microsoft operating systems

7/28/2019 Microsoft Operating Systems

1/58

Nutshell:

Microsoft XPOperating System

Date of course: _____________________________________


2/58

P a g e | 2

Name of Student: ___________________________________Rev 1.1

Microsoft XP Operating System


3/58

P a g e | 3



4/58

P a g e | 4

Contact Information :[email protected]

Not to be reused or copied in anyways without the explicit written agreement between Michael March and the requester,

until so granted permission.

Contents

Contents..................................................................................................................... 4

Installing Windows Facts............................................................................................ 7

Upgrading to Windows XP Facts................................................................................. 8

Network Installation Facts.......................................................................................... 8

Automated Installation Facts...................................................................................... 9

Troubleshooting Installation Facts............................................................................10

Built-in and Predefined User Accounts......................................................................13

Local User Account Best Practices............................................................................13

Built-in Local Groups.................................................................................................14

Implicit Local Groups................................................................................................15

Local Group Facts..................................................................................................... 16

Folder Redirection Facts........................................................................................... 17

Group Policy Facts....................................................................................................17

Installing Devices......................................................................................................18

Drivers......................................................................................................................21

File Verification Programs.........................................................................................22Multiple Monitors...................................................................................................... 22

Multiple Processors................................................................................................... 23

Power Management.................................................................................................. 23

Hardware Profile Considerations...............................................................................23

Network Components...............................................................................................25

Protocols................................................................................................................ 25

Clients................................................................................................................... 25

Services................................................................................................................. 25

TCP/IP Configuration Settings................................................................................ 25

Name Resolution Facts............................................................................................. 27

Dial-up Connection Facts.......................................................................................... 27

Remote Authentication Protocols.............................................................................28

VPN Tunneling Protocols...........................................................................................28

mailto:[email protected]:[email protected]:[email protected]


5/58

P a g e | 5

Common Port Numbers............................................................................................ 29

ICS and ICF Facts......................................................................................................29

Remote Services Facts............................................................................................. 30

File System Facts......................................................................................................31

Basic and Dynamic Disks.......................................................................................... 32

Volume Characteristics.............................................................................................32

Volume Mount Point Facts........................................................................................ 34

Designing Disks for Multiple Operating Systems......................................................34

Boot.ini Facts............................................................................................................ 35

File Compression Facts............................................................................................. 36

Encryption Facts....................................................................................................... 37

Disk Quota Facts.......................................................................................................38

NTFS Permission Facts..............................................................................................40

Shared Folder Facts.................................................................................................. 41

Offline File Facts....................................................................................................... 42

Internet Information Services (IIS)............................................................................42

Printing Facts............................................................................................................44

UNIX Printing Facts................................................................................................... 44

Managing Printing.....................................................................................................45

Faxing Facts............................................................................................................. 47Internet Explorer URLs..............................................................................................48

Applications Facts..................................................................................................... 48

Processes and Services Facts................................................................................... 50

Installer Package Facts.............................................................................................50

System Monitor.........................................................................................................51

Mobile Performance Facts........................................................................................ 52

Backup Facts............................................................................................................ 52

Backup Devices Facts............................................................................................... 53

System Recovery Facts............................................................................................ 54

Account Policies Facts.............................................................................................. 55

Auditing Facts........................................................................................................... 56

Security Templates Facts......................................................................................... 57

IE Security Facts....................................................................................................... 57



6/58

P a g e | 6

IE Certificates........................................................................................................... 58



7/58

P a g e | 7

Installing Windows Facts

Windows 2000 Professional requires the follow for a successful installation:

Pentium 133 MHz or greater (233 MHz recommended) 650 MB free disk space

32 MB RAM (64 recommended)

VGA (Super VGA recommended)

CD-ROM or DVD drive

Keyboard and mouse

Windows XP requires the following for a successful installation:

Pentium 233 MHz or greater (300 MHz recommended) 1.5 GB free disk space

64 MB RAM (128 recommended)

Super VGA

CD-ROM or DVD drive

Keyboard and mouse

To start the installation, use:

Winnt.exe to start installation from a DOS environment. Winnt32.exe to start installation from within a 32-bit environment.

The following table lists common switches to use with the installation programs.

Switch Purpose

/makelocalsource Copies installation files from the CD-ROM

/dudisable Disables dynamic updates during installation

/duprepare Prepare downloaded update files for use during installation

/dushare Start the installation with downloaded update files

/u Indicates use of an unattended answer file

/udf Indicates the use of a uniqueness database file

/s Specifies a path to source files

/checkupgradeonly Verifies upgrade compatibility with XP



8/58

P a g e | 8

/debug[level]:XPdebug.log Creates a debug log for an XP Professional installation

Keep in mind the following facts about performing an installation:

Before starting the installation, disable virus checking in the BIOS.

Gather all information about the computer and the network (such as the domain name)before starting the installation.

During installation, press F5 to install a custom HAL.

During installation, press F6 to install a custom SCSI driver.

For Windows XP, after the installation is complete you must activate your copy ofWindows within 30 days. Activation does not send personal information to Microsoft (itisn't the same as registration). Activation can be done through the Internet or over thephone.

Upgrading to Windows XP Facts

Before beginning the installation, run Winnt32.exe /checkupgradeonly to verify the systemcompatibility with Windows XP. The results of the check are saved in the %systemroot%\upgrade.txt file.

To preserve system settings during a clean install, use:

Files and Settings Transfer Wizard: A GUI tool for saving and restoring personalsettings.

Scanstate and Loadstate utilities: Use Scanstate to save the settings to a network folder.

Use Loadstate to load the saved settings on the new machine.

The following operating systems can be upgraded to Windows XP Professional:

Windows 98 (including SE) Windows ME

Windows NT 4.0 Workstation (load the latest service pack before upgrading)

Windows 2000 Professional

Windows XP Home Edition

Network Installation Facts

You should know the following facts about Remote Installation Services:

An RIS server must have the following components installed on it:o DHCP



9/58

P a g e | 9

o DNS

o RIS

o Active Directory

Use the Rbfg.exe (Remote Boot Disk Generator) file to create a boot disk for non-PXEcompliant network adapters. The boot disk simulates the PXE boot process. The file islocated in the RemoteInstall\admin\i386 folder on the RIS server.

On the workstation, be sure to enable network boot in the BIOS.

Use the Riprep.exe file to create the image of the reference computer.

To perform a network installation without RIS:

1. Copy the source installation files to a shared network drive.2. If necessary, update the installation files with service packs or hotfixes.

3. Execute Winnt or Winnt32 from the network share.

To use dynamic updates during an installation, download the updates to a network share. Usethe following switches with the Winnt or Winnt32 command to apply dynamic updates during theinstallation:

Switch Function

/Duprepare:[path to downloaded updates]Prepares the updates for use during installation.

/Dushare:[path to downloaded updates] Starts the installation with the downloaded update files.

/Dudisable Prevents the dynamic update from occurring.

To apply a service pack to the source installation files, use the Update.exe s:[network_share]command and switch. This applies the service pack changes to the installation files in thenetwork share.

