.EXE (Removable Storage Manager). Sink layer for the Removable Storage Manager.
n
RSMUI.EXE (User Interface). A Removable Storage Manager component. RSNOTIFY.EXE (Recall Notification). A Removable Storage Manager component.
n
n
RSOPPROV.EXE (RSoP Service Application). A Resultant Set of Policies (RSOP) application. Determines the current policies applied to a particular user or PC.
n
RSVP.EXE (Resource Reservation Protocol). A protocol that sets up a reserved pathway with a specific quality of service for a set of data packets.
n
RTCSHARE.EXE (RTC Application Sharing). A real-time clock component.
n
RUNAS.EXE (Run As Utility). A utility that allows a process to be implemented with a new user ID and password combination.Typically used to run a process or application as an Administrator or other user with higher levels of privileges than the currently logged on user.
Key Windows XP Executables
n n
n
n
n
RUNDLL32.EXE (Run DLL). Used to run DLL files from a command line. RUNONCE.EXE (Run Once). Used to perform tasks as defined in the RunOnce Registry key. RWINSTA.EXE (Reset Session Utility). A utility to reset a hardware or software session. SAVEDUMP.EXE (Save Dump). Saves the contents of memory to a dump file in the occurrence of a STOP error. SC.EXE (Service Development for Windows NT). A service management tool.
n
SCARDSVR.EXE (Smart Card Resource Management Server). Smart Card Server component.
n
SCHTASKS.EXE (Schedule Tasks). A command-line tool for scheduling unattended tasks.
n
SDBINST.EXE (Installer). AppFix and AppHelp installer. SECEDIT.EXE (Security Configuration Manager). Used to set and configure Windows XP security options.
n
n n n n
SERVICES.EXE (Services). Used by Windows XP to manage services. SESSMGR.EXE (Session Manager). A Remote Desktop help session manager. SETUP.EXE (Setup). The Windows Setup tool. SETVER.EXE (Set Version). Used to define the version of MS-DOS reported to an application.
n
SFC.EXE (Windows XP Windows File Checker). Verifies that all Windows XP files are present and of the correct version.
n
SHADOW.EXE (Session Utility). A Session Remote Control utility. SHARE.EXE (Share). An MS-DOS utility used to enable two applications to use the same file.
n
n n
SHMGRATE.EXE. A Windows XP user data migration tool. SHRPUBW.EXE (Shared Folder Creator). Used to create shared folders on a Windows XP system.
n
SHUTDOWN.EXE (Remote Shutdown Tool). Allows shutdowns and restarts on local or remote PCs.
n
SIGVERIF.EXE (File Signature Verifier). Verifies that the selected file is signed and authorized to run under Windows XP.
n
SKEYS.EXE (Serial Keys). A system service that adds support for the SerialKeys feature.
n
SMLOGSVC.EXE (Performance Logs and Alerts Service). An application that allows statistics to be monitored and collected on local and remote PCs.
67
68
Chapter 3
n
n n n n
n
The Windows XP Layout
SMSS.EXE (Session Manager). A session manager used to establish the Windows XP environment during bootup. SNDREC32.EXE (Sound Recorder). A sound recorder application. SNDVOL32.EXE (Sound Volume). A GUI volume application. SOL.EXE (Solitaire). A GUI solitaire card game. SORT.EXE (Sort). A command-line utility that sorts input and writes the results to a file or the screen. SPIDER.EXE (Spider). The Spider solitaire game.
n
SPOOLSV.EXE (Spooler Service). The spooler service for the print subsystem.
n
SPRESTRT.EXE. Used to restore the Registry to restart the GUI-mode portion of the Setup application.
n
STIMON.EXE (Still Image Devices Monitor). Enables a USB still-image device to transfer data.
n
SUBST.EXE (Substitute). An MS-DOS command used to associate a path with a drive letter.
n
SVCHOST.EXE (Service Host). A generic host process for Win32 services. SYNCAPP.EXE (Synchronize Application). A tool used by the Briefcase to synchronize contained files.
n
n
SYSEDIT.EXE (System Edit). A system file-editing utility that opens the system.ini, win.ini, config.sys, and autoexec.bat files in one editor window.
n
SYSKEY.EXE (Windows XP Account Database Manager). Used to secure the Windows XP account database.
n
SYSOCMGR.EXE (Optional Component Manager). The System Standalone Optional Component Manager.
n
SYSTEMINFO.EXE (System Information). Queries a system for configuration information, including hotfix and dynamic patches that have been applied, IP addresses, and so forth.
n
SYSTRAY.EXE (System Tray). The system tray provider. It controls the taskbar and icon tray.
n
TASKKILL.EXE (Kill Process). Ends a process or task on a local or remote system.
n
TASKLIST.EXE (Task List). Displays a list of all running processes on a local or remote computer.
n
TASKMAN.EXE (Task Manager). Used for backward-compatibility with older, non-Windows XP software instead of actually providing access to the Task Manager.
n
TASKMGR.EXE (Task Manager). The Task Manager application.
Key Windows XP Executables
n
n n
n
n
TCMSETUP.EXE (Telephony Client Setup). Used to set up the Telephony configuration on a Windows XP client. TCPSVCS.EXE (TCP Services). The TCP Services provider. TELNET.EXE (Telnet). A Telnet client used to access remote Telnet server systems. TFTP.EXE (Trivial FTP). An alternative FTP program for use over User Datagram Protocol (UDP). TLNTADMN.EXE (Telnet Administrator). Used to configure the settings for the Telnet server under Windows XP.
n
TLNTSESS.EXE (Telnet Sessions Viewer). Displays the currently connected Telnet sessions.
n
TLNTSVR.EXE (Telnet). An application that allows a Telnet terminal session with an online host.
n
TOURSTART.EXE (Windows Tour Launcher). A guided overview of Windows XP.
n
TRACERPT.EXE (Event Trace Report Tool). Provides trace analysis reports from trace logs or data generated by an event trace provider.
n
TRACERT.EXE (Traceroute). Used to identify the route between the local system and a remote system on a TCP/IP network.
n
TRACERT6.EXE (Ipv6 Traceroute Tool). A tool to trace the route a packet would take to get from the source host to the destination host.
n
TSCON.EXE (Session Connection Utility). Attaches a user session to a terminal session.
n
TSCUPGRAD.EXE (Setup Custom Action DLL). The Terminal Services setup component.
n
TSDISCON.EXE (Session Disconnect Utility). A Terminal Services utility for disconnecting a session.
n
TSKILL.EXE (End Process Utility). A utility to terminate a Terminal Services process on a session-by-session basis or for all sessions.
n
TSSHUTDN.EXE (System Shutdown Utility). A Terminal Services utility to perform a controlled shutdown of the server. Includes variables for rebooting or powering down the server.
n
TYPEPERF.EXE (Command-line Performance Monitor). An application that collects performance data and outputs it to a file or display.
n
UNLODCTR.EXE (Unload Counter). Used to unload Performance Monitor counters.
n
UPNPCONT.EXE (UPnP Device Host Container). A Universal Plug and Play component.
69
70
Chapter 3
n n n
n n
n
The Windows XP Layout
UPS.EXE (UPS Service). The uninterruptible power supply service. USER.EXE (Win16 User). A utility for Win16 compatibility. USERINIT.EXE (User Initialization). Used to establish the operating environment for a user after logon. USRMLNKA.EXE (U.S. Robotics Driver Interface). A driver utility. USRPRBDA.EXE (U.S. Robotics Enable/Disable Probe). U.S. Robotics device support utility. USRSHUTA.EXE (U.S. Robotics Shutdown Helper). A U.S. Robotics device support utility.
n
UTILMAN.EXE (Utility Manager). An application for configuring tools for disabled people.
n
VERIFIER.EXE (Driver Verifier Manager). Attempts to determine whether a driver will cause a system conflict by testing its operation.
n
VSSADMIN.EXE (Shadow Copy Service). Command-line interface for the Volume Shadow Copy Service.
n
VSSVC.EXE (Volume Shadow Copy Service). Manages and implements a volume shadow copy for backup purposes.
n
VWIPXSPX.EXE (Redirector). A NetWare redirector component. W32TM.EXE (Windows Time Service). The Windows Time Service diagnostic tool.
n
n
WEXTRACT.EXE (Win32 Cabinet Self Extractor). A component used in extracting cabinet files to disk during setup.
n
WIAACMGR.EXE (Windows Picture Acquisition Wizard). A program that steps you through downloading pictures from a digital device to a file location.
n
WINCHAT.EXE (Windows Chat). A chat tool. WINHLP32.EXE (Windows Help). The 32-bit Windows Help tool. WINLOGON.EXE (Windows Logon). The Windows Logon service. WINMINE.EXE (Mine Sweeper). The Mine Sweeper game. WINMSD.EXE (Windows XP Diagnostics). The Windows XP diagnostics application.
n n n n
n
WINSPOOL.EXE (WOW Spooler). The printer spooler service for WOW (the Win16 subsystem).
n
WINVER.EXE (Windows Version). Displays the current Windows version. WMPSTUB.EXE (Windows Media Player). The Windows Media Player autoplay loader.
n
n n
WOWDEB.EXE (WOW Debugger). The WOW debugger. WOWEXEC.EXE (WOW Execute). Runs Win16 applications for Win32 applications.
Living with Service Packs and Hotfixes
n
n n n n n
n
WPABALN.EXE (Windows Product Activation). Windows Product Activation Balloon reminder. WPNPINST.EXE (Internet Printing). Supports .exe files for Internet printing. WRITE.EXE (Write). A text and rich-text document-editing tool. WSCRIPT.EXE (Script Host). The Windows-based script host. WUAUCLT.EXE (Windows Update). An auto-update client. WUPDMGR.EXE (Windows Update). The Windows Update Manager for NT. XCOPY.EXE (Extended Copy). A command-line utility used to copy files and folders.
The Windows XP Distribution CD The Windows XP distribution CD contains more than just the files for installing Windows XP.There are extra tools, release notes, and value-added software from thirdparty vendors and Microsoft. The root folder of the distribution CD hosts four subfolders. Only one of these folders is a platform-specific version of the setup file. The \Docs subfolder contains documents that should be read before starting your Windows XP setup.There is a Read1st.txt file, a release notes document, and a document describing the setup procedure. The \i386 subfolder contains all the files (mostly in compressed format) that make up the Windows XP operating system.This is the folder the Setup program uses to install the OS. The \Support subfolder contains a \Tools subfolder with many troubleshooting and support tools for Windows XP (such as the Process Resource Monitor and the Quick Fix Application for resolving application compatibility problems with Windows XP). The \Valueadd subfolder contains some sample third-party tools and utilities for Windows XP as well as extra documents, fonts, utilities, and applications from Microsoft.
Living with Service Packs and Hotfixes All operating systems have their share of application fixes and driver updates, and Windows in any flavor is no exception. Microsoft is trying to make applying these fixes a smoother process, however, by continuing to add new features that assist in the update process.The latest feature is called Dynamic Update.You can launch this tool during setup so that critical fixes are applied to drivers that might cause problems during the
71
72
Chapter 3
The Windows XP Layout
setup process. Dynamic Update requires a PC to have an Internet connection to receive the updates. Network administrators on larger networks that are running a deployment cycle have the option of downloading these files to a network share so that large numbers of workstations can be updated at once without affecting wide area network (WAN) bandwidth. The service packs themselves contain only bug fixes. Any product enhancements are available through a different channel, so administrators can install relatively small service packs. Although service packs are expected to be a fairly regular event in the Windows XP world, bugs are detected between releases of these service packs.When the bug could affect the security or performance of systems, Microsoft releases what are known as hotfixes. In the past, hotfixes had to be individually downloaded and installed in a specific order. Beginning with Windows 2000, however,Windows Update is used to automatically detect, download, and install the required hotfixes. The Joys of Slipstreaming Many Windows administrators have learned to live with service packs. It has always been a real battle to get the configuration correct. A common question was “I just installed application X. Do I need to install service pack Y?” This dilemma has disappeared with the introduction of slipstreaming in Windows XP. In a nutshell, slipstreaming modifies the Windows XP distribution files while the system files are being updated. This ensures that the next time the distribution files are used to install an operating system, the system will be up to date with all service packs and hotfixes. This modification to the Windows XP distribution files provides two important items. First, it creates new files that can allow installating the OS with all service packs and hotfixes already applied. Second, it makes it unnecessary to reinstall service packs and hotfixes after adding applications or services to an existing Windows XP installation.
For More Information If the information about Windows XP file layout issues in this chapter has increased your desire to learn more, here are some resources you can research: n
Microsoft TechNet: http://www.microsoft.com/technet.
Following are two popular tools for multi-booting Windows XP with non-Microsoft operating systems: n
n
V Communications System Commander and Partition Commander, located at http://www.v-com.com/. PowerQuest’s Partition Magic (version 7), located at http://www.powerquest. com/.
For More Information
For more information about the tools and utilities found in the main Windows root directory, you can take the following action:
n
Use the help command from a command prompt. Look through the Windows XP Help and Support system. (Select Help and Support from the Start menu.) Use the /? parameter after the utility name from a command prompt. Run or start the program, and then look for help information. Consult the TechNet CD-ROM.
n
Search the Microsoft Web site: http://support.microsoft.com/.
n n
n n
The following tools monitor your system for changes, especially during software installation.You can use the recorded changes to uninstall software and return your system to its previous state: n
n
V Communications System Commander and Partition Commander, located at http://www.v-com.com/. IMSI Software’s WinDelete: http://www.imsisoft.com.
73
II Nuts and Bolts of Windows XP 4
Windows XP and Hardware
5
Keeping Windows XP Current
6
Windows XP Installation and Upgrade Secrets
7
Booting Windows XP
8
Windows XP Control Panel Utilities
9
Introducing the Windows XP Registry
10
Editing the Windows XP Registry
11
Important Registry Keys and Values
4 Windows XP and Hardware
W
INDOWS XP IS BY FAR THE BEST Microsoft operating system in terms of hardware support. It supports the widest and deepest range of hardware of any previous Microsoft OS.The range is wide because it encompasses many new technologies, such as wireless networking, digital photography, CD burning, FireWire (IEEE 1394), video capture, Digital Video Data (DVD) disks, and so forth.The range is deep because it supports both new technology and older or legacy devices. A simple statement by Microsoft program manager Eugene Li summarizes the hardware capabilities: “Buy it, plug it in, and it just works.” Although this is undoubtedly an oversimplification of the process in many cases, it’s not far off the mark.
Windows XP provides users with increased reliability, availability, and scalability of the hardware and drivers it supports. Microsoft has listened to the concerns of its clients and built new features into Windows XP that enable the operating system to remain stable as demands on it increase. Plus, to help extend the hardware compatibility reach of Windows XP, it supports Windows XP designated device drivers,Windows 2000 designated device drivers, and some Windows 98/SE/Me device drivers. Leveraging existing OS-specific drivers allows XP to support a broader range of devices without requiring hardware manufacturers to rewrite their established driver codes.
Plug and Play in Windows XP Windows XP expands upon the popular technology known as Plug and Play (PnP). PnP technology, introduced with Windows 95, is a way for the operating system to automatically detect and recognize devices. Allowing the operating system to control the configuration of devices diminishes the potential for resource setting conflicts.The operating system is able to recognize and adapt to hardware configuration and changes automatically and dynamically. PnP works as a combination of BIOS, hardware devices, system resources, devices drivers, and the operating system.Windows XP supports most PnP devices produced since 1995.
78
Chapter 4
Windows XP and Hardware
When Plug and Play was introduced, it was a novelty, and not without its pitfalls. Many in the industry who spent a good deal of time wrestling with Windows 95 and its PnP features affectionately called it “Plug and Pray.”Windows XP support for PnP is different from the PnP support in Windows 95. PnP in Windows XP does not rely on the Advanced Power Management (APM) BIOS or on the PnP BIOS, both of which were designed for Windows 95.Windows XP incorporates the Advanced Configuration and Power Interface (ACPI) specification.The ACPI specification defines a system board and BIOS interface that extends PnP to include power management and other configurations, which are under the operating system’s control. When a PnP piece of hardware is added to a Windows XP computer, the operating system detects the hardware and installs the drivers, thus saving the user from going through sometimes complicated instructions on installing the device and loading the correct driver. At times, even finding the driver on a manufacturer’s CD/disk can be a challenge.When the operating system finds a new piece of hardware that has been installed, it must first look at its inventory of all the devices currently residing on the system.This inventory is gathered during startup, when it communicates with PnP devices directly and allocates the resources they need to function. When a new device is installed, it is detected in a process called enumeration. After enumeration, if the correct driver is located in the Windows XP driver database, it is loaded and configured without requiring user input. Otherwise, you might have to tell the OS where to locate the required device driver. Internal resources are then allocated, and the other drivers and applications are notified that the new device is installed and available for use. Note When you install a new PnP device, allow Windows XP to detect and configure it. For Peripheral Component Interconnect (PCI) and Industry Standard Architecture (ISA) PnP cards, you must turn off the computer and insert the device. When you restart the system, Windows XP will enumerate the devices and start the PnP installation automatically.
There are numerous benefits to using PnP. It dynamically loads, initializes, and unloads drivers; automatically allocates resources during enumeration; provides a consistent driver and bus interface for all devices; and ensures that the correct drivers are loaded and installed during the automatic installation procedure.The types of devices that Windows XP supports include multiple display support, PC card services, infrared devices, wireless devices, DirectX, pluggable PCI, hot pluggable storage devices, directory-enabled networking equipment, Universal Serial Bus (USB), IEEE 1394 (FireWire), and others. To enable the full functionality of Windows XP PnP, the computer needs to have the ACPI system board. Although Windows XP does work with non-ACPI system boards, the operating system is limited in allocating resources and utilizing the PnP feature set.
Universal Plug and Play
You can still add non-PnP hardware by using the Add Hardware Wizard in Control Panel. If you are installing Windows XP on a PC with non-PnP devices, Microsoft recommends that you remove the devices first, install Windows XP, and then add the devices back by using the Add Hardware Wizard.There are two reasons for this recommendation. First, if two devices are using the same resource settings before the upgrade, it can cause installation problems. Second,Windows XP enumerates and sets the resource settings for PnP devices during installation.When the non-PnP devices are added later, Windows XP will allocate resources to them that do not conflict with other devices. You need to obtain a BIOS update from the manufacturer if you have an ACPI BIOSbased system board and experience any of the following problems: n n
n
You cannot install Windows XP because of an ACPI BIOS error. After you install Windows XP, power management or PnP functionality is not present. After you install Windows XP, power management or PnP is present but does not function properly.
ACPI has a few disadvantages that are worth noting.You lose the ability to manually set device resources in the system BIOS. ACPI also has a tendency to go overboard on IRQ sharing, in spite of Windows XP’s advanced interrupt request (IRQ) handling, which can affect system performance.
Universal Plug and Play Universal Plug and Play (UPnP) is a new technology that extends the capabilities of PnP from the local system to the network. UPnP allows systems to discover and install devices, such as printers and Internet connection sharing services, over a network.This sounds great in theory, but in practice it opens up serious problems. First, UPnP is broken right out of the box. It includes flaws that allow denial-of-service and buffer overflow attacks.When maliciously exploited, the buffer overflow vulnerability can grant someone complete control over a system. Both problems are addressed by a hot fix and by Service Pack 1. However, UPnP is still problematic. UPnP is designed to search a network for devices and to respond to any devices that advertise their presence on a network.Therefore, your Windows XP system can easily become the victim of a denial-of-service attack or any other attack that takes advantage of even the patched functionality of UPnP. To the credit of Microsoft, the Internet Connection Firewall (ICF) included in Windows XP can be used to block UPnP packets from traversing an Internet connection.
79
80
Chapter 4
Windows XP and Hardware
Additionally, many third-party firewall products can block UPnP traffic. If used within a protected network, UPnP can be a useful tool. However, in most business environments, UPnP simply represents another unused feature that reduces usable network bandwidth due to its chatter. You can quickly and easily turn off UPnP with a 22KB tool from Gibson Research Corporation named UnPlug n’ Pray.This tool works as a toggle switch for UPnP. Just run UnPlug n’ Pray and click Disable UPnP to turn it off. If you ever need UPnP, run UnPlug n’ Pray again and click Enable UPnP.To learn more about UPnP and to download the UnPlug n’ Pray utility, please visit http://grc.com/unpnp/unpnp.htm. Alternatively, you could simply block all communication on port 5000 or consider using a proxy server or firewall. .
For additional information on how to secure Windows XP, see Chapter 25, “Managing System Security,” p. 565.
Documenting a Current Hardware Configuration Windows XP Home Edition and Professional are not as picky as other versions of Windows about the hardware they support. However, that is not to say that some devices don’t work better than others (that is, some are more compatible than others) or that some legacy devices are simply not compatible with Windows XP. Some hardware does not function under Windows XP because of the presence of outdated hardware components that are no longer supported or because of driver code that is poorly written, contains errors, or exploits loopholes not present in Windows XP. Although Windows XP hardware support is broader and deeper than any other Windows version, it is not universal or exhaustive. Most users are aware of the many headaches and operating system problems created by faulty hardware. Sometimes it is tempting to buy an inexpensive PCI network card, thinking that all you need to do is push it into the slot, fire the system up, and insert the floppy when asked.The reality, however, is that improper card settings or faulty coding in the driver could knock another item’s resources out.The result is that the other item no longer functions correctly or, worse yet, renders your operating system unusable—all because a programmer did not thoroughly test the code for the driver. Many have suffered through the effects of faulty devices and drivers.You can imagine the shock when the simple job of adding a network card turns into a full-day circus, with the user wanting his computer back and the network administrator scrambling to find recovery disks. For the most part, the operating system has shouldered the blame for problems similar to this. How many service calls have come in from users who are “sick
Documenting a Current Hardware Configuration
of Windows,” when in fact the problem stemmed from a situation unrelated to the operating system? To get a handle on this, Microsoft clamped down on vendors producing additional hardware and drivers so that users of the operating system could focus on the tasks at hand instead of wrestling with hardware and driver-related issues. You should document the current hardware configuration before you install or upgrade to Windows XP and check whether your computer’s hardware meets the operating system’s requirements.You don’t want to buy Windows XP and then find out that it cannot be installed on your computer.You must be certain that you have met the minimum system requirements and have the specific hardware and drivers needed to install Windows XP. By doing so, you can make full use of the strength and power of Windows XP. At this point, you might be asking exactly what information you need to gather before adding new hardware for Windows XP.This is an excellent question, and because each computer is unique in some way, you gather general information first, and then expand on it with whatever additional devices you use. Proper planning before the actual installation of new hardware is vital with Windows XP. If you are planning to upgrade a Windows NT machine or Window 98 machine, more than likely you will need to purchase additional or new hardware before being able to complete the upgrade. If you are upgrading a Windows 2000 or Windows Me system, you are probably already using a system that meets the minimum system requirements of Windows XP, but it doesn’t hurt to double-check. In addition, you need to think about what type of role your computer will play. Is it going to be used as a standalone home system for surfing the Web and doing home accounting? Or will it be a desktop client for a complex network, where it will access locally installed software, such as Office 2000, access network and Internet resources, and interact with network services, such as databases and collaboration systems? Whichever way you decide to go, different resources are needed to fulfill your designs for the PC. A computer that is going to work as a high-end network client requires different types of resources than a home computer. The BIOS is a critical component.Windows XP supports the new ACPI BIOS, and if you have it, your computer can utilize the full features of Windows XP’s PnP.You should note the type of BIOS (APM, ACPI), settings that are enabled or disabled, boot sequence, and PnP settings. Next, take the cover off the PC and get under the hood, so to speak. Note what is inserted into the PCI and ISA slots. Check the modem’s make and speed, and note whether it is internal or external.Take a look at the sound card and network card, and make notes about type and settings.Table 4.1 lists items you should take into account before adding new hardware.
81
82
Chapter 4
Windows XP and Hardware
Table 4.1 Information to Gather Before New Hardware Installation Device
Information to Gather
BIOS PCI ISA PCMCIA/PC Card Modem USB IEEE 1394 FireWire Network card Video Sound card Mouse SCSI controller Processor RAM Hard disk
APM, ACPI, BIOS type, settings, PnP settings What is inserted and in which slots What is inserted and in which slots What is inserted and in which slots Internal, external, make, speed, COM port, IRQ, I/O, bus type What devices are attached What devices are attached IRQ, I/O, DMA, make, version, bus type, connector type Adapter, chipset, memory, make, version, bus type IRQ, I/O, DMA, make, version, bus type Make, port (COM, PS/2, or USB) Make, model, chipset, IRQ, bus type Make, type, speed Amount and type Size, partitions, usage
In addition to these items, it is important to document other hardware, such as network devices (for example, routers, hubs, switches), external devices (cable modems, label printers, audio devices, and so forth), printers, RAID arrays, and so on. Include BIOS and configuration settings for these peripheral devices. As you can see, this is quite a bit of work for just one PC. If you are in charge of a medium to large network, the task can seem overwhelming. In these situations, Microsoft recommends using Systems Management Server (SMS) to analyze your network’s infrastructure, gather the hardware inventory, and automatically report the information to the SMS server. Although going into depth on SMS is beyond the scope of this book, you can find more information about this robust tool on the Microsoft Web site at www.microsoft.com/smserver/.
Planning to Add New Hardware When you need to add new hardware or check whether your system can support Windows XP, proper planning to maximize the benefits of Windows XP is essential. Many have tried to load Windows XP on machines that were not compliant (with either hardware or minimum system requirements, which are covered in “Checking Minimum Requirements and Recommendations,” later in this chapter), and each time ended with an unsuccessful installation.
Documenting a Current Hardware Configuration
One method, which cuts right to the chase, is to simply insert the Windows XP setup CD into your PC.When the menu splash screen appears, click Check System Compatibility, and then click Check My System Automatically to launch the system inspection tool.This tool scans your PC’s hardware and informs you of the results.You will know if you can upgrade your machine as is with this report. If you already own the Windows XP installation CD, this is the best way to verify before installation that your system can support Windows XP. Plus, if you have Internet access, this tool downloads the latest Hardware Compatibility List (HCL; see later in this section) to perform the system check. If you don’t already have the Windows XP CD in hand, there are two other methods you can use to check your computer for compatibility with Windows XP.The first alternative is to manually check every component of your computer against the HCL, which is a database of components that have been tested against Microsoft OS products and deemed supported or not.The HCL is accessed online at www.microsoft.com/hcl/. If you are a subscriber to Microsoft TechNet, you can find the HCL on the monthly subscription CD. If the hardware is not listed, it is not supported, which means that setup could fail when it comes to this particular piece of hardware, or worse, your system can have intermittent problems if it is able to complete the installation with the unsupported hardware. The following list shows what types of information the HCL contains: n n n n n n n n n n n n
CPU (single and multiple) System (motherboards) Storage devices Storage controllers Network devices Video cards Input devices Modems Printers Audio Uninterruptible power supply (UPS) International devices
The second alternative is to use the Upgrade Advisor, a downloadable tool that automatically compares every component in your computer with the HCL. So unless you enjoy the tedious operation of checking the HCL manually, using the Upgrade Advisor is the method of choice.
83
84
Chapter 4
Windows XP and Hardware
You can obtain the Upgrade Advisor from www.microsoft.com/windowsxp/pro/ howtobuy/upgrading/advisor.asp.The tool is about 50MB, so make sure you have a high-speed Internet connection before initiating the download. After the file is downloaded, run it.The Upgrade Advisor contacts the Microsoft HCL Web site and downloads the latest version of the HCL.Then it scans the system hardware, compares it to the HCL, and produces a compatibility report. If you discover that you have components that are not HCL-compliant, there are three courses of action you can take. First, you can remove the non-compliant component and replace it with an HCL-compliant component. Second, you can remove the noncompliant component without replacing it, if that component is not a core system component.Third, you can attempt installation despite the non-compliant component, if it is not a core system component. In some cases, a component may be compatible, but its compatibility testing has not been completed by the Microsoft Hardware Quality Lab (MHQL), which maintains the HCL. In such cases, make sure you have the latest driver from the manufacturer for the component on hand.
Checking Minimum Requirements and Recommendations After you have gathered the information, you can check it against the Windows XP minimum requirements.Table 4.2 gives the minimum and recommended hardware requirements for Windows XP. Table 4.2 Minimum and Recommended Hardware Requirements for Windows XP Hardware
Minimum
Recommended
CPU RAM Hard disk Monitor CD-ROM/DVD drive Keyboard Mouse
233MHz x86 compatible 64MB 1.5GB (space or partition) Super VGA (800×600) Strongly recommended Required Strongly recommended
In addition to these essential core requirements, there are many other peripherals and expansion components you could add. One of the most important items you should consider adding to a bare-bones system is a communications device. It could be a network interface card (NIC) or an Internet connection device (such as a modem, cable modem, DSL modem, ISDN modem, and so forth).Without a communications device, you’ll be unable to connect to the Internet for drivers and updates or to share resources with other systems on a network.
Documenting a Current Hardware Configuration
The key with Windows XP is that the more RAM, processor power, and hard disk space you can give it, the better.The minimum requirements are just that—the absolute minimum level at which Windows XP can operate. If you want a system that operates at an adequate speed, double the recommended requirements, or just put all the power you can afford into the system from the beginning. No matter what you do, don’t skimp on memory.Windows XP gobbles up RAM as fast as you can serve it. Figure 4.1 shows Task Manager’s graphical representation of system resources in use.
Figure 4.1 Task Manager is displaying the amount of memory Windows XP uses.
Although Windows XP works with 64MB of RAM, if you can give it more, do it. Windows XP supports up to 4GB of RAM. Because RAM is relatively inexpensive these days, populate it with as much as you can afford.The same principle applies to the CPU. It is almost a joke to try to load Windows XP on a 233MHz processor, and at the rate AMD and Intel are increasing processor speeds, 300MHz seems low. Although paying for the cutting edge in high-speed technology isn’t cost effective, getting a fast processor improves the responsiveness of the system. So the faster the processor, the better. Hard disk space is yet another fuzzy area. It is hard to even buy a hard disk with less than 20GB of space on it.You can squeeze Windows XP on a partition of 1.5GB, but you will be hampering the operating system, especially if you install lots of software. Although there is no set optimal size of a hard disk or partition for the operating system, allowing for 4GB to 8GB of space is a safe bet. If you don’t have a good reason to partition a hard drive, don’t.
85
86
Chapter 4
Windows XP and Hardware
Tip To install a mass storage controller not listed on the HCL, watch closely for the status line at the bottom of the screen during the early stage of setup that prompts you to press F6. When you do so, you will be guided through the installation process. Be sure to have your driver disks from the manufacturer handy.
It is important to check the HCL for any new technology that you might want to have installed on your Windows XP computer. Check to be sure that the hardware’s brand and make is listed, and if not, return it for one that is. As mentioned earlier, a component might not be listed on the HCL simply because it has not been through MHQL testing. If the manufacturer supplies a Windows XP driver, you may be able to use the component despite its status on the HCL. Although Windows XP setup automatically checks your hardware and software and reports any potential conflicts, thoroughly checking your system’s resources first is better. Gather the information and check it against the HCL. Read through the Read1st.txt file in the \Docs folder on the CD before installation for information that might pertain to your specific configuration or conditions. Other important files to read before installation include the Pro.txt (or Home.txt for Windows XP Home Edition) and RELNOTES.HTM files, which provide information on hardware, networking, applications, printing, and post-installation notes. Note Another alterative to building a Windows XP HCL-compliant system is to purchase a new, prefabricated Windows XP–ready system. Many of the PC vendors offer prequalified systems that are fully Windows XP HCL compliant and ready for immediate deployment. Microsoft maintains a Web area with details on these ready-to-roll PCs at www.microsoft.com/windowsxp/ready/us.asp.
Working with Video Devices With the presence of PnP in Windows XP, the troublesome task of adding a video card and driver is a thing of the past. In fact, the last time hardware installation was difficult for an experienced user was with Windows NT. If you add a new video card that is on the HCL or if you are installing Windows XP, PnP detects and installs the card without user interaction. After installation, you can go to the Control Panel, Display applet and make any adjustments you want to the monitor.You can also use the Display applet to configure a variety of display-related settings, such as changing the display driver, changing the screen resolution and depth, changing color schemes and text styles, viewing changes to the display before they take effect, configuring display settings for each hardware profile, and configuring multiple monitors (up to nine).This chapter covers configuring the display driver.
Documenting a Current Hardware Configuration
A superb feature of Windows XP is the system’s capability to keep incompatible display drivers from preventing access to the system. If a display driver fails to load during startup,Windows XP uses the generic SVGA display driver so that you can start Windows XP and fix the display driver problem. Tip For a monitor to be supported as PnP with Windows XP, the monitor, the display adapter, and the display driver must all be PnP; otherwise, the monitor is detected as “Default Monitor.” Although some devices, such as USB devices, can be hot-plugged, internal adapters should not be taken out while the computer is running. Check the documentation that came with the hardware to verify the correct installation and removal procedure.
You can display, change, configure, or upgrade a display driver in the Control Panel Display applet or through Device Manager. PnP detects the new monitor during startup, and the wizard guides you through the process. After the process is finished, go to Device Manager, and click the Monitors node. Double-click the previous monitor, and click Uninstall to remove it. Display monitors consume a lot of energy, so manufacturers have made attempts to incorporate energy-saving features.Through signals from the display adapter, software can place the monitor in standby mode or even turn it off completely, which can reduce the power the monitor needs. Most of the instruction/guide booklets that come with new monitors list the power-consumption levels.These features have been available for quite some time. Here are some tips to keep in mind when working with the Display applet: n
A solid background color uses fewer resources than a pattern. Likewise, wallpaper backgrounds use even more resources than a pattern. If you need to conserve system resources, stick to a plain/solid background.
n
Screensavers should not be used on a system that needs to be functional 24/7. Screensavers are graphics intensive and use a great deal of resources that other services or applications might need.
Windows XP has a feature called Mode Pruning, which can be used to remove display modes that the monitor cannot support. Mode Pruning compares the graphics modes of the monitor with the adapter, and only modes that are usable to both will be made available.To enable Mode Pruning, follow these steps: 1. 2. 3. 4. 5.
Go to Control Panel (Classic view) and double-click Display. Click the Settings tab. Click the Advanced button and then click the Monitor tab. Select the Hide Modes That This Monitor Cannot Display check box. Click the Apply button.
87
88
Chapter 4
Windows XP and Hardware
If the card is not on the HCL but does state it is Windows XP compatible, you should be able to watch PnP detect the card and apply the settings. If this doesn’t happen, and you are asked for a driver disk from the manufacturer, that might mean the card is not fully PnP compatible.There are few problems when HCL-listed video cards are loaded via PnP. Windows XP should be able to load a specific or a generic video driver to make any PnP video card function. However, many video cards are equipped with special features and capabilities that the generic drivers are unable to access. Review the installation instructions from the video card manufacturer. In many cases, the manufacturer provides an installation CD that installs specific drivers for the video card and OS so that you can take full advantage of the features and capabilities of the new high-end video cards. Tip If you are going to install a device that is not listed on the HCL, be sure to search at least the manufacturer or vendor’s Web site to see whether the device is compatible with Windows XP. In some cases, new hardware is supported by Windows XP but has not yet been added to the HCL.
If you inadvertently make a change and the screen becomes unreadable, follow this keystroke pattern to reboot the system: Ctrl+Alt+Delete, Alt, U, R. During the reboot, press F8 to access the Windows Advanced Options menu.You have to press F8 just after the POST and just before the animated Windows XP screen appears. From the Windows Advanced Options menu, you can select Enable VGA Mode, which boots the system with a generic VGA driver at 800×600 with 256 colors, at which point you can see and access the desktop and readjust your display settings. Tip Although Windows XP installs a driver to make the video card work, it is a good idea to use the driver supplied by the manufacturer, preferably an MHQL-signed driver. Often, the drivers from Microsoft offer the functionality but not the options of the manufacturer’s driver. When it comes to video, a custom device driver is always the better choice. Additionally, video drivers are updated quite frequently, so you should check with the manufacturer from time to time for newer versions.
Working with Audio Devices Most audio cards developed since 1995 are PnP compatible, which makes their installation a breeze. So if you have a sound card in a Windows 98 machine that you are upgrading to Windows XP, odds are that the device will be found and installed. Again, checking whether that particular card is on the HCL would be beneficial.
Documenting a Current Hardware Configuration
To attempt to install a non-PnP sound device, you need to use the Add Hardware Wizard from Control Panel.You need the driver disk supplied by the manufacturer to complete the installation. Because Windows XP supports USB and the IEEE 1394 bus, it can also support digital audio. Both USB and IEEE 1394 have the bandwidth that digital audio requires. Windows XP can handle multiple streams of audio, which means that two applications can run at the same time while playing sound, and you will be able to hear both. Windows XP can also redirect the audio output to external USB and IEEE 1394 devices, which give better-quality sound.
Working with Storage Devices Storage devices are vital to an operating system.This is where the key operating system data and your own personal and business data are stored. Understanding the storage capabilities in Windows XP is an important matter. Data management has been a key point for Microsoft in designing Windows XP, which has new features that make managing and storing data much more secure and robust. Managing data and storage ensures that your system runs more effectively.The tools provided with Windows XP enable the system administrator to make the most of available disk space.The system administrator also has better control of the operating system and its data. Two key features of Windows XP, Removable Storage and Remote Storage, address data management, such as compression and encryption, and storage management, such as quotas.The use of data compression creates extra storage space on the volumes, whereas data encryption ensures that users who are not supposed to be viewing the data cannot view it.With disk quotas, network administrators can maintain control over how much disk space users can have. .
For more detail on these storage features, see Chapter 19, “Windows XP and Storage,” p. 413.
Working with Common Peripherals and New Interfaces Users who are working offline can quickly add peripheral devices to their computers with Windows XP. PnP automatically detects and installs most new hardware devices. The following sections detail the various device types. USB Universal Serial Bus (USB) gives Plug and Play capability for devices such as keyboards, mouse devices, and hard drives outside the computer. USB devices can be used as soon as they are plugged in, which means they are hot-pluggable, the system can use them
89
90
Chapter 4
Windows XP and Hardware
immediately, and there is no need for a reboot. In addition, because most USB peripherals receive their power from the computer, there is no need for additional power cords and outlets to plug them into.You can also plug multiple USB devices into a single USB port by using a USB hub.Table 4.3 shows a partial list of the different types of USB devices available. Table 4.3 Partial List of USB Devices Type of Device
USB Device
Output Imaging Communications Input Storage
Monitor, printers, audio Scanners, digital cameras Modems, ISDN Adapter, network adapter Keyboard, joystick, mouse CD-ROM, removable media
USB uses a tiered topology and enables you to attach 127 devices to the bus simultaneously. USB currently supports up to five tiers, and each device can be located up to 5 meters from its hub. An important item to note is that, although you can attach 127 devices, many need to have their own power supply or a powered hub must be used; otherwise, the number of USB devices you can attach is limited. A bus-powered hub connected directly to the PC receives its power from the host, which in turn receives its power from the power supply connected to the motherboard. If another device that needs to receive power from the host is attached to the device directly connected to the host and is drawing its power from it, the second device will not receive enough power to operate. The reason for this is that the first device connected to the host is receiving just enough power for it to operate. It does not have the capability to accept a larger amount of power, take what it needs, and pass the remaining power on down the line.This is why you cannot have more than one bus-powered hub:There is simply not enough power to facilitate the next unit. In addition, you cannot have a bus-powered hub more than four units downstream from the port because, in this situation, the power flowing downstream slowly loses its integrity until it can no longer meet the minimum requirement for the power supply the bus-powered hub needs. Finally, if you have a bus-powered device that draws more than 100 mill amperes (mA), you cannot connect that to a buspowered hub. Three components make up USB.The first is the actual component of the USB that connects to the motherboard.The host (also known as the root, root tier, or root hub), is built into the motherboard, or it is installed as an adapter card on the computer’s motherboard. If you are thinking of buying a host adapter card, make sure you don’t have a preinstalled host already on your motherboard, as it will create untold system conflicts. The host controls all traffic on the bus.
Documenting a Current Hardware Configuration
The second component is the hub, which provides a port for attaching a device to the bus.The hub is the narrow slot into which you plug the device’s cable. Hubs also detect devices that are bus powered, meaning they need to draw their power from the PC, or self-powered, meaning they can be plugged into the wall. The third component is the device. A USB device is attached to the bus through a port. USB devices can also function as hubs. For example, if you have a USB monitor with ports for attaching a mouse and keyboard, this device is a hub as well. USB supports two data transfer modes: isochronous and asynchronous. An isochronous transfer requires constant bandwidth within certain time constraints because of the requirements of multimedia applications and devices.With isochronous transfer, there is no form of handshaking and delivery is not guaranteed. Asynchronous transfer, on the other hand, does use a form of handshaking and guarantees delivery. Windows XP supports configuration of USB devices by using one of two types.The first is hot plug-in capability, in which the hub driver enumerates the devices and notifies the system that the device is present.The other is persistent addressing, in which the USB device uses descriptors to identify the device, its capabilities, and the protocols it uses. A descriptor contains a Vendor ID (VID) and a Product ID (PID) that tells the computer exactly what to load. There are two versions of USB: 1.1 and 2.0. USB 1.1 was the only version available at the time Windows XP was developed and released. However, the USB 2.0 standard has finally been completed and can be added to Windows XP via Windows Update.The only real difference between USB version 1.1 and 2.0 is speed. USB 2.0 can support throughputs up to 480Mbps, whereas 1.1 is limited to just 12Mbps. USB 2.0 is backward-compatible with 1.1 devices, so you can still use your older USB devices on a new USB 2.0 system. However, a driver update and cable with support for USB 2.0 might be needed for the device to work properly. .
For more on Windows Update, see Chapter 5, “Keeping Windows XP Current,” p. 99.
FireWire (IEEE 1394) The IEEE 1394 (also known as FireWire) is a bus designed for high-bandwidth devices, including digital camcorders, digital cameras, digital VCRs, and storage devices, and can send data at speeds ranging from 100Mbps to 400Mbps. It provides a high-speed PnPcapable bus and supports both isochronous and asynchronous data transfer.You can connect up to 63 devices to one IEEE 1394 bus and interconnect up to 1,023 buses to form a network of over 64,000 devices, with each device having 256 terabytes of memory addressable over the bus. IEEE 1394 devices not listed on the HCL can cause problems, however.Windows XP supports only IEEE 1394 devices that are Open Host Controller Interface (OHCI) compliant, so if a device is not OHCI compliant, it will not work with Windows XP.This
91
92
Chapter 4
Windows XP and Hardware
includes devices that are pre-OHCI. Make sure that Windows XP supports any IEEE 1394 device you purchase and that it is listed on the HCL. Infrared Devices The Infrared Data Association (IrDA) protocol enables users to transfer files and folders and share resources between computers with no physical cables.Windows XP supports IrDA, and most new laptops are equipped with IrDA support and functionality. IrDA automatically configures the connection between two computers that are IrDA compliant, simply by placing the two computers near one another. Users can then share documents or print to a shared printer (given that appropriate permissions have been set). Windows XP also supports allowing or limiting access to a computer’s resources and controlling what can and cannot be sent via infrared for users other than the owner. In Windows XP, users can also specify a location to place documents transferred by infrared. Additional Device Types Digital Versatile Disk (DVD) provides storage for audio, video, and computer data. It is most well known for viewing movies; playing a movie on DVD can offer better image quality than a standard TV. DVD can also be used as a storage device and can be cost effective for storing large data files.The architecture for DVD is complex, and DVD demands a lot from the system. Devices such as image scanners and digital cameras are examples of Still Images (STI). Windows XP supports SCSI, IEEE 1394, USB, and serial digital still image devices.You can access an STI device through the Scanners and Cameras Wizard in Control Panel. The Scanners and Cameras Wizard appears in Control Panel when a Plug and Play STI device is detected, or if you install it through the Add Hardware Wizard. The PCI bus meets most Plug and Play requirements. Devices that use the PCI bus have set means for identifying themselves and setting resources.Windows XP collects PCI and ISA PnP device resource information from the system BIOS and can reassign PCI device resource requirements dynamically. ISA, on the other hand, is different. ISA bus design allows Plug and Play devices because the specification does not require any change to ISA buses. Windows XP obtains the resource requirements and capabilities, allocates resources to the card, and reserves these resources so that they cannot be assigned to other Plug and Play cards in the computer. PCI devices can be dynamically allocated and changed, but ISA devices are fixed after the resources are allocated. For this reason, if you look at an ISA device’s resource setting in Device Manager, you’ll see that you cannot change the setting. Other devices not listed here can take advantage of Plug and Play. One of the key requirements is that the device has to provide a mechanism for identification and
Windows XP on a Laptop
configuration. If the device complies with Plug and Play specifications and is designed for Windows XP, odds are that it will work. Some of these devices include Integrated Device Electronics (IDE) controllers, Extended Capabilities Ports (ECP), and communications ports. One of the most common ports used on a computer is the parallel port for peripheral devices. If the parallel port is Plug and Play compliant, it will meet the Compatibility and Nibble mode protocols defined in IEEE P1284.These modes allow two-way communication between the host and peripheral device. For devices that connect to the parallel port (such as Zip drives and digital camera disk readers), both the device and the port must be PnP compliant; otherwise, there will be compatibility problems.This is akin to the problems caused when an IEEE 1284 printer cable was plugged into the back of a Zip drive that was plugged into the computer’s parallel port using a non-IEEE 1284 cable. Users were in an uproar because they could not print to the new printer. For a system that is totally Plug and Play, the BIOS must also meet Plug and Play specifications, and the recommended BIOS for Windows XP is one that supports the ACPI standard. By using ACPI and Plug and Play devices, the operating system and BIOS can communicate with each other and share information about the system’s resources and how the settings should be allocated.This provides a more secure and robust system. Fortunately, purchasing new motherboards and expansion cards that are not PnP compliant is nearly impossible now, so these issues arise only when recycling older components or purchasing used equipment.