Automated Installation Facts

Windows provides the ability to perform an unattended installation from a CD-ROM. To performan unattended installation from a CD-ROM, the following conditions must be met:

The computer must support booting from a CD-ROM, and must adhere to the El-Toritonon-emulation specification.

The unattended answer file must be renamed to Winnt.sif and copied to a floppy disk soSetup can access it. When Setup displays the message that it is examining thehardware configuration, insert the floppy disk containing the Winnt.sif file.

The answer file must contain a valid [Data] section with the following entries to theunattended answer file:



10/58

P a g e | 10

o UnattendedInstall=Yes - Value must be set to "yes".

o MSDosInitiated=No - Value must be set to "no" or Setup will stop during thegraphical portion of Setup.

o AutoPartition=1 - If the value is set to 1, the installation partition is automatically

selected. If the value is set to 0 (zero), you are prompted for the installationpartition during the text portion of Setup.

You can also automate installation by preparing a disk image. You then duplicate the disk imageto a new hard drive and boot the system. Use the following files to prepare an automatedinstallation using an image:

File Function

Sysprep.exe Prepares a system for duplication

Setupcl.exe Runs a mini-setup wizard when the duplicated drive is booted

Sysprep.infAn optional answer file that automates the mini-setup wizard. Can be copied to afloppy disk.

Note: These files belong in the Sysprep folder at the root of the system drive.

Troubleshooting Installation Facts

Use the /debuglevel:logfile switch to create an installation debug log. The default debug level is2. The default log file is C:\%systemroot%\Winnt32.log. The log levels are as follows:

Level Report

0 Severe Errors

1 Errors

2 Warnings

3 Information

4 Detailed information for debugging

You can use System File Checker (Sfc.exe) to verify the integrity of protected system files if aninstallation appears unstable. You can use the following switches with the Sfc command:

Switch Function/Scannow Perform a scan immediately

/ScanbootConfigures the operating system to perform a scan every time the operatingsystem boots

/Revert Changes the scan behavior back to the default

/Cachesize =size

Configures how much disk space can be used to store cached versions ofprotected system files



11/58

P a g e | 11

To uninstall a service pack or hotfix from the command line, run Spuninst.exe from the servicepack or hot fix uninstall folder. Use the following switches with Spuninst:

Switch Function

-u Unattended mode

-f Force other apps to close at shutdown

-z Do not reboot when complete

-q Quiet mode (no user interaction)

You can revert to a previous operation system after upgrading to Windows XP. You can alsouse Add/Remove Programs wizard to uninstall a Windows XP installation that was performed asan upgrade on a Windows 98 computer.

To isolate a driver causing an installation to fail, add the /Sos switch to the Boot.ini file. Thisloads the drivers individually, allowing you to isolate the bad driver.

Accessibility OptionsThe following table summarizes the accessibility features you can configure with the

Accessibility Options applet.

Option Description

StickyKeys Use Shift, Ctrl, or Alt in combination with other keys by pressing one key at a time

FilterKeys Ignore repeated keystrokes

ToggleKeys Associate sounds with Caps Lock, Num Lock, and Scroll Lock keys

SoundSentry Associate visual clues with sounds

ShowSounds Display captions for sounds made by programs

High ContrastChange background and text colors to improve readability. You can also configurevisual settings with the Display applet.

MouseKeys Control the mouse pointer with the number keypad

SerialKey Configure alternate mouse or keyboard input device

Regional and Language OptionsOne way to accommodate different languages in Windows XP is to select the correct version.There are two general versions available:

Localized Windows--Windows ships localized into a single language. All menus, dialogs,and buttons have been translated to the target language.

Multilanguage Windows--Windows includes multiple languages, letting users switchbetween localized versions of Windows without reinstalling. In other words, users cansee menus, dialogs, and buttons in their language of choice.



12/58

P a g e | 12

The following table summarizes the regional and language support for different Windowsversions.

FeatureLocalized Windows(Single-language)

MultilanguageWindows

Change date, time, measurement display Yes YesCreate, view, and edit documents in multiplelanguages (including East Asian and right-to-leftlanguages)

Yes Yes

Display Windows menus and dialogs in multiplelanguages

No Yes



13/58

P a g e | 13

Built-in and Predefined User Accounts

Windows XP Professional includes two built-in user accounts:

Administrator. Has all system rights and privileges to manage the local computer. Guest. Has very limited rights and privileges.

Keep in mind the following facts about the built-in user accounts:

You cannot delete built-in user accounts. As a best practice, you should rename these accounts. This makes it harder for

unauthorized users to guess a user account name to use.

By default, the Guest account is disabled (it cannot be used for logon).

Predefined user accounts are created during the installation of certain software components.These are normal user accounts with a specific name that are used by the software to performsystem or other functions. Although you can delete or rename these accounts, the software thatcreated them might not function properly if you do. Following is a list of some of the mostcommon automatically-created user accounts.

User Account Name Purpose

HelpAssistant Lets another user provide remote assistance.

IUSR_ComputerNameLets network users access the computer anonymously when thecomputer is acting as a Web server.

IWAM_ComputerName

Used by the computer to run programs when it is acting as a Web

server.

SUPPORT_IDNumber A vendor user account used to provide help and support.

Local User Account Best Practices

As you create and manage local user accounts, keep in mind the following recommendations:

When you create a new account, set a password to protect the account. Do not makethe password something easy to guess (for example, do not use the logon name for thepassword).

Force the user to change the password at next logon. This forces the user to replace theassigned password with one they choose.

Disable accounts that won't be used for a while.

If a user leaves and is replaced by someone else with similar access needs, rename theexisting account (rather than deleting the old account and creating a new one).



14/58

P a g e | 14

If you accidentally delete a user account, restore it from backup rather than creating anew one with the same name. Creating a new account results in a user account with adifferent SID.

Built-in Local Groups

When you install Windows XP, the following local groups are created automatically. Thesegroups have preassigned rights, permissions, and group memberships. You can rename thesegroups, but cannot delete them.

Group Name Capabilities

Administrators

Members have complete and unrestricted access to the computer,including every system right.The Administrator user account and any account designated as a"computer administrator" is a member of this group.

Backup OperatorsMembers can back up and restore files (regardless of permissions), logon locally, and shut down the system. Members cannot change securitysettings.

Power Users

Members can: Create user accounts and modify and delete accounts they create Create local groups and remove users from local groups they

create

Remove users from the Power Users, Users, and Guests groups

Change the system date and time

Install applications

Members cannot:

Change membership of the Administrators or Backup Operatorsgroups

Take ownership of files

Back up or restore files

Load or unload device drivers

Manage security and auditing logs

Users Members can use the computer but cannot perform system administrationtasks and might not be able to run legacy applications.Members cannot share directories or install printers if the driver is not yetinstalled.Members cannot view or modify system files.

Any user created with Local Users and Groups is automatically a memberof this group.User accounts designated as "limited use" accounts are members of this



15/58

P a g e | 15

group.A user account created as a "computer administrator" is made a memberof this group.