Windows XP on a Laptop Windows XP generally comes preinstalled on laptop computers because successful installation may require special CMOS settings, drive configuration tools, or system drivers. The manuals included with a laptop purchase often do not cover these issues in sufficient detail. Windows XP offers laptop users the same work environment, whether they are online or offline.The Offline Files and Folders feature enables you to take any combination of files, folders, or drives offline. It is as simple as selecting the file you want, right-clicking, and choosing Make Available Offline.The file’s location is maintained, making it seem that a connection to the network is still active, which makes it easier to find the file. If you know your folder resides on the server under \profiles\mystuff, that same path will be there when working offline. After working on a file offline, if you come back to the office and go online, the file or folder is automatically synchronized with the file/folder on the server.With the Synchronization Manager in Windows XP, users can specify when they want synchronization to run or what they want to have synchronized. Only resources that have been changed are updated, which speeds up the process considerably.
93
94
Chapter 4
Windows XP and Hardware
ACPI BIOS provides laptop users with advanced tools to manage a system’s power state as a result of input from users, applications, or drivers. An interesting example is a laptop with a modem connected to a wireless phone.The laptop can be placed in a “wait for fax mode,” in which only the modem is on, thus conserving power.When the phone rings, the modem fires up the computer and answers the fax call. Afterward, the computer goes back into the wait for fax mode and turns itself off.
Multiple CPUs and Windows XP Windows XP Home Edition can use only a single processor, whereas through the use of Symmetric Multiprocessing (SMP),Windows XP Professional can run with up to two processors.With SMP, the operating system is able to run threads on any available processor.This creates additional processing capacity.Windows XP dynamically distributes the processes to available processors; however, you can restrict where some threads are sent.
Troubleshooting Hardware Problems on Windows XP As a general rule, always use hardware and drivers that are digitally signed and on the Windows XP HCL, and make sure the drivers are updated. Just because a driver is available from the Microsoft Web site or Windows Update utility (see Chapter 5) doesn’t mean that the manufacturer is not offering a newer and more compatible driver from its Web site. An ounce of prevention, as they say, will eliminate potential headaches and aggravations, and using good hardware will more than pay for itself in the long run. Keeping detailed records and having a good deal of patience are also essential for troubleshooting. Some general steps to take when trying to work out a problem are attempting to isolate the problem and then repeating the fault. Although this method seems simple enough, it is easy to quickly become overwhelmed by a problem so that you lose all perspective. By isolating the problem situation, you can conduct separate tests that should point you to the solution.Testing compartmentalized elements of the situation makes it easier to locate the problem and come up with a solution. Additionally, let the problem guide your solution.Try not to force something that could do more harm than good. Suspect the most recent change or addition, and inspect the most common points of failure. If something has been working for a while and then suddenly quits (and there was no user interaction), you can immediately suspect something is wrong with the hardware. Finally, if you get to the point of total frustration, walk away and do something else.You will be surprised how a solution surfaces when you give yourself a breather to clear your mind.
Troubleshooting Hardware Problems on Windows XP
Windows XP has several resources for you in the event of a hardware problem.You can use the Event Viewer for messages that might pertain to the problem.You can collect information about the date, time, source, category, event, and other vital data that might help resolve the condition.You can use the Last Known Good Configuration to restore the system configuration to the most recently working version, but this method works only if the system has not been logged on to yet.Whenever someone logs on, the system records a new Last Known Good Configuration. Windows XP, like Windows 98/SE/Me and Windows 2000, has a Safe Mode, which starts the system with a minimum amount of drivers loaded.You could edit the Registry to get there, but this should be done only as a last resort and by an experienced system administrator. The Device Manager can be used to configure, update, or change a device, and if a device was recently updated by Windows Update, you can restore the original files by running Update Wizard Uninstall, a handy feature to have. The following steps discuss using Device Manager to change a conflicting device’s resource settings: Note You should print out your system’s device settings before making any changes. If you are not familiar with device resource settings, you should not attempt to change them.
1. In Device Manager, expand the device class to show the available devices. 2. Double-click the device to which you want to make changes.This opens the Device Properties dialog box. 3. Click the Resources tab. Notice that the Conflicting Device list shows any conflicting values for resources used by other devices. 4. In the Resource Type list, select the setting you want to change. Make sure the Use Automatic Settings check box is not selected. 5. Click the Change Setting button.The dialog box for editing the particular setting is displayed. Note If a conflict arises, a message is displayed in the Conflict Information field.
6. Choose a setting that does not conflict with any other devices, and then click OK.
95
96
Chapter 4
Windows XP and Hardware
Note If you have a legacy device that uses jumpers, you need to make the changes on the device’s jumpers as well so that they match the changes made in Device Manager. If you are working with an ISA card, you might need to alter the device’s BIOS with a manufacturer-supplied editing tool or use the system’s CMOS to force resource setting alterations.
7. Restart Windows XP.Verify that the new settings have taken effect and are working correctly. It takes a great deal of time and effort to create good records and gain an understanding of the layout, cabling, previous problems and solutions, upgrades, updates, and hardware installation dates, which are all vital. Most hardware problems stem from using equipment that is not on the HCL. A perfect example is when a machine is upgraded to Windows XP without checking its internal hardware or keeping any records.The installation finishes successfully, but intermittent problems occur whenever a non-compliant device is activated or software needs to interact with the device.Without a record of what was on this machine and which hardware is and is not on the HCL, determining where the problem resides becomes quite a daunting task. You might also encounter a piece of hardware that is on the HCL but has a physical defect, or a defect has surfaced even though the device worked previously. In this case, there is no other alternative but to replace the device. Sometimes, however, the device was not properly installed or configured. In such a case, opening the computer and making sure the device is seated properly is well worth the effort. There are technical newsgroups that offer peer support for common computer problems. You can post persistent problems and get suggestions from others who might have had the same experience.The Help file in Windows XP contains information about online support, and you can find information about newsgroups from the Microsoft Web site. .
For more detail on Windows XP hardware-troubleshooting features, such as Driver Rollback and System Restore, see Chapters 5, “Keeping Windows XP Current,” p. 99, and 26, “Managing System Recovery,” p. 599.
Third-Party Hardware Troubleshooting Utilities There are not a lot of hardware utilities to use. Because most of the checking you will do on your system is to see whether it is compatible with Windows XP, Microsoft is a good place to start.The HCL is located at www.microsoft.com/hcl/default.asp. The Microsoft Hardware Quality Lab maintains this site. Another good Microsoft resource is Windows XP Upgrade Advisor, located at www.microsoft.com/ windowsxp/pro/howtobuy/upgrading/advisor.asp.
For More Information
System Internals has several tools for recovering data from drives on non-bootable systems, allowing you to read data from the damaged system, write to the drives, and perform disk repair functions. Check out its offerings at www.sysinternals.com. SmartLine Vision has a tool called DeviceLock for adding security to hardware devices. You can secure floppy drives, RAM drives, and serial and parallel ports as you would secure shares on a hard drive. DeviceLock includes a cache flush to force storage devices to clean out their buffers before going offline; you can find more information at www.protect-me.com/dl/. SupportSource offers general information and tips on various configurations and troubleshooting.You can visit the Web site at www.supportsource.com.
For More Information If the information about Windows XP hardware issues in this chapter has increased your desire to learn more, here are a few resources you can research: Books n
Configuring and Troubleshooting Windows XP Professional. Syngress, 2001. ISBN: 1-928994-80-6.
n
Cowart, Robert and Knittel, Brian. Special Edition Using Windows XP Professional. Que, 2001. ISBN: 0789726289.
n
Glenn,Walter. How to Use Microsoft Windows XP. Que, 2002. ISBN: 0789728559. Microsoft Windows XP Professional Resource Kit Documentation. Microsoft Press, 2001. ISBN: 0735614857.
n
Magazines and Web Sites Microsoft Certified Professional Magazine: www.mcpmag.com PC Magazine: www.pcmag.com TechNet CD or Web site: www.microsoft.com/technet/ Windows and .NET Magazine: www.winnetmag.com Windows XP CD: Read1st.txt, relnotes.htm, pro.txt n n n n n
97
5 Keeping Windows XP Current
W
INDOWS XP IS AN OPERATING SYSTEM, which is something you already knew when you picked up this book. However, you might not have known that operating systems change over time.They change through upgrades from the vendor, through alterations caused by applications, through changes implemented by users, through damage caused by malicious code, and through a thousand other causes.These changes can make the task of maintaining a system’s efficiency and performance difficult.
In this chapter, you look into what makes these changes happen and learn the numerous ways to counteract them.This is not exactly a troubleshooting chapter. It is more of a guide for preventive maintenance and ongoing care. Later chapters in this book include some overlapping topics, such as security updates, system restores, and managing hardware though Control Panel. However, the goal of this chapter is to focus your attention on keeping your Windows XP system tuned up. Just as a high-performance car needs regular maintenance, adjustment, and TLC to keep it in top working order,Windows XP needs foresight, understanding, and a bit of know-how to keep your computer running as efficiently as possible.This chapter isn’t about performance monitoring and tuning; it’s about making sure Windows XP has all the elements it needs to keep the environment stable and preventing problems before they occur.
What Happens When You Install a Program? Installing programs on your Windows XP system is an activity you can expect to perform often, but have you ever taken the time to think about the effects of installing applications on your system? Without delving into developer and programming-level details, there are some important aspects of software installation that all system administrators or just powerful home users need to be aware of.
100
Chapter 5
Keeping Windows XP Current
First, let’s get the obvious out of the way: Installing an application adds new files to your system.The files added to your system and stored on the hard drives can alter your system.Those effects can be minuscule and unimportant, such as consuming a small amount of your available drive space, or they can be drastic and critical to system performance, such as the files consuming all available space on a drive or overwriting core system files or device drivers. The process of installing software can implement other changes, including alterations to the Registry, changes to device drivers, changes to core system files, alteration of the Start menu, proliferation of icons and shortcuts, and more. In most cases, the changes an installation causes are innocuous and expected, but that is not always the case. Some applications are very well designed and make easily reversible changes to a system. These applications install all their files into a single newly created folder (or folder hierarchy) and make no alterations to key system files or device drivers. Some applications make few or inconsequential changes to the Registry. Some applications deposit their files not only in newly created folders, but throughout the system’s root folder hierarchy.Those deposited files can replace or change device drivers and core system files. In most cases, this process does not negatively affect the system’s overall performance or functionality, but sometimes these activities can damage a system or render it unbootable. Unfortunately, not all applications are well designed or perform their installation procedures in an easily reversible manner.The extent to which an application makes irreversible changes to a system depends on the programmers who designed the application and the installation process. Most commercial software products include an uninstall routine that can remove most if not all of an application’s footprint.You can use the Windows XP Add or Remove Programs Wizard to install programs so that they are easier to remove or to initiate a removal process for programs that don’t offer a native uninstall routine. In most cases, if an application is uninstalled immediately after it was installed (or at least before any other application is installed), the uninstall process can usually restore the system to exactly the state it was in just before the installation. However, few of us install a program, use or test it, and then immediately uninstall it before installing another product. As the number of other applications installed before an application is removed increases, so does the likelihood that the uninstall process will damage the system or render those applications inoperable.This potential for damage is caused by the way most uninstall procedures operate. Generally, a log file is recorded during an application’s installation. This log file details the steps the application takes as it is installed, including altering Registry keys and depositing files.When the application is uninstalled, this log file is used to reverse the process. Unfortunately, applications installed later might rely on the
What Happens When You Install a Program?
changes the previous application imposed; by uninstalling the previous application, those changes are removed, thus hamstringing those dependent applications. .
To learn about System Restore, a Windows XP feature used to restore the system to a previously saved state, see Chapter 26, “Managing System Recovery,” p. 599.
The more applications installed on a system, the more likely one of them will implement irreversible changes to the system or cause damage in the process of performing the installation.The Windows XP self-healing mechanism (see “Windows File Protection,” later in this chapter) might be able to automatically repair this damage, but it could result in decreased performance, reduced capabilities, or system failure.When these problems are combined with uninstallations that cause as much damage as a poor installation, chaos is not far away. Rather than delve into troubleshooting application problems caused by installing and removing applications, this chapter focuses on managing the changing nature of your system. If you don’t think through the changes you purposely impose on your system, you will soon find yourself working with a system that doesn’t do what you expect, performs unreliably, and possibly even loses or damages your data.When those changes cause enough damage, your only real recourse is to reinstall the operating system itself. .
For more on application management, see Chapter 23, “Managing Applications,” p. 509.
Note More than half the chapters in this book tackle various troubleshooting issues. Check the “troubleshooting” listing in the index for specific topics and locations.
Fortunately,Windows 2000 and Windows XP include numerous safeguards to reduce the number of problems that occur through everyday, normal, typical activities and use. Some of these safeguards function automatically, behind the scenes, without any intervention. Others are useful and effective only if you are aware of them and use them to their fullest extent.This chapter examines many of these features and instructs you on how to best prevent reinstallations. One of the first activities you should embark on when deploying a new Windows XP system (or any OS, for that matter) is to determine the system’s purpose or role.Will the computer be a client on a business network, will it be a home computer for the family, will it be an audio/video-editing station, will it be used to support your home-based business, or will it be used as a gaming system? Windows XP can support all these roles and many more, but knowing which role you have chosen for the system helps you avoid pitfalls in the system’s deployment and ongoing lifespan.
101
102
Chapter 5
Keeping Windows XP Current
Based on a system’s role, you can choose the software and hardware it comprises.With HCL-compliant hardware and stable software, you can construct a system that will remain useful and efficient for a long time.What follows are some guidelines on how to decide what type of hardware to use. You should decide how stable you want the system to be.The more stability you want or need directly affects the number of applications you install on the system. In other words, the keys to OS stability are to restrict the number of changes imposed on that system and to manage the changes that must occur.The Internet has become a downloader’s dream. If you want some application, tool, utility, or game, you can find it free online with minimal effort. Plus thousands of commercial products are available for purchase through brick-and-mortar and online computer software retailers. It should be obvious that you can’t install everything on one system. Limit yourself to the applications you know you will use, and steer clear of installing software you don’t need and won’t use.This simple axiom seems obvious, but it is often ignored.The primary violation is downloading new programs from the Internet and installing them just to see what they do. Not all applications are written with your best interests in mind. Even if the program is not actually malicious code, such as a virus or Trojan horse, it can still cause irreparable damage to your system. Also, you might not be able to fully uninstall them and restore the system to its original state, especially if you fail to uninstall the application immediately or don’t use the Windows XP System Restore capability. If you are in the habit of installing a lot of software, you need a dedicated test system that is separate and distinct from your primary work, home, or play computer—that is, unless you enjoy reinstalling Windows XP and all your essential applications often. If you can determine early which software products you want to keep on your system, you can almost guarantee that your system will remain stable longer.
Building Windows XP Systems with Room to Grow Another method to keep your system stable is to plan out the hardware resources and build in room to grow.The minimum system requirements for Windows XP are rather skimpy. In most cases, they are woefully inadequate for supporting and operating an efficient high-performance system. If you want a peppy system, you need to build highperformance capability into the hardware before you even start the OS installation. When building a new computer (or purchasing a preassembled system) to host Windows XP (or any operating system), you should consider your needs and wants today as well as in the near future. Most computers have a useful lifetime of two to three years.Within three years, technology advances usually warrant purchasing an entirely new computer.
Building Windows XP Systems with Room to Grow
The cost of computer components declines dramatically over time, too. It’s frustrating to purchase a system that is surpassed within a year by a system that’s twice as powerful for half the cost. The most cost-effective time to purchase hardware for your system is when you first obtain or assemble the computer. However, if you purchase only the latest and greatest technology, you will be buying premium technology at a premium price. In general, it is a good idea to purchase components that are one or two generations, iterations, or versions behind the absolute newest cutting-edge components. For example, purchasing the fastest Intel CPU available costs around $750, but purchasing the second fastest Intel CPU costs around $500.The difference in the actual speed of these two CPUs is only 2.6%.That imperceptible difference would cost you $250.The third fastest Intel CPU costs around $300. It is only another 5.1% slower, or 7.7% slower than fastest available. The 7.7% decrease is probably detectible in some instances, but that difference costs $450. It’s up to you to decide whether your priority is obtaining the latest and greatest technology available or getting a decent return on your investment. In other words, spend as much as you can afford outfitting your computer with the highest performance components within reason. It’s best to opt for more RAM and a faster and larger storage system than the highest speed CPU available. A good, highquality system for running Windows XP would contain the following: n n
n
n n n
n n n
The second or third fastest CPU available. The fastest motherboard for the CPU. Generally, a motherboard’s performance hinges on the quality of the chipset with which it was designed. Fully populating the motherboard with the fastest RAM available (that the motherboard supports). The largest and fastest hard drives available (at least two, if not four, drives). The second best video card available in terms of speed and on-board RAM. A fast CD-RW burner (20x–40x) with buffer overrun protection and support for the Mount Rainier standard (CD-MRW). The second fastest DVD player. A system case with the quietest power supply available. All the normal/essential trimmings: keyboard, mouse, floppy drive, printer, and 17inch or larger CRT monitor (the LCDs are great, but still too expensive for my taste).
Building a computer to host Windows XP with room to grow delays the need to upgrade or expand the system for a considerable amount of time. As your system ages, its use of system resources will change. A system ages in time, as you and I do, but also in terms of the functions it is used for and the intensity of activities.
103
104
Chapter 5
Keeping Windows XP Current
Systems that are rarely used wear their age better than systems used constantly for demanding activities.The signs of premature aging vary, but here are a few common symptoms to look for: n n n n n
Insufficient drive space Errors in stored files Failing applications Stutters, freezes, or other interruptions in normal functionality and performance Involuntary reboots
An aging and ailing system typically means the OS or other software has become corrupted or the hardware is insufficient or damaged.These symptoms can occur for many reasons, but you can eliminate several by planning ahead and building a computer more than capable of handing your current and immediate future needs. Doing so provides Windows XP with enough resources to perform all requested operations and the capability to maintain itself through its internal self-healing and self-repair features. The more computing capability you build into a computer, the longer the system can offer efficient performance.The better the system is today, the longer it can remain in service before you need to replace it. As for the size of the hard drives, there seems to be a trend toward consuming more and more hard drive space over time. I have more than 200GB of storage space on my current system, and nearly 160GB of it has been consumed.Two years ago, I had a system with only 20GB of storage space, and I was using barely 4GB of it. Running out of storage space is probably the second most common problem, second only to insufficient RAM. Having large hard drives is not the complete solution, however.When Windows XP is installed, you get to choose the size of the partition for hosting the OS.The Microsoft minimum system requirements state that you need only 1.5GB to install Windows XP, but don’t limit yourself to the minimums. Don’t install any OS into a partition that is not at least 8GB. Unless there is a specific justifiable reason that the primary hard drive must be split into partitions, you should just format the whole drive as a single partition to use as the installation destination for Windows XP. Since the release of Windows NT in 1996, there hasn’t been any compelling and justifiable reason to divide hard drives into partitions. As you install applications and use the system, the amount of space consumed on the primary system partition increases. If you prepare for this increase by creating a partition with more than enough room for expansion, you avoid the ugly issue of running out of space on your primary drive.When this problem does occur, you have only a few options. One, you can search for unnecessary files and delete them.Two, you can uninstall applications.Three, you can uninstall applications, and then reinstall them onto other
Windows Update
drives. However, keep in mind that this option moves only some of the files for the application to the new designated directory; many files must still be installed in the main system partition. Fourth, repartition the hard drive and reinstall the OS and all your software. I don’t like any of these options, so I plan ahead and never create a partition less than 8GB.
Windows Update In case you don’t know this already, humans are imperfect.Therefore, nearly everything humans create has flaws, and this extends to computers and software.Windows XP is no exception. Because of trials and tribulations with previous operating systems, Microsoft created an online update mechanism, called Windows Update, to distribute corrections and updates for Windows and other software. The purpose of Windows Update is to provide an easy-to-use update distribution method that anyone from anywhere can access over the Internet.Windows Update is used to distribute patches, corrections, and updates for various versions of Windows, Internet Explorer, Office, and many other Microsoft software products. There are two ways to use or access Windows Update: automatic and manual. Soon after you complete the installation of Windows XP, the Dynamic Update icon (a globe with the Windows XP logo over it) appears in the notification area. Click this icon to open the Automatic Updates Setup Wizard.Through this wizard, you configure the automatic update mechanism and define the schedule for applying downloaded updates. After this initial wizard walkthrough of configuring automatic updates, you can reconfigure automatic updates by using the following steps: 1. Click Start, Control Panel to open Control Panel. 2. If you are in Category view, click Performance and Maintenance, and then click System. 3. If you are in Classic view, double-click the System applet. 4. The System Properties dialog box opens. Select the Automatic Updates tab (see Figure 5.1). 5. Change your Settings selection or toggle the master on/off check box at the top. 6. Click OK to save your changes, and close the System Properties dialog box. 7. Close Control Panel by clicking the Close button (the red X box).
105
106
Chapter 5
Keeping Windows XP Current
Figure 5.1 In the Automatic Updates tab of the System Properties dialog box, you can configure Windows XP to download and install updates.
The Automatic Updates Tab of System Properties The check box at the top of the System Properties dialog box is the master switch for automatic updates.When this check box is selected,Windows XP automatically contacts the Windows Update Web site to search for new updates for your system. If discovered, Windows XP follows the action selected in the Settings section of the dialog box.There are three Settings choices: n
n
n
Notify me before downloading any updates and notify me again before installing them on my computer Download the updates automatically and notify me when they are ready to be installed Automatically download the updates, and install them on the schedule that I specify [day selection] at [hour selection]
Note To change the Automatic Update settings, you must be logged in as a Computer Administrator or a member of the Administrators group.
It’s best to keep your Windows XP systems set to the middle (second) setting.This setting automatically downloads the updates, but prompts you to initiate the actual installation.This is preferable because you can choose whether a specific update is applied to your system and when it gets applied. Some updates from Microsoft require a system reboot, but the Automatic Update system does not automatically reboot your system.
Windows Update
When updates are available and ready to be installed, the Dynamic Update icon appears in the notification area.You’ll also see a pop-up message bubble indicating that updates are ready to be installed.To initiate the process, double-click the Dynamic Update icon to open the Automatic Updates dialog box. From this dialog box, you can elect to install the updates now (clicking the Install button), be reminded of the updates later (clicking the Remind Me Later button), or view the details of the updates (clicking the Details button). If you select to view the details of the updates, you gain the opportunity to selectively deny or refuse the installation of individual updates. Clicking the Details button displays a list of available updates. Clearing the check box beside an update prevents that update from being installed. If you decline offered updates, you can regain access to them in two ways. First, you can click the Declined Updates button in the Automatic Updates tab of System Properties. After responding to a prompt to confirm the restoration of declined updates, all declined updates are offered again the next time Automatic Update checks for new updates.You can still refuse some or all of the updates by using the same process you did the first time you declined to install them. The second method to access declined updates is to visit the Windows Update Web site. All declined updates are presented as available in the list of updates. Keep in mind that the notion of declining updates is in effect only on your local system.When you contact the Windows Update Web site, it customizes the list of available updates based on whether they are installed.The site does not inquire whether you have declined an update via the Automatic Update system. Visiting the Windows Update site offers a much broader range of control over installing updates.To access the default Windows Update site for Windows XP (see Figure 5.2), click the Windows Update icon in the Start menu or choose Tools,Windows Update from the Internet Explorer menu bar.To install updates, follow these steps: 1. Click the Scan for Updates link. 2. After the scan is complete, click each of the following items in turn to view details about available updates: Critical Updates and Service Packs Windows XP Driver Updates 3. To install any available update, click the Add button for that update. n n n
Note Some updates must be installed alone, such as version updates for Internet Explorer or DirectX. These updates prompt you to verify that you want to install them and indicate that electing to install the update disables all other updates. After the restricted update is installed and your system has been rebooted, you can return to Windows Update to select and install other updates.
107
108
Chapter 5
Keeping Windows XP Current
Figure 5.2 You can download updates manually via the Windows Update Web site.
4. To change your mind about an update that you’ve added to the install list, click the Remove button for that update. 5. After you’ve selected all the updates to install, click the Review and Install Updates link. 6. A list of all selected updates is displayed.You can elect to remove a specific update by clicking Remove next to it.To initiate the installation process, click Install Now. 7. You might be prompted to verify acceptance of a license agreement and a digital signature from Microsoft. Click Accept or Yes when prompted. 8. A dialog box displays the progress of the download and installation of selected updates. After the updates are installed, you’ll see a confirmation dialog box that states the installation was successful. If necessary, you’ll be prompted at this time to reboot the system or to allow the system to force a reboot. In general, you should install all updates in the Critical Updates and Service Packs category and anything in the Windows XP category that you think is worthwhile after reading its documentation. If you are not experiencing a specific problem or are not using a tool, service, or so forth that a Windows XP category update is designed for, don’t install it. Updates are actually hotfixes (see the “Living with Service Packs and Hotfixes” section, later in this chapter).What that means to you in practical terms is that they are single problem-focused solutions. However, fixing some problems can cause others, so unless you actually have the problem, don’t fix it with an update.
Windows Update
As for the Driver Updates section, that area is a bit more touch and go than the other two.The inclusion of third-party device drivers in Microsoft’s update distribution system is convenient. However, many have had at least one problem installing device driver updates through Windows Update (see the “Advanced Device Driver, DLL, and System File Management” section later in this chapter). More often than not, if you see that Microsoft is offering an updated driver for a device from another vendor, you should go to that vendor’s Web site to download its new device driver. If you are interested in seeing what updates you’ve installed, click the View Installation History link in the Windows Update site.This action displays a list of all updates and the installation date. Each update is accompanied by a description that usually indicates a KnowledgeBase document. KnowledgeBase documents are identified by a code that always begins with the letter Q and is followed by four to seven numbers. Clicking the Read More link in the Description column for an update displays a brief description of the update and information on uninstalling it.You can read the KnowledgeBase document for the update through the online version of TechNet at www.microsoft.com/technet. Just search on the KnowledgeBase document code number (be sure to include the Q). To uninstall an update, you have at least three options: n
Follow the instructions in the document that’s displayed when you click the Read More link in the Description column of an update from the View Installation History window.
n
Use the Add and Remove Programs Wizard.This requires that you know the KnowledgeBase document code or the exact name of the update.
n
Use System Restore to roll back the entire system to a previously stored state.
Note If Windows Update is displayed in the wrong language, you need to check the language settings for Internet Explorer (through the Internet Options applet in Control Panel) and the language settings for the entire system (through the Regional and Language Options applet).
Controlling Access to Windows Update Fortunately, access to Windows Update is restricted to users with Administrator-level access. However, that won’t prevent most users from attempting to run the utility.When a non-administrator attempts to run Windows Update, a Windows Update warning page is displayed. It indicates that only administrators can access Windows Update, but goes on to explain how the Run As command can be used to impersonate an Administrator user if you know an administrator’s username and password. If non-administrators are not allowed to use Windows Update, they shouldn’t have an icon for it on their Start menu. Removing the Start menu icon is fairly easy. One way is
109
110
Chapter 5
Keeping Windows XP Current
to modify the default user profile so that it does not include the Start menu icon.This method has the best effect on standalone systems or systems that are members of a workgroup. .
For information on configuring user profiles, see Chapter 6, “Windows XP Installation and Upgrade Secrets,” p. 119.
If your Windows XP systems are members of a domain, the best course of action is to create a group policy to remove Windows Update from the Start menu.To do this, click Start, Run, type MMC in the Open text box, and click OK. Expand the following items: Administrative Templates, Start Menu & Taskbar, User Configuration.The group policy is named Remove Links and Access to Windows Update.When this policy is enabled, it removes the Windows Update icons from the Start menu and the command from the Internet Explorer Tools menu. It also blocks the user from accessing the site directly with the URL windowsupdate.microsoft.com.
Living with Service Packs and Hotfixes Windows Update is the primary means by which Microsoft distributes service packs and hotfixes. A hotfix is a single-purpose patch, update, or correction. Microsoft tests hotfixes only modestly in-house before posting them to the Windows Update site.This means that although the hotfix may correct the problem it is designed to address, it can cause other problems with your system.The general rule for hotfixes is to install them only if you are actually experiencing the problem for which they are designed. (The exception is security fixes, which you should always apply as soon as possible.) Another drawback to hotfixes is that they can void your service contract with Microsoft. So be sure to read the documentation for the hotfix and discuss the issues with your service contract manager before you install hotfixes. Service packs are a larger collection of hotfixes and other patches, updates, and new software features/tools/components. Service packs are much more thoroughly tested both inside Microsoft and by many beta testers (which include many large enterprise organizations and PC-savvy individuals). For the most part, service packs are stable and safe to install. In a few instances in the past (such as the first release of Service Pack 6 for Windows 2000), the service pack caused noticeable problems, but those issues were remedied quickly with the release of SP6a. Service packs should be installed only after you are sure they will not cause problems in your particular environment. Service packs will not void your service contract with Microsoft. In fact, often the installation of a service pack is required to remain covered under such contracts. Again, read the documentation for the service pack and discuss the issue with your service contract manager before installing. Whether you are dealing with hotfixes or service packs, you should always test them before installing them on production systems. In many cases, after a hotfix or service
Windows Update
pack is applied, it cannot be uninstalled completely.This means whatever gets broken will stay broken unless you made a complete backup before the install and are good at restoring backups. So test, test, test.Then after you are sure, retest again.
The Joys of Slipstreaming Slipstream service pack installation is just a fancy name for installing a service pack at the same time as the initial OS installation.This is accomplished by integrating the service pack files with the installation files for the OS.This combined file set is then used to perform a single, quick-and-easy installation. Follow these steps to perform a slipstream installation: 1. Copy the entire Windows XP distribution CD to a folder on a hard drive.Take note of the destination drive and directory, such as d:\winxpcd. 2. Download the network installation version of the service pack from the Microsoft Web site. 3. Perform the initial extraction of the service pack into a temporary directory, such as d:\winxp\sp1. 4. Create a destination directory for the second service pack extraction, such as d:\winxpsp1\. 5. Perform the second extraction of the service pack by issuing the following command from a command prompt: d:\winxp\sp1\xpsp1 -x.When prompted, point the extraction utility to the destination directory, such as d:\winxpsp1\. Note The main file for Service Pack 1 is XPSP1.EXE, but this might change for other service packs. You can open a command prompt by clicking Start, Run, typing CMD, and then clicking OK.
6. From the command prompt, change to the d:\winxpsp1\update directory, and then issue the following command: update -s:. Substitute your path to the host folder for your duplication \i386 directory: xpsp1 -s:d:\winxp. 7. A dialog box displays the progress of the service pack integration. After it’s finished, click OK. 8. To initiate an install, run Setup from the d:\winxpcd folder. The combined files can be shared with a network or burned to a CD as an easy distribution method to multiple systems for installation. If you are installing more than a handful of systems, slipstreaming is the way to go.
111
112
Chapter 5
Keeping Windows XP Current
Keeping Up with Changing Hardware, Software, and More Through the life of your computer system, there is a good chance that you will be upgrading, replacing, or adding components.You might add more RAM, add another hard drive, replace the video card, and so forth. As your system’s hardware composition changes, so too will the operating system. Keeping your system as clean and pristine as possible is important to maintain efficiency and performance and to avoid problems. There are several steps for keeping your system in tip-top shape, even in the face of significant internal component changes.The first step in managing change is documentation.You should actively maintain relevant documentation for your system, which includes the following: n
n
n n n
n n
n
An exhaustive list of each component inside or outside or otherwise connected to your computer Exact details about each component: vendor, make, model, specifications, customizations, upgrades, and so on Versions of drivers currently being used Exhaustive list of all software, drivers, and patches installed A log of all changes to the system, including component replacement, driver updates, patch installations, troubleshooting activities, and so forth Manuals for all components and software Written details on all custom configurations, including network addressing, naming, security, and so on CD or floppy disk copies of all installation files, including OS, software, drivers, patches, and the like
From a solid foundation of documentation, you can effectively manage a single system or a thousand systems. If you are adding a new device to your computer, follow these steps: 1. Gather manuals and documentation for the new component. 2. Locate the latest drivers for the component. 3. Read installation documentation from the manufacturer, and look for the known issues information (the section where known problems are discussed). 4. Follow the manufacturer’s instructions to install the component.This typically involves physical installation followed by software/driver installation. 5. Update the system documentation based on changes made by the installation process.
Advanced Device Driver, DLL, and System File Management
If you are replacing an existing device, follow these steps: 1. Read and follow the documentation on the uninstallation procedure for the device.Typically, this involves removing the software/driver first, followed by physical device removal. 2. When possible, boot the system without the new component to verify that all remnants from the previous device are removed. 3. Update the system documentation based on changes caused by the removal process. 4. Perform the component install, using the same five steps for adding new devices. As for software, the process is the same, except there is usually no physical component to add or remove. Just be sure to fully document the changes to the system that the installation causes.
Advanced Device Driver, DLL, and System File Management Windows XP has made numerous advancements in file management.The specter of a dead system after a software installation or a system update is nearly gone.Windows XP now actively protects itself against alterations to its core system files and helps manage changes in other important files, such as device drivers and dynamic link libraries (DLLs). The most beneficial aspect of these new self-preservation tactics is that the OS performs them automatically.This means that as a system administrator, you no longer have to worry about core system files, juggle driver versions, or deal with DLL conflicts.
Device Driver Management Managing device drivers has long been a problem for Windows. Until the introduction of driver signing in Windows 2000, drivers were not protected or insured.When a driver is digitally signed, it has been tested and verified by Microsoft to work with Windows, and it has not been changed by another program’s installation process. Drivers that are not protected can be easily overwritten or changed without the consent of the system administrator. Drivers that are not signed and verified can be corrupt, contain Trojan horses or malicious code, or simply be the wrong driver.Through the use of driver signing,Windows XP helps reduce or eliminate these problems. Driver signing is configured through the System applet: 1. Open Control Panel by clicking Start, Control Panel. 2. In Category view, click Performance and Maintenance. (In Classic view, continue to the next step.)
113
114
Chapter 5
Keeping Windows XP Current
3. Open the System applet. (Click once in Category view or click twice in Classic view.) 4. Select the Hardware tab. 5. Click the Driver Signing button to open the Driver Signing Options dialog box (see Figure 5.3).
Figure 5.3 You can configure how Windows manages driver installation through the Driver Signing Options dialog box.
The Driver Signing Options Dialog Box In the Driver Signing Options dialog box, you can select how the system handles drivers.There are three options: n n n
Ignore—Install the software anyway and don’t ask my approval Warn—Prompt me each time to choose an action Block—Never install unsigned driver software
The default setting is Warn. Only administrators are allowed to install software and change drivers.Through the use of driver signing, you can ensure that no one else is installing drivers on your system and control whether unsigned drivers are used when you attempt to install drivers. Drivers are signed exclusively by the Microsoft Hardware Quality Labs (MHQL) and only after the MHQL has thoroughly tested them. All devices on the HCL have signed drivers. If you install a driver that you want to remove and return to the previous driver, you can use the driver rollback feature. Driver rollback does exactly what it says: It removes the
Advanced Device Driver, DLL, and System File Management
current driver from the system and restores the previous driver.This process is possible because Windows XP automatically retains the previous driver files when new drivers are installed. To use driver rollback, you must access the Properties dialog box for the device through Device Manager.To do so, follow these steps: 1. Open the Control Panel by clicking Start, Control Panel. 2. In Category view, click Performance and Maintenance. (In Classic view, continue to the next step.) 3. Open the System applet. (Click once in Category view or click twice in Classic view.) 4. Select the Hardware tab. 5. Click the Device Manager button. 6. Expand a device category type to locate the device. 7. Double-click on the device to open its Properties dialog box. 8. Select the Driver tab (see Figure 5.4).
Figure 5.4 You can configure drivers in the Driver tab of a device accessed through Device Manager.
9. To roll back a driver, click the Roll Back Driver button. 10. If no previous driver is available, you will be notified and given the option to launch the Troubleshooter. If you think you need the Troubleshooter, click Yes. Otherwise, click No.
115
116
Chapter 5
Keeping Windows XP Current
11. If a previous driver is available, you are prompted to confirm the driver rollback process. Click Yes to continue or click No to cancel. 12. After the previous driver is restored, you might be prompted to reboot the system. Even if you are not prompted, always reboot after rolling back a driver. If you’d like to scan your system for signed and unsigned files, you can use the File Signature Verification (sigverif) tool.This is the same tool that the driver-signing protection mechanism uses when scanning new drivers upon installation. Note You must be logged in as an administrator to use the sigverif tool.
To use sigverif, follow these steps: 1. Click Start, Run, type sigverif, and then click OK. 2. The File Signature Verification tool opens. Click the Advanced button. 3. The Advanced File Signature Verification Settings dialog box opens. In the Search tab, you can select these options: Notify me if any system files are not signed Look for other files that are not digitally signed The second option requires that you provide a wildcard search keyword and a folder hierarchy to search. 4. In the Logging tab, you can elect to log the results of the scan and decide whether to append to the current log file or create a new log file each time the tool is used. n n
Note The log file is stored in the main Windows directory by default.
5. Click OK to return to the tool. 6. Click Start to initiate the scan. 7. After the scan is finished, sigverif displays a report of its findings.You can also view the details in the log file. The sigverif report lists the files it discovered that were not properly signed and displays their location, modification date, file type, and version number. If the discovered culprits seem abnormal or questionable, consider replacing them with signed versions.
For More Information
Windows File Protection Windows File Protection (WFP) is an invaluable mechanism that automatically protects core system files from corruption, deletion, alteration, or unauthorized replacement.WFP watches over the distributed versions of most .sys, .dll, .exe., and .ocx files as well as a few TrueType font files critical to the system.The system maintains a database of signatures and a backup copy of each protected file.When you install hotfixes or service packs that update these files,Windows updates their signature and backup copies. WFP actively scans the system, looking for any change to the protected files.When a change is detected, the file is scanned and its signature compared against the WFP database. If the file fails the inspection, it is instantly replaced with the backup copy of the original file.The backup copies of protected files are stored in the \System32\DLLCACHE folder within the main system root and on the original distribution CD. In some cases,WFP prompts you to provide the Windows XP CD to perform a key file restoration. In most cases, the activities of WFP are invisible to the user. However, when a critical system file is involved, you might be prompted to reboot the system. Just as driver signing has a user-accessible tool behind its operations, so does WFP.The tool behind WFP is the System File Checker (SFC).You can run this tool manually from a command prompt. For a complete listing of the syntax and parameters for SFC, just type sfc /? at a command prompt. Note You must be logged in as an administrator to use the SFC tool.
The SFC tool can be used to scan the system immediately, scan immediately after the next reboot, or scan after every reboot.You can also use the SFC tool to purge and rebuild the DLLCACHE folder and to set its maximum size.The default size is 50MB. The scan that the SFC tool performs simply checks that all essential core system files match their recorded signatures and are exact duplicates of their backup copies. If it finds any discrepancies, the backups are used to correct the altered version of the file.
For More Information There is very little in the way of third-party tools for keeping Windows XP up to date because it already has vastly improved mechanisms over previous Windows versions for managing and handling updates and changes to system files. Most of the tools available for Windows 2000 also work on Windows XP. But if you do venture down that path, ask the vendor whether testing has been performed on Windows XP and test the tools yourself before using them in production systems. If you fail to plan, you plan to fail.
117
118
Chapter 5
Keeping Windows XP Current
If you are managing a large deployment of Windows XP, you might find Sunbelt Software’s UpdateEXPERT useful.This tool manages the download, network distribution, and installation of service packs and hotfixes for Windows XP, 2000, and NT.To check it out, visit www.sunbelt-software.com. If the information about Windows XP management issues in this chapter has increased your desire to learn more, here are a few resources you can research. Books n
Configuring and Troubleshooting Windows XP Professional. Syngress, 2001. ISBN: 1928994806.
n
Cowart, Robert and Knittel, Brian. Special Edition Using Windows XP Professional. Que, 2001. ISBN: 0789726289.
n
Glenn,Walter. How to Use Microsoft Windows XP, Bestseller Edition. Que, 2002. ISBN: 0789728559.
n
Microsoft Windows XP Professional Resource Kit Documentation. Microsoft Press, 2001. ISBN: 0735614857.
Magazines and Web Sites n n n n n
Microsoft Certified Professional Magazine: www.mcpmag.com PC Magazine: www.pcmag.com TechNet CD or Web site: www.microsoft.com/technet/ Windows and .NET Magazine: www.winnetmag.com Windows XP CD: Read1st.txt, relnotes.htm, and pro.txt files
6 Windows XP Installation and Upgrade Secrets
W
INDOWS XP INSTALLATIONS CAN RANGE FROM simple and uneventful to complex and problem prone.Windows XP can be installed on single standalone systems or distributed to multiple clients on a large network. Knowing how to install Windows XP and understanding how to best prepare for the process can make every installation attempt a success.
Maintaining User Profiles and Configurations One of the first decisions to make when installing any operating system is whether to upgrade or to perform a clean installation. However, no matter which method you choose, you might need to retain data that’s already on the system. If the destination system has a pre-existing operating system, there is probably some data that should be maintained, saved, or backed up. Windows XP provides a means for backing up and retaining personal data across upgrades and installations.You can use the Files and Settings Transfer Wizard to create a backup of all user profile data and any data files on the system. After making this backup, you can restore it to any Windows XP installation.This backup makes the transfer of your preferred desktop environment from one OS or system to another not just possible but easy. The Files and Settings Transfer Wizard can create a backup set from a Windows 95, 98, SE, Me, NT, 2000, or XP system.The tool can be used in two modes: live transfer mode and disk transfer mode. In live transfer mode, the selected data is transferred from the source to the new destination system over a LAN connection, a dial-up link, or even a direct serial connection. In disk transfer mode, the selected data is copied to a disk.
120
Chapter 6
Windows XP Installation and Upgrade Secrets
To use the Files and Settings Transfer Wizard, you must be able to run it on both the source and destination systems. As long as the system has a CD-ROM drive, you can just run the Fastwiz.exe file from the \Support\Tools folder on the Windows XP distribution CD. If the system does not have a CD-ROM drive, you can build a wizard disk on a floppy disk. The process of backing up or transferring data between systems can consume a considerable amount of time.The larger the data’s total size, the longer the process will take.The wizard’s default settings are to grab every file that is not native to the Windows OS installation or installed applications. In other words, every single file that did not originate from Microsoft or a software vendor is included in the backup set. Fortunately, you can custom-tune the wizard to grab just the data elements you want to retain. Using the customize option greatly reduces the time needed to perform the transfer. There are two ways to use the File and Settings Transfer Wizard.The first method is to back up personal data, perform an upgrade or a clean install, and then restore the personal data.The second method is to transfer personal data from one system to another via a network link. To use the first method, perform the following steps: 1. Log on to the old system (the one that hosts the personal data you want to back up or retain) with the user account associated with the personal data. 2. Insert the Windows XP distribution CD into the CD-ROM drive. 3. Use the Start, Run command to locate and run Fastwiz.exe from the \Support\Tools folder on the Windows XP CD. 4. Click Next. 5. Select the Old Computer radio button, and then click Next. 6. If the media you’re transferring to has enough free space to accommodate your files, select the Floppy Drive or Other Removable Media option. If not, select Other. If you selected Removable Media, select the appropriate drive in the drop-down list. If you selected Other, define the drive and path where the personal data files will be deposited. 7. Click Next. 8. In the What Do You Want to Transfer? page, select one of the following radio buttons: Settings Only, Files Only, or Both Files and Settings. If you want to customize the selections, click the check box at the bottom (see Figure 6.1), and then click Next.
Maintaining User Profiles and Configurations
Figure 6.1 Select which files and settings to transfer in the Files and Settings Transfer Wizard.
9. If you decided to customize the option you chose in step 8, the Select Custom Files and Settings dialog box opens, where you can add and remove files and settings from the backup set (see Figure 6.2).
Figure 6.2 You can customize which files and settings are transferred.
10. After finalizing your choices for the backup set, click OK. A list of settings and/or files to back up is displayed. Click Next to start the backup. 11. The selected elements are backed up into the selected destination.When it’s completed, click Finish.
121
122
Chapter 6
Windows XP Installation and Upgrade Secrets
Now that you have the backup set, you can perform your upgrade install or clean install and install all your applications. After that is finished, you can restore your settings to the new Windows XP system.To restore your personal files, perform the following steps: 1. Log on to the new system with the user account that will be associated with the personal data. 2. Insert the Windows XP distribution CD into the CD-ROM drive. 3. Use the Start, Run command to locate and run Fastwiz.exe from the \Support\Tools folder on the Windows XP CD. 4. Click Next. 5. Select the New Computer radio button, and then click Next. 6. Select the I Don’t Need the Wizard Disk, I Have Already Collected My Files and Settings from My Old Computer radio button. 7. Click Next. 8. Select the Removable Media option or the Other option. (Make the same selection you made in step 6 of the previous procedure.) Be sure to insert the removable media or provide access to the other storage location. 9. Click Next. 10. Your personal files and settings are imported.When the import is completed, click Finish. 11. Reboot the system for the settings to take effect. If you are transferring data from one system to another and can establish network connectivity, you can use the File and Settings Transfer Wizard to move the data directly from one system to the other. Just follow the same basic process, but instead of selecting Removable Media or Other, select the Direct Cable option. Configure the old system first, and then the new.
Windows Activation Microsoft has implemented a piracy prevention mechanism into Windows XP known as Windows Activation.Windows Activation requires verification of your registration code when an installation is performed.The verification can occur over the Internet automatically or over the phone.The primary purpose of Windows Activation is to prevent a single copy of Windows XP from being installed on multiple systems.When Windows XP is activated, its registration key is stored in a Microsoft database along with an identification code for your specific computer. After it’s activated, that version of Windows XP can be legally used on only that one system. The identification code for your computer is created by taking details, IDs, and parameters from various core components of your computer to create a unique 50-digit code.
Dos and Don’ts of Upgrading
Microsoft claims this code cannot be used to trace or locate a specific computer; however, the code is specific enough to prevent reuse of the same registration code on a system with a different ID. Microsoft also claims that the activation process is fully anonymous and privacy is maintained. Activation is required within 30 days of installation. If you fail to activate Windows XP within that time period, the system ceases normal operations until activation is completed. Activation is easiest if your system has Internet access during the installation. However, if you add Internet access after installation, activation is just as simple. In most cases, activation takes less than 30 seconds. However, if the system doesn’t have Internet access in any form, activation can be done over the phone by dialing the phone number that the Activation Wizard displays. Activation ensures that you’ve purchased a fully legal copy of Windows XP and that no one else can steal or duplicate your copy of Windows XP. However, activation can bring new problems to your door. Microsoft claims that 10 aspects of a computer are analyzed to create the unique system ID for activation. However, as you upgrade or alter your system’s hardware configuration, these components might change. If the upgraded system’s generated ID is significantly different from the one registered with Microsoft, your Windows XP installation is automatically deactivated. Fortunately, Microsoft will reactivate your system if you call and explain that you’ve upgraded your computer’s hardware. Reactivation can take place only over the phone. Activating during installation is easiest, but if you skip it then, you can launch the Activate Windows utility from the Start, Programs menu.
Dos and Don’ts of Upgrading Migrating from one operating system to another can be smooth as silk or as difficult as reaching the moon from a ladder. Upgrading, on the other hand, is the process by which the new operating system is installed into the existing OS.When this works properly, the result is an updated system that retains most of the configuration, layout, and settings from the previous OS. However, when upgrading goes bad, you might need to format the partition/hard drive and start a clean installation from scratch. To achieve a smooth upgrade or migration to Windows XP, there are many issues to consider and several actions to take before launching the Windows XP installation routine. .
If you are interested in performing a multi-boot installation, see Chapter 7, “Booting Windows XP,” p. 129.
The first action you should always take when considering or pondering a migration is read the documentation.The Windows XP distribution CD includes several important
123
124
Chapter 6
Windows XP Installation and Upgrade Secrets
documents you need to review before performing the install. Read1st.txt, in the root directory of the distribution CD, contains last-minute installation information that wasn’t available until just before Microsoft burned the CD. Pro1 (Professional) or Pers1 (Home), found in the CD’s Setuptxt folder, are files containing version-specific information on topics such as installation, customization, and startup. Next, visit the Windows XP Web site at www.microsoft.com/windowsxp and read through everything related to installation, migration, and deployment. Windows XP supports upgrading from a limited selection of operating systems: n n n
Windows 98, OSR2, SE, Me Windows NT 4.0 Workstation (with service packs) Windows 2000 Professional (with service packs)
You can also upgrade Windows XP Home Edition to Windows XP Professional. If your system hosts any other operating system, including Windows 95,Windows NT Server,Windows 2000 Server,Windows 3.x, or even—God forbid—a non-Microsoft OS, you have to perform a clean install.Try using the Files and Settings Transfer Wizard (when supported) to migrate your essential files and settings to Windows XP. When performing an upgrade, keep in mind that the process does not always produce expected or desired results.The upgrade could possibly crash your system, delete wanted data files, or even default to a clean install. Backing up your system is the only way to protect yourself against the numerous potential failures of an operating system migration. During an upgrade, you’ll be prompted whether to upgrade the hard drive to NTFS (if applicable). In most cases, this option is preferred. FAT and FAT32 offer no security controls and have numerous problems with fragmentation and directory corruption. NTFS offers security, reliable fault tolerance, and self-repairing capabilities and supports very large partition sizes. Before any upgrade, be sure to remove or disable all disk compression tools.The Windows XP upgrade process is not compatible with most of these third-party tools. If your hard drive is so small that you must use drive compression to host Windows 9x, you have bigger issues to resolve than upgrading your OS—namely, installing a larger hard drive. You should also remove all drive and file encryption.You might be able to reinstall these tools after the upgrade, but there is too much potential for a catastrophe if they are present and active during the upgrade. If you choose to partition your primary hard drive instead of dedicating it entirely to the boot partition, be sure to create at least a 4GB partition to host Windows XP. Believe me, you don’t want the headache of having to juggle files when you discover the operating system’s boot partition is running low on space.
Automating Windows XP Installation
Tip It is also a good idea to exit any virus or Trojan horse scanners and to start the upgrade after a fresh boot of the current OS.
Performing a Smooth Migration A smooth migration to Windows XP is dependent on a few key issues. First, you need to ensure that all components of the system are compliant with the Hardware Compatibility List (HCL), found at www.microsoft.com/hcl/. Second, make sure your system exceeds the system requirements for Windows XP.Third, having Internet access will enable you to activate the system and quickly access Windows Update. During an upgrade installation, the setup routine inspects your system for compliance with the Windows XP HCL and produces an upgrade report listing all the software (including device drivers) that might not function properly under Windows XP.The purpose of the upgrade report is to forewarn you of possible problems so that you can seek out updated versions, drivers, patches, and so forth. If you’d like to perform the upgrade check without starting the upgrade installation process, just issue winnt32 /checkupgradeonly from Start, Run or a command prompt. Remember, the winnt32 executable is located in the i386 directory on the Windows XP distribution CD.
Automating Windows XP Installation Windows XP installation can be automated by using scripting or push installations. Scripting automation allows for upgrade or clean installs, whereas push installations are limited to clean installs only. You can use the Setup Manager Wizard to quickly create custom installation scripts.To install this tool, extract the contents of the Deploy.cab file from the \Support\Tools folder on the Windows XP distribution CD into a folder of your choice.You can then use the Setup Manager (Setupmgr.exe) to create an answer file named Unattend.txt.This file is used as a command-line parameter of winnt32 to supply answers to installation questions, which eliminates the need for human interaction during the installation.The Setup Manager is easy to use; in fact, it’s a wizard that prompts you for every iota of information needed to perform a completely unattended installation. If you name the answer file Winnt.sif and place it on a floppy disk, you can launch the automated install by booting from the Windows XP CD and placing the floppy disk in the floppy drive. Otherwise, the answer file is used to launch an installation from a preexisting OS, either from a network share of the i386 directory on the Windows XP CD or from a local CD-ROM drive.
125
126
Chapter 6
Windows XP Installation and Upgrade Secrets
The basics of scripted installations are fairly straightforward and easy to manage. However, there are lots of details and complex alterations that can be used as well. For an in-depth discussion of scripted installations for Windows XP, please consult the Windows XP Resource Kit’s Chapter 2, “Automating and Customizing Installations.”You can access it online by going to www.microsoft.com/technet/ and searching with the keywords “Automating and Customizing Installations.” The Windows 2000 Remote Installation Service (RIS) can be used to push out installations of Windows XP to destination clients.To use RIS to install Windows XP, the destination clients need a special booting NIC or a RIS boot disk. For details on using RIS to install Windows XP, please see the Windows 2000 Resource Kit. See the Windows XP Resource Kit’s Chapter 2, “Automating and Customizing Installations” for details on Windows XP installations pushed via RIS and information on RIS installation, configuration, setup, and use.
Troubleshooting Installations The Windows XP installation process is very robust and difficult to break—that is, if you’ve started with an HCL-compliant set of hardware. I’ve easily performed over 100 installations of Windows XP on various desktops and notebooks, and I’ve had only one or two failures; as it turns out, those failures were caused by defective or legacy hardware. After the components were replaced, the installation was completed without a hitch. However, just because the installation routine normally goes smoothly doesn’t mean it always will.To help you troubleshoot installation problems, I’ve collected a few scenarios I’ve encountered in the past and a viable solution for each.
Windows Crashes During Installation In the first scenario, the Windows XP installation process crashes before it completes. In most cases, a crashed install is caused by a hardware problem. If your hardware is not 100% HCL compliant, expect problems. However, hardware is not always the culprit. In some cases, the settings you choose during the install could stress the preinstalled OS to the point of failure. For example, complex network configurations and high-end video settings are best left for configuration after the OS has finished its initial installation. If your first attempt at installation fails, try it again, and stick with the defaults or the basic selections during the installation process. After the install is finished, use the Control Panel applets to implement other configuration changes. The installation can also crash because of a hardware hiccup, an electricity fluctuation, or the moon being half out of phase.The setup routine maintains a log file of its progress, which makes it easy to restart and pick up where it left off.Therefore, another possible solution is just to restart the installation and let the setup process try it again.
Troubleshooting Installations
If the failure occurs at the switch between the setup’s text portion and the graphical portion, you can suspect your video card. It might not be HCL compliant or have enough RAM to function.You should try a different video card to see if you can finish the install.Then follow the video card vendor’s instructions on installing the card back into the system and be sure to use the latest drivers.
My Existing OS Won’t Recognize the CD-ROM Drive In this next scenario, your current operating system won’t “see” your CD-ROM drive, making it difficult to launch the install. Fortunately, you have a few other options. First, if you can configure the system to boot from the CD-ROM drive, you can launch the install to perform an upgrade or a clean install directly from the CD. If you don’t have a bootable CD-ROM, you can try creating a DOS boot disk with DOS-based CD-ROM drivers and launch the install (located in the i386\winnt directory) from the DOS prompt. Another method is creating the setup boot disks for Windows XP.The tool to create these disks is available on the Microsoft Web site at http://support. microsoft.com/default.aspx?scid=KB;EN-US;q310994&ID=310994.You’ll need six blank floppy disks to create the set.There is one set for Windows XP Home Edition and another for Windows XP Professional.With the setup boot disks, just boot from the first floppy disk in the set and follow the instructions. If none of these methods succeed, you have a hardware issue (for example, an incompatible CD-ROM drive or an out-of-date motherboard) that needs to be resolved.
Windows XP Fails to Boot After Installation In another scenario, the installation finishes but Windows XP does not boot afterward. In most cases, this failure has to do with the system partition, which contains the files that the computer uses to load the boot menu and the actual OS files. If this partition is not created correctly, the system will not boot. However, this event is rare. It’s more common for the system partition to be on a special drive controller, such as SCSI, and the wrong device driver has been installed for that driver controller. Make sure you know whether the drivers for your drive controller are native to Windows XP or if you must install them during the initial stages of setup (by pressing F6 during the text portion of the setup routine). Another possible problem involves configuration settings in the BIOS. If your motherboard’s BIOS is not Windows XP compatible, you need to see if it’s upgradable to a newer BIOS. If it’s not, you might have to upgrade your system. If it is compatible, then a configuration setting could be causing a problem.The problem could be in the area of a boot password, power management, boot order, or any number of other locations. A possible correction is resetting the BIOS to its defaults. However, before you take that
127
128
Chapter 6
Windows XP Installation and Upgrade Secrets
action, back up the BIOS settings if your system offers that feature; otherwise, record the salient details manually.
For More Information If the information about Windows XP installation issues presented in this chapter has increased your desire to learn more, here are a few resources you can research: Books n
Configuring and Troubleshooting Windows XP Professional. Syngress, 2001. ISBN: 1928994806.
n
Cowart, Robert and Knittel, Brian. Special Edition Using Windows XP Professional. Que, 2001. ISBN: 0789726289.
n
Microsoft Windows XP Step by Step. Microsoft Press, 2001. ISBN: 0735613834. Microsoft Windows XP Professional Resource Kit Documentation. Microsoft Press, 2001. ISBN: 0735614857.
n
Other Resources n n
TechNet CD or Web site: www.microsoft.com/technet/ Windows XP CD: Read1st.txt, relnotes.htm, and pro.txt files
7 Booting Windows XP
A
FTER WORKING WITH WINDOWS XP FOR a while, you will realize that most system crashes occur during the boot process. Although the boot process looks simple on the surface, it is actually quite complex.This chapter describes the steps that Windows XP takes from the time you initially turn on your computer to when you are given the login prompt.
In addition, you examine some of the available tools (from both Microsoft and thirdparty vendors) for recovering a failed Windows XP system, including the Windows XP boot disk.
System and Boot Partitions When Windows NT was created, Microsoft made decisions that, to this day, we are still trying to figure out. Many of these decisions have remained in effect through Windows 2000 and now in Windows XP.The distinction between the system and boot partitions is one of these decisions. Common sense tells us that the boot partition should contain the boot files, and the system partition should contain the system files.Well, who needs common sense, anyway? In the Windows XP, 2000, and NT worlds, the opposite is true. As a rule, boot files reside on the system partition, and system files are on the boot partition. Just remember that it’s the opposite of common sense, and you’ll do just fine. Although there is some logic behind the choice of terms, Microsoft selected the logical choice that is not the most obvious choice.The system partition contains the files that tell the system (that is, the hardware itself) what to boot and how.The boot partition contains the files needed to actually boot the operating system.Try to pick a method to help you remember the distinction and stick with it. Otherwise, you’ll get confused just when clarity matters most. To properly boot an operating system (Windows XP included), you must have at least one system partition configured; this is also known as the active partition.To select and
130
Chapter 7
Booting Windows XP
configure an active partition, use the Windows XP Disk Management administrative snap-in to the Microsoft Management Console (MMC). To use the Windows XP Disk Management MMC snap-in, follow these steps: 1. Start the Disk Management MMC snap-in by opening the Administrative Tools window from Control Panel, and then double-clicking the Computer Management icon. 2. Click Disk Management under the Storage container in the left pane of the Computer Management window. 3. Select the disk to be marked as active by clicking it, and then choosing Action, All Tasks, Make Partition Active from the menu. In most cases, you do not need to define or alter the active partition throughout your system’s lifetime.When you perform the initial Windows XP installation, the installation process takes care of this detail for you automatically.The only time you might need to perform this operation is when you create a dual-boot system in which the active partition is changed.
The Windows XP Boot Sequence Although the Windows XP boot process is lengthy and complex, it follows a distinct, logical path. Knowing the steps Windows XP takes during its initialization stages can help you in troubleshooting exactly where the boot process might be failing.The Windows XP boot process can be divided into the following areas, occurring in this order: 1. 2. 3. 4. 5. 6. 7. 8. 9.
Power On Self Test (POST) Initializing the system Booting the system Choosing the operating system Detecting the hardware Choosing the boot configuration Loading the Kernel Initializing the Kernel Logging in to the system
Before you can examine how Windows XP boots, you need to know which files are involved in this process.The Windows XP boot process uses several files. Some of them exist in all circumstances, and others exist only if certain conditions are met.The following is a list of the most commonly used files:
Note Note that these are exactly the same files found on a Windows 2000 system.
Power On Self Test (POST) One of the first tasks any Intel-based computer performs is the Power On Self Test (POST). POST is a set of tests your computer performs to check itself. Covering all the tests would be impossible because they vary greatly, depending on the BIOS version installed in the system. Some of the most common tests include checking the hard drives, memory, video card, and keyboard. Although most people assume that only computers run a POST, some adapter cards run their own POST as well (based on the information stored in their BIOS). One of the most common types of adapter cards that perform this task is a small computer system interface (SCSI) card. In most cases, a SCSI card can run tests to check its configuration and to detect any devices that might be connected to the system. A SCSI card that can perform this task is known as a SCSI adapter with the BIOS enabled, which is explained in further detail in “The [operating systems] Section” later in this chapter. When POST runs into a problem, it usually notifies you, the user, by displaying an error message onscreen or by sounding a preset series of beeps (the most common method of notifying you of errors).The number, length, and sequence of beeps depend on the BIOS. At first, it might seem weird that the system would beep instead of displaying an error message, but when you think about it, it does make sense. How else would you know there is a problem with the video card if the system could not display the message onscreen (because of the problem with the video card)? It’s important to note that the POST has nothing to do with the operating system installed on the machine.The POST performs the same routine every time the machine is powered on and must finish successfully before the system looks to any storage medium for information. Failure here is always hardware related.
131
132
Chapter 7
Booting Windows XP
Beeping Errors If your system is one that informs you of errors by sounding a sequence of beeps, you can “break” the code by checking out the FAQ at the PC Guide Web site. The PC Guide’s code page on troubleshooting BIOS beeps can be found at http://www.pcguide.com/ts/x/sys/beep/index.htm. In addition, be sure to review the documentation that came with your motherboard for the most useful information for your particular system. Also, check the Web site of your motherboard’s manufacturer, as additional information might be listed there.
When the POST is finished, the system moves into the next phase of its startup process, initializing the system.
Initializing the System The machine must now find a way to boot the operating system (OS).To accomplish this task, and because each OS boots differently, it must find information on how to pass control to the OS. If the startup process detects a floppy disk in the drive, it searches the disk’s first sector for the partition boot sector. If one is found, it treats that floppy disk as a startup disk and passes control to it. If a floppy disk is detected in the drive but determined to be a non-system disk, a message similar to the following appears: Non-System disk or disk error Replace and press any key when ready
If, however, the floppy disk is deemed a bootable disk, the partition boot sector then loads into memory.The partition boot sector contains information on how to pass control to the OS on that disk. After this information is gathered, all control is transferred to the OS. If the system does not detect a floppy disk in the floppy disk drive, it checks the next device (as defined by the system’s BIOS) to see if it is bootable. On most systems, it is the CD-ROM drive. If a bootable CD-ROM is present, you are asked whether to boot from it. In most cases, your response will be pressing the spacebar to confirm booting from the CD-ROM, or doing nothing to indicate that the system should boot from the next boot device. After the OS is installed, there is little reason to boot from a CD other than to load a CD-based OS. Usually, the next available device is a hard drive.The first area on a hard drive is known as the Master Boot Record (MBR). Note With the advent of bootable CD-ROMs, Zip disks, and other forms of media, BIOS manufacturers have changed the way the BIOS detects bootable devices. You can select the order in which the system attempts to detect bootable devices on most new computers, so the previously described boot order might not occur on your system. Because of the large number of combinations and boot device orders, we won’t cover each bootable device.
The Windows XP Boot Sequence
If the system does not find an MBR on the hard drive, you get the following message: Missing operating system
If the system finds an MBR on the hard drive, it loads it into memory, processes it, and passes control to the OS as outlined in that MBR.The BIOS then steps into the background and is not used again.
Booting the System At this point, the OS boot process has begun, and control is passed to a Windows XP file known as Ntldr.This file displays the boot menu, detects the hardware, and initializes any adapters that might be used to boot the system. Unlike Windows NT, which informed you as to what was happening throughout the startup,Windows XP keeps this information somewhat secret. Instead,Windows XP displays a title window, shown in Figure 7.1, while it initializes the system.The option of pressing the F8 key to enter a troubleshooting menu is covered in the “Troubleshooting Boot Problems” section later in this chapter.
Figure 7.1 During the boot process, you should see this Windows XP title window.
Ntldr then detects the file system used to format the hard drive (FAT or NTFS) and loads the appropriate driver so that it can continue to read information off the hard drive. In a multi-OS environment, it then loads the Boot.ini file into memory, processes it, and displays the Windows XP boot menu. (See the “Choosing the Operating System” sidebar later in this chapter.) If only a single operating system is installed (a Windows XP
133
134
Chapter 7
Booting Windows XP
OS, obviously), no boot menu is displayed. Instead, Ntldr simply continues with the startup of that OS. If you select a non-Windows XP or a previously installed OS, Ntldr finds the Bootsect.dos file.This file contains the MBR as it existed before being replaced with the Windows XP MBR. Ntldr loads this file, runs it as though the MBR is being read, and passes control to it. At this point,Windows XP is out of the picture and has no say in how the OS is booted. If you select a Windows XP installation, Ntldr locates and runs the Ntdetect.com file, which detects and gathers information about your system’s hardware configuration. After Ntdetect.com gathers this information, you are given the option of placing Windows XP startup into the Hardware Profile/Configuration Recovery menu. (This menu appears only if you have multiple hardware configurations.) As you may already know,Windows XP can boot into several different hardware configurations.You will find this feature handy if you are running a notebook computer with a docking station.When the notebook is “docked,”Windows XP has access to several hardware components that are not available when the notebook is “undocked,” such as SCSI controllers, high-speed networking devices, and directly connected printers. Use this menu option to select the preferred configuration. Note With Windows XP finally supporting full Plug and Play, profiles are not as necessary as they were with Windows NT. They are normally used only with non-PnP devices.
The final task Ntldr performs is loading and running the Windows XP Kernel (Ntoskrnl.exe). After running the Kernel, Ntldr passes all the information it received from Ntdetect.com to the Kernel and terminates itself. Understanding the Boot.ini File An important part of booting and troubleshooting Windows XP is understanding how the Boot.ini file works.When you fully understand how Ntldr uses the information stored in the Boot.ini file, you will be well on your way to troubleshooting most Windows XP boot problems. Choosing the Operating System Ntldr displays a boot menu where you choose the OS the system should boot. One item on the boot menu is always highlighted—the default operating system. Also, notice a countdown timer at the bottom of the menu (on the right side). When the timer reaches zero, it automatically boots the default OS. This feature allows Windows XP to automatically reboot itself without having a user present.
The Windows XP Boot Sequence
When you install Windows XP, the setup program automatically creates a Boot.ini file and stores it in the root folder of the startup disk. If you run the Windows XP installation program after Windows XP is installed and choose to install another copy of Windows XP (or Windows NT or 2000), the setup program appends the existing Boot.ini file and makes the latest installation the default boot option.When you boot Windows XP, Ntldr uses the information stored in the Boot.ini to display and run the boot menu. Assuming that a single copy of Windows XP Professional is installed over an existing Windows 98 installation, a default Boot.ini file might look like this: [boot loader] timeout=30 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= ➥ “Microsoft Windows XP Professional” /fastdetect C:\=”Windows 98”
The Boot.ini file can be divided into two separate, yet equally important, sections: n n
The [boot loader] section The [operating systems] section
The [boot loader] Section Two variables are set in the [boot loader] section of the Boot.ini file.The first, timeout=, is the amount of time (measured in seconds) the user has to select an OS before Ntldr automatically starts the default OS.The default value for the timeout variable is 30 seconds. If you set the value to zero, Ntldr automatically starts the default OS without showing the boot menu. If you set the timeout value to –1, Ntldr displays the boot menu without counting down the time. In other words, it waits indefinitely for you to make a selection.You can achieve the same result by pressing any key except Enter while the boot menu is displayed and counting down. The second variable, default=, defines which OS is booted by default.The default variable is simply a link to the [operating systems] menu and gets its boot information from there. The [operating systems] Section The [operating systems] section of the Boot.ini file contains a list of operating systems that are available to boot. Each entry contains the path Ntldr uses to find the OS system files, the string to display in the boot menu, and an optional switch that controls how Windows XP boots.
135
136
Chapter 7
Booting Windows XP
You can use this section to define multiple operating systems as well as the options for booting the same OS with different switches enabled.The path for each OS is defined by using the industry-standard Advanced RISC Computing (ARC) naming convention. ARC naming enables you to define the location of the OS files regardless of the type of controller, the physical hard drive, or the partition. It is written according to the following formula: Controller(w)drive(x)drive(y)partition(z)\%systemroot%
Two different ARC statements can be used in the Boot.ini file: n
Multi(w)disk(x)rdisk(y)partition(z)\%systemroot%
n
Scsi(w)disk(x)rdisk(y)partition(z)\%systemroot%
The Multi option can be used for IDE controllers or SCSI controllers that have the BIOS enabled (meaning they can detect and mount SCSI drives).The Scsi option is used for SCSI controllers that have the BIOS disabled.This option requires the Ntbootdd.sys file (the SCSI controller driver) to load the SCSI controller so that Ntldr can access the drives.The value of the w variable is the number of the controller installed in the system (when there are multiple controllers).The first controller is given a value of 0, the second a value of 1, and so on. The disk variable defines which hard drive is to be accessed on a SCSI controller with the BIOS disabled. As with the controllers, the first drive on the controller is given a value of 0, the second a value of 1, and so on.The SCSI and disk variables work together to define the controller and the hard drive where the OS files reside. If the Multi option is used, disk will always be 0. The rdisk variable defines which hard drive is to be accessed on an IDE controller or a SCSI controller with the BIOS enabled. Again, the first drive on the controller is assigned a value of 0, the second a value of 1, and so on.The Multi option and rdisk variable work together to define which controller and drive are used to store the OS files. If the Scsi option is used, rdisk will always be 0. Next, the partition variable defines which partition on the hard drive stores the OS files. Unlike the other variables in the ARC naming convention, the first partition on the hard drive is given a value of 1, the second a value of 2, and so on. Finally, the %systemroot% variable defines the folder in which the OS files are stored. The default, when you install Windows XP, is the WINDOWS folder. For example, assume you have a RAID system with two IDE controllers, with three hard drives on each controller and two partitions on each hard drive.The Windows XP system files are located in the \Windows folder on the second partition, which is on the third hard drive connected to the first controller.This is the ARC statement that would appear in the Boot.ini file: Multi(0)disk(0)rdisk(2)partition(2)\WINDOWS
The Windows XP Boot Sequence
The information in quotes at the end of the ARC statement is what will appear as the menu entry for this statement. Finally, you can add one or more switches.When you install Windows XP, the Windows XP setup program assigns a single boot entry for each installed OS (unlike the two entries per installed OS in Windows NT).The Boot.ini switches are defined in the next section. The Boot.ini Switches You can add several switches to the end of Windows XP ARC statements in the [operating systems] section of the Boot.ini files.These switches, which are not case sensitive, are listed in Table 7.1. Table 7.1 The Boot.ini Switches Boot.ini Switch
Description
/3GB
This switch specifies that 3GB of virtual address space is reserved for applications and only 1GB is reserved for the Kernel in each virtual machine, as opposed to the 2GB/2GB default. This switch boots Windows XP using a standard VGA video driver, which is compatible with every VGA video card. Use this switch if you have installed a new video driver and Windows XP does not boot properly.You can then change the video driver to one that does work.This switch is used with the /SOS switch in the default ARC statement in the Boot.ini file. This switch enables you to select the baud rate to use when debugging the system. If you do not select a value (indicated by xxxx), the value of 9600 is used by default when a modem is installed.This switch automatically enables the /DEBUG switch. This switch enables recording a boot log in the %systemroot%\ntbtlog.txt file. This switch defines an amount of memory (nnn) in megabytes that Windows XP is restricted from using.This setting is often used to test problems related to RAM depletion. When you enable this switch, it loads the Windows XP debugger. Unless a Kernel error occurs, however, the debugger is inactive.The Windows XP debugger is useful if your system is experiencing Kernel errors.
/BASEVIDEO
/BAUDRATE=xxxx
/BOOTLOG /BURNMEMORY=nnn
/CRASHDEBUG
137
138
Chapter 7
Booting Windows XP
Table 7.1 Continued Boot.ini Switch
Description
/DEBUG
This switch enables the debugger when Windows XP is loaded. /DEBUG allows you to start the debugger using a host debugger connected to the computer. Use this switch if your errors are easily reproducible. This switch designates the serial port (comx) to be used for communication with the host debugger. Like the /BAUDRATE switch, this switch starts the /DEBUG switch automatically. This switch disables serial and bus mouse detection. Specifying a COM port (com1 and so on) disables the scan just on that port; not specifying a COM port disables the scan on all ports.This switch is useful if you have an uninterruptible power supply (UPS) connected to your system. Many UPSs are disabled when Windows XP attempts to detect a mouse on the port on which they are communicating. This switch enables you to limit the amount of memory (x) Window XP can use. This switch disables the Windows XP bitmap splash screen during bootup; it also disables the blue screen of death because the same driver is used for both. This switch tells the system not to use the debug information. This switch controls the number of processors (nnn) the system can use. This switch stops the OS from dynamically assigning system resources (I/O ports, IRQs) to PCI expansion cards. It forces the settings in BIOS to take precedence. This switch forces a boot into Safe Mode. Options for parameter include minimal, network, and minimal(alternateshell). This switch displays device driver names and locations as it is loaded. Use this switch if you suspect that a device driver is corrupt or missing.This switch is used with the /BASEVIDEO switch in the default ARC statement in the Boot.ini file.
/DEBUGPORT=comx
/FASTDETECT={com1|com2|comx...}
/MAXMEM:x /NOGUIBOOT
/NODEBUG /NUMPROC=nnn /PCILOCK
/SAFEBOOT:parameter
/SOS
Building Boot Disks
Detecting the Hardware During this phase of bootup, Ntldr calls Ntdetect.com, which detects your video card, keyboard, mouse, drive controllers, CPU, and communication ports.
Kernel Loading and Initialization After the hardware has been successfully detected and the Hardware Profile/Configuration Recovery menu has been completed, the system loads the Windows XP Kernel (Ntoskrnl.exe). During this phase, several services are being loaded, the most important being the Windows XP Kernel (Ntoskrnl.exe) and the Hardware Abstraction Layer (Hal.dll). Although the system loads these two key services, they do not actually run until the next phase of the boot process. Next, the system checks the Registry and determines which services need to be started for the system to complete its boot process.Then the services are started. When all services have been loaded into memory, it is time to initialize the Kernel. Any services that were not initialized during the Kernel loading phase are then started.
Logging in to the System The last phase of the boot process initializes the logon subsystem (WinLogon) and passes control to it.Windows XP then displays the initial logon screen. It is important to note that, although you can begin the logon process,Windows XP might not be completely initialized. It has initialized only the components that must be in place for the logon to occur. Any non-dependent services, such as Internet Information Services, run after the logon screen appears.
Building Boot Disks This section details how to create and use boot disks. A boot disk enables you to boot a machine into MS-DOS to run diagnostic software to determine why Windows XP won’t boot. Because of the overhead needed to boot Windows XP, there is no built-in way to build a bootable copy of Windows XP using floppy disks. It would just require too many disks. If you recall, when you installed Windows XP (if you used the floppy jump-start method), it took six floppy disks just to get to the point where you could begin to install Windows XP. After that, the setup program copied enough files off the CD-ROM so that you could reboot the system and continue with a Windows XP–based installation. Note Windows XP can also fail to boot if a file is missing or becomes corrupt on the system partition. A boot disk can be used in this situation as well.
139
140
Chapter 7
Booting Windows XP
There is, however, a way to start a machine that has corrupted or missing boot files.The Windows XP boot disk provides enough information to start a computer and point it to the existing Windows XP installation. Note, however, that the existing Windows XP installation must be on the disk and accessible.The boot disk is only for troubleshooting boot errors. It is not uncommon for a small configuration change in your Windows XP environment, such as changing the partitions on a hard drive, to make your Windows XP system unbootable with the regular boot method (although the chances of this happening have been greatly reduced since Windows NT). Luckily, there is a way that you can boot Windows XP from a floppy disk.This disk is known as the Windows XP boot disk.
Boot Disk Requirements A couple of requirements must be met for a boot disk to be created successfully.The first and most important is how the floppy disk is formatted. Second, several files must be copied to the floppy disk to make it usable. When creating a Windows XP boot disk, remember that it must be formatted in Windows XP. A disk formatted in DOS,Windows 3.x,Windows 9x,Windows NT, or even Windows 2000 will not work because of the partition boot sector. Remember that the partition boot sector finds the OS and passes control to it. A boot disk from a different OS looks for the files that OS uses to boot.When you format a floppy disk in Windows XP, it modifies the partition boot sector so that it looks for Ntldr and passes control to it if it’s found. The second requirement has to do with files being copied to the boot disk.Which files are required depends on the system configuration (SCSI controllers, old OS, and so on). These are the required files for an x86-based system: n n n n n
Ntldr Ntdetect.com Boot.ini Bootsect.dos (if you are booting a previously installed OS) Ntbootdd.sys (if you have a SCSI controller with the BIOS disabled in your system)
Creating the Boot Disk Creating the boot disk is quite easy. Remember, all it does is replace the boot process described in “The Windows XP Boot Sequence” at the beginning of this chapter. It does not place the Windows XP OS on the floppy disk.To create the boot floppy disk, you need to simply format the floppy disk using an existing Windows XP system. Copy the
Building Boot Disks
following files from the system partition (generally, the root of drive C:) of the existing Windows XP installation to the newly formatted floppy disk: n n n
n n
Ntldr. Ntdetect.com. Boot.ini.This file might have to be edited so that it looks for the Windows XP boot partition in the right location. Bootsect.dos.You’ll need this file if a previous OS was installed. Ntbootdd.sys. Although it’s rare, if your system has a SCSI adapter with the BIOS disabled, you need this file. It is the driver for the SCSI card and is specific to the SCSI card you have installed in the system. Ntbootdd.sys is actually the SCSI driver copied and renamed.
Note Remember, for the Windows XP boot disk to be of any use to you, you must already have Windows XP installed and configured. It is not a replacement for Windows XP. That is, this disk has just enough “smarts” to look for the Windows XP installation and pass control to the Windows XP Kernel.
Advanced Options Menu During the initial startup phases of Windows XP, you are given the option of pressing the F8 key to enter the Advanced Options menu shown in Figure 7.2.This menu gives you a wide range of options for booting a Windows XP system that is not starting properly.
Figure 7.2 The Advanced Options menu offers several options that can help you troubleshoot a system that does not boot properly.
141
142
Chapter 7
Booting Windows XP
The Advanced Options menu items are described in the following list: n
n
n
n
Safe Mode. Boots Windows XP with a minimal set of drivers and services, using the Vga.sys video driver. Safe Mode with Networking. Boots Windows XP using Safe Mode, but adds networking support. Safe Mode with Command Prompt. Boots Windows XP using Safe Mode, but runs Cmd.exe rather than Explorer.exe. Enable Boot Logging. Starts Windows XP in Safe Mode and logs all steps to the Ntbtlog.txt file in the %systemroot% directory.
n
Enable VGA Mode. Boots Windows XP into VGA mode (640×480) using the currently installed video driver (not the generic Vga.sys driver).
n
Last Known Good Configuration. Boots Windows XP using the most recently working configuration stored in the Registry.
n
Directory Services Restore Mode. Boots Windows XP domain controllers into restore mode so that System State data can be reinstated.
n
Debugging Mode. Boots Windows XP in debug mode, which allows debugging information to be sent over a serial cable (at COM2) to a debugging workstation.
n
Start Windows Normally. Exits the Advanced Options menu and boots the system normally.
Multi-Boot System Implementation If you have Windows XP installed on your system, you know what the Microsoft multiboot system looks like. Next, you’ll look at its strengths and limitations. Simply stated, the Microsoft multi-boot system is written so that it works with Microsoft operating systems.This is both a strength and a weakness. Its strength comes from its simplicity.To modify the boot menu, you can simply edit a text file in the system partition’s root folder.The next time you boot the system, the changes appear. In addition, because Microsoft fully supports the multi-boot system, literally hundreds of TechNet and KnowledgeBase documents are available from Microsoft on the subject. You have to remember that the Microsoft multi-boot system is very simple; this limitation is its weakness. It cannot handle more than one “non-Windows NT/2000/XP” OS (not directly from the boot menu, anyway). It is limited to only 10 entries on the boot menu. For example, create a Windows XP boot disk and modify the Boot.ini file so that it has the following information:
Now boot your system using the Windows XP boot disk. Notice that it displays only the first 10 entries in the menu. Most users never reach the 10-entry limit in the Boot.ini file, but it’s important to note this limitation anyway. There are several third-party multi-boot systems, many of which simply improve on the Microsoft version.The main player in the multi-boot market is BootMagic. BootMagic, which ships with PowerQuest’s PartitionMagic, enables you to easily change between operating systems, regardless of the type of volume on which it is located, the OS, or the type of hard drive.You can purchase PartitionMagic online directly from PowerQuest’s Web page at http://www.powerquest.com.Two other solutions are BootPart by Gilles Vollant Software (http://www.winimage.com) and System Commander by V Communications (http://www.v-comm.com).
Troubleshooting Boot Problems Some of the most common error messages you might see when booting Windows XP are discussed in the following sections.They usually appear when files are missing or corrupt. Possible solutions for these problems are suggested in the following sections.
Ntldr Boot Errors A common error with the Ntldr file is this: BOOT: Couldn’t find Ntldr. Please insert another Disk.
143
144
Chapter 7
Booting Windows XP
If the Ntldr file is missing, you see this error message.The message appears before the boot menu is displayed because it is Ntldr’s role to display the menu. Simply replace the file by using the emergency repair process. .
For information on the emergency repair process, see Chapter 26, “Managing System Recovery,” p. 599.
Ntdetect.com Boot Errors A common error with the Ntdetect.com file is this: NTDETECT V4.01 Checking Hardware... NTDETECT failed
Or you might get the following error message: Error Opening NTDETECT Press any key to continue
These errors usually mean that the Ntdetect.com file is missing or corrupt and must be replaced by using the emergency recovery process. Another possible cause of these error messages is an incorrect ARC path in the Boot.ini file.
Ntoskrnl.exe Boot Errors A common error with the Ntoskrnl.exe file is this: Windows XP could not start because the following file is missing or corrupt: \windows\system32\NTOSKRNL.EXE Please reinstall a copy of the above file.
The Windows XP Kernel file is missing or corrupt.The best way to recover this file is to run the Windows XP emergency repair process.
Bootsect.dos Boot Errors A common error with the Bootsect.dos file is this: I/O Error accessing boot sector file Multi(0)disk(0)rdisk(0)partition(1)\\bootss
You might also get the following error message: Couldn’t open boot sector file Multi(0)disk(0)rdisk(0)partition(1)\BOOTSECT.DOS
These two error messages usually mean that the Bootsect.dos file is missing or corrupt. Use the emergency repair process to reinstall the files.
Third-Party Troubleshooting Tools
Boot.ini Errors One of the most common errors in the Boot.ini files is an incorrect ARC statement. If the statement is incorrect, or if Ntldr cannot find the partition and folder defined in the ARC statement, you might see an error message similar to the following: OS Loader V4.01 The system did not load because of a computer disk hardware configuration problem. Could not read from the selected boot disk. Check the boot path and disk hardware. Please check the Windows XP documentation about hardware ➥ disk configuration and your hardware reference ➥ manuals for additional information. Boot failed.
Having said that, however, Microsoft has modified the boot process slightly in Windows XP. Microsoft knows that most Windows XP systems use the \Windows folder as the %systemroot% directory, so Windows XP looks there if the Boot.ini file is missing or corrupt. If the Boot.ini file is not found or is corrupt, Ntldr assumes that it is in the \Winnt folder of the first hard disk and tries to boot from that location.
Third-Party Troubleshooting Tools Sometimes, you simply need to boot enough of Windows XP to enable you to rename or replace files in your installation. Although the emergency repair process solves many of these problems, it does not help in some cases. For example, many Microsoft TechNet documents tell you to delete a file or a combination of files to clear the user database or to reset security. In this situation, Microsoft suggests that you install a new copy of Windows XP and use it to repair the damaged installation.This process can be tedious and time-consuming. Luckily, some third-party tools are available that speed up and simplify this process. The NTFSDOS utility from Sysinternals enables you to boot from a regular MS-DOS, Windows 3.x, or Windows 9x boot disk and to mount NTFS volumes so that they are available to you.The NTFS volumes appear the same as the FAT volumes and enable you to view, navigate, and run files and applications stored on these volumes. The free download version is read-only.The fully functional program, called NTFSDOS Tools, gives you some limited write capabilities. It adds two commands to the read-only version of NTFSDOS: NTFSCopy and NTFSRen. You can use NTFSCopy to copy files to an NTFS volume as long as the following conditions are met: n n
The destination file must exist for the copying to take place. The source and destination files must be the same size.
145
146
Chapter 7
Booting Windows XP
You can use NTFSRen to “delete” a file by renaming it.This powerful feature does come with a price: n
n
The user cannot choose the new name of the file.The program changes the last character in the filename. The new filename cannot already exist in the directory.
Both of these extremely powerful commands can easily save you hours of repairing and installing Windows XP to fix a blue screen of death or a corrupted system file.
Turn Off, Restart, Hibernate, Standby When you’ve finished using your system, you can elect to leave the computer up and running or use one of the shutdown options. In just about every instance except when the system has crashed or frozen and fails to respond to the keyboard or mouse, you’ll want to use a graceful shutdown option. A graceful shutdown option is one that allows the system to save data, informs the network that your resources are being removed, updates recovery files, prompts you to save any unsaved work, performs system housecleaning, and properly terminates processes before the system reboots or the power is turned off. Performing graceful shutdowns is an essential step in maintaining the health of your system over the long run. Windows XP offers four standard shutdown options, accessed by clicking Start,Turn Off Computer or using the Shut Down menu in Task Manager:Turn Off, Restart, Hibernate, and Standby. Turn Off is the renamed shutdown action. It is just what it sounds like:The system terminates all current processes and, depending on its power management configuration, either automatically turns off its power or informs you that you can safely turn off the power to the system. The Restart option, a modification of the Turn Off option, performs a turn off, but instead of shutting down the power, the system reboots itself.This action is useful when you’ve installed a new application, applied a software update, or made a significant configuration change to the system. Hibernation saves the system state to the hard drive, and then the system performs a turn off. Upon rebooting, the system restores the saved system state instead of booting normally.Therefore, the system is returned to the exact same state it was in when you initiated the Hibernation option. Every application and window that was open and active before reappears just as it was. Hibernation is a great option if you regularly use the same programs every time you boot your system. Plus, using Hibernation cuts the boot time by about 50%.
Turn Off, Restart, Hibernate, Standby
To use Hibernation, you must have at least as much free hard drive space on your boot partition as the amount of physical RAM you have. Otherwise, the system cannot save the contents of memory (that is, the system state) to the hard drive. If Hibernation is not enabled by default, you can manually enable it in the Hibernate tab of Control Panel’s Power Options applet.This tab also clearly reveals the amount of free disk space required to support Hibernation and the available free disk space on the boot partition. The Standby option is similar to Hibernation, but instead of saving the system state to the hard drive, it stores it in memory, so the system state can be restored extremely quickly, usually in less than 10 seconds. Standby is available on most notebooks, and many desktop systems equipped with motherboards that offer the Advanced Power Management (APM) or Advanced Configuration and Power Interface (ACPI) feature. The only drawback to using Standby is that the system must remain powered. If power is lost while in Standby mode, the saved system state is lost.The next time the system is booted, it performs a normal boot. If the user account is protected by a password, after the system reboots or restores the system state in Hibernation or Standby mode, you are prompted for the password before you are granted access to the environment. Many notebooks can be configured to automatically enter Standby or Hibernation mode when the lid is closed or after a specified time interval when no activity has passed. It is also common for a notebook to enter Standby mode initially, and then after a defined length of time, such as 30 minutes or an hour, enter Hibernation mode.This configuration helps ensure that even with waning battery power, the system state is not lost and a fast reboot to the saved state is still possible. The dialog box that displays the shutdown options in Windows XP has only three buttons.The Hibernate and Standby options are regulated by a single button. If your system supports both capabilities, Standby is displayed by default.To access the Hibernate option, press the Shift key, which transforms the Standby button into the Hibernate button.Table 7.2 summarizes the various shutdown options and in what situations you should choose each option. Table 7.2 Use of Shutdown Options Issue
Turn Off
Restart
Hibernate
Standby
Completed work on system New device drivers were installed A new application was installed Power will be terminated, but want to retain system state Power will be maintained, but want
Y N N N
N Y Y N
Y N N Y
N N N N
N
N
Y
Y
147
148
Chapter 7
Booting Windows XP
Table 7.2 Continued Issue
Turn Off
Restart
Hibernate
Standby
Want the fastest boot time possible to retain system state Want a faster than normal boot time Want to save system state, but battery power is low A power outage is imminent Want to turn off the system quickly
N
N
N
Y
N N
N N
Y N
Y Y
Y Y
N N
Y Y
N N
Logging Off and Fast User Switching Windows XP offers two other non-shutdown options.The first is logging off. If you are the sole user of a system or just one of many people who use the same computer, the Log Off option enables you to exit your desktop and user environment and ready the system for another user to log in. If you have used a network client in the past, this procedure is nothing new to you. Logging out of one account before logging in with a different account is standard practice on networks. The second option, Fast User Switching, is available only on systems that are not network clients.When a Windows XP system becomes a network client, the fast user switching capability is disabled because it is incompatible with network logons. With fast user switching, multiple users can be logged in to the same system at the same time. Only one user is active at any given time, but the desktops of all logged on users are actively running. Fast user switching works by using the Standby shutdown option’s capability of saving a system state to memory, switching back to the logon screen, and allowing another user to log on. To engage fast user switching, click Start, Log Off and click the Switch User button.This saves the current desktop/system state to memory (usually pushed off into the page file section of virtual memory) and presents the Windows XP logon/welcome screen.The next user logs on normally. You can use fast user switching for numerous users simultaneously; the only restriction is the system’s computing capability and available memory.When two or more users are logged in simultaneously, users can switch between any user’s desktop/system state just by clicking the Switch User button again.While viewing the logon/welcome screen, all users who are logged on via fast user switching see a line next to their icon and username that states the number of active programs in their desktop environment. To terminate a fast user switching session, just click Start, Log Off to end each user’s desktop session, or any of the logged on users can initiate a shutdown option. Note,
For More Information
however, that this prompts the current user to go ahead with the shutdown and causes other users to possibly lose data. Fast user switching is available only if the welcome screen logon mode is enabled in Control Panel’s User Accounts applet. In the Change the Way Users Log On and Off section, you can select the Use the Welcome Screen check box to enable the welcome screen logon mode. If this check box is not selected, the classic Ctrl+Alt+Del logon window mode is used. If the welcome screen logon mode is enabled, the Use Fast User Switching check box becomes available. Both check boxes are enabled by default in standalone Windows XP systems.When the Windows XP Professional system is made a member of a domain, both options are disabled.
For More Information For more information about the boot process for Windows XP, please consult the following references: n n
Microsoft KnowledgeBase: http://support.microsoft.com/. TechNet (the technical subscription service from Microsoft): http://technet.microsoft.com/.
149
8 Windows XP Control Panel Utilities
I
N MICROSOFT WINDOWS XP, A MULTITUDE of Control Panel applets are installed by default. An untold number of applications and devices install their own Control Panel applets to simplify management and configuration tasks specific to those devices or applications.This chapter reviews those Control Panel applets that need additional documentation.