GuestsMembers have limited rights (similar to members of the Users group).Members can shut down the system.

Windows XP also includes the following local groups. Although these groups exist, you shouldnot modify their membership.

Network Configuration Operators Remote Desktop Users

Replicator

Implicit Local Groups

Windows XP has some special groups (sometimes called implicit groups or special identities)that act as variables to represent either a set of users or a set of programs running on thecomputer. The identity and membership of these groups is dynamically configured, so they arenot listed in Local Users and Groups. In many cases, user accounts are dynamically made amember of these groups when users perform certain actions (such as logging on or creating afile).

Group Name Membership obtained by...

ANONYMOUS LOGONLogging on without a user name and password (anonymouslogon is commonly permitted if the computer is acting as aweb server)

AUTHENTICATED USERS Logging on by supplying a user name and password

CREATOR GROUP Creating an object

CREATOR OWNER Creating an object (such as a file)

DIALUP Connecting to the computer through a dial-up connection

EveryoneGaining access to the computer except through anonymouslogon

INTERACTIVELogging on interactively (also called logging on locally)through the computer console

NETWORK Logging on to the computer through a network connection

REMOTE INTERACTIVE LOGONLogging on to the computer through a remote desktopconnection

Except the Everyone group, you can recognize these groups because their names arewritten in all caps.



16/58

P a g e | 16

Local Group Facts

As you work with local groups, keep in mind the following recommendations:

Whenever possible, use built-in groups to assign rights and permissions. For example,to allow someone to back up and restore the system, make the user account a memberof the Backup Operators group.

Use caution in modifying the default rights and permissions assigned to built-in groups.

When assigning security, make user accounts members of groups, then assign therights or permissions to the group rather than the user accounts.

In addition, be aware of the following facts about managing local groups:

Deleting a group does not delete the user accounts that are members of the group.

Removing a user account from a group does not delete the group or the user account.

You can make domain users and groups members of local groups.

You cannot remove the Administrator local user account from the Administrators group.

You cannot remove the Guest user account from the Guests group.

When you join a domain, some domain accounts are automatically made members oflocal groups.

User Profile Management Tasks

The following list describes some common profile management tasks and therecommended method for completing them.

To . . . Do . . .

Create a new profileLog on as a user without a profile. User profiles are created automatically,using the Default Users profile as a template. (You can also set accesspermissions on a copied profile for use as a new profile.)

Edit an existingprofile

Log on as the user, then use the Windows interface to modify the desktop,Start Menu, taskbar, and other preferences.

Create Start Menuor Desktop shortcuts

Copy the desired shortcuts to the appropriate folder within the user profile.

Copy a profile

Use the User Profiles tool to copy the profile to a new location. If you simplycopy the subfolders to a new location, registry settings and permissions willnot be properly modified.Note: You cannot copy the profile of a logged on user.

Make a mandatoryuser profile

Use Explorer to rename the Ntuser.dat file to Ntuser.man.

Make a roaming Copy the profile to a network share. Use the Profile tab in the user account



17/58

P a g e | 17

user profile properties to enter the path to the user's roaming profile.

Assign a specificprofile

Edit the properties of the user account (either local or domain user) toidentify the specific profile (either to a user roaming or otherwise) to use.

Delete a profileUse the User Profiles tool. Do not simply delete the folder as registrysettings will not be modified appropriately.

Note: You cannot delete the profile of a logged on user.

Folder Redirection Facts

Keep in mind the following facts about redirecting folders:

End users can only redirect the following folders: My Documents, My Music, MyPictures, and My Videos.

Group Policy can only redirect the following folders: Application Data, Desktop, MyDocuments, My Music, My Pictures, My Videos, and Start Menu.

You cannot redirect folders using local Group Policy.

Use the %username% variable to redirect folders to unique parent folders based on username.

You can redirect folders to different locations based on group membership.

When you redirect folders, the default is to copy the existing folder contents to the newlocation.

Redirecting folders does not delete the existing folder or prevent data from being storedin the folder. It only redirects the shortcut that points to the target folder.

By default, users are given the necessary permissions to manage their redirectedfolders.

Group Policy Facts

Group policy is a tool used to implement system configurations that can be deployed from acentral location through GPOs (Group Policy Objects).

You should know the following Group Policy facts:

GPOs contain hundreds of configuration settings. GPOs can be linked to Active Directory sites, domain, or organizational units (OUs).

GPOs include computer and user sections. Computer settings are applied at startup.User settings are applied at logon.

A GPO only affects the users and computers beneath the object to which the GPO islinked.



18/58

P a g e | 18

Group policy settings take precedence over user profile settings.

A local GPO is stored on a local machine. It can be used to define settings even if thecomputer is not connected to a network.

GPOs are applied in the following order:

1. Local

2. Site

3. Domain

4. OU

If GPOs conflict, the last GPO to be applied overrides conflicting settings.

The Computers container is not an OU, so it cannot have a GPO applied to it.

Group policy is not available for Windows 98/NT clients or Windows NT 4.0 domains.

You can use a GPO for document redirection, which customizes where user files aresaved. (For example, you can redirect the My Documents folder to point to a networkdrive where regular backups occur. Folder redirection requires Active Directory-basedgroup policy.)

Configuring a domain group policy to delete cached copies of roaming user profiles willremove the cached versions of the profile when a user logs off.

To manually refresh group policy settings, use the Gpupdate command with the followingswitches:

Switch Function

No switch Refresh user and computer-related group policy.

/target:user Refresh user-related group policy.

/target:computer Refresh computer-related group policy.

Installing Devices

When installing devices:

Begin by adding the device to the system or plugging the device in. Windowsautomatically detects and installs drivers for Plug and Play devices.

For undetected legacy devices, you might need to:

o Run the setup program that came with the device.

o Use the Add New Hardware wizard to install a device driver manually.



19/58

P a g e | 19

o Manually set IRQ, DMA, or I/O addresses

o Manually select and install the driver

IDE DevicesKeep in mind the following facts about configuring IDE devices:

Virtually every computer has two IDE host bus adapters integrated onto themotherboard.

Each adapter supports a maximum of two devices.

When two devices per adapter are configured, use jumpers to identify the master andslave devices.

The CMOS and BIOS typically auto-detects the devices attached to each adapter.

Configure the BIOS to identify which devices can be used to boot the computer.

SCSI DevicesKeep in mind the following facts about configuring SCSI devices:

Some computers have a built-in SCSI host bus adapter. For other computers, install anadapter card in the PCI bus.

Devices are connected in a chain. Most host bus adapters allow for an internal chain ofdevices and an external chain of devices. Most SCSI implementations have a limitationof seven devices (including the host bus adapter).

Each device (including the host bus adapter) in the chain must have a unique IDnumber.

This number might be set with switches or through software.

The end of the SCSI chain must be terminated. Some devices are self-terminating.Other devices require a special termination plug.

Modify the system BIOS to boot from a SCSI device (set the device type to 0 or notinstalled).

Parallel DevicesKeep in mind the following facts about working with parallel devices:

Parallel ports originally supported only printers. You can now attach a wide variety ofdevices to the parallel port.