The History of the Registry Although the Windows XP Registry is discussed in detail in Chapter 9, “Introducing the Windows XP Registry,” we provide a definition of the Registry here so that you understand what the Control Panel applets are and how to use them.The Registry is one of the most powerful features of Windows XP. In fact, it replaces the different .ini (initialization) files as well as Config.sys, Autoexec.bat,Win.ini, System.ini, and several other configuration files used by different Windows versions. Remember that Windows 95 and Windows 98 also contain a Registry, but those versions are not compatible with the one in Windows XP. Anyone who has used Windows 3.x will remember that any time you installed a new application, two internal initialization files—namely,Win.ini and System.ini—were modified to add functionality to Windows. Usually, the application’s installation also added its own .ini file.There were three major problems with this approach. First, there was no real “standard” for the files’ names or structure. Second, these files could exist anywhere
152
Chapter 8
Windows XP Control Panel Utilities
on the hard drive.They were not limited to the default Windows installation directory (Winroot), which made it difficult at times to track down the correct file and modify it. Third, .ini files are flat repositories of information, which makes editing them more difficult, whereas the Registry is a hierarchical structure containing subfolders. Although more complex than .ini files, the Registry provides a standard way to make modifications to Windows XP systems.The main problem with the Registry is its complexity. Novice and intermediate users are warned to keep away from the Registry; one wrong move, and a reinstallation of Windows XP and all your applications and settings is required.To simplify configuration issues, Microsoft created several Control Panel applets. Looking back at Windows 3.x, you will notice that it, too, had Control Panel applets. The main difference between Windows 3.x and Windows XP Control Panel applets is that the former communicates with .ini files and the latter communicates with the Registry. In essence, the Windows XP Control Panel applets are utilities that enable you to make modification to a specific part of the Registry, without affecting any other components. Note For simplicity, the Control Panel applets are presented in alphabetical order in this chapter. Some of the Control Panel applets discussed might not exist in your current installation. Some of these applets are added when you install applications or components to Windows XP. When this is the case, the application or component is mentioned, and the process of adding it is covered.
A New Way to View Control Panel Windows XP introduces a new method of presenting the controls offered through Control Panel. By default, Control Panel is displayed in the new Category view (see Figure 8.1). In Category view, Control Panel displays wizard-like interfaces called “categories” instead of “applets.”Within each category are easy-to-use wizards to perform the most common activities. If the activity or configuration option you want to perform is not displayed within a category, you can open the applet directly from the collection of applets listed in each category. For example, if you want to install a scanner, you would click the Printers and Other Hardware link, and then select Scanners and Cameras in the next window. Category view offers nine categories, each with wizards for common functions and applets associated with those functions.Table 8.1 lists the categories and their associated applets.
A New Way to View Control Panel
Figure 8.1
Control Panel in Category view.
Table 8.1 Category Wizards in Control Panel Category Wizard
Related Applets
Accessibility Options Add or Remove Programs Appearance and Themes Date,Time, Language, and Regional Options Network and Internet Connections Performance and Maintenance
Accessibility Options Add or Remove Programs Display, Folder Options,Taskbar, and Start Menu Date and Time, Regional, and Language Options
Printers and Other Hardware
Sounds, Speech, and Audio Devices User Accounts
Internet Options, Network Connections Administrative Tools, Power Options, Scheduled Tasks, System Game Controllers, Keyboard, Mouse, Phone and Modem Options, Printers and Faxes, Scanners, and Cameras Speech, Sounds, and Audio Devices User Accounts
Within each category are tasks representing the most common activities performed through Control Panel.These tasks have been created to offer easy-to-use, step-by-step wizards for novice users to follow. In Tables 8.2 through 8.8, the tasks associated with each category are listed, and the corresponding Control Panel applet for each task is shown.
153
154
Chapter 8
Windows XP Control Panel Utilities
Note The Add or Remove Programs task simply launches the Add or Remove Applet; likewise, the User Accounts task simply launches the User Accounts subtask window (which is the User Accounts applet).
Table 8.2 Appearance and Themes Category View Task
Applet
Change the computer’s theme Change the desktop background Choose a screensaver Select how windows and buttons are presented Change the screen resolution
Table 8.5 Performance and Maintenance Category View Task
Applet
See basic information about your computer Adjust visual effects
System, General tab Performance Options (System applet, Advanced tab, Settings button),Visual Effects tab Disk Cleanup (application)
Free up space on your hard disk
A New Way to View Control Panel
Table 8.5 Continued Task
Applet
Back up your data Rearrange items on your hard disk to make programs run faster
Backup or Restore Wizard (application) Disk Defragmenter (application)
Table 8.6 Printers and Other Hardware Category View Task
Applet
View installed printers or fax printers Add a printer
Printers and Faxes Printers and Faxes, Add Printer Wizard
Table 8.7 Date, Time, Language, and Regional Options Category View Task
Applet
Change the date and time Date and Time, Date & Time tab Change the format of numbers, dates, and times Regional and Language Options, Regional Options tab Add other languages Regional and Language Options, Languages tab
Category view is mainly for those new to using Windows and configuring the system through Control Panel. If Windows XP is your first experience into the world of Windows, the categories can offer a primer of sorts to get started. However, those experienced in Windows will quickly grow tired of the limitations and extra clicks associated with categories. Fortunately, a single click can transform Control Panel from Category view into the Classic view that many of us know and love (see Figure 8.2). To switch to Classic view, click the Switch to Classic View option shown previously in Figure 8.1.The remainder of this chapter assumes you’ve converted Control Panel into Classic view.
155
156
Chapter 8
Windows XP Control Panel Utilities
Figure 8.2 Control Panel in Classic view.
The Control Panel Applets You can access the Windows XP Control Panel applets in several ways, as described in the following list. One method of accessing the Control Panel applets is not any simpler or better than another; it is really just a matter of preference. You can access the Control Panel applets by doing any of the following: n n n
Click the Start button, and then click Control Panel. Double-click My Computer, and then double-click Control Panel. Start Windows Explorer, navigate to the WINDOWS\System32 directory, and double-click any file with the .cpl extension.
n
From the Start menu, select Run or a command prompt, and then type CONTROL. You can specify an applet by entering it after typing CONTROL. For instance, to start the Add New Programs applet, you would type CONTROL APPWIZ.CPL. . To find the commands for launching applets from the command line, see Chapter 2, “Common Windows XP Administrative Utilities,” p. 25.
n
Drag and drop the applet from Control Panel onto the desktop and doubleclick it.
Accessibility Options The Accessibility Options applet, installed by default, is used to control all the Windows XP accessibility components (see Figure 8.3).The available options include the following:
The Control Panel Applets
n n n
n
n
n
StickyKeys: Keys can be pressed once and released rather than held down. FilterKeys: Ignores quickly repeated keystrokes. ToggleKeys: Plays a sound when Caps Lock, Scroll Lock, or Num Lock are pressed. SoundSentry and ShowSounds: Displays warnings, notifications, and other visual clues, instead of just playing a sound. High Contrast Colors: Makes it easier for people with vision problems to see the screen. MouseKeys: Configure the numeric pad to control the mouse cursor.
Figure 8.3 You can alter how to control Windows XP through the Accessibility Options applet.
Add Hardware The Add Hardware applet is used to install drivers for new hardware that the operating system (OS) doesn’t automatically detect at startup. In other words, you’ll rarely need to use this applet because Windows XP can detect and automatically install most Plug and Play (PnP) devices and a significant portion of non-PnP devices.The Add Hardware applet is actually a wizard instead of a multitabbed configuration dialog box. The Add Hardware applet also serves as a troubleshooting wizard. It accesses the same help and troubleshooting information that you find by clicking the Troubleshooter button in the Properties dialog box of a device from within Device Manager.
157
158
Chapter 8
Windows XP Control Panel Utilities
Add or Remove Programs The Add or Remove Programs applet has three major components. It enables you to change and remove programs from your system, add new programs, and add or remove Windows components. Changing and Removing Programs One of the problems with installing applications in previous versions of Windows was that when you attempted to remove the application, several program and initialization files were left behind.This caused Windows to load unnecessary drivers and information, slowing system performance. In Windows 3.x, the Uninstaller application was available to combat this problem. In essence, this application watched the installation process and kept track of what files were installed on the system and where they were placed.When you uninstalled an application, Uninstaller backtracked and removed any files installed during the installation process that were no longer needed. In Windows 95, Microsoft added this functionality as a Control Panel applet. Applications written to the Microsoft Windows 95/98 or Windows NT/2000/XP logo specification automatically appear in the Currently Installed Software list. If an application is listed there, you can simply click the Change/Remove button to run its setup program. One of the issues you might run into when attempting to remove an application is that the setup files have been deleted or the application itself has been erased.Windows XP does not dynamically change the Currently Installed Software list when an application is deleted manually. If you delete several applications manually, you will notice that several of the applications listed cannot be removed. It’s possible to get rid of them via the Registry, however.The key is HKEY_LOCAL_MACHINE/Software/Microsoft/ Windows/CurrentVersion/Uninstall. Just delete the subfolder that corresponds to the deleted program. In addition, certain software applications can help you clean this list. These are three of the most popular: n n n
ItweakU by Jockesoft.com Tweaki by JerMar Software TweakUI by Microsoft
The following sections briefly examine each tool as it relates to the Add or Remove Programs applet. ItweakU ItweakU was formerly known as TweakJr. Much like its counterparts, it enables you to “unlock” and change many hidden Registry keys in Windows XP. All the different
The Control Panel Applets
“tweaks” are separated by category into tabs. For additional information and downloads, visit www.jockesoft.com/itweaku.asp. Tweaki Tweaki is a shareware program by JerMar software.You can download it from http://www.jermar.com and evaluate it; if you decide to use it, you can register it for $15.Tweaki works with Windows XP,Windows NT,Windows 95, and Windows 98. Also included are tweaks for different Microsoft Office components. A helpful feature of this version is that tweaks are grouped by operating system. For obvious reasons, we will explore the Windows XP components. To modify the Currently Installed Software list with Tweaki, follow these steps: 1. 2. 3. 4. 5.
Run Tweaki.exe. Select the Win Tweaks tab. Click the Select for More Win Tweaks button. Click the Remove Entry from Control Panel’s Add/Remove Applet button. Select an entry, and then delete it (by clicking the Delete button) or modify its uninstall commands (by clicking the Edit button).
Tip The Edit button is handy if you add or repartition a hard drive and the drive letters have changed, leaving the uninstall program unavailable.
TweakUI TweakUI is available from Microsoft in a bundle with several other tools; the bundle is classified as a freeware program. ItweakU and Tweaki are installed as applications, but TweakUI is actually installed as a Control Panel applet.To download it, go to the Windows XP download area at http://www.microsoft.com/windowsxp/ pro/downloads/powertoys.asp. Adding New Programs You can install applications that are not written to Microsoft specifications by clicking the Add New Programs button.When you click the Add New Programs button, you are given the option to search a floppy or CD-ROM drive for the application (with the CD or Floppy button) or to install applications from Microsoft with the Windows Update button (see Figure 8.4). If the file is located, it is launched automatically, and the applet “watches” the installation process, noting all files that are added and Registry entries that are added or modified. If the file cannot be located, you are prompted to browse for the
159
160
Chapter 8
Windows XP Control Panel Utilities
setup application.When this file is located, the setup commences and is monitored by the applet. .
For additional information on Windows Update, see Chapter 5, “Keeping Windows XP Current,” p. 99.
Figure 8.4 The Add New Programs view of the Add or Remove Programs applet.
Adding or Removing Windows Components You use the third part of the Add or Remove Programs applet to add or remove Windows XP components that might have been installed during the installation process or are now required in your system. Notice that when you click the Add/Remove Windows Components button, a separate wizard is launched: the Windows Components Wizard (see Figure 8.5). From this wizard, you can select which Windows components to add or remove. Note If you are installing extra components, you might be prompted for your original Windows XP CD.
Administrative Tools The Administrative Tools applet is not actually an applet. Instead, it is a shortcut to the Administrative Tools folder, which makes it easy to add or remove administrative tools to your system.To add an administrative tool, simply add a shortcut in the Administrative Tools folder in Control Panel.
The Control Panel Applets
Figure 8.5 Selecting components in the Windows Components Wizard.
The items in this folder vary greatly, depending on the version of Windows XP and the components installed on your system.The following is a list of the most commonly found Administrative Tools: .
For more detail on the Administrative Tools, see Chapter 2, “Common Windows XP Administrative Utilities,” p. 25.
n
Component Services: Used to configure and manage COM+ applications. Computer Management: Used to administer local and remote computers and disk space.
n
n
Data Sources (ODBC): Used to add, remove, and configure ODBS drivers and data sources.
n
Event Viewer: Displays monitoring and troubleshooting information. Local Security Policy: Used to manage user rights and audit policies. Performance: Displays graphs and logs of system performance. Services: Used to start and stop system services.
n n n
Date and Time The Date and Time applet is used to set the date, time, and time zone for the system clock. It can also be used to configure Internet time server clock synchronization.When enabled,Windows XP contacts an Internet time server every 24 hours and adjusts its internal clock to match the time stamp provided by the time server. However, time synchronization is available only on non-domain Windows XP clients. When Windows XP becomes a domain member, the Internet Time tab is removed from this applet. As long as the system is a domain client, it synchronizes its clock with that of its domain controller.
161
162
Chapter 8
Windows XP Control Panel Utilities
Display The Display applet (see Figure 8.6) controls numerous aspects of the visual capabilities and features in Windows XP.You can access the Display applet through Control Panel or by right-clicking over an empty area of the desktop and selecting Properties.The Display applet has five tabs:Themes, Desktop, Screen Saver, Appearance, and Settings. Most of these tabs are familiar or at least clear as to their function.
Figure 8.6 You can customize the Windows appearance in the Display applet,Themes tab.
Use the Themes tab to select a theme for the Windows desktop environment. A theme is a set of background image, sounds, icons, and other visual effects that give the desktop environment a specific look or feel.Themes are a way to personalize or customize your computer with images and sounds that interest you.Windows XP includes the default Windows XP scheme and the classic Windows theme (as seen in Windows 2000). Other themes can be downloaded from the Internet or purchased from vendors. The Desktop tab is used to set the background image (that is, the wallpaper graphic) and/or background color. If an image is selected, you have the option of centering, tiling, or stretching it. Any BMP, JPG, or GIF file can be used as a background image. If you click the Customize Desktop button in the Desktop tab, the Desktop Items dialog box opens. In the General tab of this dialog box, you can elect to display the My Documents, My Computer, My Network Places, and Internet Explorer icons on the desktop. (They are all disabled by default.) You can customize the images used for common desktop icons.You can also enable/disable the Desktop Cleanup Wizard running automatically every 60 days.The Desktop Cleanup Wizard is used to move icons and shortcuts from the desktop that have not been used recently into the Unused Desktop
The Control Panel Applets
Items folder, which is added to the desktop. In the Web tab of the Desktop Items dialog box, you can add, remove, and manage Web components displayed on the desktop. Use the Screen Saver tab of the Display applet to enable and configure screensavers.To alter or configure the power options for the monitor, click the Power button or open the Power Options applet. Use the Appearance tab to select the style for windows and buttons, the color scheme, and the font size.You can click the Effect button to access additional visual effect configuration options, such as fast fading and smoothing the edges of screen fonts.The Advanced button is used to customize the color and font selection of window elements. Use the Settings tab to set the screen resolution, set the color quality (color depth), access the display troubleshooter, and open the Advanced properties for the video card and monitor subsystem.
Folder Options The Folder Options applet is accessed through Control Panel or by choosing Tools, Folder Options in My Computer or Windows Explorer.The Folder Options applet (see Figure 8.7) is used to configure functional and visual parameters of the file management tools native to Windows XP—namely,Windows Explorer and My Computer.
Figure 8.7 You manage how folders are presented via the Folder Options applet.
You can also use this applet to do the following: n n
Define display options for tasks and folders. Specify whether single or double clicks activate (open or execute) objects.
163
164
Chapter 8
n n n n
Windows XP Control Panel Utilities
Choose whether to display or hide system files. Enable simple file sharing. Associate file extensions with applications. Configure offline files. .
For information on offline files, see Chapter 4, “Windows XP and Hardware,” p. 77.
Fonts The Fonts applet is used to install and remove fonts from the system and view samples of font typefaces.To view a font typeface, double-click its font icon.You can install new fonts by choosing the File, Install New Font menu command, copying the font into the \Windows\Fonts folder, or using the font vendor–supplied installation process. Caution It is important not to remove fonts blindly. Windows XP requires these system fonts to function properly: Courier, MS Sans, MS Sans Serif, Small Fonts, and Symbol. They all have the hidden attribute, so they do not even appear in the Fonts applet unless you’ve configured the Folder Options applet to show all hidden files.
Game Controllers The Game Controllers applet is used to install, remove, and configure I/O interface devices commonly used to play computer games. Devices such as joysticks, steering wheels, and throttle controls can be installed through this applet.This applet is somewhat redundant, however, because most gaming controllers are PnP compatible and installed by a vendor-supplied installation disk or automatically by the OS. Even if the device is not automatically detected, it can be installed by using the Add Hardware applet.
Internet Options Windows XP comes bundled with the Microsoft Internet Explorer Web browser.You use the Internet Options applet to modify how Internet Explorer looks and behaves and how it interacts with the Internet. .
For more detail on the Internet Options applet, see Chapter 27, “Windows XP as a Web Client,” p. 621.
Keyboard The Keyboard applet is used to customize how the keyboard functions. Controls include character repeat delay, character repeat rate, and cursor blink rate.
The Control Panel Applets
Mouse The Mouse applet is used to customize how the mouse functions. Depending on the installed mouse and the available buttons, wheels, and other controls, this applet varies. Common controls include switching primary and secondary buttons for left-handed operation, changing the double-click speed, and customizing pointers, cursor icons, pointer motion, and wheel-scrolling speed.
Network Connections The Network Connections applet is used to control all networking connections, from LAN links to Internet access to wireless connections or remote access links.This applet is discussed throughout Part III, “Networking Windows XP.”
Phone and Modem Options The Phone and Modem Options applet is used to configure modems for inbound and outbound remote access connections. .
For more details on the Phone and Modem Options applet, see Chapters 17, “Remote Access,” p. 353, and 18, “Windows XP and Terminal Services,” p. 393.
Power Options Microsoft has included many new advanced power features with Windows XP.The Power Options applet (see Figure 8.8) is used to manage these settings.
Figure 8.8 You can control power settings in the Power Options applet.
165
166
Chapter 8
Windows XP Control Panel Utilities
This applet allows you to configure the system to hibernate, save the current session to disk, power the system off, and restart where you left off after rebooting the system.You can configure different power schemes to decide what Windows XP should do with component power (such as the monitor and hard drives) in various situations.
Printers and Faxes The Printers and Faxes applet is used to install, configure, and manage printers, faxes, and other print devices, such as photo printers, slide printers, and even plotters. .
For more detail on the Printers and Faxes applet, see Chapter 24, “Printing with Windows XP,” p. 543.
Regional and Language Options The Regional and Language Options applet is used to define the settings for how Windows handles times, dates, numbers, currency, and, most important, language. By default, the regional settings are defined by the version of Windows XP installed; in most cases, this is American English. No matter what language version you originally purchase, however, you can always reconfigure Windows XP to use whatever language, country, region, or alien territory conventions your heart desires. The Regional and Languages Options applet includes dozens of predefined country-, language-, and region-specific formats to choose from. If you don’t see one that exactly matches your needs, customize the one that is the closest fit.
Scanners and Cameras The Scanners and Cameras applet is used to install and manage imaging devices, such as flatbed and handheld scanners, optical character recognition (OCR) converters, and digital still and video cameras. However, this applet is like the Game Controllers applet, in that it doesn’t add anything that can’t be found in other applets—namely, the Add Hardware and System applets. (The System applet offers access to Device Manager.)
Scheduled Tasks The Scheduled Tasks applet is used to define and manage automated execution of applications or scripts. .
For more detail on the Scheduled Tasks applet, see Chapter 21, “Scripting and Automation,” p. 457.
The Control Panel Applets
Sounds and Audio Devices The Sounds and Audio Devices applet is used to manage and configure the audio multimedia features of Windows XP.Through this applet, you can set the main volume for sound output, mute all sounds, access the volume control panel for all sound and audio devices and output mechanisms, configure speaker settings (for example, monotone, stereo, triple speakers, surround sound), associate system events with sounds, set playback and recording hardware, and access the troubleshooting and properties dialog boxes of the audio and multimedia hardware devices. (They are the same troubleshooting and properties dialog boxes accessible through Device Manager.)
Speech The Speech applet is used to manage the text-to-speech capabilities of Windows XP. Although the voice is still too computer-ish for my taste (it is the same automated voice used on most weather radar cable stations), it does enable your PC to read aloud dialog box text and even text from word processors. Basically, this applet enables you to select the voice (only Microsoft Sam is installed by default) and the speed at which the voice reads.To actually use the text-to-speech feature, you must use a third-party product that includes a text-to-speech function command.The Narrator tool (Start, Accessories, Accessibility, Narrator) uses the same voice, but the Speech applet does not configure or alter it.
System You can configure several important options in the System applet through these configuration tabs: General, Computer Name, Hardware, Advanced, System Restore, Automatic Updates, and Remote.The General tab displays information about the system, such as the OS version, registration, and basic computer resources. Use the Computer Name tab to define the local computer name and to join or leave a domain or workgroup.This tab is accessed when you choose the Advanced, Network Identification command in the Network Connections dialog box. Please refer to the chapters in Part III for more information. Use the Hardware tab (see Figure 8.9) to access the Add Hardware Wizard (which is the same as the Add Hardware applet), the Driver Signing Options dialog box, Device Manager, and the Hardware Profiles dialog box.These features are discussed in the following sections. Use the Advanced tab (see Figure 8.10) to access the Performance Options, User Profiles, Startup and Recovery, Environment Variables, and Error Reporting dialog boxes (also discussed in the following sections).
167
168
Chapter 8
Windows XP Control Panel Utilities
Figure 8.9 Most hardware-related settings are accessible through the System applet, Hardware tab.
Figure 8.10 The System applet, Advanced tab allows you to configure many advanced settings in Windows XP. .
For information on the remaining tabs in the System applet, see Chapter 26, “Managing System Recovery,” p. 599 (System Restore tab); Chapter 5, “Keeping Windows XP Current,” p. 99 (Automatic Updates tab); and Chapter 17, “Remote Access,” p. 353 (Remote tab).
The Control Panel Applets
Driver Signing Driver signing is a means of ensuring that only tested and approved drivers for Windows XP are allowed to be installed on the system. Signed drivers are device drivers that the Microsoft Hardware Quality Lab has tested and approved.The Driver Signing Options dialog box offers two controls.The first is what level of protection against unsigned drivers you want to implement, and you have the following options:
n
Ignore - Install the Software Anyway and Don’t Ask for My Approval Warn - Prompt Me Each Time to Choose an Action (default)
n
Block - Never Install Unsigned Driver Software
n
.
For information on driver signing in Windows XP, see Chapter 5, “Keeping Windows XP Current,” p. 99.
The second control is whether to make this setting the default for the entire system. Driver signing configuration is restricted to computer administrators, and setting the level of protection to Warn or Block is usually a good idea. Device Manager Device Manager is used to view information, perform troubleshooting, and access configuration controls and settings for installed hardware devices. All installed devices and their operational status are listed through this tool. Devices that are operating normally are displayed with their default device icon. Devices that are functioning abnormally or need attention have a yellow circle with an exclamation point displayed over their icon (see Figure 8.11). Devices that are not functioning at all or experiencing conflicts have a red stop sign with a white × displayed over their icon.
Figure 8.11 The Device Manager shows whether devices are operating normally.
169
170
Chapter 8
Windows XP Control Panel Utilities
You can access the Properties dialog box for each device through Device Manager.These device-specific dialog boxes often contain a wide variety of tabs, information, and controls. In most cases, they include details about the device, manufacturer, device status, driver version, and configuration settings; indicate whether the device is enabled in the current profile; offer access to the troubleshooter and driver management controls; and supply information on the device’s assigned and configurable resources. By default, Device Manager displays devices sorted by type. It can also display devices by connection, resources by type, and resources by connection.When you’re installing new hardware, use Device Manager’s Resource by Type view to quickly determine whether sufficient resources (IRQ, I/O port, DMA, and memory, for example) are available for the new device. Hardware Profiles A hardware profile is to hardware as a user profile is to a user.With hardware profiles, you can handle changes in hardware components smoothly and efficiently. Each distinct collection of hardware can be assigned a unique hardware profile that includes only the necessary drivers for the existing hardware. At startup, the computer first attempts to identify the available hardware and match it against a predefined hardware profile. If one is located, the system boots using that hardware profile; if one is not located, the default profile is used, or the system prompts the user for a selection. Hardware profiles, when they are used, are used primarily on portable, notebook, or laptop systems that have significant changes in hardware between one use and another.With the widespread use of PnP technology, the need for hardware profiles is waning. To create hardware profiles, use the following steps: 1. Open the Hardware Profiles dialog box from the Hardware tab of the System applet. 2. Create a copy of the original default profile (it is named Profile 1) and assign it an appropriately descriptive name. 3. Reboot the system and, when prompted, select the newly created profile. 4. Through Device Manager, open the Properties dialog box of the hardware you want to disable. In the Device Usage drop-down list, change the selection from Use This Device (Enable) to Do Not Use This Device (Disable). That’s it. Now you can power down the system and remove any disabled hardware (or leave it—your choice). Each time you boot using a hardware profile, only the devices enabled for that profile are functional.You can re-edit any profile simply by booting into it and reopening the Properties dialog boxes of the devices via Device Manager.
The Control Panel Applets
Performance Options The Performance Options dialog box is used to manage a wide range of visual effects and control several system-level performance options. For the controls in the Visual Effects tab, you can let Windows adjust itself automatically, choose the global setting for best appearance, choose the global setting for best performance, or customize the effects. Customizing the effects simply means marking or clearing the check boxes beside the 16 or so visual effect controls, such as fading menus or sliding taskbar buttons. The controls in the Advanced tab include processor scheduling, memory usage, and virtual memory (see Figure 8.12). Processor scheduling is just a simple switch to allocate system resources for programs or background services.The Programs selection is most appropriate for systems being used as standalone systems or network clients.The Background Services selection is most appropriate for systems being used as a network repository for services and file storage.The memory usage control is also a simple choice: programs or system cache. Again, the Programs selection is most appropriate for systems being used as standalone systems or network clients.The System Cache selection is most appropriate for systems being used as a network repository for services and file storage.
Figure 8.12 You configure advanced performance settings in the Performance Options dialog box, Advanced tab.
The virtual memory control is actually the control to manage the page file’s size and location (see Figure 8.13). By default,Windows XP creates a page file 1.5 times the size
171
172
Chapter 8
Windows XP Control Panel Utilities
of physical RAM on the boot partition.You can elect to customize the page file’s size and location or leave the management up to the system.
Figure 8.13 You control how Windows XP manages virtual memory through the Virtual Memory dialog box.
Note There is an option to use no page file. This is technically and theoretically possible, especially if you have 1GB or more of RAM and the system does little more than serve as a low-end desktop or network client. However, I’ve never successfully maintained a system for more than a few weeks with the page file disabled.
If you have multiple hard drives (not just multiple partitions) that offer good performance, you can elect to move all or part of the page file to them. If you have the Shutdown and Recovery options configured to create a memory dump file, you need at least a 2MB page file on the boot partition. Other than this limitation, you can move the page file to any hard drive you want. Changing the page file settings requires customizing two parameters: Initial Size and Maximum Size.The initial size is the amount of space the system pre-allocates to the hard drive and relegates to the page file. No other file will be able to write into this preallocated space.The maximum size is the amount of space the system allows the page file to expand to as needed. However, the space difference between the initial size and the maximum size is not specified, so other files could use the space. If the space is not available, a warning message is displayed to the user when the page file expansion attempt fails.The warning advises the user to terminate applications, increase the size of the page
The Control Panel Applets
file (which really means freeing up space on the host drive), and/or rebooting. In most cases, using the same value for both the Initial Size and Maximum Size parameters is recommended. However, if your system infrequently but periodically needs much more page file space than is used in normal operations, you can use a larger value for Maximum Size. There are a few important caveats and conditions to keep in mind when managing the page file: n
Never place two or more sections of the page file in separate partitions on the same hard drive.
n
Always use the fastest hard drive possible. Always reboot between alterations to the page file.
n
As a rule of thumb, most systems perform best when a page file is used and defined with an initial size 1.5 to 2 times the size of physical RAM. User Profiles User profiles are the saved desktop and environmental settings stored for each individual user.They enable each user to have a different layout, look, and feel to the Start menu, desktop, and other aspects of the operating environment.The User Profiles dialog box is used to manage local user profiles stored on the local system. For Windows XP systems that are members of a domain, domain user profiles are managed from the domain controller.Windows XP automatically caches the profiles of both local and roaming users in the Registry and in the Documents and Settings folder. Local user profile management through the User Profiles dialog box consists of changing a profile’s type, deleting a profile, or copying a profile to another folder. A profile’s type is roaming or local. Roaming profiles exist only in a domain network, and appear in the User Profiles dialog box only if a roaming profile user logs in to the Windows XP client. After a copy of that user’s profile is stored on the system, it can be converted to a local user profile. A profile that has been changed to a local user profile cannot be reconfigured into a roaming user profile through the User Profiles dialog box. A local user profile is often used when traveling users create local logs on notebooks that are disconnected from the network. By duplicating the roaming profile from the network, users can have a desktop environment similar to the one they have when connected to the network. Deleting a user profile removes the local copy of a user’s profile from the system by deleting its files from the Documents and Settings folder and its entries from the Registry. Copying a user profile enables other users to use that profile.When a user profile is copied, you indicate a destination location where an exact copy of the user profile is created, and you select the local user account(s) that will be granted access to the copied profile.
173
174
Chapter 8
Windows XP Control Panel Utilities
Startup and Recovery The Startup and Recovery dialog box (see Figure 8.14) is used to configure the activity of the boot menu and various system failure responses.The boot menu appears by default only if two or more operating systems are present on the system. If only Windows XP is present, the boot menu is never displayed because there is only one option of which OS to boot.
Figure 8.14 You can configure how Windows XP responds to system failures through the Startup and Recovery dialog box.
If multiple OSs are present, this dialog box is used to select the default OS to boot, the length of time to display the Boot menu before selecting the default OS, and the length of time to display the recovery options (when needed). Click the Edit button in this dialog box to open a Notepad window where you can edit the Boot.ini file manually. The system failure responses control how the system will react when a STOP error occurs.The options include writing an event to the system log, sending an administrative alert to the local computer administrator, automatically restarting the system, and creating a memory dump file. A memory dump file is a file on the boot partition containing an exact copy of the RAM contents and the page file.The memory dump file can include all of virtual memory, just the memory components used by the Kernel, or a 64KB chunk of the most important addresses in the virtual memory space. In most situations, a memory dump file is useless. If you are performing high-end debugging operations and are willing to perform detailed dump file extraction activities, disable this feature to allow faster reboots and prevent memory dump files from consuming your boot partition.
The Control Panel Applets
Environment Variables The Environment Variables dialog box (see Figure 8.15) is used to view, define, and alter the environment variables for the current user and the system. In most cases, there is no need to alter the default settings. However, if modifications are necessary, the software or troubleshooting documentation will instruct you on what changes to make to which variables. I don’t recommend altering anything in this dialog box unless specifically instructed to do so.
Figure 8.15 You can alter a user’s environment via the Environment Variables dialog box.
Error Reporting The Error Reporting dialog box (see Figure 8.16) simply determines whether Windows XP will report data on program and Windows OS errors back to Microsoft via the Internet. All data gathered and submitted to Microsoft via this feature is anonymous, so don’t feel threatened by it. Some data on the hardware and system configuration is collected, but no hardware-identifying or software-registration information is gathered or transmitted.The upside of this feature is that it may encourage Microsoft to resolve common problems with its OS and other products in a more efficient and consumerfriendly manner.
Taskbar and Start Menu The Taskbar and Start Menu applet (see Figure 8.17) is used to configure the layout, contents, and operation of the taskbar and Start menu.You can access this applet through Control Panel or by right-clicking over the Start button and selecting Properties.
175
176
Chapter 8
Windows XP Control Panel Utilities
Figure 8.16 You configure whether Windows XP reports system errors to Microsoft via the Error Reporting dialog box.
Figure 8.17 You configure the layout of the Start menu and Taskbar via the Taskbar and Start Menu applet.
Use the Taskbar tab of this applet to enable or disable options for locking, auto-hiding, keeping the taskbar on top, grouping similar taskbar buttons, showing quick launch icons, showing the clock, and hiding active icons. Click the Customize button to control which notification area icons are displayed and which are hidden. Use the Start Menu tab to choose the Windows XP–style Start menu or the classic Start menu from Windows 2000. After selecting a style, click the related Customize button to configure style-specific Start menu features and contents.
The Control Panel Applets
User Accounts The User Accounts applet (see Figure 8.18) is used to manage local user accounts. If the Windows XP system is used as a domain client, this applet is disabled and the domain controller’s Active Directory Users and Computers tool is used to manage network user accounts.
Figure 8.18 You configure user accounts via the User Accounts applet.
For local user accounts, the User Accounts applet makes it quick and easy to create and manage user accounts.There are just two types of local user accounts: computer administrator and limited account.Technically, there is a third type, the guest account, but there is only a single instance of this account, which the system creates automatically during installation. You can select a task in this applet to perform the following activities: create new accounts, change account settings, and alter the way users log on and log off. .
For more information on changing how users log on and off, see Chapter 7, “Booting Windows XP,” p. 129.
177
178
Chapter 8
Windows XP Control Panel Utilities
For More Information For more information about performance monitoring and network monitoring of Windows XP, please consult the following references: n
n
n
n
Configuring and Troubleshooting Windows XP Professional. Syngress, 2001. ISBN: 1928994806. Cowart, Robert and Knittel, Brian. Special Edition Using Windows XP Professional. Que, 2001. ISBN: 0789726289. Microsoft Windows XP Professional Resource Kit Documentation. Microsoft Press, 2001. ISBN: 0735614857. TechNet:The technical subscription service from Microsoft at http://www.microsoft.com/technet/.
9 Introducing the Windows XP Registry
I
N THE PREVIOUS CHAPTER, YOU LOOKED at the Control Panel applets used to configure a Windows XP computer.The configuration information that these applets store is located in the Registry.The Microsoft Windows XP Registry is a 32-bit hierarchical database that stores hardware, software, and user system configuration information. At first glance, the Registry can seem quite formidable; however, after working with it, it will seem simple. In this chapter, you learn about the Windows XP Registry and the type of data stored in it.
Registry Overview Versions of Microsoft Windows before Windows NT stored system configuration and initialization information in the System.ini and Win.ini files. In addition, most older applications stored their own application-specific data in dedicated .ini files that could be located anywhere on the hard drive.This made it difficult to make configuration changes because an application’s .ini files could be hard to find or could not be easily identified because they all have similar names. It was not unusual to have 9 or 10 files named Config.ini, each assigned to a different application. Another major limitation of .ini files was that they were limited to a maximum file size of 64KB. As the Windows operating system and applications became more sophisticated, the problems with .ini files became more pronounced.When Microsoft released Windows NT 3.1 (the first version of NT), the company centralized system storage and application and configuration settings in a hierarchical database called the Registry.The Registry database was designed to overcome the size limitations and the difficulties of managing system configuration data with .ini files.
180
Chapter 9
Introducing the Windows XP Registry
In Windows XP, the Registry is used to store hardware and software control information for the operating system.The Registry can contain many types of data, including:
n
Hardware configuration User profiles Passwords Desktop color settings Installed applications and their configuration Installed device drivers
n
Machine name and address
n n n n n
Although most of the data in the Registry is static and changes very little, the Registry also contains dynamic data that the operating system constantly updates. Because the Windows XP Registry is 32-bit, 16-bit device drivers do not work correctly in Windows XP. However, 16-bit applications can run in Windows XP by using the Windows NT Virtual DOS Machine (NTVDM) and the Windows-on-Windows (WOW) Executive Service.The NTVDM and WOW Executive allow Win16 applications to run within a Win32 subsystem by using a protected memory space. In Windows XP, 16-bit applications continue to reference the System.ini and Win.ini files for configuration information. .
For more information on running 16-bit applications in Windows XP, see Chapter 23, “Managing Applications,” p. 509.
Ordinarily, changes to the Registry are accomplished automatically with utilities such as the Control Panel applets and the setup and configuration programs in commercial applications or device drivers. However, there are many utilities available that enable administrators to view the Registry and make changes to it manually. The native Registry-editing utility included with Windows XP is RegEdit, or the Registry Editor.With this utility, users can view, modify, and save portions of the Registry to disk.To prevent the casual user from having easy access to the Registry, Microsoft has left the Registry Editor out of the Start menu and Control Panel (and Administrative Tools) utilities. To launch the Registry Editor, select Start, Run and type REGEDIT (or REGEDT32— both launch the same tool). Figure 9.1 peers into the Windows XP Registry with the Registry Editor.The Registry hierarchy and Registry keys are shown in the left pane. The right pane lists the value labels (Name,Type, and Data) and values associated with each key or subkey.The first-level keys are named root keys, root handles, or hives.The name HKEY is a combination of the words handle and key. By that definition, HKEY_CLASSES_ROOT is considered a hive, or root key. Subkey values contain information in different formats, including binary, hexadecimal, decimal, text, and other value types.
Registry Overview
Figure 9.1 The Registry as seen through the Registry Editor.
Each value in the right pane has an associated data type and can also contain data. If the value is blank in the right pane, it is actually a null value rather than a blank.Table 9.1 lists the most commonly used Windows XP data types. Table 9.1 The Windows XP Registry Data Types Data Type
Data Type Description
REG_BINARY
Binary data with no size limitation, expressed in hexadecimal format. 32-bit binary data in hexadecimal format. Expandable string data, such as %username%.This value expands to accept data length based on the username. Multiple string data, such as combo box values. Text data type.
REG_DWORD REG_EXPAND_SZ REG_MULTI_SZ REG_SZ
Note The terms key and subkey are often interchangeable in meaning. A subkey can also be referred to as a key. Therefore, when people refer to a key or subkey, they are generally indicating something about its location within the hierarchy instead of implying a fixed naming convention.
Registry Differences The Windows 95 and 98 Registries are not compatible with those of Windows NT, 2000, or XP.The Windows XP Registry information in this book is nearly identical to
181
182
Chapter 9
Introducing the Windows XP Registry
Registry information for Windows 2000 and (to a lesser degree) Windows NT, so comparing the Registries in those versions isn’t necessary. Discussing the Registry differences between Windows XP and Windows 95/98, however, is important. Windows 95 and 98 use an additional Registry key: HKEY_DYN_DATA.This key holds the Plug and Play (PnP) configuration information for both Windows 95 and Windows 98. Although Windows XP supports Plug and Play, it does not use this key. All PnP information is stored under HKEY_LOCAL_MACHINE in Windows XP.The Registries of Windows XP and Windows 95/98 look similar, but do not contain the same information.Therefore, when installing (not upgrading) Windows XP on a computer running Windows 95 or 98, you must reinstall all 32-bit applications, create user accounts, and configure the environment to match the original settings. Fortunately, Microsoft wrote its Windows XP upgrade program so that it would recognize the differences in the Windows 95/98 Registries and make the changes needed to successfully upgrade to the Windows XP Registry.
Windows XP Registry Hives In this book, the files making up the Registry are referred to as hives. Each hive is discussed in a later section.The hive files and their locations in the Registry are shown in Table 9.2 (see also Figure 9.2). Table 9.2 Registry Hive Files and Their Locations Registry Hive File
Location
Default Hardware SAM Security Software System Ntuser.dat
HKEY_USERS\DEFAULT HKEY_LOCAL_MACHINE\HARDWARE HKEY_LOCAL_MACHINE\SAM* HKEY_LOCAL_MACHINE\SECURITY HKEY LOCAL_MACHINE\SOFTWARE HKEY_LOCAL_MACHINE\SYSTEM HKEY_USER\SID (security identifier of currently logged in user)
*Security Accounts Manager
A listing of these files is located in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\hivelist. Most of the Registry information is contained in these hive files, which are stored on disk in two locations. Machine-specific files are stored in the %systemroot%\SYSTEM32\CONFIG folder, and user-specific files are stored in the \Documents and Settings\%USERNAME% folder.
Windows XP Registry Hives
Figure 9.2 The Registry location of the Windows XP hive files.
The Registry is subdivided into hierarchically organized hives.The five hives that make up the Registry are as follows: n n n n n
The classification of five Registry hives is, in reality, incorrect.When the Registry Editor opens, it displays five hives, but they are actually part of two major hive groupings: HKEY_LOCAL_MACHINE and HKEY_USERS.The remaining hives are subhives, if you will, of the two major ones. Microsoft aliases the subhives and presents the five hives for ease of editing and locating information within the hives.
HKEY_LOCAL_MACHINE HKEY_LOCAL_MACHINE maintains hardware configuration and corresponding software driver data.This hive manages configuration data for processors, video adapters, disks and controllers, network cards, and all other system hardware. HKEY_LOCAL_MACHINE also stores software-related information, such as product keys and configuration information, that is specific to the local computer. HKEY_LOCAL_MACHINE contains all of HKEY_CURRENT_CONFIG and HKEY_CLASSES_ROOT. HKEY_CLASSES_ROOT is a copy of HKEY_LOCAL_MACHINE\SOFTWARE\Classes.
183
184
Chapter 9
Introducing the Windows XP Registry
HKEY_USERS HKEY_USERS manages database information specific to the user’s profile, such as screen color, desktop preferences, backgrounds, and icon appearance order in the Start menu. Each time a new user is created, an additional HKEY_USERS hive is created in \Documents and Settings\%USERNAME%. (%USERNAME% is the Windows XP ID for that particular user.) Files with .sav, .log, and .alt extensions reside within the user’s profile subdirectory.The .sav files maintain a copy of the hive file after the text-mode portion of setup is completed.The .log files hold logging of all changes to the hive.The .alt files hold a backup of a hive. If the system fails during a load process, the .alt files are automatically used as a backup.
HKEY_CURRENT_CONFIG HKEY_CURRENT_CONFIG is an alias that points to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current. It was originally added to Windows 4.0 for compatibility with Windows 95, and later carried over to Windows 2000 and now Windows XP to maintain compatibility with Windows 95, 98, 98 SE, and Me.When a Windows XP machine boots, configuration information about the system’s hardware is gathered and stored.This is the same hive that maintains the Last Known Good Configuration data. Also, if multiple hardware profiles are configured for a computer, each profile is stored in HKEY_CURRENT_CONFIG. You might use hardware profiles for a variety of reasons. In a hardware profile, specific devices can be included in one profile and excluded from another (for example, a LAN card for use on a laptop computer while attached to an office LAN, and a modem card to be used when out of the office). During the Windows XP boot process, a menu is displayed, listing the available hardware profiles. Choosing a profile invokes the settings configured for that profile, and the system is started accordingly. Suppose you have a laptop that runs Windows XP.The laptop has three hardware profiles: docked, undocked with PCMCIA NIC, and undocked without a network connection. Specific hardware is configured to start each profile when that profile is selected.
HKEY_CLASSES_ROOT HKEY_CLASSES_ROOT manages the file extension for applications to reference data. For example, the .doc extension might relate to Microsoft Word for Windows.The extension and the application associated with it are included in this hive. HKEY_CLASSES_ROOT also keeps track of shortcut menu information when an item is right-clicked.
Windows XP Registry Files and Structures
HKEY_CURRENT_USER HKEY_CURRENT_USER (HKCU) is a subkey of HKEY_USERS. HKCU is the user currently logged into the system. Any changes to HKCU are written in HKEY_USERS.The user is not identified by name, but by a unique serial number called the security identifier (SID). For example, S-1-5-21-1882598320-9519350021660491571-500 is the current user logged into the system.This key lists each attribute assigned to the current user.The DEFAULT key immediately above this serial number lists the default system attributes for all users.
Windows XP Registry Files and Structures The following sections discuss the Windows XP Registry files and structures.To fully understand how the Windows Registry works, you need to have a complete understanding of these files and their organization.
HKEY_LOCAL_MACHINE HKEY_LOCAL_MACHINE contains five keys: HARDWARE, SAM (the Security Accounts Manager), SECURITY, SOFTWARE, and SYSTEM.These keys are discussed in the following sections. HARDWARE HKEY_LOCAL_MACHINE\HARDWARE (shown in Figure 9.3) amasses the keys and values that make up the hardware inventory of a Windows XP system. It also contains information about devices and specific device drivers and settings associated with each piece of hardware.Windows XP does not allow an application to directly control or access a hardware device; therefore, when Windows XP boots, all system hardware is queried and the resulting data is stored in this key. Because this key is generated dynamically, making permanent changes is not possible. The information in this key is gathered each time a Windows XP system is booted. On an x86-based system, Ntdetect.com extracts the system’s hardware information and populates the HKEY_LOCAL_MACHINE\HARDWARE subkey’s values.The Hardware Abstraction Layer (Hal.dll) then calls these values to access system hardware. Use Windows XP Diagnostics to view the HARDWARE key information.To launch this tool, select Run from the Start menu and type WINMSD at the prompt.
185
186
Chapter 9
Introducing the Windows XP Registry
Figure 9.3 The HKEY_LOCAL_MACHINE\HARDWARE subkey holds information about system hardware.
HARDWARE\DESCRIPTION The HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION key holds the descriptions for all system devices. Figure 9.4 illustrates values from the CentralProcessor key used in Control Panel’s System Properties applet.This key indicates that the processor is a type x86 Family 6, Model 5, Stepping 0, and is a 231MHz processor, shown by converting the ~MHz:REG_DWORD:0x00001fff value to decimal.The Description key holds the descriptions of hardware devices referenced by device or driver name throughout other parts of the Registry.
Figure 9.4 The HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION subkeys contain information about specific system hardware.