Windows identifies each parallel port with the designation LPT1, LPT2, etc.

Parallel ports operate in three different modes: SPP (standard), EPP (enhanced, tosupport non-printer devices), and ECP (extended, for improved printer support). Virtuallyall computers support all three modes.

In most cases, Windows automatically detects the device connected to a parallel portand sets the mode accordingly.



20/58

P a g e | 20

To configure the port mode manually (such as to disable EPP for a port), edit BIOSsettings.

Serial DevicesKeep in mind the following facts about configuring serial devices:

Most computers have one or two serial ports. Modems and direct computer-to-computer connections typically use serial ports.

Windows allocates resources to serial devices using COM1, COM2, etc. designations.

Windows XP supports up to 256 COM ports.

For each serial port, configure the data speed, data/stop bits, parity, and flow controlsettings.

Conflicts might occur if two devices share the same COM port number.

USB DevicesFollowing are some facts to keep in mind while configuring USB devices:

USB devices connect through hubs to form a tree bus structure. Hubs are either self-powered or bus-powered (receiving their power from another hub).

Bus-powered hubs have a maximum of four ports, and supply a maximum of 100 mA ofpower per port.

Self-powered hubs supply up to 500 mA per port and can have many ports.

USB devices can be self-powered or hub-powered (receiving their power from the hub).

Connect low powered devices (such as a mouse or keyboard) to either self-powered orbus-powered hubs.

Connect high-powered devices (such as video cameras or scanners) to either a self-powered hub or plug the device in to its own power supply.

The USB bus is self-terminating and automatically assigns IDs to each device.

FireWire DevicesFireWire (also called IEEE 1394) is similar to USB, but is targeted mainly towards audio/videodata transfer. Keep in mind the following facts about FireWire devices:

FireWire is typically used for video cameras and devices requiring high-speed,guaranteed bandwidth.

FireWire devices are connected in a chain.

The controller automatically assigns device IDs. No termination is needed.

Windows detects and configures FireWire devices automatically as they are plugged in.



21/58

P a g e | 21

Wireless DevicesKeep in mind the following facts regarding configuring wireless devices:

Two common wireless interfaces include IrDA (infrared) and BlueTooth (radiofrequency).

Common IrDA devices include the mouse, keyboard, and PDAs. BlueTooth devices aretypically used for networking (such as to allow a laptop to connect to a network withoutwires).

Both the host computer and communicating devices require a transmitter/receiver.

With IrDA, devices must be close and have a direct line of sight path. With BlueTooth,devices can be farther away (up to 10 meters) and separated by walls or other objects inthe path.

Drivers

To update drivers:

Use Windows Update to automatically check for new drivers. Download the new driver and run the program to install it.

Download the new driver and use Device Manager to update and install the new driver.

To control how unsigned drivers are installed on the system, use the following settings:

Block (prevents unsigned driver installation) Warn (allows installation, but with an error message)

Ignore/Silently Succeed (install)

To protect against unsigned drivers,

Enforce driver signing on the system through the System applet or Group Policy. Use group membership and user rights to prevent normal users from installing drivers

(Power Users or Administrators only can install drivers).

The Hardware Compatibility List (HCL) includes all devices for which a signed driver isavailable.

Driver Rollback allows you to restore an original driver when a new driver causes systemproblems.



22/58

P a g e | 22

File Verification Programs

The following table summarizes the file verification tools you can do to verify driver

signatures and file integrity.

Program Features

Sigverif.exe

GUI-based tool that searches for unsigned files.By default, it searches only the Windows directory (click the Advancedbutton to search other locations).The program returns a list of files without digital signatures.

Driverquery.exe /si

Command-line tool that checks the digital signatures of drivers that are inuse.Use the/si switch to request the signature status of the drivers.The report lists each device, the .inf file for the device, and the signed

status of the driver.

Msinfo32.exe

GUI-based tool that displays the list of devices and information about eachdevice (including the driver, driver date, and signature status).The report shows every installed device and the signed status of thedrivers.

Sfc.exe /scannow

Tool that scans system files to ensure that they have not been replaced orcorrupted.Use the /scannow switch to force an immediate check of the system.Use the tool to automatically replace bad files.

Winmsd.exeLaunches the System Information tool. System Information lists hardwareresources, hardware devices and drivers used, system and signed drivers,

Internet Explorer settings, and Office application information.

Multiple Monitors

Hardware requirements for using multiple monitors:

Video card with dual monitor support OR multiple video cards One card designated as the primary card

Cards must be AGP or PCI (ISA will not work)

Special considerations for using multiple monitors:

Make sure the video card driver supports multiple monitors (upgrade the driver orreplace the device)

Not all applications support multiple monitors (they might display only on the primarymonitor)

Use the Settings tab in the Display properties to configure multiple monitors



23/58

P a g e | 23

Multiple Processors

Keep in mind the following facts about multiple processors:

The Hardware Abstraction Layer (HAL) controls communication between the kernel

(operating system) and the hardware. Multiple processor support depends on whether the HAL is designed for uniprocessor or

multiprocessor support.

Use the multiprocessor HAL to utilize both processors.

If you want to run multiple processors, you can use Device Manager to upgrade the HALdriver to support multiple processors.

Power Management

Windows XP supports two types of power management:

Advanced Power Management (APM): Power management controlled by the BIOS Advanced Configuration Power Interface (ACPI): Windows controls the power

management

ACPI offers a number of advantages over APM, including:

Control of power management for individual devices though Device Manager Support for hibernation and stand-by modes

Support for power schemes to customize power options

Support for laptop power management

ACPI support is enabled by the hardware abstraction layer (HAL).

The ACPI HAL can be installed only if the BIOS supports ACPI. If the non-ACPI HAL is installed (for example if you forced an install of the non-ACPI

HAL), you must reinstall Windows to replace the HAL.

If necessary, enable ACPI support in the BIOS.

Hardware Profile Considerations

To create a new profile,

1. Copy an existing profile.2. Reboot, selecting the new profile.

3. Use Device Manager to enable or disable devices for the current profile.



24/58

P a g e | 24

Use the Hardware Profile tool to manage profiles:

Move profiles up or down in the list. The top profile is the default. Set the profile menu timer. Set the timer to 0 to hide the menu (if the menu is hidden,

press the Spacebar during boot to show the menu).

You can customize the profile menu by removing profiles from the menu.

The following table lists some cases when hardware profiles are or are not needed.

When not to use a hardware profile When to use a hardware profile

If you are adding or removing hot-swapcomponentsIf you want to disable a device under allconditionsIf you need to permanently uninstall a specificdevice

If a laptop uses only a docked and an undockedstate

If you need to conserve laptop power underspecific conditionsIf you need to force a specific device to be usedat a specific timeIf you want reduce the time delay the systemneeds to select the correct device in a specificsituation



25/58

P a g e | 25

Network Components

The following tables list the protocols, clients, and services provided by Microsoft. Other

vendors (such as Novell) might provide additional networking components.

Protocols

Protocol Use

Internet Protocol (TCP/IP)Routable protocol used on the Internet and the default protocol forWindows XP

NWLinkIPX/SPX/NetBIOSCompatible TransportProtocol

Microsoft's implementation of IPX/SPX for connecting to NetWareservers

Network Monitor Driver Enables the computer to capture network communication statistics

Clients

Client Use

Client for MicrosoftNetworks

Client software to access resources on Microsoft networks

Client Service forNetWare

Client software to access resources on NetWare networks runningIPX/SPX

Services

Service UseFile and Printer Sharing forMicrosoft Networks

Enables a computer to share its resources with other networkclients

QoS Packet SchedulerService that prioritizes TCP/IP traffic, enabling a higher priority fortime-sensitive communications

Service Advertising ProtocolProtocol used with NetWare to locate services on an IPX/SPXnetwork

TCP/IP Configuration Settings

The following table summarizes many of the configuration settings for a TCP/IP network.

Parameter Purpose

IP address Identifies both the logical host and logical network addresses.

Subnet mask Identifies which portion of the IP address is the network address.

Defaultgateway

Identifies the router to which packets for remote networks are sent.



26/58

P a g e | 26

Host name Identifies the logical name of the local system.

DNS server Identifies the DNS server that is used to resolve host names to IP addresses.

WINS server Identifies the WINS server that is used to resolve host names to IP addresses.

MAC addressIdentifies the physical address. On an Ethernet network, this address is burned in

to the network adapter hardware.

Keep in mind the following regarding TCP/IP configuration:

All computers must be assigned a unique IP address. Hosts on the same physical network should have IP addresses in the same address

range.

The subnet mask value for all computers on the same physical network must be thesame.

Configure the default gateway value to enable internetwork communication.

The default gateway address must be on the same subnet as the host's IP address.

By default, all Windows computers try to use DHCP for TCP/IP configuration information.

APIPA is used to automatically generate an IP address if the DHCP server is unavailableand if no alternate address is configured.

The APIPA range is 169.254.0.1 to 169.254.255.254 with a mask of 255.255.0.0.

If the computer assigned itself an IP address (using APIPA), this means the computercould not contact a DHCP server.

Use an alternate IP address to use DHCP on one network and static addressing onanother without reconfiguring the connection.

When you configure a static IP address, you disable DHCP and APIPA.

When you configure an alternate IP address, APIPA is no longer used.

APIPA does not set the default gateway or name server address values. Rely on APIPAonly on a small non-routed network.

Private IP addresses do not need to be registered, and fall within the following ranges:

o 10.0.0.0 to 10.255.255.255

o 172.16.0.0 to 172.31.255.255

o 192.168.0.0 to 192.168.255.255



27/58

P a g e | 27

Name Resolution Facts

Microsoft uses one or both of the following methods for performing name resolution:

Windows Internet Name Service (WINS) is Microsoft's service to resolve namesdynamically to IP addresses using NetBIOS. WINS is still used by legacy machines.

Domain Name Service (DNS) dynamically registers clients and uses client information toregister IP addresses.

If your network is running only Windows 2000/XP/2003 systems, you can disable NetBIOSname resolution.

To troubleshoot name resolution problems:

Confirm that it is not a TCP/IP problem by pinging the IP address. If pinging the address

succeeds but pinging the name fails, the problem is with the name resolution system. Run Ipconfig /all to verify DNS server addresses.

Run Nslookup to see if you get an IP address from the DNS server.

Verify the DNS and WINS server configurations.

Check the services on the DNS and WINS servers to see that they are running.

Check DNS registration. If you need to renew the DNS registration, do the following:

o Run Ipconfig /registerdns to renew a DNS name.

o Run Nbtstat -RR to renew a NetBIOS name.

Flush the local host name resolution cache using:

o Ipconfig /flushdns for DNS.

o Nbtstat -c or Nbtstat -R for NetBIOS.

Dial-up Connection Facts

There are two types of dial-up modems:

Standard analog modem (up to 56 Kbps) ISDN modem

ISDN modems use the following channels over normal analog lines:



28/58

P a g e | 28

Two B channels of 64 Kbps each. The two channels operate independently, and theyare associated with separate phone numbers. Each channel must be configuredseparately.

The third channel is a 16 Kbps D channel which is used to control the two B channels.

When configuring dial-up, you can configure the following additional options:

Callback security--The server disconnects the user after authentication then immediatelycalls the user back. The server can use a preset phone number for each user, or theuser can enter a callback phone number after authentication.

Multi-link--The ability to integrate multiple connections into a single logical connection inorder to increase the overall bandwidth. Both the client and the server need to beconfigured to accept multi-link connections. You cannot use multi-link with callback.

Remote Authentication Protocols

Windows XP supports the following remote authentication protocols.

Method Description

PasswordAuthenticationProtocol (PAP)

Authentication is done by comparing a user name and password to a table withpaired user names and passwords on the network. PAP does not support securepasswords.

ChallengeHandshake

AuthenticationProtocol

(CHAP)

A server sends a challenge message to a peer. Based on the challengemessage, the peer calculates a value using a hash, a number generatedalgorithmically from a string of text, and returns the value to the server. Theserver checks the value against its own calculation. If the values match, the peeris authenticated. Microsoft has two versions of CHAP: MS-CHAP and MS-CHAP

v2. CHAP, MS-CHAP, and MS-CHAP v2 require secure passwords, but only MS-CHAP and MS-CHAP v2 support data encryption.

ExtensibleAuthenticationProtocol (EAP)

EAP supports several authentication methods, including smart cards, certificates,one-time passwords, and public key authentication. EAP supports securepasswords and data encryption.

VPN Tunneling Protocols

Windows XP Professional supports two different VPN tunneling protocols: PPTP and L2TP. Bydefault, VPN connections for Windows XP Professional are configured to use both PPTP and

L2TP. The client will negotiate with the VPN server to select the tunneling protocol to use for theconnection.

Protocol Description

Point-to-Point Tunneling Protocol (PPTP)Uses standard authentication protocolsUses MPPE for encryptionIs supported by most operating systems and servers



29/58

P a g e | 29

Layer Two Tunneling Protocol (L2TP)Can use certificates for authenticationUses IPSec for encryption (requires certificates)Only supported by Windows 2000/XP/2003

Common Port Numbers

This table lists the services and port numbers included with ICF. Custom entries can be createdto allow other types of traffic.

Service Port Number Protocol

File Transfer Protocol (FTP) 21 TCP

Incoming L2TP VPN 1701 UDP

Incoming PPTP VPN 1723 TCP

Internet Mail Access Protocol version 3 (IMAP3) 220 TCP

Internet Mail Access Protocol version 4 (IMAP4) 143 TCP

IP Security (IKE) 500 UDP

Post Office Protocol (POP3) 110 TCP

Remote Desktop 3389 TCP

Secure Web (HTTPS) 443 TCP

Telnet 23 TCP

Web Server (HTTP) 80 TCP

ICS and ICF Facts

With Internet Connection Sharing (ICS), most configuration tasks are completed automatically.When using ICS:

The ICS system is configured as a NAT router, a limited DHCP server, and a DNS proxy(name resolution requests from the private network are forwarded to DNS servers on theInternet).