Windows XP Registry Files and Structures
HARDWARE\DESCRIPTION\System The System key houses information about the BIOS, system board, daughter boards, and video BIOS. HARDWARE\DESCRIPTION\System\CentralProcessor The CentralProcessor key has one subkey of 0, indicating that the system has a single processor. Additional keys indicate multiple processors, as in 0 (for the first) and 1 for the second. Because Windows XP Professional is limited to a maximum of two processors, 0 or 1 are the only valid values for this key. HARDWARE\DESCRIPTION\System\FloatingPointProcessor This key holds information about the floating-point processor. HARDWARE\DESCRIPTION\System\MultifunctionAdapter The name assigned to the MultifunctionAdapter key is chosen based on the computer’s architecture. If the bus type is ISA or Multichannel (MCA), the subkey name is MultifunctionAdapter. If the bus type is EISA, the subkey name is EisaAdaptor. Finally, if the bus type is TurboChannel, the subkey name is TcAdapter. Note Although the majority of systems have only the three MultifunctionAdapter subkeys listed here, there might be others. For example, there might be a listing for Advanced Power Management (APM) or Docking State. Some systems can have up to 12 entries (0–11). So although the information is correct for most machines, it’s not carved in stone. The same applies to the following list of values for subkey 2; for example, a CardBus controller could be listed under an OtherController subkey or a drawing pad might create a more proprietary entry.
The MultifunctionAdapter key lists three subkeys: 0, 1, and 2.The 0 key is for the PCI bus. BIOS-supported PCI devices are listed under this key.The 1 key is PNP BIOS (Plug and Play).The 2 key holds information for one of the following: n n n n n
DiskController. Hard disk and floppy disk controller information KeyboardController. Keyboard controller information ParallelController. Configured parallel ports and controllers PointerController. Configured input/mouse devices SerialController. Configured COM ports and controllers
187
188
Chapter 9
Introducing the Windows XP Registry
Each subkey under the MultifunctionAdapter key can contain the following values: n
n
n
ComponentInformation Default: 0. Stores the version number of the component and other information. ConfigurationData. Stores information about the hardware component as a resource, such as I/O port addresses and IRQ number. If data about the component is not available, this entry does not appear in the Registry, or the entry has no value. Identifier. Stores the name of a component. If the component name is not available, this entry does not appear in the Registry, or the entry has no value.
HARDWARE\DEVICEMAP The DEVICEMAP subkey contains device drivers and the corresponding created names. When a device is called, a related, bound device driver is loaded.The DEVICEMAP subkey manages the relationships between the device names and the device drivers bound to them. HARDWARE\DEVICEMAP\AtDISK The AtDISK subkey stores information for AtDisk, the driver for non-SCSI hard disk controllers on Intel-based computers.This subkey appears in the Registry only if nonSCSI disk controllers are installed on the computer. HARDWARE\DEVICEMAP\KeyboardClass The KeyboardClass subkey maps to \REGISTRY\Machine\System\ ControlSet001\_Services\Kbdclass. HARDWARE\DEVICEMAP\PARALLEL PORTS The PARALLEL PORTS subkey maps to \DosDevices\LPT1. Additional mappings appear for each additional parallel port. HARDWARE\DEVICEMAP\PointerClass The PointerClass subkey maps to \REGISTRY\Machine\System\ ControlSet001\_Services\Mouclass (mouse, trackball, and so forth). HARDWARE\DEVICEMAP\PointerPort The PointerPort subkey maps to \REGISTRY\Machine\System\ ControlSet001\_Services\i8042prt.The i8042prt subkey stores data for the i8042prt driver.The i8042prt driver handles the keyboard and mouse port (also known as a PS/2compatible mouse) for the Intel 8042 controller.
Windows XP Registry Files and Structures
HARDWARE\DEVICEMAP\Scsi The Scsi subkey holds information about SCSI host adapters and devices. Figure 9.5 shows three SCSI ports, each with its own SCSI bus. Scsi Port 0 is the first SCSI device the system identifies, and Scsi Port 1 is the second SCSI device the system identifies, and so on.The Logical Unit ID 0 subkey holds the identifier name and the type of device. The Scsi Port 0 subkey holds the DMAEnabled status, the current driver, the current interrupt used by the system, and the I/O address of the device.This subkey is useful when you attempt to isolate interrupt conflicts with SCSI devices.
Figure 9.5 The Scsi subkey lists information on SCSI devices.
SAM (Security Accounts Manager) The Security Accounts Manager (SAM) database, also known as the directory services database, is managed by using User Manager for Domains or User Manager.The HKEY_LOCAL_MACHINE\SAM key is an alias of HKEY_LOCAL_MACHINE\_Security\SAM.This key contains security information about each local user and group and is found on all Windows XP computers that are not domain controllers. SECURITY The HKEY_LOCAL_MACHINE\SECURITY key holds information about user rights, system and user policies, and group memberships. By default, the system account is granted Full Control. Administrators are granted only Special Access and cannot view the SECURITY key’s contents without modifying Registry permissions.
189
190
Chapter 9
Introducing the Windows XP Registry
SOFTWARE The HKEY_LOCAL_MACHINE\SOFTWARE key, which holds software settings unique to a specific computer, is where many of your software applications store their configuration data.The Classes subkey, under the SOFTWARE key, is aliased to HKEY_CLASSES_ROOT and keeps track of programs and file extension associations. This key also contains a Microsoft subkey that records settings specific to the Windows XP installation and configuration. SYSTEM The HKEY_LOCAL_MACHINE\SYSTEM key holds the Control Sets (see Figure 9.6). A Control Set is a database of hardware settings, device drivers, and service configuration information that Windows XP uses on startup.
Figure 9.6 The System\CurrentControlSet subkey lists information that Windows XP uses at startup.
The SYSTEM key has many important subkeys that directly affect the boot process. In essence, a Control Set is like a hardware profile with each Control Set configured with potentially different settings. SYSTEM\ControlSet and SYSTEM\CurrentControlSet The ControlSet00# subkeys, numbered 0 through 3, are most likely numbered ControlSet001 and ControlSet002, but the numbering sequence might vary. ControlSet001 and CurrentControlSet are the same. CurrentControlSet is mapped to ControlSet001 and contains duplicate information.They are the primary Control Sets used to boot Windows XP. ControlSet002 or ControlSet003 is used if Windows XP fails to boot.
Windows XP Registry Files and Structures
SYSTEM\CurrentControlSet\Control This subkey holds a vast amount of information, such as system layout, computer name, boot verification program, session manager, time zone information, product options, WOW settings, and the hive list. SYSTEM\Select The Select key holds values indicating which Control Set should be loaded when Windows XP boots, including which Control Set holds the Last Known Good Configuration.The values of this key are Current, Default, LastKnownGood, and Failed. Current is the value of the Control Set Windows XP is using, Default is the default Control Set that Ntoskrnl.exe uses, LastKnownGood is the value of the Last Known Good Configuration Control Set, and the Failed value indicates the last Control Set that failed to boot. A 0 value indicates that no boot failures have occurred during any Windows XP boot process. HKEY_USERS The HKEY_USERS hive contains all actively loaded user profiles on the system. It contains two subkeys: DEFAULT, which stores the profile used when no users are logged on to the computer (such as when the Ctrl+Alt+Delete login prompt or the initial Windows Welcome screen is displayed), and SID#, named for the current local user’s SID. SID# contains the current user’s profile. If the user is logged on remotely, the data for his or her profile is stored in the local computer’s Registry.The data in HKEY_USERS\SID# also appears in HKEY_CURRENT_USER. In Windows XP, the default user profile is not stored in the Registry—it is stored in the \Documents and Settings\%USERNAME%\Ntuser.dat file. HKEY_USERS\DEFAULT\AppEvents The AppEvents (Application Events) key holds associations between Windows XP events and their associated program sound files. HKEY_USERS\Console The Console key holds settings for character-based programs.The command window is an excellent example of these settings in action.To open the dialog box, right-click the program icon in the upper-left corner of a command window, and then select Properties.This dialog box enables you to set window size, color, fonts, and other options. HKEY_USERS\Control Panel The Control Panel key holds setting data from many of the Control Panel applets. It is highly recommended that you use Control Panel applets to indirectly modify this data instead of direct manipulation through the Registry.
191
192
Chapter 9
Introducing the Windows XP Registry
HKEY_USERS\Environment The Environment key holds some of the data displayed in the Control Panel System applet’s Environment tab.These items include environment variables, system path, user profile information, and startup/shutdown options. HKEY_USERS\Keyboard Layout The Keyboard Layout key holds language values and key preload information if, for example, you want to preload function settings or change the keyboard layout. HKEY_USERS\Software The Software subkey holds software settings that are unique to each named user. It holds such information as Microsoft software settings and system security certificates. HKEY_USERS\UNICODE Program Groups The UNICODE Program Groups key holds values associated with the Windows Program Manager utility, which was the original shell for Windows 3.x systems; Program Manager was removed starting with Windows 95.Windows Explorer does not use this key.
Security Information in the Registry It is important to remember that the local accounts database for non-domain controller Windows XP machines is stored in the Registry. How long would it take to break every password in your Windows XP security accounts database? Also, how long would it take to break a single Administrator password? Answer: too little time. If your Registry is like most, today’s password-cracking programs can connect anonymously or as a service to your Registry, copy it, close the connection, begin a dictionary, and brute-force password crack in the hope of obtaining one or more passwords. It seems that every time Microsoft changes the encryption method for the SAM, someone releases a shareware cracking program to defeat it. Although the Registry is complex and seemingly secure, it is not.You must take additional measures to successfully thwart this level of attack.The following sections focus on ways to secure the Registry from malicious hackers.
Securing the Computer Microsoft recommends the following strategies to secure your computer and Registry from hackers: n
Rename the Administrator account, and make sure it has a strong password.This makes gaining administrative rights and Registry information more difficult for a potential hacker.
Security Information in the Registry
n
n
n
n
n n
n
n
n
n
Create a fake Administrator account that has no rights.This gives a potential hacker a bogus account to try to infiltrate and gives you time to detect the intrusion. Limit the membership of the local Administrators group.The more members in this group, the more targets a hacker has to gain administrative privileges. Disable the Guest account, which is enabled by default in Windows XP. If the Guest account must remain enabled, give it a strong password as an added safety measure. Set your local account policy to ensure that strong passwords with a minimum of seven characters are used. Enable account lockout for local accounts. Secure the system’s SAM.The SAM file contains encrypted copies of users’ passwords. If it is not secured, hackers could get it and use it to crack the passwords. You can secure the SAM only by using NTFS file permissions, so you must be using NTFS instead of FAT/FAT32. Secure the main copy of the SAM by securing the Winnt\System32\Config directory. Remove the Everyone group from the list of users and groups that have permission to access the directory and files. Add the Users group to the list of users and groups that have permission to access the directory and files. Secure the backup copy in the Winnt\Repair directory. (This directory exists only if you have created a repair disk.)
n
Allow only the System account and the local Administrators group to have access to the directory and files.
n
Secure the system Registry, which requires these three steps: 1. Restrict Anonymous Access to the Registry by creating the RestrictAnonymous value under the LSA key (see KnowledgeBase article Q143474). 2. Restrict Network Access to the Registry with the Winreg key (see KnowledgeBase article Q155363). 3. Change the file association for the .reg extension to something like Notepad.This prevents a malicious Web site from inserting new keys into your Registry while you are browsing the Web. Also, double-clicking on any file with a .reg extension attempts to overwrite current information with information in the .reg file.
193
194
Chapter 9
Introducing the Windows XP Registry
Remote Registry Access The KnowledgeBase article Q314837 explains actions to control remote Registry access. This fix restricts Registry changes to the local console only.The article states the following: “The default security on the Registry allows for easy use and configuration by users in a network. In some cases, it may be useful to regulate who has remote access to the Registry, in order to prevent potential security problems.” The security on the following Registry key dictates which users and groups can access the Registry remotely: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ Control\SecurePipeServers\Winreg. If this key does not exist, remote access is not restricted, and only the underlying security on individual keys controls access. In a default Windows XP installation, this key grants Administrators Full Control for remote Registry operations. The following optional subkey defines specific paths into the Registry that are allowed access, regardless of the security on the Winreg Registry key: KEY_LOCAL_MACHINE\_SYSTEM\CurrentControlSet\Control\SecurePipeServers \Winreg\AllowedPaths\Machine (entry of type REG_MULTI_SZ). The AllowedPaths Registry key contains multiple strings, which represent Registry entries that users in the Everyone group can read. It allows specific system functions, such as checking printer status, to work correctly regardless of how access is restricted via the Winreg Registry key.The default security on the AllowedPaths Registry key grants only Administrators the ability to manage these paths.
Alternative Ways to Secure the Registry The real threat to a Registry is a user. In general terms, administrators are not users and are certainly no threat to the Registry. However, for the sake of argument, administrators are also included in this discussion. Every user does not need Full Control, but users will argue this restriction. Users with political power often win this argument, but in general, locking down Full Control is a start to securing the Registry and Registry-related settings. Keep overzealous users out of harm’s way by deleting Regedit.exe and Regedt32.exe, plus any other tools discussed in Chapters 10, “Editing the Windows XP Registry,” and 11, “Important Registry Keys and Values,” that permit Registry manipulation. If users must have one of these tools, take actions to restrict remote Registry access, which limits Registry spelunking to their own machines. Use the Registry Editor to change the security settings on the different hives within the Registry. Note that the default permission for HKEY_LOCAL_MACHINE is that the Everyone group has Read permission.
How Programs Interact with the Registry
Understanding out-of-the-box Registry permissions, access points to the Registry, and potential ways to secure the Registry will help protect your assets. Caution Remember to reboot! Any changes to Registry entries require a reboot to take effect.
How Programs Interact with the Registry The Registry is the repository for configuration information for not only the operating system, but also programs and device drivers.This configuration information can be static or dynamic. For example, when a program is started, the icon that the user clicks to start the program resides in the user configuration stored in the Registry under the HKEY_ CURRENT_USER key.The information in this key tells the operating system the name and location of the program file to start.The program then looks at its entry in the Registry under the HKEY_LOCAL_MACHINE\SOFTWARE\vendor\appname subkey (see Figure 9.7).The entry for the program has subkeys containing the configuration information that the program needs to start itself and locate any data files,.dll files, or other files it needs.These subkeys also contain information to control how this program looks to the user, what options are available, and other features.While the program is in operation, it can store running values back in the Registry under its subkey.
However, the program doesn’t actually write directly to the Registry, which would be too dangerous.The Registry uses a type of journaling to update itself. For example, if you look in the \%systemroot%\System32\Config folder, you will see files with the extensions .alt and .log in addition to the Registry files. All changes to the Registry are written to the .log files. After the changes to the .log file are complete, they are written to the Registry hive. Each write to a .log file or to the Registry is assigned a sequence number.That way, if the computer crashes during a Registry write, when the computer is restarted, it will notice that the sequence numbers don’t match and complete the unfinished write operation. The SYSTEM key has a file with the .alt extension.This file is maintained as an exact duplicate of the SYSTEM key. Any changes from .log files that are written to the SYSTEM file are also written to the System.alt file.This way, if the computer crashes and the System file is corrupt, the computer automatically uses the System.alt file as a backup so that it can be booted.
Group Policies Like the System Policies used in previous versions of Windows NT, Group Policies can be used to control the configuration of a user or computer. Group Policies in Windows XP also have additional functions, such as: n n n
n n
Controlling what software is available on a machine or available to a specific user Assigning a logon or logoff script to a user and/or a machine Redirecting folders from the default Documents and Settings folder on the local computer to a network location Assigning predefined security templates to a machine Setting disk quota policies
Group Policies enable network administrators to control the actions of users and computers from a central location. Every Windows XP machine, whether it is a member of an Active Directory domain or not, has its own local Group Policy object. Unlike the Windows NT 4.0 System Policies, which were generally applied only at the domain level, Group Policies in Windows XP can be applied at several levels. Because of this, if the machine is a member of an Active Directory domain, any other non-local Group Policy objects assigned to that machine can override its local Group Policy object settings. Group policies are processed in the following order: n n n n
Local Site Domain Organizational Unit
Group Policies
The last settings applied override previous settings. For example, if a user configures the local policy to use a Star Wars screensaver but the domain policy specifies the corporate logo for a screensaver, the user will have the corporate logo screensaver. Another major difference is that changes that the Windows XP Group Policies apply to the Registry are not permanent. If you later decide that the configuration you are using is not satisfactory, you can disable the policy, and the changes will be removed from the Registry. Local Group Policies are created and managed by using the Group Policy snap-in to the Microsoft Management Console (MMC).To access this snap-in, perform the following steps: 1. 2. 3. 4. 5. 6. 7.
Click Start, Run. Type MMC, and then press Enter. Choose File, Add/Remove Snap-in from the menu. Click the Add button to open the Add Snap-in dialog box. Select Group Policy from the list of available snap-ins. Click the Add button to add this snap-in. Click Finish, and then click Close.The Group Policy Editor appears in the MMC (see Figure 9.8). 8. Click OK to close the MMC window.
Figure 9.8 The Group Policy Editor showing options for a Local Computer Policy.
Notice that there are two sections in the Group Policy snap-in: one for computer configuration and the other for user configuration. In each section, you can configure
197
198
Chapter 9
Introducing the Windows XP Registry
Software Settings,Windows Settings, and Administrative Templates.The settings configured in the Computer Configuration section apply to all users who log on to that machine, and the User Configuration settings can be assigned to specific users. In the Group Policy snap-in, right-click Administrative Templates under the Computer Configuration section, and select Add/Remove Templates. The Add/Remove Templates dialog box shows you the Administrative Templates currently installed in the Group Policy object.You can import any of the .adm files that you create or that were used with Windows NT 4.0 or Windows 2000 into Windows XP Group Policy objects. However, remember that some of the Windows NT .adm files made Registry changes that are outside the scope of the approved Windows XP changes. In addition, unlike other settings in Group Policies, the settings introduced by using Windows NT .adm files are not automatically disabled when the Group Policy object is disabled.They persist unless they’re explicitly disabled, just as they were in Windows NT 4.0. When a Windows XP computer is started, it first looks to see whether a local policy is stored in the local machine’s %SYSTEMROOT%\System32\GroupPolicy folder. If the folder contains a policy that affects any computer settings, they are applied to that machine’s Registry. If the computer is a member of an Active Directory domain, it then logs on to the domain and checks the \WINNT\SYSVOL\SYSVOL\domainname folder for any applicable policies.These policies are applied in the hierarchical order discussed previously, with conflicting settings being overwritten by policies that are higher in the hierarchy. This process is repeated when a user logs on to the machine. She will receive the local policy settings that pertain to her user account, and then the non-local settings in the hierarchical order. There is no limit to the number of policies you can implement at the non-local level. However, remember that these policies are applied when the machine is started or the user logs on to the system, so the number of policies that are processed can affect the startup time adversely.
For More Information For more information about the Windows XP Registry, please consult the following references: n
Hipson, Peter D. Mastering the Windows XP Registry. Sybex, 2001. ISBN: 0782129870.
n
Microsoft TechNet (http://www.microsoft.com/technet/) contains useful information about the Registry.Topics discussed in this chapter can be found by searching on keywords related to these topics.
n
Microsoft Windows XP Professional Resource Kit Documentation. Microsoft Press, 2001. ISBN: 0735614857.
10 Editing the Windows XP Registry
I
N THIS CHAPTER, YOU BEGIN WORKING with the Windows XP Registry, a data file with configuration information about all 32-bit hardware, 32-bit driver combinations, and 32bit Windows XP applications.To help you work with the Registry more efficiently, you learn about some of the available tools, both native and third-party.This chapter assumes that you are accustomed to manually adjusting values in the Registry and that you are interested in the useful tasks you can accomplish only by manipulating the Registry directly.
Editing the Registry is akin to tinkering with the brain—you should know what you’re doing, or you’ll suffer dire consequences.When you edit the Registry, you’re manipulating Windows XP configuration information; one wrong change and your Windows XP configuration could be toast. You can edit the Registry directly and indirectly.You do indirect editing by using the applets in Control Panel, making user or group membership changes, changing disk configurations in Disk Management, applying Group Policy objects, or changing the operating environment. Indirect editing using these methods is safest because these changes are accomplished programmatically. A method such as this is less likely to introduce Registry errors because programs, which are usually extensively tested before release, make any necessary changes for you. You can edit the Registry directly by using the native Registry Editor tool or one of the numerous third-party editing tools. Direct editing is extremely dangerous, however; a minor mistake in a binary number or deleting the wrong value can have dramatic effects on your system. Before you change the Registry, make a set of Windows XP boot disks and create a backup of the system state (an option in most Windows XP–compatible backup products, including the native backup tool) and the Registry files (see the next section). These disks enable you to get back to where you started if your Registry alterations
200
Chapter 10
Editing the Windows XP Registry
caused unwanted and unexpected catastrophic results. Always be prepared for a change to make your system fail or operate abnormally. If you’re prepared for disaster, you can usually find a way to get the system up and running again.
Backing Up the Registry The primary tools built into Windows XP to perform Registry backups and restores are the Registry Editor and the Backup utility, used to back up a computer’s local Registry. Backing up a Registry is not enabled by default. In the Backup utility (accessed by clicking Start, All Programs, Accessories, System Tools, Backup, Advanced Mode, and then clicking the Backup tab), you must select the System State check box to perform this task (see Figure 10.1). Unlike Window NT, which required a tape drive to be installed to back up a Registry, the Windows XP Backup utility can back up to tape, a floppy drive, or any other device.
Figure 10.1 Backing up the Registry in the Windows XP built-in Backup utility.
You can also use the Registry Editor to back up the Registry by choosing File, Export from the menu.Through this command, you can select to create a backup file of the entire Registry or a selected branch (that is, a subkey level and all contents). See the next section for discussion on launching the Registry Editor. .
For a complete discussion of using the Windows XP Backup utility, see Chapter 20, “Windows XP Backup and More,” p. 437.
Editing the Registry
Editing the Registry Windows XP includes a utility for editing and adding Registry data—the Registry Editor (see Figure 10.2)—but you cannot find this tool in the Start menu, Control Panel, or Administrative Tools. Because this tool’s only purpose is to edit the Registry directly, Microsoft deliberately kept it out of the Start menu and other common tool areas to discourage its use.You must start it from a command prompt or the Run command with REGEDIT or REGEDT32.
Figure 10.2 The Registry Editor.
Windows 2000 had two versions of the Registry Editor: 16-bit (launched with REGEDIT) and 32-bit (launched with REGEDT32). Microsoft opted to combine these two tools into a single utility, but retained the ability to access the tool with either program name. You can use the Windows XP Registry Editor to add, remove, and alter Registry keys; alter security settings (permissions and auditing); and perform Registry-wide keyword searches.The following sections detail the unique or special menu commands found in the Registry Editor. Caution Remember, when using the Registry Editor, you are viewing and altering the live, in-memory, in-use version of the Registry. When you make changes, no confirmation dialog boxes appear to warn you of impending changes. In general, any changes you make in the Registry affect the system immediately, but it is a good idea to reboot the system to be sure.
201
202
Chapter 10
Editing the Windows XP Registry
File: Import and Export Use the Import and Export commands to save to file (Export) or load from a file (Import) the entire Registry or selected branches (that is, a subkey level and all contents). Export can create normal Registry files (.reg), Registry hive files (._), text files (.txt), and Windows 9x/NT Registration files (.reg). With the Import command, you can import only normal Registry files (.reg) and Registry hive files (._). Also, by importing a Registry file, the contents of the imported file will overwrite the data in memory, thus permanently changing the Registry.
File: Load Hive and Unload Hive You can load a hive into the Registry that has been saved as a text file or remove a loaded hive from your system.The Load Hive and Unload Hive commands affect only the HKEY_USERS and HKEY_LOCAL_MACHINE predefined keys and are active only when these predefined keys are selected.When you load a hive into the Registry, the hive becomes a subkey of one of these predefined keys. To load a hive into the Registry, follow these steps: 1. 2. 3. 4.
Select HKEY_USERS or HKEY_LOCAL_MACHINE. Choose File, Load Hive from the menu. Select the hive file and click the Open button. In the Load Hive dialog box, enter the key name to assign the hive, and click OK. The selected hives now appear as subkeys of HKEY_USERS or HKEY_LOCAL_MACHINE.
To unload a hive, the hive must have been previously loaded.You cannot unload the default hives.When a hive is loaded into the Registry, it becomes a subkey of HKEY_USERS or HKEY_LOCAL_MACHINE. To unload a hive from the Registry, select a hive that was previously loaded into the Registry, and then choose File, Unload Hive from the menu. After you do this, the unloaded hive no longer exists in the Registry.
File: Connect Network Registry and Disconnect Network Registry The Registry Editor views the local Registry by default, but you can also use it to view and edit remote Registries of networked systems.When you choose File, Connect Network Registry, a browse dialog box appears.You use this dialog box to search for and select the remote system to connect with to access its Registry. By default, users who are members of the Administrators or Backup Operators group have remote access to the Registry on other Windows XP systems. If you want to enable
Working with Existing Keys and Values
access to remote Registries for other users or groups, see the Microsoft KnowledgeBase document Q314837 (http://support.microsoft.com/ default.aspx?scid=KB;EN-US;Q314837&). However, we don’t recommend performing this activity because it opens a serious security vulnerability that malicious users can exploit. Obviously, any time you open a system to remote access, you take the risk of an unauthorized user attempting to gain access to your system.When it comes to the Registry, you can never be too careful! After you’ve completed your remote Registry alterations, use the Disconnect Network Registry command to terminate the remote connection and return to viewing the local Registry.
Edit: New To add new Registry keys, String values, Binary values, DWORD values, Multi-String values, and Expandable String values, choose Edit, New from the menu.
Edit: Permissions The Permissions command is used to add or change permissions for all or parts of the Registry.You can also use this command to configure auditing on the Registry (to monitor access to the Registry) and to set the owner of hives or keys in the Registry.The Permissions command for the Registry functions in exactly the same manner as permissions for files and folders.
Working with Existing Keys and Values There are five Registry hives: HKEY_CLASSES_ROOT, HKEY_CURRENT_ CONFIG, HKEY_USERS, HKEY_CURRENT_USER, and HKEY_LOCAL_ MACHINE.These hives are covered in more detail in the following sections.
The HKEY_CLASSES_ROOT Key HKEY_CLASSES_ROOT is really a subkey of HKEY_LOCAL_MACHINE\Software. It’s used for object linking and embedding (OLE) functions, and it ensures that an application’s associations are correctly invoked when a file type is selected and opened. HKEY_CLASSES_ROOT also includes the names of all drivers, strings used as pointing devices to the actual application text they represent, class ID numbers, dynamic data exchange (DDE) and OLE information, and the icons used for applications and related documents.
203
204
Chapter 10
Editing the Windows XP Registry
The HKEY_CURRENT_CONFIG Key HKEY_CURRENT_CONFIG contains hardware profile information used during system startup and was added to Windows NT 4.0 to ensure compatibility with Windows 95.This compatibility enables applications that support HKEY_CURRENT_CONFIG to run on Windows 95,Windows 98,Windows NT, and Windows XP.This key is actually a subtree aliased to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ Hardware\Profiles\Current; therefore, the discussion of HKEY_LOCAL_MACHINE includes the HKEY_CURRENT_CONFIG key.
The HKEY_USERS Key HKEY_USERS is the root for all HKEY_CURRENT_USER profiles on the computer. It contains information related to the logged-on user and the default user settings. The HKEY_USERS key contains configuration information for all users, but makes it available only to the specific user when he or she logs in.This key is located in Documents and Settings\%username% (%username% is the user who is currently logged on).
The HKEY_CURRENT_USER Key HKEY_CURRENT_USER contains information related to the currently logged-on user. HKEY_CURRENT_USER is actually a subkey of HKEY_USERS.Table 10.1 describes the default subkeys for HKEY_CURRENT_USER. Table 10.1 Registry Subkeys and Their Functions Subkey
Function
Console Control Panel Environment Keyboard Layout Identities Printers RemoteAccess Software
Stores window options and command-prompt configurations. Specifies Control Panel applet configuration information. Stores environment variable information for the current user session. Holds information about user keyboard preferences. Defines the user’s identity. Houses printer information for all mapped printers. Stores information about the Routing and Remote Access Service. Houses settings for user-installed software or preference settings for globally available software.
The HKEY_LOCAL_MACHINE Key The HKEY_LOCAL_MACHINE key manages information related to the local computer’s hardware and device drivers.There are several subkeys of importance, which are discussed in the following sections.
Working with Existing Keys and Values
HKEY_LOCAL_MACHINE\Software This subkey contains configuration information for all the software installed on the local machine.The convention for storing this information, according to Microsoft, is \Software\Company Name\Product Name\Version Number. If you use this convention, you can query Registry information on all network computers to check for installed software and version information. HKEY_LOCAL_MACHINE\Software\Classes This subkey contains file type–to–application association information as well as information related to Component Object Model (COM) objects. HKEY_LOCAL_MACHINE\Software\Microsoft This subkey contains information specific to Microsoft software installed on the local machine. HKEY_LOCAL_MACHINE\Hardware This subkey maintains a database of the hardware-specific information on the local machine.You can use it to get a clear picture of the computer’s physical configuration, including configuration data about the processor, network interface card (NIC), memory, bus type, and so on. HKEY_LOCAL_MACHINE\Hardware\Description On an Advanced RISC Computing (ARC)–compliant machine, when the system boots, the firmware is queried and the result is copied to this subkey. On x86-based systems, the NTDETECT.COM process then gathers the system hardware information it recognizes and populates this subkey. Binary component identification information, the component ID, and configuration information (such as CPU type and speed, interrupt request [IRQ] settings, direct memory access [DMA] channels, and input/output [I/O] ports) are gathered during this phase. HKEY_LOCAL_MACHINE\Hardware\DeviceMap This subkey keeps a record of created device driver names and their associated device objects. It cross-references the drivers to the objects organized by device class.Therefore, when a disk array calls the underlying Windows XP subsystem, the appropriate device driver is called to perform the task. HKEY_LOCAL_MACHINE\Hardware\ResourceMap The ResourceMap subkey is dynamically created each time the machine is booted. It maintains a mapping of hardware devices to software drivers.This key detects and reports conflicts from the device drivers’ memory addresses, interrupts, DMA channels, and I/O ports.
205
206
Chapter 10
Editing the Windows XP Registry
HKEY_LOCAL_MACHINE\SAM This subkey, of course, contains the security accounts database for the local system. SAM is the abbreviation for Security Accounts Manager. You can’t actually see or manipulate the SAM from this key. It’s here just for show. HKEY_LOCAL_MACHINE\SYSTEM This subkey maintains information about the Windows XP boot process.Table 10.2 shows the four Control Sets under HKEY_LOCAL_MACHINE\SYSTEM. Table 10.2 Control Sets Under HKEY_LOCAL_MACHINE\SYSTEM Control Set Subkey
Used to boot Windows XP. Is a backup to ControlSet001 if it fails to load. Mapped to ControlSet001 and is used to boot Windows XP. Contains information such as computer name, file system, session manager, and memory manager settings. Contains a mapping to all mounted devices on the system.
MountedDevices
Data Formats of the Registry Adding data to the Registry is a fairly simple task. However, knowing what type of information to create and where is much more difficult.The following sections discuss the specific data formats used in the Registry. The Registry manages five main value types: Binary, String, DWORD, Multi-String, and Expandable String. Separate editing tools (supplied with Windows XP) are used, depending on the value type selected.
Binary or REG_BINARY The Binary type houses data in a binary format generally used to store hardware component information. Examples include entries under HKEY_LOCAL_MACHINE\ SAM, although these entries in the Registry are relatively rare.
DWORD or REG_DWORD This value, edited with the DWORD editor, represents a 32-bit, 4-byte number used in error control functions. Many entries related to device drivers and Boolean values use
Data Formats of the Registry
the DWORD data format type. DWORD data can be displayed as binary, hexidecimal, or decimal.
Multi-String or REG_MULTI_SZ This value enables you to input multiple strings of data.The Multi-String data format type is often used for contents of list boxes, to list multiple paths, or for other data sets that offer multiple selections or views.Values in a Multi-String entry can be separated by spaces, commas, or other marks.
Expandable String or REG_EXPAND_SZ This value uses the same editor as REG_MULTI_SZ, but indicates that the data has the ability to expand (have information added to it).This data format type is also known as a variable-length text string. It is often used for variables that are resolved when an application or service uses them.
String or REG_SZ The String type is a sequence of characters that represent a Unicode user-readable string. Entries might be names, titles, numbers, paths, or other text items.The SZ in REG_SZ stands for String Zero terminated. Examples of value entries with the REG_SZ data format can be found in the HKEY_LOCAL_MACHINE\ HARDWARE\DESCRIPTION\System key. The other data format types that appear in the Registry are listed in Table 10.3, along with their acceptable content formats. Table 10.3 Registry Value Types and Their Intended Uses Value Type
Description
REG_NONE
The value type does not exist or it is unknown because of the type’s encryption. Binary data in bit or binary form. A 32-bit number expressed in hexadecimal, octal, or decimal format. A 32-bit number with the high byte expressed first. An Expandable String that can include embedded variables, such as %systemroot%. Hardware Resource Description in the \Hardware subkey of HKEY_LOCAL_MACHINE.
A Unicode-formatted symbolic link. An array containing strings. Hardware Resource Lists found in the \Hardware subkey of HKEY_LOCAL_MACHINE. Resource requirements.
REG+RESOURCE_REQUIREMENTS_LIST
Importing and Exporting Registry Data Backing up the local Registry is an essential part of system backups.The Backup utility, shown previously in Figure 10.1, enables you to back up the local server’s Registry. Other options for performing Registry backups are available to administrators.This section looks at the functions of importing and exporting Registry keys through the Registry Editor itself. .
For more information on the Backup utility and administrator options, see Chapter 20, “Windows XP Backup and More,” p. 437.
Importing Registry Files If you want to back up the Registry without using the built-in Backup utility, the Registry Editor fills the need.You have two options when importing into the Registry. One option is to double-click the exported .reg file, which launches an import action and overwrites existing Registry keys. Because of the possibility of overwriting important Registry information, you should perform this action with great caution. In fact, it’s a good idea to rename your old .reg files to .re so that you don’t import them mistakenly. Another option is to import the .reg file by using the Registry Editor.To do this, choose File, Import from the menu, and then select a .reg file.This process imports an exported Registry or hive. Again, this import option overwrites any existing Registry information with no warning. Import Registries with caution.
Exporting Registry Files To back up the Registry using the Registry Editor, choose File, Export from the menu to open the Export Registry File dialog box shown in Figure 10.3. Select the location for the exported Registry. Using this method, you can export the entire Registry or a selected portion of it.The exported file is saved with a .reg extension.
Avoiding Registry Problems
Figure 10.3 Exporting a Registry file with the Registry Editor.
Avoiding Registry Problems You can avoid Registry problems with careful planning and prevention. Avoiding Registry problems is always better than the alternative. It’s not really the Registry problem you should be worried about, anyway—it’s that call at 2:00 a.m. Sunday morning telling you about the server outage you should be worried about.This section discusses a strategy for minimizing the impact and downtime associated with Registry-related incidents.
Last Known Good Configuration If you’re unable to boot your system after making a change to the Registry, the best escape pod that Microsoft provides is the Last Known Good Configuration (LKGC). When you boot Windows XP, you’re presented with an option to press F8 to enter the Windows XP Advanced Options menu. At this point, you can select the Last Known Good Configuration option to get a menu from which you can choose saved configurations.The Last Known Good Configuration means that, based on the last configuration, your system was able to get to the initial logon screen. It does not mean that your Registry was evaluated against some criteria for goodness, but that your boot appeared to be successful as far as Windows XP was concerned.Take this for what it’s worth.With Last Known Good Configuration, you should be able to log in to the system to repair potential damage. Be careful, though. If you log in to the system and then decide you want to boot the LKGC, it’s too late.The old configuration is overwritten with the new one after the logon process is completed.
209
210
Chapter 10
Editing the Windows XP Registry
Registry Security Like New Technology File System (NTFS), the Registry also has security controlled by Access Control Lists (ACLs). Setting Registry security correctly prevents unauthorized personnel from making direct or indirect changes to your system.There are three primary permissions for Registry keys: Full Control, Read, and Special Permissions. In addition, there are several Advanced permission options: n n n n n
n n n n
n n
.
Full Control. Assigns full control access. Query Value. Assigns the user or group to read the settings of a value entry. Set Value. Assigns the user or group the ability to set the value of an entry. Create Subkey. Assigns the user or group the ability to create a subkey. Enumerate Subkeys. Assigns the user or group the ability to identify all subkeys of the selected key. Notify. Allows the user or group to receive subkey audit notifications. Create Link. Allows a user or group to create a symbolic link to the key. Delete. Allows a user or group to delete a subkey. Write DAC. Allows a user or group to read the Discretionary Access Control list for the selected subkey. Write Owner. Allows a user or group to take subkey ownership. Read Control. Allows a user or group to read the security information associated with a subkey. For a discussion of strategies for maintaining Registry security, see Chapter 9, “Introducing the Windows XP Registry,” p. 179.
Troubleshooting the Registry Let there be no doubt:Troubleshooting the Registry can be rocket science. Methodical investigation, however, generally gets past the symptoms to the root of the problem. Registry problems manifest themselves in several ways. Foremost, you know you have a problem when you receive a BSOD—lovingly known as the Blue Screen of Death. A BSOD, or a STOP message, indicates the cause of the failure. Understanding this hieroglyphic screen in its entirety is not necessary.There are some key indicators that will help your investigation.The second line of the STOP message lists the type of error encountered.The error will read “Unhandled User exception” or “Unhandled Kernel exception” followed by some address information for focusing your troubleshooting search. Unhandled User exceptions involve user-mode operating system software, whereas Unhandled Kernel exceptions relate to the operating system, third-party software drivers, or hardware.The third and fourth lines of the STOP message indicate what
Uninstalling Applications
caused the failure and the associated address or addresses. After the STOP information is evaluated, checking the Event Viewer’s System and Application logs might narrow the problem search. In addition, you can search TechNet at http:// www.microsoft.com\technet for the eight-digit stop code for further information. Generally speaking, the following events are the most likely causes of problems with the Registry: n
Installing and uninstalling software. Software does not always install and uninstall as intended on every system. Always check with the software vendor to make sure it’s compatible with Windows XP.
n
Hardware-specific changes to the Registry. Events such as adding a new NIC might trigger downstream symptoms, such as failure to authenticate to the domain, although the protocol seems to be working and bound properly. One issue that arises occasionally is having no protocols listed in the Network applet, even though TCP/IP is functioning properly.
n
Direct changes to the Registry. Everyone makes mistakes. Incorrect manipulations of the Registry are, unfortunately, common.
Uninstalling Applications Sometimes no Add/Remove Program item exists for an application, the Add/Remove operation doesn’t function correctly, or no uninstall utility was provided with an application. Simply deleting the installation directory doesn’t remove all of a program’s code. Here is one way to ensure the complete removal of a program: 1. In HKEY_LOCAL_MACHINE\Software and HKEY_CURRENT_USER\ Software, locate the entry for the application you intend to remove and delete the program’s entries. 2. Remove any entries for the program from the Start menu under Documents and Settings\All Users\Start Menu\Programs and under Documents and Settings \%username%\Start Menu\Programs.The program could exist in one or both places, so always check both. 3. If the program had a component listed as a service, edit HKEY_LOCAL_ MACHINE\System\CurrentControlSet\Services and delete the associated entry. 4. If the program had an entry in the Add/Remove Programs list, edit HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ Uninstall, locate the entry, and remove it.
211
212
Chapter 10
Editing the Windows XP Registry
5. If no entry existed in the Startup folders, but the program starts automatically, edit HKEY_CURRENT_USER\Software\Microsoft\Windows XP\ CurrentVersion\Windows. Check the load and run value entries to see whether they contain related program information; if so, delete the information. 6. An application can be placed in several locations to have it autostart. Here are the places in which John Savill’s Windows NT/2000 FAQ (http:// www.ntfaq.com) recommends looking: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Current Version\Run HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ RunOnce HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ RunServices HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ RunServicesOnce HKEY_LOCAL_MACHINE\Software\Microsoft\Windows XP\ CurrentVersion\Winlogon\Userinit HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Run HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ RunOnce HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ RunServices HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ RunServicesOnce HKEY_CURRENT_USER\Software\Microsoft\Windows XP\ CurrentVersion\Windows\run HKEY_CURRENT_USER\Software\Microsoft\Windows XP\ CurrentVersion\Windows\load %systemroot%\win.ini 7. Delete the program’s installation folder(s). 8. Reboot the computer.
Third-Party Registry Editing and Management Utilities Several third-party editing and management utilities are available for maintaining the Registry. (“Third-party” refers to anything that doesn’t ship on the Windows XP
Third-Party Registry Editing and Management Utilities
distribution CD.) This section discusses tools from the Windows 2000 Server Resource Kit, the Windows NT Server 4.0 Resource Kit CD (yes, that says “Windows NT”), and the Internet.
REG REG is a command-line manipulation utility provided on the Windows NT Server 4.0
Resource Kit CD.This utility is no longer available on the Windows XP Server Resource Kit, but the previous version will work under Windows XP. REG contains the following commands: REG QUERY, REG ADD, REG UPDATE, REG DELETE, REG COPY, REG SAVE, REG BACKUP, REG RESTORE, REG LOAD, and REG UNLOAD.They replace the Registry commands REGCHG.EXE, REGDEL.EXE, REGDIR.EXE, REGREAD.EXE, REGSEC.EXE, RESTKEY.EXE, RREGCHG.EXE, and SAVEKEY.EXE. Each command enables you to manipulate local and remote Registries.When omitted as a syntactical argument, HKEY_LOCAL_MACHINE is assumed. REG QUERY Use the REG QUERY command for local or remote queries of a Registry.The syntax for REG QUERY is as follows: REG QUERY RegistryPath [\\Machine] [/S] RegistryPath [ROOTKEY\]Key[\ValueName] ROOTKEY [ HKLM | HKCU | HKCR | HKU | HKCC ] Key is the full name of a Registry key under the selected ROOTKEY. ValueName is the value, under the selected Key, to query. When omitted, all keys and values under the Key are listed. Machine is the name of the remote machine. Omitting Machine defaults to the current machine. Only HKLM and HKU are available on remote machines. /S or /s queries all subkeys. Examples: REG QUERY HKLM\Software\Microsoft\ResKit\Setup\InstallDir Displays the value of the InstallDir Registry entry. REG QUERY HKLM\Software\Microsoft\ResKit\Setup /S Displays all keys and values under the Setup subkey.
Tip The information in the following sections is taken directly from the online documentation for the REG utility. At any time, you can type one of the REG commands followed by a slash and question mark—REG QUERY /?, for example—and you’ll be able to view the information in the following sections onscreen.
213
214
Chapter 10
Editing the Windows XP Registry
REG ADD Use the REG ADD command to make additions to a local or remote Registry.The syntax for REG ADD is as follows: REG ADD RegistryPath=Value [DataType] [\\Machine] RegistryPath [ROOTKEY\]Key\ValueName=Value ROOTKEY [ HKLM | HKCU | HKCR | HKU | HKCC ]Optional. When ROOTKEY is omitted, HKLM is assumed. Key is the Registry key’s full name under the selected ROOTKEY. ValueName is the value, under the selected Key, to add. Value is the value to assign to the Registry entry being added. DataType can be one of the following: REG_SZ, REG_DWORD, REG_EXPAND_SZ, or REG_MULTI_SZ. (If omitted, REG_SZ is assumed.) Machine is the name of the remote machine. Omitting Machine defaults to the current machine. Only HKLM and HKU are available on remote machines. Examples: REG ADD HKLM\Software\MyCo\MyApp\Version=1.00 Adds the Registry entry version=1.00 of type REG_SZ. REG ADD HKLM\Software\MyCo\MyApp\Timeout=5 REG_DWORD \\ZODIAC Adds the Registry entry Timeout=5 of type REG_DWORD on machine ZODIAC.
REG UPDATE Use the REG UPDATE command specifically to make changes to existing Registry information on local or remote machines.The syntax for REG UPDATE is as follows: REG UPDATE RegistryPath=Value [\\Machine] RegistryPath [ROOTKEY\]Key\ValueName ROOTKEY [ HKLM | HKCU | HKCR | HKU | HKCC ] Optional. When ROOTKEY is omitted, HKLM is assumed. Key is the full name of the Registry key under the selected ROOTKEY. ValueName is the value, under the selected Key, to update. Value is the value assigned to the Registry variable being updated. Machine is the name of the remote machine. Omitting Machine defaults to the current machine. Only HKLM and HKU are available on remote machines. Examples: REG UPDATE Software\MyCo\MyApp\Timeout=10 Replaces the existing value for Timeout with 10. This setting defaults to HKLM. REG UPDATE HKLM\Software\MyCo\MyApp\Version=2.01 \\ZODIAC Replaces the existing value for Version with 2.01 on machine ZODIAC.
Third-Party Registry Editing and Management Utilities
REG DELETE Use the REG DELETE command to locally or remotely delete Registry keys.The syntax for REG DELETE is as follows: REG DELETE RegistryPath [\\Machine] RegistryPath [ROOTKEY\]Key[\ValueName] ROOTKEY [ HKLM | HKCU | HKCR | HKU | HKCC ]OPTIONAL When ROOTKEY is omitted, HKLM is assumed. Key is the full name of a Registry key under the selected ROOTKEY. ValueName is the value, under the selected Key, to delete. The ValueName is optional. When omitted, ALL keys and values under the Key are DELETED. Machine is the name of the remote machine. Omitting Machine defaults to current machine. Only HKLM and HKU are available on remote machines. /F or /f forces the deletion(s) without questions. Be careful with this one! Examples: REG DELETE HKLM\Software\MyCo\MyApp\Timeout Deletes the Timeout Registry entry. REG DELETE HKLM\Software\MyCo \\ZODIAC /F Deletes the ENTIRE hive MyCo on ZODIAC without asking for confirmation.