The IP address for the private interface is automatically changed to 192.168.0.1 with amask of 255.255.255.0.

The default gateway of the ICS system is set to point to the Internet connection.

Hosts on the private network should use DHCP for address and DNS server information.

The ICS system uses DHCP to deliver the following information to hosts on the privatenetwork:

o IP address in the range of 192.168.0.0 with a mask of 255.255.255.0.

o DNS server address of 192.168.0.1 (the private interface of the ICS system).



30/58

P a g e | 30

o Default gateway address of 192.168.0.1.

Do not use DHCP servers, DNS servers, or Active Directory on your private network.

Keep in mind the following details when working with ICF:

Enable ICF on the Internet connection, not on the private connection. Doing so candisable communication with hosts on the private network.

By default, the firewall allows all outgoing Web traffic and responses but blocks allincoming traffic.

To allow incoming Web traffic, open ports in the firewall based on the services you wantto allow in.

If the incoming service is hosted by a computer on the private network, redirect theincoming port to the private host.

Remote Services Facts

Keep in mind the following details regarding Remote Assistance.

Both the novice (person requesting assistance) and the expert (person givingassistance) computers must be running Windows XP (either Home or Professional).

Generally, the novice must initiate the invitation. If Active Directory is used, the expertcan initiate the Remote Assistance connection.

Invitations require a password (unless Instant Messaging is used) and have anexpiration time. Expired invitations cannot be answered.

When sending an invitation, do not include the password in the invitation text.Communicate it in some other way.

To allow inbound Remote Assistance invitations to cross through a firewall, open port3389.

Disable Standby and Hibernation modes to prevent session termination.

The helper cannot copy files from a user's computer. The user must explicitly send anyfiles the helper may need.

The user can take control the computer at any time by pressing the Esc key, Ctrl+C, orclicking Stop Control.

Keep in mind the following details when working with Remote Desktop.

Host computers must be running Windows XP Professional. Client computers require client software to make the connection. This software is

included with Windows XP, but must be installed separately on other Windows versions.



31/58

P a g e | 31

For Web access, client software is downloaded and installed automatically through anActive X control (if required).

The user account that is used for the Remote Desktop connection must have apassword.

If one is not set, the connection cannot be established.

If a user is logged on to the host computer (or if the computer is locked), the remoteclient must log on using the current user account or the Administrator account.

The user account for the remote connection must be a member of the Remote DesktopUsers group or the Administrators group (or user rights must be modified in GroupPolicy).

To allow incoming Remote Desktop sessions through a firewall, open port 3389.

If you are using the Web connection for Remote Desktop, keep in mind the following:

The host computer must be running IIS. The client computer must be running a Windows operating system (Windows 9x or

higher) with Internet Explorer 4.0 or higher.

Use a URL formatted as http://computername/tsweb to make the connection.

After the connection is made, you can use the browser to access any other RemoteDesktop- or Terminal Services-enabled computers on the private network.

You can use authentication and Web permissions in IIS to control access to the RemoteDesktop Web connection.

File System Facts

The following table indicates which file systems support which capabilities.

Feature FAT FAT32 NTFS

Long file names X X X

Larger than 2 GB/4 GB partitions X X

Smaller clusters X X

Enhances file security through permissions X

Folder and file level encryption X

Folder and file level compression X

Disk quotas X

Use the Convert.exe utility to modify the file system without reformatting and losing data. Toconvert the C:\ drive to NTFS, use the following command: convert C: /fs:ntfs



32/58

P a g e | 32

Basic and Dynamic Disks

Keep in mind the following when using basic disks.

A basic disk has a limit of four partitions, only one of which can be an extended partition.

One primary partition must be marked active.

Most operating systems can recognize only one primary partition. All other primarypartitions are invisible. (Windows NT/2000/XP/Server 2003 can recognize multipleprimary partitions.)

The active primary partition is represented with one drive letter (C:). The extendedpartition can be divided into multiple logical drives (up to 26).

Keep in mind the following when using dynamic disks.

Windows 2000/XP/Server 2003 recognize dynamic disks.

Volumes on dynamic disks are like partitions and logical drives on basic disks.

A volume can be made of non-contiguous space on a single drive or space taken frommore than one drive.

You cannot install the operating system on a dynamic disk. You can, however, upgradea basic disk containing the operating system to dynamic after installation.

Keep in mind the following points as you plan whether to implement basic or dynamic disks.

A hard disk must be either basic or dynamic; it cannot be both at once. Windows 2000/XP/Server 2003 use basic storage by default.

MS-DOS and all versions of Microsoft Windows support basic storage.

Dynamic storage was new to Windows 2000 and previous Windows operating systemscannot use it (this is especially important if you plan to multi-boot to other operatingsystems).

Dynamic storage is not supported on portable computers because they normally haveonly one internal hard drive and cannot take advantage of advanced dynamic storagefeatures.

To convert a basic disk to a dynamic disk, right click the volume in Computer Management andchoose Convert to dynamic disk. Or, use the Diskpart command at the command

Volume Characteristics

The following table summarizes the volume types supported on Windows XP Professional andtheir characteristics.



33/58

P a g e | 33

Volume Type Characteristics

Simple volume Contains a single, contiguous block of space from a single hard disk.

Extendedvolume

Contains space from multiple areas on the disk. An extended volume that spanstwo disks is a spanned volume.

Spannedvolume

Combines areas from two or more disks into one storage unit.Fills the first area, then the second, and so on.Does not provide fault tolerance. If one hard disk fails, you lose all data.Cannot contain system or boot files.

Striped volume

Uses storage areas on several different disks.Improves performance by writing to multiple disks simultaneously.Uses disk areas similar in size. The amount of space used on each disk is equalto the smallest area.Saves data from a single file on multiple disks.Is not fault-tolerant. If one hard disk in the set fails, you lose all data on all disks.Cannot contain system or boot files.

Note: Only dynamic disks support extended, spanned, or striped volumes.

Mirrored and RAID volumes are supported only on server versions of Windows. These volumetypes provide fault tolerance and improve performance.



34/58

P a g e | 34

Volume Mount Point Facts

Be aware of the following conditions for using volume mount points.

Both partitions must be formatted with NTFS. You can use either partitions on basic disks or volumes on dynamic disks.

The folder on the source partition must be empty.

The target partition must not have a drive letter.

Multiple folders can reference the same target partition.

Designing Disks for Multiple Operating Systems

For a system that boots to multiple different operating systems (for example to both Windows 98and Windows XP), you will need to plan your storage space so that the drives are accessible tothe appropriate operating system. In general, be sure to select the disk type (basic or dynamic)and file system that is common to both operating systems. Keep in mind the following:

Only Windows 2000/XP supports dynamic disks and volumes. Use basic disks andpartitions for operating systems other than Windows 2000/XP.

Only Windows 2000/XP supports its version of NTFS. Select FAT or FAT32 for otheroperating systems.

Select FAT32 over FAT if possible.

The following table indicates which file systems are compatible with which operating systems.

Operating System FAT FAT32 Windows 2000/XP NTFS

MS-DOS X

Windows 3.1 X

Windows 95a X

Windows 95b/98/Me X X

Windows NT X Limited support on NT 4 with SP4

Windows 2000/XP X X X

When installing Windows 2000/XP and other operating systems on the same computer, as arule you should install the other operating systems first, then install Windows 2000/XP last.Doing so prevents Windows 2000/XP startup files from being corrupted. Microsoft recommendsthe following installation order:

1. MS-DOS2. Windows 95/98/Me



35/58

P a g e | 35

3. Windows NT

4. Windows 2000/XP

Boot.ini Facts

The Boot.ini file is responsible for the following operations:

Launching the menu for operating system selection during startup Pointing to the system files for the selected operating system

Identifying the controller, hard disk, and partition where the system files are located

The ARC path locates the system file and contains the following elements:

Entry Meaning and Use

MULTI(x)orSCSI(x)

Identifies the controller location.Use multi(x) if the disk controller is a SCSI device with its BIOS enabled or is anon-SCSI device.Use scsi(x) only if the disk controller is a SCSI device with BIOS disabled.The value for x begins at 0.

DISK(x)

Identifies the disk location.If the first component of the ARC name is scsi, disk(x) indicates which SCSI diskthe operating system is located on. The x value begins with 0.If the first component of the ARC name is multi, this component is always disk(0),

and the disk containing the operating system is indicated by the rdisk(x)component.The value for x begins at 0.

RDISK(x)

Identifies the disk location.If the first component of the ARC name is multi, rdisk(x) indicates which physicaldisk the operating system is located on. The x value begins at 0.If the first component of the ARC name is scsi, the rdisk component is alwaysrdisk(0) and the disk containing the operating system is indicated by the disk(x)component.The value for x begins at 0.

PARTITION(y)Identifies which partition holds the boot files.

The value for y begins at 1.



36/58

P a g e | 36

File Compression Facts

Keep the following information in mind when working with folder and file compression.

When you compress a file, Windows makes a copy of the file, compresses it, thenreplaces the original file with the compressed one.

When you open a compressed file, Windows decompresses the file. The decompressedfile is used by the application.

You cannot save or copy a compressed folder or file to a disk containing less free spacethan the folder or file would be uncompressed.

Compression and encryption cannot be used on folders or files at the same time.

Apply data compression to files that change size dramatically. For example, bitmap andspreadsheet files compress by a much larger percentage than application or word-

processing files.

Do not compress files that are already compressed using another compression utility.

Use zipped folders to share compressed files with other computers.

NTFS compression on volumes with cluster sizes larger than 4 KB is not supported.

Copying and moving files and folders can affect their compressed state. To determine the finalstate of a file or folder, remember the following rules.

If you copy or move a compressed file or folder to a non-NTFS partition, the file or folder

is uncompressed (other file systems do not support NTFS compression). If you copy a compressed file or folder, it inherits the compressed state of the destination

folder.

If you move a compressed file or folder to the same NTFS partition, it retains itscompressed state.

If you move a compressed file or folder to another NTFS partition, it inherits thecompressed state of the destination folder.

If you copy or move a zipped folder, it always remains zipped (regardless of thedestination file system).

Compact.exe is a command prompt tool that you can use to set and manage compression. Thefollowing table summarizes some options for the Compact.exe command.

Option Action

/C Compresses the specified files. Folders are marked with the compressed attribute.

/S Compresses all subfolders of the specified folder.



37/58

P a g e | 37

/U Uncompresses the specified files. Folders are marked with the uncompressed attribute.

For example, the following command will compress all files in the C:\Documents\Transfer folder,including all subfolders:

Compact /C C:\Documents\Transfer\*.* /S

Encryption Facts

Keep the following information in mind as you work with EFS.

You must have Write permission to a folder or file to encrypt it. Windows transparently unencrypts and encrypts folders and files as users use them.

You cannot encrypt System or Read-only files.

Encryption and compression cannot be used on folders or files at the same time.

If you are having trouble opening encrypted folders or files, make sure you are logged into the user account that encrypted the folder or file and that you still have permissionsfor the file.

In a workgroup, the local Administrator user account is the default recovery agent.

In a domain, the domain Administrator account is the default recovery agent.

To recover encrypted files, the files and recovery key need to be on the same computer.

Without the private key or recovery key, you cannot copy or move an encrypted file. Youcan however, back up the files and restore them to the computer where a recovery keyis located.

You can also export the recovery key and import it onto the computer storing the filesyou want to recover.

You can add additional authorized users to files (not folders) who will be able to openencrypted files.

Implement encryption through the file or folder properties. Or, use the Cipher commandto encrypt files and folders.

Copying and moving files might change the encrypted state of the file. To determine the finalstate of a file, remember the following rules.

If you copy or move an encrypted file or folder to a non-NTFS partition, the file or folderis unencrypted (other file systems do not support encryption).

If you copy or move an encrypted file to an NTFS partition (either to the same one or to adifferent one), the file remains encrypted.

If you copy an unencrypted file to an encrypted folder, the file is encrypted.



38/58

P a g e | 38

If you move an unencrypted file into an encrypted folder, the file remains unencrypted.

Encryption is preserved when the file is backed up.

Normally, encrypted files are meant to be stored and read on the local computer only. Whensaving encrypted files on a remote computer, be aware of the following:

You can only encrypt files stored on remote computers if the computer is trusted fordelegation in Active Directory (how to do this is beyond the scope of the course).

When moving files encrypted on your local system to another computer (for use on thatcomputer), make sure your certificate and private key are available on the othercomputer. Otherwise, you might be unable to open the file.

When moving encrypted files to another computer over the network, files are notencrypted while they are in transit. Files might be intercepted as they are transferred.Use IPSec to secure network communications.

Disk Quota Facts

Keep the following in mind as you work with disk quotas.

Quotas can only be set on NTFS volumes. The Quota tab will not be shown for FATvolumes.

Every file and folder that users create, copy, save, or take ownership of on a volume orpartition counts toward their disk quota.

The space available for applications to save files to is equal to the amount of space leftin a user's quota.

Each NTFS volume or partition on a hard disk has its own set of disk quotas, even if theyare on the same hard disk.

System and application files count toward disk quotas, so the user account which installssoftware needs a higher limit.

You cannot set a quota limit on the built-in Administrator account.

You cannot delete a user's account quota until you remove or take ownership of all ofthat user's files on the volume.

You can use the Fsutil.exe command to manage quotas from the command prompt.

Quota configurations:

Configuration State

Disabled File usage data is not collected and storage space is not limited.

TrackedFile usage data is collected, but storage space is not limited. Users can exceedtheir quota limit.



39/58

P a g e | 39

EnforcedWarning levels and restrictions are enforced to prevent users from exceedingdisk space limitations.

If a user exceeds the quota limit, take one of the following actions:

Delete files owned by the user. Change ownership of files (quota limits are enforced based on owned files).

Move files to other volumes (quota limits are enforced on a volume or partition basis).