REG COPY Use the REG COPY command to locally or remotely copy Registry keys.The syntax for REG COPY is as follows: REG COPY Source [\\Machine] Destination [\\Machine] Where Source and Destination are in the RegistryPath format as follows: RegistryPath [ROOTKEY\]Key[\ValueName] ROOTKEY [ HKLM | HKCU | HKCR | HKU | HKCC ] Optional. When ROOTKEY is omitted, HKLM is assumed. Key is the full name of a Registry key under the selected ROOTKEY. ValueName is the value, under the selected Key, to copy. This setting is optional. When omitted, ALL keys and values under the Key are copied. Machine is the name of the remote machine. Omitting Machine defaults to the current machine. Only HKLM and HKU are available on remote machines. Examples: REG COPY HKLM\Software\MyCo\MyApp HKLM\Software\MyCo\SaveMyApp Copies the key MyApp and all of its entries to SaveMyApp under MyCo. REG COPY Software\MyCo \\SAFARI Software\MyCo \\ZODIAC /F Copies the ENTIRE hive MyCo on SAFARI to MyCo on ZODIAC.
215
216
Chapter 10
Editing the Windows XP Registry
REG SAVE or REG BACKUP REG SAVE and REG BACKUP are identical in function:They are used to save or back up a local or remote Registry. For brevity, only the syntax for the REG SAVE command is given here: REG SAVE RegistryPath FileName [\\Machine] RegistryPath [ROOTKEY\]Key ROOTKEY [ HKLM | HKCU | HKCR | HKU | HKCC ]Optional. When ROOTKEY is omitted, HKLM is assumed. Key is the full name of a Registry key under the selected ROOTKEY. FileName is the name of the disk file to save to without an extension. Machine is the name of the remote machine. Omitting Machine defaults to the current machine. Only HKLM and HKU are available on remote machines. Examples: REG SAVE HKLM\Software\MyCo\MyApp AppBkUp Saves the hive MyApp to the file AppBkUp. REG SAVE HKLM\Software\MyCo MyCoBkUp \\ZODIAC Saves the hive MyCo on ZODIAC to the file MyCoBkUp also on ZODIAC.
REG RESTORE Use the REG RESTORE command to restore Registry information.The source of the Registry information must be created by using the REG BACKUP or REG SAVE command.The syntax for REG RESTORE is as follows: REG RESTORE FileName KeyName [\\Machine] ROOTKEY [ HKLM | HKCU | HKCR | HKU | HKCC ]Optional. When ROOTKEY is omitted, HKLM is assumed. FileName is the name of the hive file without an extension. You must use Save or Backup to create this file. KeyName is equal to [ROOTKEY\]Key. Key is the key name in which to restore the hive file. This setting overwrites the existing key’s values and subkeys. Machine is the name of the remote machine. Omitting Machine defaults to the current machine. Only HKLM and HKU are available on remote machines. Examples: REG RESTORE NTRKBkUp HKLM\Software\Microsoft\ResKit Restores the hive file NTRKBkUp overwriting the subkey ResKit. REG RESTORE NTRKBkUp HKLM\Software\Microsoft\ResKit \\ZODIAC Restores NTRKBkUp, overwriting the subkey ResKit on ZODIAC.
Third-Party Registry Editing and Management Utilities
REG LOAD Use the REG LOAD command to load Registry information.The syntax for REG LOAD is as follows: REG LOAD FileName KeyName [\\Machine] ROOTKEY [ HKLM | HKU ]Optional. When ROOTKEY is omitted, HKLM is assumed. FileName is the name of the hive file without an extension. KeyName is equal to [ROOTKEY\]Key. Key is the key name in which to load the hive file. This setting is able to create a new key. Machine is the name of the remote machine. Omitting Machine defaults to the current machine. Only HKLM and HKU are available on remote machines. Examples: REG LOAD TempHive HKLM\TempHive Loads the hive file TempHive to the Key TempHive under HKLM. REG LOAD TempHive HKLM\TempHive \\ZODIAC Loads the hive file TempHive to the key HKLM\TempHive on ZODIAC.
REG UNLOAD Use the REG UNLOAD command to load Registry information.The syntax for REG UNLOAD is as follows: REG UNLOAD KeyName [\\Machine] ROOTKEY [ HKLM | HKU ]Optional. When ROOTKEY is omitted, HKLM is assumed. KeyName is equal to [ROOTKEY\]Key. Key is the key name of the hive to unload. Machine is the name of the remote machine. Omitting Machine defaults to the current machine. Only HKLM and HKU are available on remote machines. Examples: REG UNLOAD HKLM\TempHive Unloads the hive TempHive from HKLM. REG UNLOAD HKLM\TempHive \\ZODIAC Unloads the hive TempHive from the machine ZODIAC.
REGINI.EXE The REGINI.EXE utility, provided on the Windows 2000 Server Resource Kit CD, uses character-based batch files to add keys to the Windows 2000 or XP Registry by
217
218
Chapter 10
Editing the Windows XP Registry
specifying a Registry script.You can review detailed help information with the REGINI /? command.You can use the Registry Editor to perform similar tasks as an interactive process, but REGINI supports a wider range of data types than the Windows XP built-in Registry Editor. REGINI also provides a quick way to add or modify drivers in the Registry: usage: REGINI [-m \\machinename | -h hivefile hiveroot | -w Win95 Directory] [-i n] [-o outputWidth] [-b] textFiles... where: -m specifies a remote Windows 2000/XP machine whose Registry is to be manipulated. -h specifies a specify local hive to manipulate. -w specifies the paths to Windows 95 SYSTEM.DAT and USER.DAT files. -i n specifies the display indentation multiple. The default is 4. -o outputWidth specifies how wide the output is to be. By default, the outputWidth is set to the width of the console window if standard output has not been redirected to a file. In the latter case, an outputWidth of 240 is used. -b specifies that REGINI should be backward compatible with older versions of REGINI that did not strictly enforce line continuations and quoted strings Specifically, REG_BINARY, REG_RESOURCE_LIST, and REG_RESOURCE_REQUIREMENTS_LIST data types did not need line continuations after the first number that gave the size of the data. textFiles is one or more ANSI or Unicode text files with Registry data. The easiest way to understand the format of the input textFile is to use the REGDMP command with no arguments to dump the current contents of your Windows 2000/XP Registry to standard output. Redirect standard output to a file and this file is acceptable as input to REGINI.
Some general rules are as follows: The semicolon (;) is an end-of-line comment character, provided it is the first non-blank character on a line. n
n n
The backslash (\) is a line-continuation character. All characters from the backslash up to, but not including, the first non-blank character of the next line are ignored. If there’s more than one space before the linecontinuation character, it’s replaced by a single space.
n
Indentation indicates the tree structure of Registry keys.The REGDMP program uses indentation in multiples of four.You can use hard tab characters for indentation, but embedded hard tab characters are converted to a single space regardless of their position.
n
Values should come before child keys because they are associated with the previous key at or above the value’s indentation level.
Third-Party Registry Editing and Management Utilities
n
n
For key names, leading and trailing space characters are ignored and not included in the key name, unless the key name is surrounded by quotes. Embedded spaces are part of a key name. Key names can be followed by an ACL, which is a series of decimal numbers, separated by spaces, set apart by square brackets (that is, [8 4 17]).The valid numbers and their meanings are defined in Table 10.4.
Table 10.4 Valid ACL Numbers and Their Meanings ACL Number
Administrators Full Access Administrators Read Access Administrators Read and Write Access Administrators Read,Write, and Delete Access Creator Full Access Creator Read and Write Access World Full Access World Read Access World Read and Write Access World Read,Write, and Delete Access Power Users Full Access Power Users Read and Write Access Power Users Read,Write, and Delete Access System Operators Full Access System Operators Read and Write Access System Operators Read,Write, and Delete Access System Full Access System Read and Write Access System Read Access Administrators Read,Write, and Execute Access Interactive User Full Access Interactive User Read and Write Access Interactive User Read,Write, and Delete Access
If there is an equal sign on the same line as a left square bracket, the equals sign takes precedence, and the line is treated as a Registry value. If the text between the square brackets is the string DELETE with no spaces, REGINI deletes the key and any values and keys under it.
219
220
Chapter 10
Editing the Windows XP Registry
For Registry values, the syntax is as follows: value Name = type data
Leading spaces, spaces on either side of the equal sign, and spaces between the type keyword and data are ignored, unless the value name is surrounded by quotes. If the text to the right of the equal sign is the string DELETE, REGINI deletes the value. The value name can be left off or be specified by an “at” character (@), which means the same thing—namely, the empty value name.Therefore, the following two lines have identical results: = type data @ = type data
This syntax means that you can’t create a value with leading or trailing spaces, an equal sign, or an @ character in the value name, unless you put the name in quotes.Valid value types and format of data are as follows: REG_SZ text REG_EXPAND_SZ text REG_MULTI_SZ “string1” “string2” ... REG_DATE mm/dd/yyyy HH:MM DayOfWeek REG_DWORD numberDWORD REG_BINARY numberOfBytes numberDWORD(s)... REG_NONE (same format as REG_BINARY) REG_RESOURCE_LIST (same format as REG_BINARY) REG_RESOURCE_REQUIREMENTS (same format as REG_BINARY) REG_RESOURCE_REQUIREMENTS_LIST (same format as REG_BINARY) REG_FULL_RESOURCE_DESCRIPTOR (same format as REG_BINARY) REG_MULTISZ_FILE fileName REG_BINARYFILE fileName
If no value type is specified, the default is REG_SZ. For REG_SZ and REG_EXPAND_SZ, if you want leading or trailing spaces in the value text, surround the text with quotes.The value text can contain any number of embedded quotes, and REGINI will ignore them because it looks for quote characters only at the first and last characters of the text string. For REG_MULTI_SZ, each component string is surrounded by quotes. If you want an embedded quote character, use double quotation marks around it, as in string2 in the preceding code. For REG_BINARY, the value data consists of one or more numbers.The default base for numbers is decimal. Hexadecimal can be specified by using the 0x prefix.The first number is the number of data bytes, excluding the first number. After the first number, there must be enough numbers to fill the value. Each number represents one DWORD or four bytes.Therefore, if the first number is 0x5, you need two more numbers after it
Third-Party Registry Editing and Management Utilities
to fill the five bytes.The high-order three bytes of the second DWORD would be ignored. When specifying a Registry path on the command line or in an input file, the following prefix strings can be used: n n n n
HKEY_LOCAL_MACHINE HKEY_USERS HKEY_CURRENT_USER USER
Each string can stand alone as the key name or be followed by a backslash and a subkey path.
REGFIND.EXE You can use REGFIND, a command-line utility provided on the Windows 2000 Server Resource Kit CD, to search the Windows 2000/XP Registry for arbitrary data, key names, or value names, and optionally replace any of them with new values. REGFIND has a special flag for finding malformed REG_SZ strings in the Registry.To access parts of the Registry, you must be a member of the Administrators group. REGFIND is used as follows: REGFIND [-h hivefile hiveroot | -w Win95 Directory | -m \\machinename] [-i n] [-o outputWidth] [-p RegistryKeyPath] [-z | -t DataType] [-b | -B] [-y] [-n] [searchString [-r ReplacementString]] where: -h specifies a specify local hive to manipulate. -w specifies the paths to Windows 95 SYSTEM.DAT and USER.DAT files. -m specifies a remote Windows 2000/XP machine whose Registry is to be manipulated. -i n specifies the display indentation multiple. The default is 4. -o outputWidth specifies how wide the output is to be. By default, the outputWidth is set to the width of the console window if standard output has not been redirected to a file. In the latter case, an outputWidth of 240 is used. -p RegistryPath specifies where to start searching
Valid prefix names for easy access to well-known parts of the Registry are as follows: HKEY_LOCAL_MACHINE -> \Registry\Machine HKEY_USERS -> \Registry\Users HKEY_CURRENT_USER -> \Registry\Users\...
221
222
Chapter 10
Editing the Windows XP Registry
USER:
-> HKEY_CURRENT_USER
where: -t specifies which Registry types to look at: REG_SZ, REG_MULTI_SZ, REG_EXPAND_SZ, REG_DWORD, REG_BINARY, and REG_NONE. The default is any of the _SZ types. -b is valid only with _SZ searches, and specifies that REGFIND should look for occurrences of the searchString inside of REG_BINARY data. This search cannot be specified with a replacementString that is not the same length as the searchString. -B is the same as -b but also looks for the ANSI version of string within REG_BINARY values. -y is only valid with _SZ searches, and specifies that REGFIND should ignore case when searching. -n specifies to include key and value names in the search. May not specify -n with –t. -z specifies to search for REG_SZ and REG_EXPAND_SZ values that are missing a trailing null character and/or have a length that is not a multiple of the size of a Unicode character. If -r is also specified, any replacement string is ignored, and REGFIND will add the missing null character and/or adjust the length up to an even multiple of the size of a Unicode character. searchString is the value to search for. Use quotes if it contains any spaces. If searchString is not specified, just searches based on type. -r replacementString is an optional replacement string to replace any matches with.
The searchString and replacementString values must be of the same type specified in the -t switch. For any of the _SZ types, it is just a string. For REG_DWORD, it is a single number (that is, 0x1000 or 4096). For REG_BINARY, it is a number specifying the number of bytes, optionally followed by the actual bytes, with a separate number for each DWORD (for example, 0x06 0x12345678 0x1234). If just the byte count is specified, REGFIND searches for all REG_BINARY values with that length.You cannot search for length and specify –r. When performing replacements, REGFIND displays the value after the replacement has been made. It’s usually best to run REGFIND once without the -r switch to see what values will be changed before the replacement takes place.
REGBACK.EXE REGBACK is a command-line Registry backup utility provided on the Windows 2000 Server Resource Kit CD. It must be used with REGREST to restore its backup.The following list describes the key points of REGBACK. Microsoft recommends that if you have a tape drive installed, it should be used instead of REGBACK and REGREST. (You can start
Third-Party Registry Editing and Management Utilities
the Backup utility by double-clicking its icon in the Administrative Tools program group.) The following rules apply to the REGBACK and REGREST utilities: n
n
n
REGBACK and REGREST save and reload the entire hive, including ACLs, so it’s
possible to restore a hive and find that you have different ACLs than before. REGBACK does not back up hives that aren’t loaded.You can just copy these files because they are not loaded in the Registry. REGBACK does not automatically back up hives that don’t reside in the CONFIG folder (specifically, some user profiles), but it does so manually to avoid name conflicts.
n
REGBACK stops at the first bug, except when backing up manual hives.
n
REGBACK does not overwrite existing files; instead, it reports an error.
n
REGBACK fails if the hive files don’t all fit on the target, so often it’s best to use REGBACK to back up hives to a hard disk folder.Then use BACKUP.EXE, or use XCOPY.EXE or SCOPY.EXE to save the backed up hives on floppy disks.
n
REGBACK does not copy the files in the CONFIG folder that are not currently kept open by the Registry. Use XCOPY.EXE or SCOPY.EXE to save inactive hives.
The syntax for REGBACK is as follows: regback
This code backs up all the Registry hives whose files reside in the CONFIG folder to the named directory. (This is normally all hives.) It also warns of hives with errors or those that must be backed up manually. Use the following format for a “manual” backup: regback c:\monday.bku if ERRORLEVEL 1 echo Error! regback
The preceding code backs up the named hive to the named file.The backup will fail if hivetype isn’t machine or users, or if hivename isn’t a hive root. The value of hivetype is either machine or users. hivename is the name of an immediate subtree of HKEY_LOCAL_MACHINE or HKEY_LOCAL_USERS. The follow code can be used to perform two types of Registry backups.The first backs up the System subkey from the HKEY_LOCAL_MACHINE key into the specified path and filename.The second backs up the specific user subkey (based on the SID) from HKEY_LOCAL_USERS into the specified path and filename. regback c:\special.sav\system machine system regback c:\savedir\prof users s-1-0000-0000-1234 if ERRORLEVEL 1 echo Error!
223
224
Chapter 10
Editing the Windows XP Registry
REGDMP.EXE REGDMP is a command-line utility on the Windows NT Server 4.0 Resource Kit CD
that writes all or part of the Windows NT/2000/XP Registry to the standard output (STDOUT).The output format is suitable for input to REGINI.The syntax for REGDMP is as follows: usage: REGDMP [-m \\machinename | -h hivefile hiveroot | -w Win95 Directory] [-i n] [-o outputWidth] [-s] [-o outputWidth] RegistryPath where: -m specifies a remote Windows NT/2000/XP machine whose Registry is to be manipulated. -h specifies a local hive to manipulate. -w specifies the paths to Windows 95 SYSTEM.DAT and USER.DAT files. -i n specifies the display indentation multiple. The default is 4. -o outputWidth specifies how wide the output is to be. By default, the outputWidth is set to the width of the console window if standard output has not been redirected to a file. In the latter case, an outputWidth of 240 is used. -s specifies summary output. Summary information includes value names, type, and first line of data. RegistryPath specifies where to start dumping.
COMPREG.EXE Use the COMPREG utility from the Windows NT Server 4.0 Resource Kit CD to compare Registries on two machines.This utility is useful in detecting that a component on one computer fails to function but works perfectly on another computer thought to be configured identically. If REGDMP detects any REG_SZ or REG_EXPAND_SZ value string that is missing the trailing null character, it adds the following text at the beginning of the value string: (*** MISSING TRAILING NULL CHARACTER ***)
The REGFIND tool can be used to clean up missing trailing null characters; this programming error is common. When specifying a Registry path on the command line or in an input file, you can use the following prefix strings: n n n n
HKEY_LOCAL_MACHINE HKEY_USERS HKEY_CURRENT_USER USER
Third-Party Registry Editing and Management Utilities
Each string can stand alone as the key name or be followed by a backslash and a subkey path.The syntax for COMPREG is as follows: ----------------usage: COMPREG <1> <2> [-v] [-r] [-e] [-d] [-q] [-n] [-h] [-?] <1> <2> local or remote keys to compare (default root == HKEY_CURRENT_USER) (e.g., \\HOTDOG\HKEY_LOCAL_MACHINE\Software) The rootkeys can be abbreviated as follows: HKEY_LOCAL_MACHINE--lm HKEY_CURRENT_USER--cu HKEY_CLASSES_ROOT--cr HKEY_USERS--us If the second argument is only a computer name, the key name specified with the first argument will automatically be appended. The subkey path syntax for COMPREG is as follows: -v (verbose)--Prints both differences and matches. -r (recurse)--Recurses into “dead” trees; that is, subkeys that exist in only one key. -e--Sets errorlevel to the last errorcode. By default, errorlevel is set. -d--Doesn’t print the value data (just the keys). -q--Prints only the number of differences. -n--Specifies that no color is to be used in the output (default : use color). -h--Displays additional help. -?--Displays the basic usage screen. Examples: COMPREG “\lm\system\currentcontrolset\control\session manager” \\MOON COMPREG HKEY_CURRENT_USER\Cheech HKEY_CURRENT_USER\Chong
REGREST.EXE The REGREST utility from the Windows 2000 Server Resource Kit CD enables you to recover the Registry from a backup.The recovery is done one hive at a time, and the changes take effect only after the system is rebooted. SetRestorePrivilege is required to make use of this program and is enabled for Backup Operators and Administrators by default. REGREST requires that REGBACK was used to perform the original backup. REGREST works by doing RegReplaceKey calls.The original hive is stored in a .sav
file.You must have enough space for this file, or the restore will fail. A reboot is required
225
226
Chapter 10
Editing the Windows XP Registry
for the changes to take effect. All files must be on the same volume—they are renamed, not copied.The syntax for REGREST is as follows: regrest <save files>
For each active Registry hive whose file resides in the CONFIG folder, this setting attempts to replace its current file with a like-named file in the folder and moves the old file to the <save files> folder. It also warns of errors or hives that must be restored manually. Use the following form for “manual” restoration: regrest c:\monday.bku c:\install.sav if ERRORLEVEL 1 echo Error! regrest <savefilename>
The hivetype is either machine or users. hivename is the name of an immediate subtree of HKEY_LOCAL_MACHINE or HKEY_LOCAL_USERS.This setting renames the specified hive’s file to <savefilename>, and then moves the file specified by to be the backing for the specified hive. (No changes take effect until the next boot.) The following code is used to rename the System subkey of HKEY_LOCAL_MACHINE key to C:\special.sav\system and moves C:\oldsystem.sav to replace the original file. regrest c:\special.sav\system c:\oldsystem.sav machine system if ERRORLEVEL 1 echo Error!
RegMon The Registry Monitor, which can be found at http://www.sysinternals.com, was written by Bryce Cogswell and Mark Russinovich.You can take advantage of the advanced filtering options in this handy utility to track events that don’t show up in Event Viewer.You can filter Registry events based on process, path include, path exclude, and log reads. Registry Monitor displays events based on process, request, path, and result filters.The process filter is the image file of the process that triggered the Registry event, the request filter is the Registry application programming interface (API) requested by the specific key, the path filter is the path to the key selected, and the result filter is the success or failure of the event.
For More Information The following resources will provide you with valuable information on the Windows Registry:
For More Information
n
n n
n n
Cowart, Robert and Knittel, Brian. Special Edition Using Windows XP Professional, Bestseller Edition. Que, 2002. ISBN: 0789728524. Hipson, Peter D. Mastering Windows XP Registry. Sybex, 2002. ISBN: 0782129870. Honeycutt, Jerry. Microsoft Windows XP Registry Guide. Microsoft Press, 2002. ISBN: 0735617880. Microsoft TechNet: http://www.microsoft.com/technet/. Microsoft Windows XP Professional Resource Kit. Microsoft Press, 2001. ISBN: 0735614857.
227
11 Important Registry Keys and Values
T
HIS CHAPTER EXAMINES REGISTRY SETTINGS and configurations as well as shareware and freeware software that add value to Microsoft Windows XP. Resourceful and enterprising administrators have tweaked and modified the operating system beyond what was originally offered out of the box.This chapter explores Registry entries that save time, add functionality, improve security, and enhance the look and feel of Windows XP.
Basic Console Operations You can make most of the changes to the Windows XP console through Control Panel (as discussed in Chapter 8, “Windows XP Control Panel Utilities”). Use the Registry to make these changes directly if you want to change the settings for all domain desktops programmatically.To configure the console using the Registry for the logged in user, edit HKEY_CURRENT_USER\Console; for all users, edit HKEY_USERS\.DEFAULT\ Console.Table 11.1 describes console settings for the Windows XP Registry. Table 11.1 Console Settings for the Windows XP Registry Value
Type
Default
Description
CursorSize
REG_DWORD
25%
FullScreen
REG_DWORD
0
The percentage of the character cell occupied by the cursor.Valid entries are 25% (small), 50% (medium), and 100% (large). Valid entries are 0 (Windowed) and 1 (Full Screen).
230
Chapter 11 Important Registry Keys and Values
Table 11.1 Continued Value
Type
Default
Description
FaceName
REG_SZ
none
FontFamily
REG_DWORD
0
FontSize
REG_DWORD
0x00000000
FontWeight
REG_DWORD
0
HistoryBufferSize
REG_DWORD
50
InsertMode NumberOf HistoryBuffers PopupColors
REG_DWORD REG_DWORD
0
REG_DWORD
0x000000F5
QuickEdit
REG_DWORD
0
ScreenBufferSize
REG_DWORD
0x00190050
ScreenColors
REG_DWORD
0x000000007
WindowSize
REG_DWORD
0x00190050
WindowPosition
REG_DWORD
none
Alternate command-window font name. If blank, a raster font is used. Font type. 0 = raster, and 48 = TrueType. This is an eight-character hex number representing pixel height and pixel width.The default (0x00000000) is 8×12, and an entry of 0x000C0005 is 12×5. 0 is the default weight of the chosen font. The number of commands that can be stored in each command buffer. 0 = Overtype, and 1 = Insert. The number of command buffers. This eight-character hex number represents background color and text color. 0 means the user must use commands to cut and paste; 1 means the user can use the mouse to cut and paste. This eight-character hex number represents lines of text and characters per line.The default is 25 lines of 80 characters. This eight-character hex number represents background color and text color. This eight-character hex number represents lines of text and characters per line.The default is 25 lines of 80 characters. If not present, the system selects a position.This eight-character hex number represents y/x.
4
For each console configuration you save, a subkey is created with the name of the window.This subkey has the same value entries as the console key.You can create the subkey by right-clicking the command window’s title bar and choosing Properties.
Basic Console Operations
Windows XP Logon and Logoff Controls The following sections explore editing the Registry to change logon and logoff controls for Windows XP. Shut Down Windows XP with a Power Off This Registry edit powers off a Windows XP computer while bypassing the It Is Now Safe To Turn Off Your Computer message that follows a Shutdown command.This message will appear only if Windows XP is running on a system that does not support the soft power feature of newer systems.To make this change, select the HKEY_LOCAL_ MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon Registry entry and double-click PowerDownAfterShutdown or add it as REG_SZ. Set it to 1. This works only if your Hardware Abstraction Layer (HAL) supports it. Logon Without Prompting This Registry edit enables a user to log on to Windows XP without going through the logon process.TweakUI (a Microsoft power toy available at http:// www.microsoft.com/windowsxp/pro/downloads/powertoys.asp) can accomplish this change as well.To configure this setting using the Registry, edit HKEY_ LOCAL_MACHINE\Software\Microsoft\Windows NT\Current Version\Winlogon. Set the DefaultDomainName, DefaultPassword (cannot be blank), and DefaultUserName. Set AutoAdminLogon to 1. If you ever want to log on as a different user, hold down the Shift key as you log off. Caution Your password is stored in plain text in the Registry and can be seen by anyone with the authority to view a remote Registry.
Automatically Run Check Disk at Startup To configure Windows XP to automatically run CheckDisk at startup, select the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager key. Change the BootExecute entry from autocheck autochk * /......... to autocheck autochk *. Build an NTFS Boot Disk If your installation of Windows XP on an NTFS partition ever fails to boot, you can jump-start it with an NTFS boot disk. Perform the following steps to create an NTFS boot disk:
231
232
Chapter 11 Important Registry Keys and Values
1. Format a disk in Windows XP Explorer. 2. Copy the following files to the disk: ntdetect.com, boot.ini, and NTLDR. 3. If you want to boot to a non–Windows XP operating system, you need the appropriate BOOTSECT file. (Normally, it is bootsect.dos.) 4. If Windows XP is on an SCSI device being controlled by an SCSI card that does not have an on-board BIOS, copy the ntbootdd.sys file as well. If you don’t need it, it won’t be on your C drive. Add the Shutdown Button to the Welcome Dialog Box To display a Shutdown button at logon, select the HKEY_LOCAL_MACHINE\ SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon key, and then edit the value ShutdownWithoutLogon REG_SZ to 0. When this value is set to 1, you can select Shutdown from the Welcome dialog box. If the value is 0, the Shutdown button does not appear.This setting is particularly useful in a multiboot situation when Windows XP is booted by mistake. Add a Logon Welcome or Legal Notice The Registry value entries that control the logon sequence for starting Windows XP are found under the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon Registry key. The LegalNoticeCaption REG_SZ value specifies a caption for the message that appears in the warning dialog box. Add this value entry if you want a warning to be displayed when a user attempts to log on to a Windows XP system.The user cannot proceed without acknowledgment of this message.To specify text for the message, you must also specify a value for LegalNoticeText.You can use the System Policy Editor to change this value. The LegalNoticeText REG_SZ key specifies the message that appears when the user presses Ctrl+Alt+Delete during logon. Add this value entry if you want a warning to be displayed when a user attempts to log on to a Windows XP system.The user cannot proceed without acknowledging this message.To include a caption for the logon notice, you also must specify a value for LegalNoticeCaption.You can use the System Policy Editor to change this value. The LogonPrompt REG_SZ key’s default is Enter A User Name And Password That Is Valid For This System.The text you enter appears in the Logon Information dialog box, which is designed to display additional legal warnings to users before they log on.This value entry does not appear in the Registry unless you add it. The Welcome REG_SZ key sets welcome message text.The text you enter appears in the caption bar beside the title of the Begin Logon, Logon Information,Workstation
Basic Console Operations
Locked, and Unlock Workstation dialog boxes.This value entry does not appear in the Registry unless you add it. Note that the text you enter here goes immediately next to the text in the title bar, so you’ll probably want to add a space at the beginning of the value. Blank Username in Logon Dialog Box To help deter hackers, you can blank the Username text box from the logon dialog box. This forces a hacker to gather one more piece of information to break into the system. You can also rename the Administrator account to something else.When you know a username, all you need is a password.To blank out the username in the logon dialog box, edit the DontDisplayLastUserName REG_SZ value in the HKEY_LOCAL_ MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon key. By default,Windows XP displays the name of the last person to log on in the Username text box in the Logon Information dialog box. If you add this value entry and set it to 1, the Username text box is always blank when the Logon Information dialog box appears. Activate Screen Saver If Nobody Logs On To activate the screensaver if no one logs on, edit the HKEY_USERS\.DEFAULT\ Control Panel\Desktop key and change the value for ScreenSaveActive to 1. Edit SCRNSAVE.EXE and enter the full path to the screensaver you want to use, such as scrnsave.scr or sstars.scr. Double-click ScreenSaveTimeOut and enter the number of seconds of inactivity before activation.You must reboot for this setting to become effective. Display Your Company Logo During Logon To display your company logo during logon, save a bitmap in the 8.3 file format with a .bmp extension in the %systemroot% folder on your machine.To display the bitmap at logon, edit the HKEY_USERS\.DEFAULT\Control Panel\Desktop key, edit or add the value REG_SZ:Wallpaper, and set it to the full path of your bitmap. In this example, the path would be %systemroot%\BITMAPNAME.BMP. Edit or add the value REG_SZ: TileWallpaper. A setting of 0 means don’t tile; 1 means tile. Edit or add the value REG_SZ:WallpaperStyle. A setting of 0 is normal; 2 means stretch to fill the screen. (This setting is mutually exclusive with TileWallpaper set to 1.) If you use a normal (not tiled) logo, you can position it by adding the following REG_SZ values: n
WallpaperOriginX—Sets the wallpaper to the number of pixels from the left side of the screen.
n
WallpaperOriginY—Sets the wallpaper to the number of pixels from the top of the screen.
233
234
Chapter 11 Important Registry Keys and Values
Configure Service Startup Dependencies If you have a service (such as a Document Management System) that is dependent on a database running, you should try this tip.You can configure the startup of a service based on the completion of one or more services. In the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services entry, scroll to the first service you want to control and highlight it. If the right pane contains a DependOnService, double-click it and add a service. If DependOnService is not present, add the value DependOnService with type REG_MULTI_SZ. If you want to add multiple values, each one should be on a separate line. Run a Job the First Time a User Logs On RunOnce entries, as the name implies, run one time and then are deleted from the Registry.This setting might be helpful in welcoming a new employee or in displaying a special message.To create a RunOnce entry, edit the HKEY_LOCAL_MACHINE\ Software\Microsoft\Windows\CurrentVersion\RunOnce entry and add a value with any name of type REG_SZ. Set the value to the full path of the executable or batch file. A simple example might be to add the Welcome REG_SZ value set to \\ServerName\ %username%\welcome.cmd.Welcome.cmd might contain the following: @echo off pause The Microsoft Corporation is pleased to welcome %UserName% to your first logon to %ComputerName%. Exit
Upon completion, the Welcome value is deleted from the RunOnce subkey. Speed Up Windows Shutdown To speed the Windows XP shutdown process, edit the HKEY_LOCAL_MACHINE\ SYSTEM\CurrentControlSet\Control\WaitToKillServiceTimeout entry or add it as a REG_SZ.This key tells the Service Control Manager how long to wait for services to complete the shutdown request.The default is 20,000 milliseconds.You must wait long enough for the services to complete an orderly shutdown.This time period varies depending on what services you have loaded. Check the documentation for your services before making this change. Allow Logon Script to Finish Before Loading Desktop To allow a logon script to finish before loading desktop settings, edit or add the REG_DWORD value to the HKEY_CURRENT_USER\SOFTWARE\Microsoft \Windows NT\CurrentVersion\Winlogon entry and set the value to RunLogonScriptSync. Settings for this entry are as follows:
Basic Console Operations
n
0—Don’t wait for the logon script to complete before loading the desktop.
n
1—Wait for the logon script to complete before loading the desktop.
By loading the desktop before the logon script is complete, you reduce the time needed to load the Windows interface.You can also add the REG_WORD value to the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ Winlogon entry. Change Logon Background Color You can change the logon background color by altering the RGB values in the HKEY_USERS\.DEFAULT\Control Panel\Colors\Background entry. For example, if you set the RGB value to 0 0 0, you will have a black background; setting it to 255 255 255 produces a white background. Clear the Page File at System Shutdown Because the pagefile.sys file holds cached information about the system, you might want to clear it for security reasons when you shut down the system.To do so, edit the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Memory Management entry and edit the value named ClearPageFileAtShutdown as type REG_DWORD.The default is 0.When you set it to 1, inactive pages in the pagefile.sys file are filled with zeros. Some pages cannot be cleared because they are active during shutdown.
Windows XP Shell Changes to the Windows XP shell are discussed in the following sections. Speed Start Menu Navigation To speed up the response time in Windows XP for displaying fly-out menus from the Start button, edit the HKEY_CURRENT_USER/Control Panel/Desktop key’s MenuShowDelay value to 100.You must reboot for this setting to take effect. Remove Entries from the Start Button Content Menu To remove entries from the Start button content menu, use REGEDT32.EXE to edit the HKEY_LOCAL_MACHINE\Software\Classes\Directory\Shell or HKEY_ CLASSES_ROOT\Directory\Shell. Edit Shell and delete any of these subkeys, such as DOS Here and Find. Navigate to the HKEY_LOCAL_MACHINE\Software\ Classes\Folder\Shell or HKEY_CLASSES_ROOT\Folder\shell entry and then doubleclick Shell to delete any of these subkeys, such as Root Explore, Open, or Explore.
235
236
Chapter 11 Important Registry Keys and Values
Restrict System Features in Windows XP Some restrictions to system features are easier to change with the System Policy Editor. To restrict the use of system features using the Registry, edit the HKEY_CURRENT_ USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer entry and add the System subkey. All the following entries are type REG_DWORD and have a default of 0. If these entries are set to 1, the restriction is enabled. n n n n
n
n n
n
NoDesktop—Hides the desktop icons. NoFileMenu—Removes the File menu from Explorer. NoFind—Removes the Search option from the Start menu. NoNetConnectDisconnect—Removes the Map Network Drive and Disconnect Network Drive menu and right-click options. NoNetHood—Removes the My Network Places icon and prevents network access from Explorer. (It will still work from a command prompt.) NoRun—Removes the Run command from the Start menu. NoSetFolders—Removes Control Panel and Printers and My Computer in Explorer and on the Start menu. NoClose—Removes the ShutDown button from the Start menu.
Remove Shortcut Arrow from Desktop Shortcuts To remove the shortcut arrow from your desktop shortcuts, browse to HKEY_ CLASSES_ROOT\Lnkfile. Select the IsShortcut value name in the right pane and delete it.You must reboot to see the change. Open Explorer and My Computer in Detail View To open Windows XP Explorer and My Computer in Detail view, perform the following steps: 1. Open HKEY_LOCAL_MACHINE\Software\Classes\Folder\Shell\Open and set the REG_BINARY value name of EditFlags to 01000000. 2. Open HKEY_LOCAL_MACHINE\Software\Classes\Folder\Shell\Open\Command and set the unnamed type REG_EXPAND_SZ value to C:\WINNT\ EXPLORER.EXE /idlist,%I,%L %1. 3. Edit HKEY_LOCAL_MACHINE\Software\Classes\Folder\Shell\Open\ddeexec and set the unnamed type REG_SZ value to [ExploreFolder(“%l”, %I, %S)]. 4. Reboot the system.
Basic Console Operations
5. Double-click My Computer and then click Details. 6. Choose Tools, Folder Options from the menu to open the Folder Options dialog box. 7. In the File Types tab, scroll to Folder and select it. 8. Click the Advanced button to open the Edit File Type dialog box. 9. Click Open in the Actions section and click the Set Default button. 10. Click Close. Controlling the Windows Shell To lock down the desktop, replace the Windows XP Explorer or Program Manager shell with your own launcher. Edit HKEY_LOCAL_MACHINE\Software\Microsoft\ WindowsNT\CurrentVersion\Winlogon\Shell and replace the current .exe with your shell (with a .exe extension). See the “For More Information” section at the end of this chapter for more details. Remove Icons from the Desktop To remove the Microsoft Internet Explorer, Inbox, and Recycle Bin icons from the desktop, edit HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\ CurrentVersion\Explorer\Desktop\NameSpace.The NameSpace entry reveals the keys for these three desktop icons. Clicking each one shows you the icon name in the right pane.To remove an icon, select the key and delete it. Point a Mail Client to the User’s Folder Windows XP provides a Personal folder as the default location for saving mail and user files. Even though it makes the profile bigger and slower to load, it is better to centralize user files.To point the mail client to the user’s folder, edit HKEY_USER\<User_SID>\ Software\Microsoft\Windows\Current Version\Explorer\User Shell Folders\Personal while the user is not logged on, and change the path to the user’s home folder (%HOMEDRIVE%\%HOMEPATH%). To modify the directory for new (not yet created) users, select the HKEY_USERS hive and choose Load Hive from the Registry menu. Navigate to the Documents and Settings\Default User\NTUSER.DAT folder and enter a unique name when prompted for a key name. Select the Storage key and edit the Storage\Software\Microsoft\ Windows\Current Version\Explorer\User Shell Folders\Personal entry and change the value to %HOMEDRIVE%\%HOMEPATH%. Select the HKEY_USERS\Storage key and then choose Unload Hive from the Registry menu.
237
238
Chapter 11 Important Registry Keys and Values
Mouse and Keyboard Settings The following sections discuss how to edit mouse and keyboard settings in Windows XP. Configure the Snap To Button Function in the Registry You can configure the Snap To button in the Control Panel’s Mouse applet, and you can also configure it in the Registry.To configure it in the Registry, select HKEY_ CURRENT_USER\Control Panel\Mouse, edit SnapToDefaultButton or add a value of type REG_SZ, and set it to 1. Force Serial Mouse Detection at Startup If you have a serial mouse on the COM1 or COM2 serial port and it fails detection at startup, you can force a connection without rebooting.You can do this by adding the value entry OverrideHardwareBitstring as a type REG_DWORD to the HKEY_ LOCAL_MACHINE\System\CurrentControlSet\Services\Sermouse\Parameters entry. A data value of 1 indicates that the mouse is installed on COM1, and a data value of 2 specifies COM2.This entry causes the driver to load even if the mouse is not detected. Toggle Num Lock Key at Startup To toggle the Num Lock key at startup, edit the HKEY_Current_User\ControlPanel\Keyboard\InitialKeyboardIndicators entry, which is of type REG_SZ. If this value is set to 0, Num Lock is disabled for the current user after logging on. If the value is 2, Num Lock is enabled and will retain the settings from the last shutdown.
Device Keys and Controls The following sections explore how to edit Registry settings for device keys and controls in Windows XP. Turn Off CD AutoRun Some users prefer to turn off the AutoRun feature for a CD-ROM.You can make a Registry change if you prefer to browse when you double-click instead of activating the AutoRun feature. Set the HKEY_LOCAL_MACHINE\SYSTEM\ CurrentControlSet\Services\Cdrom\Autorun key, and type REG_DWORD, to 0. Setting the value to 1 turns on the AutoRun feature. Delete a Device Driver or Service If you want to remove a service or a device driver, open Control Panel, start the Services or Devices applet (depending on what you are editing), locate the object, and stop it (if
Important Registry Miscellany
it is started). If it won’t stop, configure StartUp as Disabled and reboot. Otherwise, you can edit the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services entry, locate the object, highlight it, and delete it. Plug and Play Devices If you begin to install a Plug and Play device but subsequently respond “No” when prompted to install a device, you will never be prompted to install that device again.To enable this prompt, you must delete any occurrences of the device from the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pnpisa and HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\ISAPNP keys. Note that you might not have adequate permissions to change the keys. Use REGEDT32 to set the necessary security. Locate the device subkey by inspecting the Description value in each subkey.When you locate the device, delete its subkey.When you are finished, locate the device driver (mentioned in the subkey) and delete its filename. Reboot the computer for the settings to take effect. Change a Service or Driver Startup To change the startup parameters of a service or driver when it can’t be accessed through Control Panel, edit the HKEY_LOCAL_MACHINE\SYSTEM\ CurrentControlSet\Services entry, navigate to the service or driver, and select it. In the right pane, edit the Start value and change the REG_DWORD value to one of the following settings: n
Boot—Loaded by Kernel loader. Components of the driver stack for the boot
(startup) volume must be loaded by the Kernel loader. n
System—Loaded by I/O subsystem. Specifies that the driver is loaded at kernel
n
Automatic—Loaded by Service Control Manager. Specifies that the service is
initialization. loaded or started automatically. n
Manual—The service does not start until the user starts it manually, such as by
using the Services or Devices applet in Control Panel. n
Disabled—Specifies that the service should not be started.
Important Registry Miscellany The following sections explore some miscellaneous Registry settings that you can configure in Windows XP.
239
240
Chapter 11 Important Registry Keys and Values
Windows XP Filename Completion This Registry change enables filename completion at the command prompt when you press the Tab key. Select the HKEY_CURRENT_USER/Software/Microsoft/ Command Processor key and edit CompletionChar or add the value of REG_DWORD and set it to 9. Reboot the computer for the changes to take effect.
Restore an Explorer-Like Task Manager To enable a Ctrl+Esc Task Manager, go to HKEY_LOCAL_MACHINE\ SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon. Choose Edit, Add Value from the menu.Type TASKMAN for the Value Name setting and click OK.Then type TASKMAN.EXE in the String Editor text box.
Remove Nag Prompt for File Location If Windows XP was installed from a CD but the distribution files live on a share, Windows XP prompts for the location of the files each time it needs them.To remove this prompt, edit HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Current Versions and set the SourcePath to the desired path.This setting points Windows XP to the share where the distribution files reside.
Disable Source Routing Source routing permits the originator of a datagram to designate specific gateways for a packet to follow during routing from source to destination.This is analogous to waypoints on a hiking trip, where each hiker must pass through specific checkpoints from the trip’s beginning to end, as defined before the trip begins. Source routing causes additional overhead on the computers.To disable it, open the HKEY_LOCAL_MACHINE/ SYSTEM/CurrentControlSet/Services/Nwlnkipx/NetConfig/XXXXX entry (XXXXX is the name of the NIC device for which you want to disable source routing). Change the Source Routing value from 1 to 0.
Disable 8.3 Name Creation in NTFS You can increase NTFS performance if you disable 8.3 filename creation. If you make this change, however, some 16-bit programs might have trouble finding long filenames. Don’t set this option if you want to install older versions of Norton Utilities, which truncates filenames. Open the HKEY_LOCAL_MACHINE\SYSTEM\ CurrentControlSet\Control\FileSystem key.The value is NtfsDisable8dot3NameCreation REG_DWORD.The default is 0. Set it to 1 to disable 8.3 filename creation.The change won’t take effect until you reboot the computer.
Important Registry Miscellany
Ghosted Connections Ghosted connections are resource connections, such as network drives, that appear to be constantly connected but are really connected only when an access attempt is made. Unghosted connections are permanent connections. If you want to ghost or unghost persistent connections, edit the HKEY_LOCAL_MACHINE\SYSTEM\ CurrentControlSet \Control\NetworkProvider entry with a value of RestoreConnection REG_DWORD. Change the value to 0 for ghost connections or to 1 for persistent (not ghosted) connections.
Manage the Mapped Network Drive Drop-Down List If you want to remove some of the connections in the Mapped Network Drive dropdown list, edit the HKEY_CURRENT_USER\Software\Microsoft \WindowsNT\CurrentVersion\Network\PersistentConnections key and then highlight and delete unwanted entries. Double-click Order and remove the letters that have been deleted.You can rearrange the letters to change the display order.
Move Shares from One Windows XP Server to Another To move shares from one server to another, navigate to the HKEY_LOCAL_ MACHINE\SYSTEM\CurrentControlSet \Services\LanmanServer\Shares key and then save the key to a filename on a floppy disk. On the new server, navigate to the same key and save its empty Shares key to a floppy disk before restoring it from the first server.This destroys any existing shares on the new server. Next, restore the empty Shares key you saved from the new server to the first server or delete the values manually (also from the Security subkey). Create at least one new share on each server.This is required so that Windows XP Explorer can refresh its shares. In the Services applet in Control Panel, stop and restart the Server service. If you don’t want that new share, unshare it normally.
Change the Default Spool Folder You can change the default printer spool folder for all printers or for specific printers.To change the default printer spool folder for all printers, open the HKEY_LOCAL_ MACHINE \SYSTEM\CurrentControlSet\Control\Print\Printers entry and add a value named DefaultSpoolDirectory with a data type of REG_SZ. Add a full path string to the printer spool folder.To change the default printer spool folder for specific printers, open the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ Control\Print\Printers\ key and add a value named SpoolDirectory with a data type of REG_SZ. Add the full path string to the printer spool folder.You must make sure the specified path actually exists. If it does not,Windows XP uses the default spool folder.
241
242
Chapter 11 Important Registry Keys and Values
Prevent Printer Popups and Event Logging To prevent pop-up messages from appearing after print jobs complete, open the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Providers entry.To prevent pop-up notification, add a value name of NetPopup and set REG_DWORD to 0.To prevent logging, add the EventLog value and set REG_DWORD to 0.You will have to stop and restart the spooler from the Services applet in Control Panel, but you might want to reboot to make sure the changes take effect.
Activate a Screensaver from an Icon To activate a screensaver from an icon, perform the following steps: 1. Open HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows in the Registry Editor. 2. Select the Programs value and then choose Edit, String from the menu. 3. Add the .scr extension to the string as follows: Programs: REG_SZ: EXE COM BAT PIF CMD SCR. 4. Click OK, close the Registry Editor, and log off. 5. Log back on. In Windows XP Explorer, highlight the screensaver you want and right-click to define a shortcut, such as \WINNT\SYSTEM32\SSBEZIER.SCR /s.The /s switch forces the screensaver to start immediately. Remove /s to display a setup screen. Screensavers that use passwords can be used, but password security is not used.
Control Which Errors Pop Up in Windows XP You can control which errors pop up to interrupt you. (Errors are still recorded in the event logs.) To do so, open the HKEY_CURRENT_USER\SOFTWARE\ Microsoft\Windows NT\CurrentVersion\Windows entry and add the NoPopUpsOnBoot value as a REG_DWORD.When set to 1, boot pop-up messages are suppressed.The default is 0. Add a value named ErrorMode as a REG_DWORD. The following settings can be configured for this value: n
0—All system and application errors pop up. (This is the default.)
n
1—Errors from system processes are suppressed.
n
2—All system and application errors are suppressed.
Important Registry Miscellany
Create Separate Processes for the Desktop, the Taskbar, and Windows XP Explorer By default, the shell creates one process with the taskbar and desktop as one thread and each instance of Windows XP Explorer as an additional thread. A failure in any thread affects the entire process. If you have at least 64MB of RAM and a fast Pentium, you can create a separate process for the desktop and taskbar and one for each instance of Windows XP Explorer by editing the HKEY_CURRENT_USER\Software\ Microsoft\Windows\CurrentVersion\Explorer entry and adding the DesktopProcess value (REG_DWORD). Set it to 1 and reboot. On a dual processor, this setting provides increased desktop performance.
Prevent Windows XP from Running an Unknown Job at Logon One indication that Windows XP is running an unknown job at logon is that the %systemroot%\system32 box pops up when you log on.This is caused by a reference to a file that does not exist in one of the Registry entries that follow. If you can’t find it in the startup group, check the HKEY_CURRENT_USER\Software\Microsoft\ Windows XP\CurrentVersion\Windows entry, load REG_SZ, and run REG_SZ. Remove the offending value. Other places where a program can be loaded at startup in Windows XP include the Startup folder for the current user (and all users) and in one of the following Registry entries: n
Connect to Microsoft’s FTP Site as a Drive To connect to the Microsoft FTP site as a network drive, you must have Windows XP Professional with the TCP/IP and NetBEUI protocols installed as well as a functional Internet connection.To connect to the FTP site as a drive, perform the following steps: 1. Edit your LMHosts file (in \%systemroot%\system32\drivers\etc) using your choice of text editors and add 198.105.232.1 FTP #PRE at the bottom. 2. Save the file. (Make sure the name is LMHosts with no extension.) 3. Open an MS-DOS window. 4. Issue the command nbtstat –R. (The R must be uppercase.) 5. Type net view \\ftp.You should see what the Microsoft FTP site has to offer. 6. To create the FTP drive (the share is called DATA), go to Windows XP Explorer and choose Tools, Map Network Drive from the menu. 7. For the share name, enter \\ftp\data. For the username, enter anonymous. 8. When the dialog box asks for the password, leave it blank.
Shareware and Freeware Tools The following sections explore some useful shareware and freeware tools to help you configure additional areas in Windows XP.
Hyena The built-in utilities for managing Windows XP networks are generally adequate for administering relatively simple networks with a limited number of users. As larger organizations begin to implement Windows XP networks, however, management and administration of users, groups, shared resources, printers, and the various local versus centralized elements of Windows XP can quickly maximize all available support resources. Hyena, from Adkins Resource, Inc. (http://www.adkins-resource.com/), brings together many of the features of User Manager, Server Manager, File Manager, and Windows XP Explorer into one centralized program. In Hyena, all Windows XP domain objects, such as users, servers, and groups, are hierarchically arranged for easy and logical administration. Here’s a sample of what Hyena can do: n
Create, modify, delete, and view users, groups, and group members
n
Export files of users, groups, printers, computers, and group members Browse server shares and copy and delete files without drive mappings Create new network drives and printer connections
n n
For More Information
n n n n n n
View events, sessions, shares, and open files for any server View and control services and drivers for one or more computers Manage share and file permissions Remotely schedule jobs for multiple computers at the same time Remotely shut down and reboot any server View remaining disk space for multiple computers at the same time
For more information, visit http://www.adkins-resource.com/.
HideIT! HideIT!, from German Salvador, is freeware (http://www.expocenter.com/ hideit/).This small applet enables you to hide windows, taking them off the screen, off the taskbar, and off the Alt+Tab chain.This enables you to hide windows that you want to keep open but don’t need to monitor often, such as an FTP application, Microsoft Exchange, and so on.
WinInfo WinInfo, from SavillTech, Ltd. (http://www.savilltech.com/wininfo.html), is a simple, handy pop-up dialog box that lists the Windows XP version, build, service pack, Plus! version number, processor type, product type, installation type, registered organization, registered owner, install data, source path, and system root.This tool is helpful if you need to verify whether your systems are running full or evaluation copies of Windows XP as well as applied service packs.
For More Information If the information about Windows XP Registry settings in this chapter has piqued your interest, there are several resources for obtaining additional knowledge: n
Cowart, Robert and Knittel, Brian. Special Edition Using Windows XP Professional, Bestseller Edition. Que, 2001. ISBN: 0789728524.
n
Hipson, Peter D. Mastering Windows XP Registry. Sybex, 2002. ISBN: 0782129870. Honeycutt, Jerry. Microsoft Windows XP Registry Guide. Microsoft Press, 2002. ISBN: 0735617880.
n
n n
Microsoft TechNet: http://www.microsoft.com/technet/. Microsoft Windows XP Professional Resource Kit. Microsoft Press, 2001. ISBN: 0735614857.
245
246
Chapter 11 Important Registry Keys and Values
Some helpful Web sites include the following: n n
n
n
The ultimate site for Windows XP information is http://www.ntfaq.com. Jerold Schulman operates JSI, Inc. at http://www.jsiinc.com. It is a definitive source for Windows XP information, hacks, tips, and tricks. Mark Russonivich and Bryce Cogswell run http://www.sysinternals.com. This site is good for must-have Windows XP utilities. A great site for Windows XP utilities is http://winfiles.com. It includes a replacement for the Windows XP Explorer or Program Manager shell and shell enhancements.
III Networking Windows XP 12
Windows XP Networking Explored and Explained
13
Windows XP Networking Models
14
Windows XP and TCP/IP
15
Windows XP and Legacy Protocols
16
Windows XP Meets Unix
17
Remote Access
18
Windows XP and Terminal Services
12 Windows XP Networking Explored and Explained
I
N ITS MOST BASIC FORM, A NETWORK is nothing more than two or more computers attached for the purpose of sharing information and resources.This principle seems basic enough, but as many of us know, theory and practical application are not always the same thing.
Networks require specialized software and hardware, and each piece of the network must function properly, or the rest of the network will go down.This chapter covers advanced Microsoft Windows XP networking and other networking elements that are often misunderstood or poorly implemented in today’s networks. Note that, at least initially, most Windows XP workstations are connected to Windows 2000 servers.
The Redirector A redirector is exactly what it sounds like: a software element that redirects requests for data made on a local PC to the appropriate location.There are many types of redirectors.The ones used most commonly in a Windows XP environment are the Windows Redirector and the NetWare Redirector.The Windows Redirector enables computers to gain entry to other Windows-based computers for file access.The NetWare Redirector enables users on a Windows XP workstation to access files on a NetWare server. A redirector is a file system driver that interacts with lower-level network drivers through transport protocols.This computer-to-computer connection is illustrated in Figure 12.1.
250
Chapter 12
Windows XP Networking Explored and Explained
Application of Subsystem User Mode Kernel Mode I/O Manager
Executive Services
Redirector
Transport Protocols
NDIS Interface
Network Interface Card
Figure 12.1 The Windows XP Redirector is a file system driver that uses a single API to access local and remote resources.
Microsoft implemented the redirector as a file system driver, which means that applications call a single application programming interface (API) to access files on local and remote computers.The redirector runs in Kernel mode, which allows it to call other drivers and Kernel mode components while improving its own performance. It is loaded and unloaded dynamically just like other system drivers and can coexist with other redirectors. Windows XP goes through the following steps when connecting to a remote computer: 1. The User-mode request calls the I/O Manager to open a remote file. 2. The I/O Manager identifies the request as a file access request and passes it to the redirector file system. 3. The redirector forwards the request to the Network layer for remote server processing (refer to the “Protocol Stacks” section later in this chapter). The redirector interacts with lower-level network drivers through the Transport Driver Interface (TDI).The TDI enables software vendors to write new drivers that are independent of the network card and implement a broad set of functions. Also, it is possible to write applications to use the TDI instead of relying on a specific protocol, such as Transmission Control Protocol/Internet Protocol (TCP/IP).
The Workstation Service The Windows Workstation service processes all user-originated requests and consists of two components: the User-mode interface and the redirector.The Workstation service
The Server Service
accepts user requests and passes them to the Kernel-mode redirector.The Workstation service is dependent on both the Multiple Universal Naming Convention Provider (MUP) and an available protocol that enables the Workstation service to start. The Workstation service has several Registry values that you can modify directly.The Registry path to the Workstation service entries is HKEY_LOCAL_MACHINE\ SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters.The Workstation service Registry values and their default settings are shown in Table 12.1. Note For complete definitions of each Registry value discussed in this chapter, consult the TechNet CD or its online version at http://www.microsoft.com/technet, and search by the value’s name. See the “For More Information” section at the end of this chapter for additional references.
Table 12.1 Workstation Registry Values and Defaults Registry Value
The Server Service The Windows Server service processes connections from the client-side redirectors and grants access to requested resources. Similar to the redirector, the Server service resides above the TDI and is implemented as a file system driver. It interacts directly with file system drivers to serve I/O requests, such as file reads and writes.The Server service is made up of two components.The first is the actual Server service, which is not dependent on the MUP services because it does not provide Universal Naming Convention (UNC) connections.The second is SRV.SYS, which is a file system driver that communicates with the lower protocol layers to satisfy command requests. The following activities take place when a Server service receives a client request: 1. 2. 3. 4.
The The The The
network drivers receive and forward the request to the server driver. server forwards the required file to the local file system driver. file system driver calls low-level disk drivers to access the file. requested data is returned to the file system driver.
251
252
Chapter 12
Windows XP Networking Explored and Explained
5. The file system driver returns the requested information to the server. 6. The server forwards the data to the network drivers for relay to the requesting client. The Server service has several Registry values that you can modify directly.The keys associated with the Server service are located in HKEY_LOCAL_MACHINE\ SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters.The Server service Registry values and their default settings are listed in Table 12.2. Table 12.2 Server Registry Values and Settings Registry Value
Default Setting
anndelta
3000 240 15 minutes true (1) false (0)–12% (with a range of 0%–120%) A hexadecimal number created on a PC-by-PC basis false (0) false (0) COMNAP COMNODE SQL\QUERY SPOOLSS LLSPRC EPMAPPER LOCATOR TrkWks TrkSvr COMCFG DFS$ false (0) %SystemRoot%\System32\srvsvc.dll 1 Blank c:\ 10
Protocol Stacks Computers on the Internet can communicate because of the TCP/IP protocol stack that resides on each attached computer.The Open Systems Interconnect (OSI) Reference Model illustrates how this protocol stack is created. Common protocol stacks are TCP/IP, NWLink, Internetwork Packet Exchange/Sequential Packet Exchange (IPX/SPX), NetBIOS Enhanced User Interface (NetBEUI), AppleTalk, and Systems Network Architecture (SNA). The OSI Model is a seven-layer representation of how networked computers communicate.The layers are as follows: Physical, Data Link, Network,Transport, Session,
Protocol Stacks
Presentation, and Application. Each layer performs a certain function to a data packet before passing it to the next layer. Protocol stacks are combined with drivers for installed network adapters to permit communication with a network. Each layer, or level, of a protocol performs a different function and communicates with the layer directly above or directly below.The exception to this rule is the Physical layer. At this layer of the stack, a packet is transmitted on the physical network media.The Physical layer is the lowest layer of a stack. Figure 12.2 illustrates a basic protocol stack. As data moves from layer to layer, header information is added to or stripped from each packet. Each layer concerns itself with a certain aspect of the data and, in effect, insulates the packet from the other layers.This is analogous to placing a letter in an envelope, the envelope in a small box, the small box in a larger box, the box in a shipping container, and the shipping container in a truck. Each layer provides services for the adjacent layer, but hides information from the remainder of the layers.When the letter arrives at the destination, each container must be opened in sequence, so it would be impossible to open the envelope without opening the small box first, and so on.With actual data transmission, when the letter is ready to be sent, it is broken down into packets. Individually, each packet follows the preceding process. Application
Application
Transport
Transport
Network
Network
Network
Datalink
Datalink
Datalink
Physical
Physical
Physical
Router
Network B
Network A
Figure 12.2 The protocol stack in action.
Suppose a request is sent from an application on Network A to an application on Network B; each layer adds some information to the packet as it is passed down layer by layer. Likewise, when the packet reaches the receiving network, information is stripped from the packet as it passes up the protocol stack. The Internet is a network with connections between adjacent networks made through routers. Packets pass through routers as they move across the Internet toward the
253
254
Chapter 12
Windows XP Networking Explored and Explained
destination computer. A router operates at the Network layer. A received packet arrives at the Physical layer, passes through the Data Link layer, and arrives at the Network layer. The router determines the correct destination for the packet, repackages (encapsulates) it, and passes it to the Physical layer components. In the OSI Model, Layers 1 and 2 (Physical and Data Link) define a network’s physical media and the signaling characteristics needed to request access to the transmission medium and to send and receive information across the network medium. Layers 3 and 4 (Network and Transport) move information from sender to receiver and handle the data to be sent or received. Layers 5 through 7 (Session, Presentation, and Application) manage ongoing communications across a network and deal with how data is to be represented and interpreted for use in specific applications or for delivery across the network. The Network Driver Interface Specification (NDIS) provides hardware and protocol independence for network drivers; in addition, it enables a host to contain multiple protocol stacks. NDIS 5.0 extends the functionality of NDIS 3.x and 4.0, so the basic requirements, services, terminology, and architecture of the earlier versions also apply to NDIS 5.0.The NDIS 5.0 architecture is included with Windows 98, 2000, and XP.
Multiple Universal Naming Convention Provider When a user or application calls a UNC-compliant path, the request is sent to the Multiple Universal Naming Convention Provider (see Figure 12.3).The syntax of a UNC path starts with a pair of backslashes, followed by the computer name, IP address, or fully qualified domain name, followed by a single backslash and a share name. Examples of valid UNC paths are as follows: n n n
The required component in a UNC name is the server name. For example, in Windows XP,Windows 2000,Windows 95, or Windows 98, click Start, Run and type \\server_name; server_name is another computer on your network.The result is a list of resources available on server_name, one of which is for shared printers. One of the design goals of Windows networking is to provide a platform that vendors can use to build networking services.The MUP, which is a driver with paths defined to existing redirectors, permits multiple redirectors to exist on the same computer and does not require applications to maintain UNC provider listings. I/O requests containing UNC names are sent to the MUP. If the MUP has not seen the name within the past 15 minutes, it begins negotiations with each redirector to determine which one can process the request.The selection criteria are based on the highest registered response time for
Administrative Shares
the UNC that each redirector reports.The connection to the redirector is open as long as there is activity and times out after 15 minutes. UNC path I/O Call \\servername\sharename User Mode Kernel Mode
MUP
Windows XP CIFS Redirector
Other Redirectors
TDI
Figure 12.3 The MUP architecture.
Multi-Protocol Router Not all requests are UNC-based, so the Multi-Protocol Router (MPR) exists to process other I/O requests.The MPR works with the MUP to process application requests. Applications also use the Win32 network API to request access to network resources. The actions the MPR takes are similar to the MUP.The application generates the request for resources based on the Win32 API; the MPR determines which redirector can fulfill the request and then sends the request to the appropriate one. Different vendors supply their own redirectors and supply the appropriate DLLs for MPR-toredirector communication.
Administrative Shares A shared resource is one that is made available over a network. An administrative share is created automatically when Windows XP is installed on a computer system. Select Computer Management from the Administrative Tools menu (you will have to change the properties of the Start menu to see the Administrative Tools menu in Windows XP), expand Shared Folders, and then click Shares to show all the shares on a particular computer (see Figure 12.4).There are five shares under the Shared Folder column. Note that three of the shares contain the $ character as the trailing character.When the $ character is appended to a share name, the share becomes a hidden share, adding a level of security known as “out of sight, out of mind.” Hidden shares do not show up in a browse list;
255
256
Chapter 12
Windows XP Networking Explored and Explained
however, users can connect to the share if they are aware of its existence and have appropriate rights.
Figure 12.4 You can view administrative shares via the Shared Folders item in the Computer Management snap-in.
Logical drives, such as the C$ drive, are referred to as administrative shares, even though the shares contain a $ as a hidden share does, because they are created as part of the Windows XP installation process.These shares are enabled for administrative access to information.These administrative shares created during a Windows XP installation are well known and a target for unwanted resource intrusion; therefore, you might consider disabling these shares if security is a big concern in your organization. To permanently delete shares, you must use the Registry. If shares are deleted manually, they are gone for that session; however, they return when Windows is rebooted. To remove shares permanently, perform one of the following actions: n
For Windows XP Professional, edit HKEY_LOCAL_MACHINE\SYSTEM\ CurrentControlSet\Services\LanmanServer\Parameters\AutoShareServer and change the key value to 0.You must add the REG_DWORD value for AutoShareServer and assign a value of 0 to disable (1 to enable).When you’re done, reboot the computer.
Caution Always back up your Registry before modifying it!
Protocols and Network Bindings Binding is the process of linking services and protocols to the lower-layer adapter drivers on a computer. Protocols bound to a network card allow the card to communicate with
Administrative Shares
other clients or services using those protocols. Binding multiple protocols to a single network card is a major benefit of Windows XP. Unlike earlier Windows versions, which had NetBIOS as the binding protocol, the main Windows XP protocol is TCP/IP. Binding several protocols to a network card adds potentially unnecessary overhead to each network communications request and additional traffic on the network. If the most frequently used protocol is listed first in the binding list, average connection time decreases.When a connection request is processed, the local redirector sends a TDI connection request to each transport simultaneously and then waits for a response from the higher priority transports. For example, a network card has NWLink and TCP/IP bound to it. NWLink is first in the binding order.The host then makes a request for a network resource.Typically, NWLink will bind first.TCP/IP, which is the second bound protocol, makes the connection to the resource, and the NWLink connection is dropped. Note The NetBEUI protocol is no longer available from the Install list in the Network Connections window. To install NetBEUI, you must copy the files from the Windows XP CD. NWLink IPX/SPX is easier to configure and maintain than TCP/IP; however, TCP/IP is the most widely used because of the popularity of the Internet and the many Web-based applications it supports.
There are instances in which multiple protocols might exist within a single network. For heightened network security, some companies deploy NWLink (IPX/SPX) within a network and use proxy agents for Internet access because NWLink is more secure than TCP/IP.The proxy computers have TCP/IP and NWLink bound to one network card acting as an interpreter between the protocols.TCP/IP-based tools are useless to a hacker on an NWLink-based network. For the proxy server, both protocols are bound to the internal network interface, and only TCP/IP is bound to the external network interface.
Binding Optimization The first step in binding optimization is to understand the network’s required features. Is Internet connectivity required? Is high security an issue? How large is the network? How is the network laid out? Do you need tools that are a function of a protocol (PING,TRACERT, and so on)? Because networks are often subnetted, evaluating the functions within a subnet is also important. (A subnet is a separate portion of a network that shares a network address with other parts of the network and is distinguishable by its subnet number.) The easiest method for optimizing bindings is to eliminate unnecessary bindings. How do you know which protocols are unnecessary in a network? If the path from a computer to a resource must pass through a router, NetBEUI is out. Unless the network is small and removed from the Internet, NetBEUI is not a good choice. Large-scale NetBEUI networks use available bandwidth with broadcasts, which makes effective network communication difficult.
257
258
Chapter 12
Windows XP Networking Explored and Explained
To remove an unnecessary binding, open Network Connections from the Start menu. Open the connection and click the Properties button. Highlight the name of the protocol you want to remove, and then click the Uninstall button. Click Close, and the Registry information is updated automatically.
Changing the Binding Order Another equally simple optimization is to move the most frequently used bindings to the top of the binding order. Again, it is important to understand the mission of the network. Assume that your binding order has NetBEUI first and TCP/IP last.You need both protocols, but TCP/IP is the most frequently used.To modify the binding order, follow these steps: 1. Click Start, Control Panel (Classic view), and open the Network Connections window. 2. Choose Advanced, Advanced Settings from the menu. 3. In the Advanced Settings dialog box, select the network to be modified (see Figure 12.5). 4. In the Bindings For section, select the protocol to be reordered. 5. Click the up or down arrow button to reorder the protocol sequence.
Figure 12.5 You can reorder protocol bindings in the Advanced Settings dialog box.
For More Information
To add a new binding to a network adapter, follow these steps: 1. Click Start, Control Panel (Classic view), and open the Network Connections window. 2. Open the network connection to be modified and click the Properties button. 3. Click the Install button. 4. Select Protocol from the list, and click the Add button. 5. Select the protocol to be installed, and click OK. 6. Click Close. After the protocol has been added, you can manage protocol bindings for each interface device. Modify the protocol binding per the previous instructions. If you have concerns about bindings in your networking environment and about exactly what is going on behind the scenes, running Network Monitor from a Windows 2000 server is a good starting point for investigation and troubleshooting. Fewer protocols mean less traffic, less exposure to hacks, and less administration.
For More Information If the information about Windows XP networking in this chapter has increased your desire to learn more, here are a few resources you can research: n n n
n
Hipson, Peter D. Mastering Windows XP Registry. Sybex, 2002. ISBN: 0782129870. Microsoft TechNet: http://www.microsoft.com/technet/. Microsoft Windows 2000 Server Resource Kit. Microsoft Press, 2000. ISBN: 1572318058. Microsoft Windows XP Professional Resource Kit. Microsoft Press, 2000. ISBN: 0-73561485-7.
259
13 Windows XP Networking Models
T
HERE ARE MANY DIFFERENT NETWORK CONFIGURATIONS. Each network has to be configured to account for security, information sharing, connectivity, user and resource location, and whether there is an onsite network administrator. Most important, however, the network must enable its users to get their jobs done quickly and easily.
This chapter focuses on how Windows XP functions in different types of environments. Because networks can change as often as the weather, this chapter addresses how Windows XP can adapt to meet your needs. It also provides an overview of the two main network models for which Windows XP is designed.
Workgroup Networks Workgroup networks, or peer-to-peer networks, are network models that offer ease of setup, non-centralized security, and low costs as their key benefits.The workgroup networking model can contain a mixture of operating systems and hardware spread across a large geographic area.Typically, however, workgroups are smaller network installations used when employees have minimal network administrative skills, when money is an issue, when there are few networked computers or users, or when security is not a major concern. The definition of a workgroup is a group of computers on a common network linked by a workgroup name. In Windows XP, you can view the computers that are part of your workgroup in My Network Places.You can easily move a computer from one workgroup to another.
262
Chapter 13
Windows XP Networking Models
Follow these steps to move a computer from one workgroup to another: 1. 2. 3. 4. 5. 6.
Log on to the XP system using an account with administrative permissions. Click Start, Control Panel. Click Switch to Classic View. Double-click the System icon. Select the Computer Name tab. Click the Change button to open the Computer Name Changes dialog box (see Figure 13.1). 7. Enter a new name for the workgroup in the Workgroup text box. 8. Click OK to close the Computer Name Changes dialog box. 9. Click OK to close the System applet.
Figure 13.1 The Computer Name Changes dialog box.
If the workgroup name you enter doesn’t already exist,Windows creates a new workgroup. You can also join a domain, if one exists, from the Computer Name Changes dialog box. Instead of entering a different workgroup name, select the Domain radio button and enter the name of the domain you want to join. For Windows XP Professional machines, you must create a computer account in the domain by supplying a domain administrator ID and password. Assuming that the account and password information are valid, you are welcomed into the domain. Although it’s built on the same code as Windows XP Professional,Windows XP Home is still targeted toward home users. Because Windows 95, 98, or Me could not take part
Domain-Based Networks
in domain security, neither can Windows XP Home. All Windows XP Home computers default to the workgroup MSHOME.You can still access resources on a domain from a Windows XP Home machine; you’ll just be prompted for a domain username and password when you do.Windows XP Professional and 64-bit Edition do not have this limitation. Security in a workgroup model is based on share-level security. In Windows XP, a local Security Accounts Manager (SAM) database contains local account information for user validation on that workstation. Resources can be shared by granting explicit access on a per-user or per-workgroup basis. If security is of even moderate concern, you’re better off using a domain model. As previously mentioned, typical workgroups are small and are used for logical organization of a small group of computers. A network can consist of multiple workgroups. Assuming that your network is organized into workgroups, you can browse the network in My Network Places.The view in My Network Places shows several workgroups rather than many individual computers, but you can find individual computers within their specific workgroups at a lower level in the browser hierarchy.Workgroups do not, however, offer much in the way of centralized administration or user-level security. Domain-based networks were created to address these issues.
Domain-Based Networks A domain-based network differs from a workgroup-based network in that it contains users and computers that share a centralized security model and user account information. In a Windows NT network, a domain is like a medieval kingdom with a central authority or monarch (the primary domain controller, or PDC), members that participate in the monarchy as potential rulers (the backup domain controllers, or BDCs), members that provide services to the kingdom but cannot participate in ruling the kingdom (member servers), and the commoners in that kingdom (ordinary users). A domain consists of users and resources just as a kingdom is made up of people and property. In Windows 2000 or .NET and Active Directory, the domain model has changed. Gone are the PDCs and BDCs. Instead, you deal simply with domain controllers (DCs). Unlike the Windows NT model, in which only the PDC maintained a read/write copy of the SAM, all domain controllers maintain a read/write version of the user and group information. When a computer running Windows XP Professional logs on to a network, the NetLogon service on the client computer creates a secure communications channel with the NetLogon service on a domain controller. A secure communications channel exists when computers at each end of a connection are satisfied that the computer on the other end has correctly identified itself. Computers identify themselves by using their computer accounts.When the secure channel is established, secure communications can take place between the two computers.
263
264
Chapter 13
Windows XP Networking Models
To maintain security during a communications session, internal trust accounts are set up between a workstation and a server, between the domain controllers within a domain, and between domain controllers in trusted domains.Trust relationships and the secure channels they provide enable administrators to remotely manage workstations and member servers.Trusts also affect the relationships between workstations and domain servers.
Understanding Groups Groups are the most frequently mismanaged element in Windows XP or any other network operating system. Understanding group creation and management is essential for minimizing administrative overhead, managing security, and ensuring the maintainability of Windows XP. Without knowledge of default groups and permissions, shares, and the Registry, you could open your Windows XP computer to security risks.This section reviews default groups, built-in groups, default permissions for those groups, and how to apply proper security. Windows XP Home shows another sign of its ancestry when it comes to groups.The previous home user versions of Windows had no concept of users, so there was no need for groups.Windows XP Home does take advantage of its Windows XP heritage and offers the following built-in groups: n n
Owners group Restricted Users group
The Owners group is akin to the Administrators group in Windows XP Professional and 64-bit Edition. Users who log in interactively on Windows XP Home are assumed to be members of this group, which gives them full control over the computer. It is possible to create a user in Windows XP Home who is not a member of the Owners group. The Restricted Users group is for access to your Windows XP Home box from the network.Typically, these accounts are let in with Guest status and allowed only Read access to shared resources. Windows XP Professional and 64-bit Edition are descendants of the mighty corporate Windows operating system, so they have a wider variety of security options.This includes a much larger list of built-in local groups: n n n n n
Network Configuration Operators Power Users Remote Desktop Users Replicator Users
Some of these built-in groups contain other groups by default. Being aware of these groups is essential to managing security properly and minimizing administrative overhead. In addition to the default local groups just listed,Windows XP specifies another relationship that exists inherently within the system.The Everyone group is an intrinsic group whose membership consists of all local and network domain users logged in at any time. Known security issues with the Everyone group include shares, New Technology File System (NTFS) drives, and the Registry. By default, when a new share or a new NTFS partition is created, Everyone is granted Full Control. In the Registry, the HKEY_LOCAL_MACHINE root gives the Everyone group Read permissions. Some Registry keys also give the Everyone group Full Control.You must be aware of what the Everyone group is given by default to close up such breaches in security. Windows XP also has some special built-in groups.These groups cannot be modified and their memberships are dynamic. In addition, they do not appear in any of the user/group administration tools. Instead, they appear only in the Access Control Lists (ACLs) for resources and objects.These special groups are the following: n
Anonymous Logon. Any user who is logged on anonymously is automatically added to this group.
n
Authenticated Users. Any user who logs on with a username and password is added to this group.
n
Batch. Any batch file or process running on the system goes in this group. Creator Owner. This group serves as a placeholder in an inheritable access control entry (ACE).
n
n
Creator Group. This group serves as a placeholder in an inheritable access control entry (ACE).
n
Dialup. Any user who accesses the system via a dial-up connection is added to this group.
n
Interactive. This group contains the user who is currently logged on to the computer.
n
Local Service. Services that run on the local computer are added to this group. Network. This group contains any users who access the system across a network.
n
265
266
Chapter 13
n
n
n n n
Windows XP Networking Models
Network Service. Any service that needs authenticated network access is added to this group. Remote Interactive Logon. Any user who accesses the computer via a remote connection is added to this group. Service. Any service running locally is added to this group. System. The operating system operates in this group. Terminal Server User. If the system is running applications in Terminal Server mode, this group contains any user logged on to the system via Terminal Services.
Assigning users to the proper group simplifies user and group management.The following sections explore the groups built into Windows XP.
Administrators The Administrators group has complete control over the computer. Administrators, by default, have Take Ownership permissions. Although you might think NTFS permissions forbid the Administrator to access your files, the Administrator can take ownership of those files and change the NTFS permissions.
Backup Operators By default, Administrators, Backup Operators, and Server Operators have the rights to back up and restore Windows XP volumes, directories, and files. Backup Operators can specifically back up and restore files, even when Read and Write permissions have not been explicitly given to the group’s members. The Backup Operators group is empty by default. It is common practice in an enterprise environment to define a global group named Backup Operators into which the personnel responsible for backups are added. On each domain controller and member server, the global Backup Operators group is added to the local Backup Operators group to promote simplified group management. Backup Operators can shut down servers, but they cannot change security settings on the files they are permitted to back up.
Guests The Guests account is disabled by default. Guests are exactly that—guests. As with someone visiting your home, you don’t have complete knowledge of or confidence in a Guest. Guests must log in to resources over a network and cannot log on locally.Typical installations never use the Guests account, and it is recommended that you leave it disabled.
Understanding the Security ID
HelpServicesGroup The HelpServicesGroup group is for the Help and Support Center.With special applications, the Microsoft Help and Support Center can access your computer from the network and log on to help diagnose problems.
Network Configuration Operators The Network Configuration Operators group is allowed to make administrative changes only to the network settings.This group is a good place to put users who have laptops because it enables them to modify their settings without giving them full Administrator status.
Remote Desktop Users The Remote Desktop Users group has the right to log on to the computer using a remote desktop connection via Terminal Services.
Power Users Power Users have default administrative-like rights that permit user management for the users they create. Power Users can also add users to the Guests, Power Users, and Users groups. Power Users have local machine permissions to share and remove file and printer shares.
Replicator Replicator is a system-level group used only for the Windows XP built-in Directory Replication service.This group has no default members. If you make a Windows XP Professional computer a replication partner, the account associated with the replication service on that machine must be inserted into this group.
Users Who are Users? Unlike the Everyone group, the Users group is permitted to use the Log On Locally right on all Windows XP Professional machines. In Windows XP Professional, members of the Users group can create and delete local groups, shut down and lock the local workstation, and maintain a local profile.
Understanding the Security ID Security IDs (SIDs) are part of the Windows XP security system. A SID is a unique key that identifies objects in a Windows domain. Each user, group, and computer has a
267
268
Chapter 13
Windows XP Networking Models
unique key. A username or computer name can change; therefore, the domain needs some way to track what’s going on in the system. Enter the SID. Say you have a workstation named Matthew, and you decide to rebuild Matthew from the ground up. Even if you name the new workstation Matthew, it really isn’t Matthew—just as a clone isn’t the original, but a close copy. Because the system SID changes based on a new installation of Windows XP—even though the machine name is the same and it is built to be identical to the original—Windows XP is not fooled into letting this machine enter the domain and assume Matthew’s responsibilities.
Troubleshooting Techniques for Networks There are many ways in which domain controllers can become the focus of networking problems.The symptoms and fixes described in the following sections cover the most common problems and their related workarounds.
IP Address Connection Works, but Name Resolution Fails If you encounter a situation in which the IP address connection works but name resolution fails, try the following: 1. Make sure the appropriate Hosts file and DNS setup are configured for the computer. First, check the host name resolution configuration by using the Network and Internet Connections applet in Control Panel. 2. Then right-click Local Area Connection and select Properties. 3. Select Internet Protocol (TCP/IP) and click the Properties button. 4. Click the Advanced button, select the DNS tab in the Advanced TCP/IP Settings dialog box, and make sure the settings are correct (see Figure 13.2). 5. If you are using a Hosts file, make sure the remote computer’s name is correct and is capitalized exactly as it appears in My Network Places, in the file, and in the application that uses the file. 6. If you are using DNS, make sure the IP addresses for all DNS servers are correct and are entered in the proper order. Use the PING command with the remote computer by typing both the hostname and its IP address to determine whether the hostname is being resolved properly. 7. Use the IPCONFIG /all command from the command prompt.Windows XP displays all TCP/IP configuration information (see Figure 13.3). 8. Use the IPCONFIG /displaydns command to verify that the hostname-toIP resolution is correct. If it’s not, use the IPCONFIG /flushdns command to flush your cache.
Troubleshooting Techniques for Networks
Figure 13.2 The DNS tab of the Advanced TCP/IP Settings dialog box.
Figure 13.3 The TCP/IP configuration information that’s displayed by using IPCONFIG /all.
TCP/IP Connection to Remote Host Hangs If a TCP/IP connection to a remote host hangs, you can use the Windows XP NETSTAT command to display protocol statistics and current TCP/IP network connections, which can be helpful in diagnosing problems.The NETSTAT command displays statistics and connections related to NetBIOS connections that run over TCP/IP. Here is the syntax for using the NETSTAT command: NETSTAT [-a] [-e] [-n] [-o][-s] [-p proto] [-r] [interval]
Table 13.1 details the switches used with NETSTAT.
269
270
Chapter 13
Windows XP Networking Models
Table 13.1 NETSTAT Command Switches Switch
Function
-a
Displays all connections and listening ports. (Server-side connections are not usually shown.) Displays Ethernet statistics.This switch can be combined with the -s option. Displays addresses and port numbers in numerical form. Displays the owning process ID for the connection. Shows connections for the protocol specified by proto; proto might be TCP or UDP. If used with the -s option to display per-protocol statistics, proto might be TCP, UDP, or IP. Displays the contents of the routing table. Displays per-protocol statistics. By default, statistics are shown for TCP, UDP, and IP; the -p option can be used to specify a subset of the default. Redisplays selected statistics, pausing the specified interval of seconds between each display. Press Ctrl+C to stop redisplaying statistics. If omitted, NETSTAT prints the current configuration information once.
-e -n -o -p proto
-r -s interval
Note You can obtain a listing of all NETSTAT commands at any time by typing NETSTAT /? at the command prompt.
Use the NETSTAT -a command to show the status of all activity on the local computer’s TCP and UDP ports.The state of a good TCP connection is usually established with 0 bytes in the send and receive queues. If data is blocked in either queue or if the state is irregular, there is likely a problem with the connection. If not, the network or application is probably experiencing delays.
NET Commands The NET commands comprise a NetBIOS-based set of networking commands that cover the full range of network capabilities on a Microsoft network. Several useful commands and utilities are covered in the following sections. Use the command NET /? to see all the NET commands and their usage. NET COMPUTER Use the NET COMPUTER command to add or remove a computer from a Windows domain.The following is the syntax for the NET COMPUTER command: NET COMPUTER \\computername {/ADD | /DEL}
For More Information
In the preceding line, \\computername is the name of the computer, and /ADD or /DEL specify whether the computer is to be added or deleted from a domain. Additional NET Commands Use the NET START command to manage your installed Windows XP services from the command line.The following is the syntax for the NET START command: NET START ServiceName
Using the NET START command and the service’s display name can start nearly every service. For example, to start the Print Spooler, use the following syntax: NET START “Print Spooler”
Notice that if spaces appear in the service’s display name, you need to place double quotation marks around the name. Use the NET STOP command the same way to stop services that are started. Use the NET VIEW command to see the shared resources on a remote computer.The following is the syntax for the NET VIEW command: NET VIEW \\computername
For More Information To find more information about domain models and troubleshooting network problems, access one of the following resources: n
MCSE Training Guide (70-270):Windows XP Professional. Que Certification, 2002. ISBN: 0-7897-2773-0.
n
Microsoft TechNet. Available online at http://www.microsoft.com/ technet/. Microsoft Windows XP Professional Resource Kit. Microsoft Press, 2001. ISBN: 0-73561485-7.
n
271
14 Windows XP and TCP/IP
T
HIS CHAPTER EXPLAINS WINDOWS XP’S relationship with what has to be its most important networking protocol—namely, the suite of protocols collectively known as Transmission Control Protocol/Internet Protocol (TCP/IP). Although Windows XP continues the support for other networking protocols besides TCP/IP, NetBEUI no longer appears by default in the list of installable protocols. If you want to install NetBEUI, you must copy the files from the Windows XP CD-ROM.TCP/IP is clearly the protocol of choice for Windows XP.
As evidence of TCP/IP’s pre-eminence, consider the following observations on Windows XP: n
TCP/IP is now the only protocol that’s selected by default during the Windows XP installation process.
n
Much of the Windows 2000 Server network infrastructure support comes from Active Directory; Active Directory in turn uses the Lightweight Directory Access Protocol (LDAP) to convey directory services requests, responses, updates, replication, and so forth. LDAP is an IP-based protocol, which means that using Active Directory requires that TCP/IP be installed.
n
Most of the sophisticated network services that Windows 2000 Server and XP use and support—including Active Directory, Dynamic Host Configuration Protocol (DHCP), Domain Name System (DNS), connection sharing, automatic network configuration, and so forth—either work best with TCP/IP or require TCP/IP to do their jobs.
Therefore, it’s no exaggeration to say that networking with Windows XP is at its most powerful and usable when TCP/IP provides the underlying protocol stack that services and applications use. In fact, so-called native-mode Windows 2000 networks (that is, Microsoft networks that have only Windows 2000 servers) can use TCP/IP without also using NetBIOS for
274
Chapter 14
Windows XP and TCP/IP
name resolution.Whereas all previous Windows operating systems—including Windows 3.x,Windows 9x, and Windows NT—all required access to NetBIOS to support the browser service, Network Neighborhood, replication services, and much more,Windows 2000 networks running Active Directory (and hence,TCP/IP) can do without NetBIOS completely as long as your software applications do not require NetBIOS support. Unfortunately, most networks these days contain a mix of older Windows versions alongside Windows 2000 and XP.They are called mixed-mode networks (in which machines include Windows servers other than Windows 2000). Mixed-mode networks do require NetBIOS services, however, so networks that use only TCP/IP require some method for resolving NetBIOS names to be supported.That’s why this chapter includes a section covering the Windows Internet Naming Service (WINS) and a file-based equivalent. Other topics covered here consist of mainstream TCP/IP activities and services, including the following: n n n n n n n n n
Domain names and IP addressing Managing Windows XP IP configurations Routing TCP/IP Managing the Internet periphery: firewalls and proxy services Name resolution services: DNS and WINS IP-based e-mail Managing Web access and security Working with FTP Troubleshooting IP services and connectivity
TCP/IP Explored and Explained Although the collection of protocols and services known as TCP/IP is named after its two most important members—the Transmission Control Protocol (TCP) that provides reliable, end-to-end transport services and the Internet Protocol (IP) that provides basic network packet delivery services—TCP/IP actually covers many hundreds of named protocols and services from Layer 2 (Data Link) through Layer 7 (Application) of the Open Systems Interconnect (OSI) Reference Model. .
For more information on the OSI Model, see Chapter 12, “Windows XP Networking Explored and Explained,” p. 249.
Because TCP/IP provides the underpinnings for the Internet and the foundation for Active Directory in Windows 2000 and XP, neither users nor administrators can avoid using TCP/IP these days. However, intimate knowledge of TCP/IP’s individual protocols
TCP/IP Explored and Explained
and services and their implementation details isn’t really necessary, either. For that reason, this chapter forgoes the usual history and functionality review that begins most forays into TCP/IP and instead concentrates on the details that you must understand. If you’re interested in learning more about detailed TCP/IP specifications, capabilities, and history, please consult the “For More Information” section at the end of this chapter. Because TCP/IP includes a great many individual protocols that operate at Layers 2, 3, and 4 of the OSI Reference Model and includes a great many services (each with one or more of its own attendant protocols) at Layers 5 through 7,TCP/IP is a big, bulky protocol stack. It typically consumes more system resources than other protocol stacks because of the number of constituent protocols and the sizeable buffer allocations for incoming and outgoing traffic. Particularly for Windows 2000 servers, but also for high-end Windows XP Professional machines, these characteristics make it important to purchase fast, powerful network interface cards (NICs).This means you should be glad to pay for advanced features that include the following capabilities when you buy high-end NICs to ensure the best possible network performance: n
Bus mastering. Permits the NIC to manage memory transfers without involving the CPU (so no waiting for CPU service is required). Most modern Peripheral Component Interconnect (PCI) NICs support this characteristic; this is particularly true for higher-end NICs.
n
Direct memory access (DMA). Permits memory buffers on the NIC and memory regions in RAM to be mapped to one another for faster data transfers between the two.This feature often occurs in tandem with memory-sharing configurations so that writing to outgoing memory buffers in RAM triggers automatic transfers to NIC buffers, and writing to incoming memory buffers on the NIC triggers automatic transfers to RAM.
n
NIC memory buffers. Installing as much RAM as possible on the NIC itself means it can handle larger amounts of incoming and outgoing data faster, thereby increasing overall network throughput.
n
Onboard coprocessors. These “mini-CPUs” become part of the NIC and can handle packet processing for incoming and outgoing traffic, thereby relieving the CPU of this burden. (Usually, the NIC packaging indicates whether the card has an onboard coprocessor.)
Windows XP systems are usually configured with more than 128MB of RAM (for Professional, the minimum recommendation is 64MB) or 256MB of RAM or more (for Windows 2000 Server), so TCP/IP’s resource footprint is no longer a big concern for such systems. Nevertheless, it makes sense to install the most powerful NICs you can afford, particularly when you’re operating at 100Mbps or higher network speeds using TCP/IP.
275
276
Chapter 14
Windows XP and TCP/IP
Any useful discussion of TCP/IP must cover topics germane to its configuration and to the operation of higher-level services that use TCP/IP for transport.Therefore, the topics involved in this chapter include the following: n
n
n
Use of IP domain names for unique identification of network clients and servers and other devices Proper configuration of key IP network addresses to manage traffic from any local subnet to the rest of the network Client IP address management techniques, including dynamic address management services
n
The domain name to IP address resolution process; likewise, resolving NetBIOS names to IP addresses
n
Managing Internet access via dial-up (analog telephone) or digital technologies (ISDN, cable modem, DSL, and so on)
n
Delivering common Internet services, such as Web, file transfer, e-mail, and so on
TCP/IP’s inherent characteristics can explain its enduring popularity—not only is TCP/IP a reliable and robust protocol suite, but it also provides an entrance into the Internet. Although TCP/IP can be more difficult to configure and consumes more system resources than other protocols, it remains the best protocol in networking environments of just about any size, particularly where Internet access is required (as it is in the vast majority of modern networks). TCP/IP is a packet-switched protocol suite.This characteristic means that individual chunks of information find their way through the network from a sender to a receiver without each chunk having to follow the same path. In other words,TCP/IP does not have to rely on any single logical pathway between sender and receiver; each chunk of data—called a packet or a frame—can make its own way from one point to the other. When packets arrive at their destination,TCP/IP handles their resequencing so that incoming packets get arranged in the correct order. In this way, packet-switching reduces the importance of any single link in the pathway between sender and receiver—as long as at least one valid pathway between the two can be identified, data is transferred properly. For this reason,TCP/IP helps ensure delivery from sender to receiver, even when links fail or are otherwise unavailable between a sender and a receiver.TCP’s added error-checking and retransmission request capabilities help ensure reliable, robust delivery of data between senders and receivers. TCP/IP’s biggest benefit stems from one of its original primary design goals—to permit heterogeneous computers to exchange information across a network link of some kind. In other words,TCP/IP was designed from the ground up to permit dissimilar types of computer systems to exchange information with one another. Government funding for early TCP/IP research, in fact, stemmed in large part from frustration with the difficulties in getting early Sperry-Rand computers to exchange data with IBM machines.
Understanding IP Addressing, Subnet Masks, and Domain Names
Today, some kind of TCP/IP implementation is available for just about every kind of computer in use, which virtually guarantees that computers can communicate with one another. If you do come across a computer that cannot handle TCP/IP, it won’t be able to access the Internet. So it might be time to think about its retirement! Windows XP continues to build on the newly designed implementation of TCP/IP introduced in Windows 2000. Microsoft has provided a set of redesigned, user-friendly GUIs to simplify the process of configuring the many TCP/IP protocols, including DHCP, DNS, IGMP (Internet Group Management Protocol), and SNMP (Simple Network Management Protocol), to name a few.The goal is to enable access to an entire TCP/IP network, including components that can be reached across the Internet. To understand the configuration requirements of using this protocol correctly, you must understand what’s involved in working with numeric IP addresses and symbolic IP domain names.These items are covered in the next section, after which specific requirements for configuring TCP/IP on Windows machines are tackled.
Understanding IP Addressing, Subnet Masks, and Domain Names On a TCP/IP network, each network interface that handles TCP/IP traffic must have its own unique identifier, known as an IP address. (Because these addresses take the form of four sets of numbers separated by three periods, they are sometimes called numeric IP addresses or numeric addresses.) In TCP/IP terminology, every network device that can send or receive IP traffic is called an IP host, or host for short. Because some devices might have more than one network interface installed (for example, a router or a multihomed server), a single host can have more than one IP address—in fact, it should have a unique IP address for every interface. In addition, a single NIC can have multiple IP addresses assigned to it. Each IP address consists of two parts: the leading part identifies a particular network and is known as the network portion of the address; the trailing part identifies some particular host (interface) and is known as the host portion of the address.The network portion, also known as the network ID, identifies the network segment to which the host’s network interface is attached. Likewise, the host portion, also known as the host ID, identifies a specific network interface (which must be attached to a specific network segment). IP routers use the network portion of an IP address to determine how to deliver information from a sender to a receiver. If both parties share a common network ID, no routing is necessary because both parties are on the same network segment. If each party has a different network ID, a router must forward the packet from the sending network to some other network (and possibly another router) to reach the network where the receiver resides.When a router attached to the same network segment as the receiver is
277
278
Chapter 14
Windows XP and TCP/IP
reached, it manages a local transfer directly from the router to the recipient, using the host portion of the address. If sender and receiver are on the same network segment, this local transfer can occur directly from sender to receiver, so no router needs to get involved. The Internet actually consists of thousands, if not millions, of network segments interconnected by routers. Each network segment must possess its own unique network ID, and every device on that network segment shares the same network portion of its IP address to signify that it is part of that network segment. IP addresses consist of a 32-bit binary number divided into four 8-bit sequences called octets in TCP/IP lingo. For easier reading, each octet is usually represented as a decimal number, so IP addresses take the form of 10.1.156.12, 172.16.10.10, or 192.24.24.5, for example.Therefore, the binary IP address 1100111 0010110 10000011 10001001 can be represented as 207.46.131.137.To create a decimal equivalent to a binary IP address, convert each 8-bit sequence to a decimal number, and separate the four resulting digits by periods (which explains why this way of representing IP addresses is called dotteddecimal notation). Computers operate on IP addresses in their binary forms; humans do better reading such addresses in decimal forms. But some familiarity with the binary equivalents of decimal numbers is important because certain bit patterns are significant when managing IP addresses, as you’ll learn in the following sections of this chapter. On the other hand, because humans remember symbolic names, such as www.microsoft.com or www.quepublishing.com, better than they do even dotted-decimal addresses, such as 207.46.230.218 or 63.69.110.220, IP provides for name-to-address translations to make identifying Internet resources a bit easier for humans. Domain names (and NetBIOS names) are discussed later in this chapter in the section “DNS,WINS, Active Directory, and Other IP Matters.”
IP Address Classes The current version of IP in use is called IPv4, and it uses the 32-bit numeric addresses described in the previous section.This design supports nearly 4.3 billion network hosts altogether. Instead of permitting individuals or organizations to choose their own IP addresses, however, address distribution falls under the aegis of the Internet Corporation for Assigned Names and Numbers (ICANN), which is available online at http://www.icann.org. ICANN, in turn, designates various high-level name registries and service providers to manage domain names and IP addresses so that a single centralized database for this information can be maintained. “Why is this necessary?” you might ask. Centralized controls are essential because of the requirement that all numeric IP addresses and domain names be unique. Because no
Understanding IP Addressing, Subnet Masks, and Domain Names
duplicates are allowed, a central authority to manage the distribution of names and numbers is needed—hence the existence of ICANN and its delegates. Using an address class scheme, ICANN assigns blocks of IP addresses through its delegates to networks based on their size and purpose. IP addresses come in five classes, labeled alphabetically as Classes A through E. Classes A, B, and C are used for conventional networks and, therefore, are the ones of concern in this chapter. Classes D and E have special uses and don’t follow the same rules as those set for Classes A through C (although all five fall into unique numerical ranges, as you’d expect, based on the requirement that all IP addresses be unique). Class D addresses are used for multicasting, in which a single receiver can address an entire community of recipients with a single destination address. Class E addresses are reserved for experimental use and are usually encountered only in development environments. The first three address classes—A through C—differ in the number of octets they use for the network and host portions of each address. Class A uses a single octet for the network portion, Class B uses two octets for the network portion, and Class C uses three octets. By logical extension, this also means that Class A uses three octets, Class B uses two octets, and Class C uses one octet for the host portion of IP addresses. The number of octets in the network portion of each IP address determines its default subnet mask. A subnet mask is simply a bit pattern that puts a 1 in each bit position for the network ID and a 0 in each bit position for the host portion. Routers and IP clients use the subnet mask to select the network ID from an address when routing is required; pairs of IP hosts use the subnet mask to block off the network portion when transferring a packet from one host to another on the same network segment (also known as a subnet, for obvious reasons). Table 14.1 identifies the default subnet masks for address classes A, B, and C.You can recognize the class associated with any IP address by inspecting its first octet in binary form. Here’s how the identification process works: n n n n n
Class A addresses always have a 0 in the first bit position. Class B addresses always begin with 10 in the first two bit positions. Class C addresses always begin with 110 in the first three bit positions. Class D addresses always begin with 1110 in the first four bit positions. Class E addresses always begin with 11110 in the first five bit positions.
The reason this method of identification is used is because routers and other networking devices can examine the initial bits of IP addresses at the hardware level very quickly. This helps keep IP packets moving, even when address calculations involving subnet masks must be applied to determine whether and how IP packets are to be routed (or not, as is the case when routing is not required for purely local transfers).
279
280
Chapter 14
Windows XP and TCP/IP
Table 14.1 Address Classes with Corresponding Network and Host IDs Address Class
IP Address
Network ID
Host ID
A B C
w.x.y.z w.x.y.z w.x.y.z
w w.x w.x.y
x.y.z y.z z
Because of the bit patterns used to identify address classes A through C, each falls into a specific numeric range related to the restrictions on its initial bits.This information is captured in Table 14.2 for address classes A through C, along with information about the number of network and host IDs consequently available for each address class. Table 14.2 IP Address Components and Counts by Class Address Class
IP Address Restrictions Several additional restrictions on addresses apply to each IP address class. For any given network address, the address with a host portion consisting of all zeros identifies the network as a whole and cannot be used to identify a particular host. Likewise, the address with the host portion consisting of all ones is a broadcast address, which is meant to be read by all hosts on any particular subnet. When calculating the total number of host addresses for any subnet, be sure to subtract 2 from the number of addresses that binary arithmetic produces. (When that number represents 2n, n is the number of bits in the host address; therefore, the actual number of hosts is 2n–2 for any host address range.) Other restrictions on IP addresses include reserving Class A address 127 for testing purposes. (It’s the address associated with the symbolic names loopback and localhost, which can be used to test IP accessibility strictly on a single machine at a time.) Another restriction is reserving addresses within each class (1 Class A, 16 Class Bs, and 256 Class Cs) as private IP addresses. Private IP addresses can be allocated for use on any local networks, but because these addresses cannot be guaranteed to be unique, they cannot be routed over the public Internet.
IP Subnets and Subnet Masks On a TCP/IP network, a subnet represents a particular cable segment or an address range that defines a community of interest (such as the members of a department or workgroup). All hosts within a subnet can communicate directly with one another, but they cannot communicate directly with hosts outside the subnet. Subnets help reduce traffic congestion by isolating local communication to a specific group of local hosts.
Understanding IP Addressing, Subnet Masks, and Domain Names
Subnets can represent individual cable segments for some network topologies. On switched networks, for instance, the notion of a cable segment doesn’t really apply, however. So switches define virtual subnets that represent logical aggregations of individual hosts that are treated like the logical equivalent of a cable segment. When designing IP subnets, it’s best to include hosts that routinely exchange information with each other and to exclude hosts that seldom communicate. (They should be on separate subnets.) Sometimes subnets are dictated by network topology—especially on Ethernet networks that use coaxial cable or twisted pair hubs—in other cases, subnets can be created by affinity rather than proximity. To send data from one IP subnet to another, however, the data must pass through one or more routers that ultimately tie the two subnets together.That helps explain why routers are called IP gateways in TCP/IP terminology:These devices provide a way to reach external networks from any single subnet and, therefore, act as a gateway to the outside networking world. Subdividing a single IP network ID into multiple smaller segments or affinity groups is called subnetting. A subnet mask helps define the process of subdivision that’s used. Basically, a subnet mask “steals” bits from the host portion of an IP address to create logical subdivisions of the network address, thereby creating multiple smaller subnetworks within a single larger network address. This works much like a telephone number, in which it’s normally necessary to include the area code in the dial string when calling from one area code to another, but no area code is required when the calling and called numbers share an area code. In this analogy, the area code represents the network address portion and the seven-digit phone number represents the host address portion. Continuing the analogy to subnets, the first three digits of a seven-digit number (known as the local exchange) identify a common subnet, but different local exchanges identify different subnets. A subnet mask is a 32-bit IP address that defines which bits fall into the network portion of the address by filling those bits with ones and leaving zeros for the host portion of the address.Table 14.3 identifies the default subnet masks for the primary IP address classes. Table 14.3 Class A, B, and C Default Subnet Masks Address
Subnet masks that exceed these defaults are used to divide the normal host portion of the address into a subnetwork ID portion (leftmost bits) and a host portion (rightmost bits).Therefore, a Class B subnetwork mask with a value of 255.255.224.0 shows its
281
282
Chapter 14
Windows XP and TCP/IP
capabilities by expressing the third octet (the first octet of the host portion, in other words) in binary: 11100000.The first three bits in this subnet mask are ones; therefore, the number of subnets that this mask enables is equal to 22–2 (the same exclusion on all ones and all zeros addresses for hosts also applies to subnetworks), or six subnetworks. Likewise, the number of host addresses on each subnetwork can be calculated by counting the number of zeros remaining in the subnet mask. (For 255.255.224.0, the lowerorder two bytes in binary are 11100000.00000000, producing a total of 13 zeros.) Therefore, the number of hosts on each subnet is equal to 212–2, or 8,190.Table 14.4 shows the possible subnet masks and the results for each address class from A to C. Table 14.4 Subnet Masks with Resulting Networks and Hosts Binary Mask
Understanding IP Addressing, Subnet Masks, and Domain Names
IP Addresses on Your Network When you implement TCP/IP on a network, you can elect to obtain public IP addresses from your service provider or use private IP addresses instead. If you want to connect your private network to the Internet, you need at least one public IP address for the Internet connection, or you can deploy public IP addresses obtained from an ISP or some other source. It doesn’t matter where you get them, as long as they’re valid and unique. If you elect to use private IP addressing, check out the private IP address ranges defined in Internet RFC 1918. (RFC stands for Request For Comments and identifies the collection of public documents that govern TCP/IP protocols, services, best practices, and more; to inspect 1918’s contents, please visit http://www.ietf.org/rfc/ rfc1918.txt.)
Working with Network Address Translation (NAT) If you use public IP addresses, your network hosts can access the Internet directly. For hosts that use private IP addresses, however, they must go through an address translation service called Network Address Translation (NAT) to access the Internet. Because anyone can use private IP addresses, they cannot be routed across the public Internet.This confers a beneficial security side effect because would-be hackers cannot pretend to use private IP addresses in packets they attempt to introduce into the private side of your network. Usually, all hosts that use the same NAT server map into a single public IP address associated with that server, which is why you must always have at least one public IP address if you want your users to access the Internet.That public IP address, of course, will be the public address that the NAT server uses to identify the source address for outgoing network packets after it’s translated them into public form.The NAT server maintains a table of active connections for clients accessing the Internet so that it knows where to direct replies to outgoing traffic, even though all that traffic appears to originate at the same public Internet address. In this way, NAT greatly reduces the number of public IP addresses that a network must obtain to access the Internet. Because most organizations must pay a monthly fee for the block of public IP addresses they use, this can help contain related costs (and improve security at the same time). NAT has its disadvantages, however. It is subject to numerous service conflicts and other special considerations, as follows: n
Application access. To run applications across the Internet where NAT is operating, you must configure NAT to recognize and use such applications. Because not all applications work with NAT, this can cause problems.The only way to be sure is to implement a test configuration and check networked applications to make sure they work properly.
283
284
Chapter 14
n
n
Windows XP and TCP/IP
DHCP. Both NAT and DHCP provide addressing components that identify subnet masks, default gateways, and DNS and WINS servers. Because of potential conflicts, NAT cannot be used on private networks where DHCP is already deployed. Likewise, DHCP relay agents cannot be used on private networks where NAT assigns addresses because NAT could forward DHCP traffic to a DHCP server on the wrong (other) network. Inbound connections. NAT requires that a set of static mappings be defined for local network resources when clients need access to local IP-based services as well as external (usually Internet-based) services. For large intranets or in-house networks, this can involve more work than is worth doing.
n
Name resolution services. If NAT provides name resolution services, neither WINS nor DNS servers can operate on the same private network where the NAT server is running.
n
NAT editors. NAT cannot translate protocols containing source or destination addresses in the data payload or packets that do not use User Datagram Protocol (UDP) or TCP headers. For these protocols, NAT editors must be defined; Windows 2000 includes NAT editors for File Transfer Protocol (FTP), Internet Control Message Protocol (ICMP), and Point-to-Point Tunneling Protocol (PPTP); but other services, such as Simple Mail Transfer Protocol (SMTP) or LDAP, might need to have editors defined. Again, only experimentation can determine conclusively whether NAT will work on your network.
n
Protocol restrictions. Protocols such as Internet Protocol Security (IPSec) and H.323, which require public Internet connections from end to end, cannot work with private IP addresses (and, therefore, do not work with NAT).This means you must choose between NAT and the services (such as NetMeeting or IPSec) that require public IP connections end-to-end.
n
VPN links. NAT works with some virtual private network (VPN) connections, but services that depend on secure end-to-end connections, such as Layer 2 Tunneling Protocol (L2TP) with IPSec, will not work.
NAT support is included as part of the Windows 2000 Server Routing and Remote Access Service (RRAS) and as part of Internet Connection Sharing in Windows XP Professional.There are also plenty of low-cost “network appliances” that combine NAT with other network services and act as DSL or cable modem routers for small office/home office use.
Routers, Proxies, and Firewalls Purely from an abstract perspective, routing simply requires a network device with two or more network interfaces.This device must be able to forward traffic from one interface to another, as dictated by the destination address on outgoing traffic from any single
Routers, Proxies, and Firewalls
interface. Likewise, each interface on a network device must be attached to a different subnet so that the device can route traffic from one subnet to another. Because routers offer a pathway from one subnet to another (often to permit access to the Internet), the TCP/IP name for such a device is a gateway, also known as a default gateway. (The latter name is what appears in the Microsoft TCP/IP Properties dialog box.)
Static and Dynamic Routers Windows XP can act as a router when multiple network interfaces are present.Windows XP Professional adds support for dynamic routing with the new Routing Information Protocol (RIP) Listener service that collects RIP ver.1 subnet-level broadcasts and adds new routes automatically to the routing table.Windows 2000 Server offers a variety of dynamic routing protocols through the RRAS. A static router does not exchange routing information with other routers to figure out where to forward packets; it simply consults a configuration table that defines what routes it knows about. (Because this table must be changed manually by using the route command, it represents a static data structure and explains the reason for its designation.) Note Even on Windows XP machines that are not configured for routing, you can inspect the contents of their local routing tables (which contain all known routes) by typing route print at the Windows command prompt.
Windows 2000 Server supports the two most important IP-based interior routing protocols: the Routing Information Protocol (RIP) and Open Shortest Path First (OSPF). Both protocols are dynamic routing protocols, in that they can exchange routing information and routing table updates with other routers, but OSPF is newer and more sophisticated than RIP. For more information on these routing protocols and how they’re implemented in the Windows 2000 environment, please consult the “For More Information” section at the end of this chapter. For the purposes of this discussion, all you need to know about dynamic routing is the following: n
A dynamic router is a networking device that uses a dynamic routing protocol, such as RIP or OSPF.
n
Interior routing protocols, such as RIP and OSPF, operate within the confines of autonomous networks and are completely under the control of local network administrators.
n
Exterior routing protocols, such as the Border Gateway Protocol (BGP), operate on backbone connections managed by and between communications carriers. Because they define the high-speed topology for the Internet, they are managed by the carriers who control them and are linked at special points of presence managed by consensus among the parties involved. Most network administrators do
285
286
Chapter 14
n
Windows XP and TCP/IP
not manage exterior routing protocols unless they work for a service provider or a communications carrier. The routing capabilities of Windows 2000 Server include basic packet-screening capabilities, so it’s possible to define packet filters that can include or exclude IP traffic based on source and destination address, protocol, or service.
Proxies and Firewalls Proxies and firewalls are basically special-purpose networking devices with more advanced screening capabilities. A firewall is usually an isolated device sitting on the boundary between the Internet and a private network (in other words, it has one interface connected to each world); it inspects the traffic flowing between the “inside” and “outside” networks. Firewalls can restrict incoming and outgoing traffic based on a packet’s source or destination address, the protocol it uses, the port address involved, or the specific packet contents. A proxy is a software service that mediates between internal and external hosts (so external hosts see only the address for the proxy server, and internal hosts need know about the proxy server only when they attempt to make external network access). On many modern networks, firewall devices also support proxy services. In fact, it should be obvious by this definition that NAT is a special kind of proxy service. A proxy stands between the client and the server in a network connection. Here, either the client or the server is outside the firewall, and the other party is inside the firewall with the proxy in between.Therefore, the proxy has the opportunity to perform address masking (replacing internal network addresses with its address on outgoing traffic, and replacing its address with its intended recipient’s address on incoming traffic). Proxies can also examine content in the traffic that passes through them across the network boundary. Proxies also provide caching services—that is, they store local copies of remote resources (such as Web pages or FTP files). Repeated requests for access to the same materials can then be satisfied much more quickly because a copy resides in the proxy server’s local cache. Cache entries include timestamps and expiration periods so that the cache is refreshed from the source before it has a chance to change or go stale. Working from Windows XP, you will probably deal with routers, firewalls, and proxies primarily as a client. As a client, you are assigned a gateway address (to access external networks) as part of your IP configuration, and you might be assigned a proxy address for specific information services, such as e-mail,Web browsing, or FTP. Because Windows XP is limited to 10 simultaneous user connections, most router, firewall, and proxy products—including Microsoft’s own RRAS (its Proxy Server 2.0) and its Internet Security and Acceleration (ISA) Server (the Windows 2000–based replacement for Proxy Server)—are designed to run on Windows 2000 Server machines. If
DNS, WINS, Active Directory, and Other IP Matters
you’re looking for further details on routers, proxies, and firewalls, please see the “For More Information” section at the end of this chapter. As a proxy client on a Microsoft network, be sure to check your local documentation, or ask a network administrator to obtain the configuration details necessary to establish an Internet connection.You should also be aware that for protocols or services for which proxy services are not available, you might have to ask your administrator to create special configuration information to bypass the proxy server for these protocols or services—and that assumes that the local security policy permits such exceptions to exist. (It might not; in which case, you’re out of luck!) About Port Addresses When IP connections are made between a client and a server, they use one or two TCP or UDP port addresses to handle inbound and outbound communications; most IP services are associated with well-known port addresses and use temporary port addresses to serve transient connections as long as they last. Well-known port addresses define listening posts, where servers wait to service client requests by spawning transient connections to handle individual requests. Port addresses are 16-bit numbers; numbers 0 through 1,023 are reserved for well-known ports, and numbers 1,024 through 65,535 are used for transient ports. These numbers are also increasingly reserved for well-known or alternative service ports, given the large number of IP services now available on modern networks.
If you’re working with Microsoft Proxy Server 2.0, client configuration is automated. All you need to do is access a special-purpose local URL where client software installation routines are available. For most Microsoft networks, this page typically resides at http://<www.server.com>/MSProxy/.You must replace <www.server.com> with a valid local server name, IP address, or NetBIOS name to establish a working connection.When accessed, this page loads a welcome page with a download link for the client configuration software. After the software is installed, you access all available IP services through the proxy server.
DNS, WINS, Active Directory, and Other IP Matters Windows XP supports two forms of name resolution to convert symbolic names into numeric addresses: DNS for domain names and WINS for NetBIOS names. Before you can explore these two name services, you must understand the names that are specific to each service. DNS requires a specially formatted version of a domain name called a fully qualified domain name (FQDN). For NetBIOS names, this consists of a name that can be up to 15 characters long, subject to certain illegal character restrictions. Both types of names are explored in the following sections.
287
288
Chapter 14
Windows XP and TCP/IP
Fully Qualified Domain Names (FQDNs) and DNS FQDNs are more complex and structured than NetBIOS names because they include a notion of hierarchical structure that’s absent with NetBIOS names. In fact, an FQDN is designed to supply a unique name for every host on the Internet. It also situates that name within an overall name hierarchy.To that end, FQDNs consist of multiple names, with each name separated by a period and the final name followed by a closing period. The rightmost element in any domain name is the top-level domain (TLD) name.You’re probably already familiar with the best-known TLDs.Today, they include two- and three-letter country codes for every country recognized by the United Nations.They are fully documented in ISO standard 3166; please visit ftp://ftp.ripe.net/iso3166countrycodes.txt for a complete list that’s maintained by the ISO 3166 Maintenance Agency. Also, the following TLDs are primarily used in the United States: .com
Designates commercial, for-profit Web sites
.edu
Designates educational institutions or agencies
.gov .net
Designates U.S. federal government sites Designates network service companies or ISPs
.mil .org
Designates U.S. military sites Designates not-for-profit organizations
Newly approved TLDs are as follows: .aero .biz .coop .info .museum .name .pro
Societe Internationale de Telecommunications Aeronautiques SC (SITA) JVTeam, LLC National Cooperative Business Association (NCBA) Afilias, LLC Museum Domain Management Association (MDMA) Global Name Registry, LTD RegistryPro, LTD
Refer to the ICANN Web site for a current list of top-level domains: http://www.icann.org. An FQDN must end with a period in the rightmost character position. By convention, all DNS names coalesce at the top, or root, of the hierarchy, represented by a collection of 13 root-level servers worldwide.The name immediately to the left of the TLD name is called the first-level domain name. Starting at this level and moving to the left in any FQDN, all such names are under the administrative control of whichever company or organization owns the first-level domain name. Such names are unique and must be formally assigned by some name registry working under ICANN’s supervision. For
DNS, WINS, Active Directory, and Other IP Matters
example, Microsoft’s first-level FQDN is microsoft.com, so the company can create as much hierarchy beneath that domain name as it likes. Common extensions to domain names include service labels such as www, ftp, secure, mail, and so forth. Many organizations extend their domain names to indicate site locations and functions, so a name such as publicpi.partner.boulder.ibm.com designates a public partner information source in the business partner’s group at IBM’s location in Boulder, Colorado. It’s uncommon to see domain names with more than five parts, but there’s nothing in the DNS specification that prevents names with more than five parts.There is a string limitation of 128 or 256 characters for such names, depending on the type of operating system you’re using; for Windows 2000, input lines are limited to 256 characters. So domain names must typically be somewhat shorter than that. DNS is a TCP/IP service that’s available on Windows XP,Windows 2000,Windows NT, and numerous Unix versions; it translates from an FQDN to an equivalent IP address. One unique feature of DNS on Windows 2000 is that it can be integrated with Active Directory in a way that permits Active Directory to dynamically update the DNS records that store name-to-address (and address-to-name) translation data.This implementation is called Dynamic DNS (DDNS). Dynamic DNS allows DNS servers to get dynamic updates for the DNS server database. In addition, when integrated with Active Directory, Dynamic DNS is integrated securely. For more information on Dynamic DNS and Active Directory, refer to http://www.microsoft.com/WINDOWS2000/ techinfo/reskit/deploymentscenarios/scenarios/dhcp02_use_ dynupdate_secdynupdate.asp.
For any FQDN to resolve into the proper IP address, the necessary translation must be defined in an address record in some DNS server’s database. Usually, that information is stored on the server that’s authoritative for the collection of names (called a database zone or, more simply, a zone) and in the databases of secondary servers for that zone.When name requests are resolved, local DNS servers retain that information in their caches so that subsequent requests for that information do not have to be resolved remotely. As with proxy caches, DNS cache entries use associated timestamps and expiration dates to decide when aging entries must be refreshed or purged. In the final analysis, the power and beauty of DNS is that any client anywhere on the Internet can request translation of any DNS name into an equivalent IP address and expect to get the desired response in a reasonable amount of time. For more details about DNS, please consult the “For More Information” section at the end of this chapter.
NetBIOS Names and WINS As mentioned previously, NetBIOS name resolution is required on networks to provide backward-compatibility with older versions of Windows and to support applications that use NetBIOS for communications. Because this still represents the vast majority of
289
290
Chapter 14
Windows XP and TCP/IP
Microsoft networks, it’s important to understand how NetBIOS names work and how to resolve them into IP addresses when other protocols (such as NetBEUI or NWLink) aren’t available to handle the job.Therefore, it’s important to understand NetBIOS name structures and their limitations, which are as follows: n
NetBIOS names must be between 1 and 15 characters long (the names themselves are up to 16 characters, but the last character is reserved as a special character indicating the type of resource being named). If you are still using DOS or Windows 3.x machines on your network—that is, those machines that can recognize only old-style 8.3 filenames—these machines cannot recognize NetBIOS names that are more than eight characters long.
n
NetBIOS names cannot include any of the following special characters: double quote (“), right slash (/), left slash (\), left square bracket ([), right square bracket (]), colon (:), semicolon (;), vertical slash (|), equals sign (=), plus sign (+), asterisk (*), question mark (?), less than sign (<), and greater than sign (>). NetBIOS names that end in a dollar sign are called hidden names because they do not appear in browser lists or My Network Places.
Because some clients might have problems with embedded spaces, or require quotation marks for these names to be recognized, it’s wise to avoid them in NetBIOS names. When creating NetBIOS names, be concise and descriptive. If users come and go regularly, avoid using their names or initials; likewise, it’s wise to avoid location designations for machines that move around a lot. Operating system designations, IP host address numbers, and user initials are included in the NetBIOS names used in this book because our machines and users stay put. (For example,W2P-21-JD designates John Doe’s Windows 2000 Professional machine, which has an IP host address of 172.16.1.21.) WINS is to NetBIOS names what DNS is to domain names—that is, it resolves NetBIOS names to equivalent IP addresses.Windows XP supports neither WINS nor DNS as a server; for that purpose, you must install some variety of Windows 2000 Server (plain, Advanced, or Datacenter). n
n
Unlike DNS,WINS is truly dynamic—that is, all WINS clients register with WINS during boot-up and supply their name and IP addresses for subsequent translation. As names and addresses change, the WINS database changes with them the next time a changed machine boots up and registers with WINS anew.This makes WINS capable of handling DHCP clients and clients or servers with static IP address assignments with equal facility. Unless you’re using Dynamic DNS, an administrator must apply all DNS database updates manually.WINS can also update DNS, if you select the Enable WINS Lookup check box in the DNS Administrator tool. Selecting this option permits Windows-based DNS servers to query a WINS server for names it cannot otherwise resolve. (Links between Active Directory and DNS provide a similar capability, even when dynamic updates are not enabled.)
Using the Dynamic Host Configuration Protocol (DHCP)
Static Name Resolution Techniques On smaller networks, where it might be neither feasible nor desirable to operate WINS or DNS servers, you can use alternative file-based methods to support domain name and NetBIOS name resolution. In either case—and in fact, the alternative to WINS is a simple variation on the alternative to DNS—clients access local files to resolve names, instead of calling a special-purpose server to do the same job. Because Microsoft’s implementation of both files supports a file #include capability (which requires you to designate only the names and addresses for key servers on your network and then access common name resolution files stored on those servers), the job of maintaining this static environment need not be onerous. The Hosts and LMHosts files are plain text files that contain name-to-address mappings for domain names and NetBIOS names, respectively. A Hosts file maps FQDNs to IP addresses, whereas an LMHosts file maps NetBIOS names to IP addresses.You can copy sample files of each type from the \systemroot\system32\Drivers\etc directory on the Windows XP computer. By using a text editor such as Notepad, you can inspect or alter the contents of these files to match your local environment, if this approach seems appropriate for your network. Although the sample files do include some helpful comments, we recommend that you consult TechNet for more specific documentation on editing these files. If you don’t have your own copy of TechNet, search Microsoft’s online version through http://www.microsoft.com/technet/. Remember that you must maintain Hosts and LMHosts files manually. For that reason, you should place only minimal Hosts and LMHosts files on clients, and use file #include statements to maintain a single copy of more extensive data on a server somewhere. Also, if you connect to the Internet, you must obtain access to a DNS server to get proper name resolution. It’s just not practical to maintain a Hosts file for the whole Internet—in fact, that’s why DNS was invented in the first place.That’s also why eschewing WINS and using LMHosts files usually makes more sense than trying to replace DNS with Hosts files on most modern networks, simply because invariably there are fewer NetBIOS names that you will want to resolve, compared to domain names on the Internet.
Using the Dynamic Host Configuration Protocol (DHCP) To understand the allure of DHCP, all you need to do is look at the Internet Protocol (TCP/IP) Properties dialog box where TCP/IP is configured, as shown in Figure 14.1. You can select the Obtain an IP Address Automatically radio button, or you can work your way through four more tabs of input data and enter seven or more IP addresses for the local machine, subnet mask, default gateway, one or two DNS servers, one or two WINS servers, and possibly even configure IP security and IP filter settings.
291
292
Chapter 14
Windows XP and TCP/IP
Figure 14.1 If DHCP supplies an IP address and configuration data, you need select only a single radio button.
Because it’s so much easier for users not to have to enter all that data, they usually prefer using DHCP when faced with configuring TCP/IP on a computer. Administrators tend to like DHCP even more because aside from its convenience to users, DHCP permits TCP/IP addresses to be managed with ease for an entire internetwork from a single location. For those administrators who had to manually allocate IP addresses on a permachine basis, DHCP is a godsend; for those who never had to handle addresses manually, DHCP is a vital element in their administrative toolkit. In fact, DHCP is an enhanced version of the Bootstrap Protocol (BOOTP), originally designed to permit diskless workstations to log on to a network and then download an operating system and configure themselves to be ready to work. DHCP takes advantage of BOOTP’s capabilities to provide network access and configuration data to a machine that has no such intelligence. If DHCP boots up on the network and discovers that it has no current or valid IP address, it can provide machines with an IP address, subnet mask, default gateway address, DNS and WINS addresses, and so forth. DHCP manages groups of IP addresses called address pools and assigns available members of its address pool to computers when they request an IP address. Most modern networks use DHCP to provide IP addresses to network clients, as do the vast majority of ISPs.Traditionally, DHCP has not been used to manage IP addresses for routers or servers because these addresses are typically tied to (static) DNS databases, so such an address should not change without a corresponding change to relevant DNS records. However, creating an automatic address assignment is possible in DHCP, which allocates an address permanently to an interface and can be reset only manually by an administrator. For these reasons, DHCP is increasingly being used to manage all IP addresses—even those that normally do not change very often, if at all.
Using the Dynamic Host Configuration Protocol (DHCP)
For ordinary clients, DHCP provides a dynamic address assignment based on a leasing process for individual addresses—that is, when a client requests an IP address from a DHCP server, the address that is delivered comes with an expiration time that defines the lease period for the address. Depending on the circumstances, leases can be as short as two to three hours (which is typical for ISPs, where users come and go quickly and often) or as long as two weeks (which is more typical on corporate networks, where users tend to show up five days or more per week). When an address lease period is half used, the client automatically requests a lease extension. If granted, the lease goes back to its original period. If the request is denied or no reply is received, the client attempts to renew its lease again when three fourths of the period expires and again when seven eighths of the period expires. At either point, the lease can be renewed. If a lease period expires without a renewal, however, the DHCP client must repeat its original request for an IP address because it no longer possesses a valid IP address. The Windows ipconfig command, which displays the current local TCP/IP configuration on any Windows NT–based computer, can also manage DHCP leases by using the /renew or /release parameters. (/renew requests a lease renewal manually; /release relinquishes the current address lease manually.) To view any Windows NT or 2000 machine’s current IP configuration, including DHCP lease information, use the ipconfig /all command, which produces output that looks like this: Windows XP IP Configuration Host Name . . . . . . . . . . . . : w2kp-21-et Primary DNS Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Broadcast IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : 3Com EtherLink III ISA (3C509/3C509b) in Legacy mode Physical Address. . . . . . . . . : 00-60-97-1B-7B-01 DHCP Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : 172.16.1.21 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : DNS Servers . . . . . . . . . . . :
The ipconfig command is a useful diagnostic tool when checking for configuration problems or DHCP address leases. For complete information on this command, enter ipconfig /? at the Windows XP command line.
293
294
Chapter 14
Windows XP and TCP/IP
Installing and Configuring TCP/IP Normally,TCP/IP is installed and configured during the Windows installation process, but if not, you can add it using the Install button in the Local Area Connection Properties dialog box. (To get there, click Start, Control Panel, Network and Internet Connections, Network Connections. Right-click Local Area Connection, and then select Properties.) After you click the Install button, the Select Network Component Type dialog box opens. Select Protocol from the list of available components, and then click the Add button to open the Select Network Protocol dialog box. Select the protocol you want in the list, and click OK.The new protocol will be installed on your XP computer. Figure 14.1 shows the General tab, which is the primary TCP/IP configuration tab. A quick refresher shows that it provides fields to accommodate the following values, if manual IP address assignment is selected rather than DHCP: n n n
IP address. The static IP address to be assigned to this machine. Subnet mask. The subnet mask that corresponds to the local subnet design. Default gateway. The IP address for a device on the same subnet as the current machine’s address that can forward IP traffic to other subnetworks.
Likewise, you can use this tab to indicate whether you will obtain your DNS addresses. Normally, DHCP supplies this information along with other IP configuration data. If manual entry is selected, you can supply both a preferred DNS server address and an alternate DNS server address.Your computer tries to access the preferred server first and then the alternate server if the preferred server does not respond before a timeout occurs. Note also the Advanced button at the bottom of this tab. Clicking this button opens the Advanced TCP/IP Settings dialog box. It features four tabs at the top, labeled IP Settings (the default tab), DNS,WINS, and Options (from left to right). The following sections discuss the controls available in each tab.
IP Settings Use the IP Settings tab shown in Figure 14.2 to edit an interface’s static IP address, subnet mask, or default gateway entries. Microsoft has made one change in this tab: adding an automatic metric for the gateway IP address. If this feature is enabled,Windows XP chooses from the list of gateway IP addresses based on the interface’s speed.Windows XP determines the metric by collecting RIP data with the RIP Listener.When the Automatic Metric check box is cleared, the administrator assigns the metric manually and the gateway is chosen based on metric and availability.
Installing and Configuring TCP/IP
Figure 14.2 Detailed IP configuration controls appear as tabs in the Advanced TCP/IP Settings dialog box.
Windows XP can also automatically locate and configure gateways by using ICMP Router Discovery.This feature was new in Windows 2000 and enabled by default. In Windows XP, it is disabled by default but can be enabled manually by using the Registry or by setting the Perform Router Discovery DHCP option.These options enable the Windows XP computer to send ICMP Router Discovery Solicitation messages. Routers must be RFC 1256 compliant to send the corresponding ICMP Router Advertisements. Windows 2000 servers with RRAS installed support ICMP Router Discovery. For more information, see Chapter 19, “Configuring TCP/IP,” in the Microsoft Windows XP Professional documentation.
DNS Use the DNS tab shown in Figure 14.3 to specify more than two DNS servers to access for lookups and to manage their search order. (DNS servers are accessed by the order in which they appear in the list of DNS server addresses at the top of this tab.) You can also use this tab to handle unqualified names (which means possibly incomplete domain name specifications). A suffix supplies information that would appear to the right of the supplied name (so you could add .com, .net, and so forth to try known TLDs with otherwise unqualified domain names).You can also use the domain name for the current machine’s parent domain to supply this information, or supply a specific suffix. Finally, you can even register this machine’s address with DNS (but this requires access to a DNS server).
295
296
Chapter 14
Windows XP and TCP/IP
Figure 14.3 You configure DNS information in the DNS tab of the Advanced TCP/IP Settings dialog box.
WINS Use the WINS tab shown in Figure 14.4 to input IP addresses for one or more WINS servers. Again, the order of appearance in the WINS address list also defines their search order.You can also use this tab to enable use of LMHosts files as a WINS alternative or supplement and to explicitly enable or disable NetBIOS over TCP/IP or obtain that setting from a local DHCP server.
Figure 14.4 You configure WINS information in the WINS tab of the Advanced TCP/IP Settings dialog box.
Managing Internet Connections
Options In the Options tab (see Figure 14.5), you can filter TCP/IP traffic by including or excluding traffic on the basis of TCP or UDP port address or IP name. Although permachine filtering can be valid in small office/home office settings, on larger networks with firewalls and proxies, filtering is better applied at the network periphery according to a specific security policy.
Figure 14.5 You configure additional TCP/IP options in the Options tab of the Advanced TCP/IP Settings dialog box.
A new feature of TCP/IP configuration is the addition of the Alternate Configuration tab in the main Internet Protocol (TCP/IP) Properties dialog box.You can use the options in this tab to enable Windows XP to support two different TCP/IP configurations. Normally, this option is needed on a notebook computer that has one configuration for the office and a second configuration for working from home or away from the regular network.This new feature helps mobile users by not requiring them to select an alternative hardware configuration on startup to accommodate the second or alternative set of TCP/IP settings.
Managing Internet Connections These days, Internet connections come in three forms: dial-up telephone connections, digital connections (such as DSL and cable modem), or network connections (where a router manages the Internet link, and you simply send packets through that device to reach the Internet).
297
298
Chapter 14
Windows XP and TCP/IP
For standalone users, only the first two methods for creating Internet connections are applicable, so that’s all we cover here. For the record, however, the techniques discussed for both these connection types can apply to any router or firewall that manages an Internet connection for a network. However, these connections might also involve other digital link types, such as frame relay,T1, and T3.
Creating and Managing a Dial-Up Connection This technique applies to any form of telephony (including analog phone lines and ISDN) in which some kind of dial-up is necessary to initiate an active online connection.The Windows XP Network Connections applet in Control Panel includes the Create a New Connection Wizard. Use this wizard to define what kind of Internet connection you want to create. (This means select the Dial-Up to the Internet or Connect to a Private Network Through the Internet option, depending on whether you use a VPN or just make a direct connection.) Next, you go through the process of configuring your modem (if you haven’t done so already).Then you walk through the process of creating a connection object to dial up your ISP. To create the necessary TCP/IP settings for a connection object, click Properties (when the connection object is selected), select the Networking tab, and then open the Internet Protocol (TCP/IP) Properties dialog box. In this dialog box, you can leave the default settings of Obtain an IP Address Automatically and Obtain DNS Server Address Automatically if you are using DHCP and your ISP is assigning your IP configuration upon connection. If you have dedicated settings for these options, select the other radio button and fill in the necessary details.
Creating and Managing an Always-On Connection When you sign up for an always-on service, such as a cable modem or DSL, connecting to the Internet means attaching a special-purpose access device to your computer (usually through a 10BaseT Ethernet NIC attached to the access device via a 10BaseT modular cable). Setup and configuration details for these devices are beyond the scope of this book; however, most vendors of such equipment provide setup instructions for their devices.These instructions can range from installing drivers (such as adding a modem or a NIC), running a proprietary installation tool, or just connecting the device to a NIC in your system configured to use DHCP. After the connection has been set up, only rarely are changes necessary. Nevertheless, you’ll want to contact your service provider’s technical support staff and obtain the following information; you’ll need it to configure other IP services, and it will come in handy should troubleshooting become necessary: n
The domain name for your local Simple Mail Transfer Protocol (SMTP) server. Even if you get your e-mail somewhere else, you need to send outgoing mail through your provider’s SMTP server. Because this information is necessary for e-mail configuration, be sure to ask for it!
Managing IP Information Services
n
n
n
The IP addresses for your provider’s primary and secondary DNS servers. You might not need to enter this information yourself, but it can come in handy if you have name resolution problems down the road. The domain name for the ISP’s Post Office Protocol (POP) or Internet Message Access Protocol (IMAP) server. If you get your e-mail through the same service provider that gives you an always-on connection, be sure to get the domain name for its POP or IMAP server.This information is also necessary for configuring your e-mail. The domain name for the ISP’s Network News Transfer Protocol (NNTP) server. If your provider offers network news services, you want to get the domain name of its NNTP server to configure your newsreader (or to supply as a URL to Internet Explorer, which then starts the Outlook Express Newsreader).
With this information in hand, you can begin to take advantage of the increased bandwidth that always-on connections have to offer. If you want to see just how fast you’re going, visit MSN’s Bandwidth Speed Test page at http://tech.msn.com/Internet/ speedtest.asp. To protect your PC from unwanted intrusions through your always-on service,Windows XP now includes an Internet Connection Firewall (ICF).The firewall works by monitoring incoming and outgoing packets and permitting incoming packets only if they originate from an outgoing request by the firewall or other internal IP address.This service, available in Windows XP Home Edition and Windows XP Professional, is enabled by default for Internet connections. To check your system’s security (or lack thereof, if you haven’t changed any default settings), visit the Gibson Research Web site at http://grc.com/ and use the ShieldsUp and LeakTest utilities. If those tests turn up any potential security exposures, visit Gibson’s personal firewalls-rating page and obtain one of the products reviewed there (http://grc.com/su-firewalls.htm).
Managing IP Information Services TCP/IP enables access to an astonishing array of information services for Windows XP computers.The following sections cover some of the most important services—including e-mail,Web, and FTP access—so that you can make the most of TCP/IP’s capabilities.
Managing IP-Based E-mail E-mail remains one of the most widely used and important applications on modern networks.Windows XP does not support e-mail directly, but Internet Explorer is included with the operating system (and available as a free download from http:// www.microsoft.com/windows/ie/), and it offers the Outlook Express e-mail client.
299
300
Chapter 14
Windows XP and TCP/IP
Outlook Express is a reduced version of Outlook. (Outlook is included as part of the Microsoft Office product suite). Both Outlook and Outlook Express are perfectly usable e-mail clients with numerous advanced features and capabilities. For more information, visit http://www.microsoft.com/office/outlook/ and refer to Chapter 28, “Windows XP as an E-mail Client.” Internet e-mail typically relies on one of two sets of common e-mail protocols.The most common set uses two e-mail protocols to do its job. POP version 3 (POP3) permits clients to download e-mail messages from a server to a local e-mail client. SMTP lets clients upload e-mail to their local e-mail server, but also handles e-mail routing from the sender’s e-mail server to any designated recipient’s e-mail server.Together, POP3 and SMTP let clients send and receive e-mail. Another more advanced e-mail protocol, called IMAP, is currently available in version 4 and is often abbreviated as IMAPv4.Whereas POP3 forces clients to download e-mail messages from a server and manage them locally, IMAP enables clients to keep their messages on the server, yet still organize them into named folders or directories.This means IMAP users don’t have to log on to any particular machine to manage their e-mail archives. It also means that servers need to allocate lots of disk space for e-mail archives, which is one reason that IMAP e-mail access is not very common. Today, most e-mail servers impose a variety of security restrictions to protect user confidentiality and avoid incidents of unsolicited commercial e-mail (often called spam).That means users must log in to the e-mail server with an account and password to download or view their messages, but it also means that outgoing distribution lists (messages addressed to named collections of individuals) must often be limited to 50 usernames or fewer. Nowadays, many e-mail servers limit the number of addressees in a single message to block users’ abilities to create spam. When it comes to configuring your Windows XP e-mail client, ask your ISP to supply the necessary configuration data, including domain names for POP3, SMTP, or IMAP servers.
Managing Your Web Browser Although Netscape Navigator (http://www.netscape.com) and Opera (http://www.opera.com) offer reasonable alternatives to Internet Explorer, the latter program’s tight integration with Windows XP makes it attractive on any machine. Microsoft has released important security updates, so Internet Explorer 6.0 is a very stable product. Given the many frequent security exploits against Web browsers, regular browser updates are an essential maintenance activity. Fortunately, Microsoft has released an automatic Critical Update Notification facility as part of its IE upgrades. Log on to your system as an administrator, and choose Tools,Windows Update from the IE menu to go to the
Managing IP Information Services
Window Update site; it will inform you about any updates you’ve missed and enable you to update and install them with ease. Note For information about alternatives to Internet Explorer, please visit http://browsers.com.
Serving the Web from Windows XP Professional Windows XP Professional supports Internet Information Services (IIS) version 5.1, which includes a Web server and an FTP server, both fully integrated into the security of Windows XP. IIS is not installed on XP by default, but it can be easily added through the Add/Remove Windows Components section of the Add/Remove Programs applet. Be sure to view the details of the IIS service to select FTP and other optional components. (FTP is not installed as part of IIS by default; you must specifically select it to host FTP sites on your system.) Installation is a simple wizard, which prompts mainly for pathnames for various items, and in most cases the defaults are acceptable. IIS 5.1 functions in much the same way as IIS 5.0. You’ll be able to leverage all your existing knowledge and content directly into IIS 5.1. IIS 5.1 does not include many of the enhanced features of IIS 5.0 for Windows 2000 Server. Plus, there is a real limitation caused by Windows XP Client Access Licensing (CAL) allowing a maximum of only 10 simultaneous client connections.This makes Windows XP an unlikely candidate for a production intranet or even an Internet Web server. However, it can often be deployed as a test or development platform for small- to modest-sized Web sites that do not use distributed Web applications.
FTP Utilities Windows XP includes a command-line FTP program that offers complete but userunfriendly access to all the capabilities FTP has to offer.This utility works the same way as the traditional Unix ftp utility. Online FTP help is available by typing ftp at the command line and then typing help at the ensuing ftp> prompt; to get help on an FTP command, type help