Increase the quota limit.

You cannotreduce the amount of space used by files by compressing them. Quotas count theuncompressed size of a file toward the quota limit.



40/58

P a g e | 40

NTFS Permission Facts

The following table summarizes the permissions for folders and files.

Permission Allowed Actions

Read View folder details and attributes. View file attributes; open a file.

Write Change folder or file data and attributes.

List FolderContents

Includes all Read actions and adds the ability to view a folder's contents.

Read & Execute Includes all Read actions and adds the ability to run programs.

ModifyIncludes all Read & Execute and Write actions and adds the ability to add ordelete files.

Full Control

Includes all other actions and adds the ability to take ownership of and change

permissions on the folder.

Use these suggestions to help you plan NTFS permissions.

Identify the users and their access needs (i.e., the actions they need to be able toperform).

Based on the types of users you identify, create groups for multiple users with similarneeds, and then make users members of groups.

Assign each group (not user) the permissions appropriate to the group's data accessneeds. (Grant only the permissions that are necessary.)

As you assign permissions, take inheritance into account. Set permissions as high aspossible on the parent container and allow each child container to inherit thepermissions.

When necessary, you can override inheritance on a case by case basis.

Deny always overrides Allow, so be careful when you use it.



41/58

P a g e | 41

Shared Folder Facts

To access a shared folder:

In Network Neighborhood, browse to the computer Use the UNC path to connect to the share: \\computername\sharename

The following table lists the share permissions and the level of access the permission allows.

Permission Actions

Read

Browse the shared folder and its filesOpen files in the shared folder and its subfoldersCopy files from the shared folderRun programs

Change

All Read actions (browse, open files, copy files from the folder, run programs)Write to files and change file attributesCreate new files and subfoldersCopy files to the shared folderDelete files or subfolders

Full ControlAll Read and Change actionsConfigure share permissions

Use both share and NTFS permissions to secure network resources. Here is a commonstrategy for administering resources with share and NTFS permissions:

1. Secure the folder with NTFS permissions.2. Share the folder using the default share permission of Full Control for Everyone.

An administrative share is a special share hidden from browsing. Keep in mind the followingfacts about Administrative shares.

Administrative shares are hidden by following the sharename with a $. Default Administrative shares are accessible to only members of the Administrators

group.

Any share can be hidden by appending the $ to the sharename.

A hidden share can only be accessed through the UNC path (they do not appear whenyou browse).



42/58

P a g e | 42

Offline File Facts

Offline file caching options:

Setting Description

Manual Cachingfor Documents

When you share a folder, this is the default configuration. This option allowsthe caching of documents that a user manually selects. To make the shareavailable offline, choose the shared folder or file then select Make availableoffline from the File menu in Explorer.

AutomaticCaching forDocuments

This option allows the caching of files that a user opens on the local machine.

AutomaticCaching for

Programs

This option allows the caching of programs run from the network; however,only those components of the program that the user executes will be available

offline.

Internet Information Services (IIS)

Use IIS to enable:

Active Desktop Internet Printing

Remote Desktop

Share folders (Web folders) for access through IE

You should know the following facts about IIS:

When you install IIS, a default Web site is automatically created. By default, all Web content is stored in the \inetpub\wwwroot directory.

A virtual directory is used to make content outside of the default directory path available

through the Web site.

To make content available on your Web site:

Place content in the \inetpub\wwwroot directory. Web share a folder. This creates a virtual directory in the Web site.



43/58

P a g e | 43



44/58

P a g e | 44

Printing Facts

The following table lists some key definitions with which you should be familiar.

Term Definition

PrintServer

The computer where printing is established.

PrinterA virtual device inside the print server that can be configured to send output to aprinting device.

PrintDevice

The physical device connected to the print server where print output occurs.

Print Driver The software that allows the printer to communicate with the print device.

Print

Queue

The portion of the hard drive where print drives are stored before going to the print

device.

Printer PortThe means by which a print device connects to a print server (parallel port, serialport, or to the printer's NIC).

When you configure printing, you create a logical printer object that references a print device orpoints to another logical printer on the network. The following table lists the configurationchoices to make to configure each type of printer.

Print Device LocationPrinterType

Port Type

Connected to the LPT, USB, or COM port ofthe local computer Local LPT, USB, or COM

Connected directly to the network through aNIC connected to the printer

LocalTCP/IP (identify the IP address of theprint device NIC)

Connected to the LPT, USB, or COM port ofa remote computer (with a shared printer)

Network UNC path (\\computername\sharename)

UNIX Printing Facts

The following table lists some key terms for working with UNIX printing.

Term Definition

LPD Line Print Daemon Service that hosts printer. The Print Server runs the LPD service.

LPR Line Print Request client requests print services. The Print Client runs LPR and LPQ.

LPQRepresents the printer queue. The LPQ works with the LPR to request services. The PrintClient runs LPQ and LPR.



45/58

P a g e | 45

Windows XP can function as either the server or the client in a UNIX printing environment.

To configure Windows XP as the server:1. Install UNIX Print services with LPD.

2. Configure a local printer.

3. Share the printer.

To configure Windows XP as the client:

1. Install UNIX Print services

2. Configure a network printer. Select LPR as the port type.

Managing Printing

The following table summarizes the permissions that can be assigned to printers. Printerpermissions apply to both local and shared printers.

Permission Allowed Actions

Print Send print jobs and manage your own documents

Manage Documents Manage all documents in the queue

Manage Printer Change configuration settings and permissions

The following table summarizes the printing component you would use to complete eachconfiguration task.

To Configure . . . Edit . . .

Additional drivers for a printerPrinter object propertiesPrint server properties

Job priority Print Queue, job properties

Notification Print server properties

Permissions Printer object properties

PortsPrinter object propertiesPrint server properties

Sharing Printer object properties

Spool file location Print server properties



46/58

P a g e | 46

Printer PoolingPrinterpoolinguses a single printer object to represent multiple print devices. With printerpooling,

Users send print jobs to a single printer The print server decides which print device to send the job to

When creating a printer pool, all print devices in the pool:

Must be the same model (using the same printer driver) Should be in the same physical location (because users won't know which physical

device their print job prints on)

Printer pools:

Speed printing by reducing the time that documents spend waiting for a free print device Simplify printer administration because you manage multiple devices through a single

printer object

Multiple PrintersConfigure multiple printer objects for a single print device to control access to the printer basedon job roles. To configure multiple printers:

1. Create multiple printer objects, one per group or user with distinct access.2. For each printer, configure permissions to restrict access.

3. Fine-tune access by editing the Advanced properties for the printer to modify priority (99is the highest) and restricting printer availability.



47/58

P a g e | 47

Faxing Facts

To configure the fax service, complete the following steps:

1. Install the fax hardware. This might be a fax modem or a dedicated fax device. UseDevice Manager to verify that the device is recognized by the system and configured.

2. Use Add or Remove Programs to install the fax services Windows component.

3. Open the Fax Console and follow the wizard to set initial fax properties.

When you open the Fax Console for the first time, the Fax Configuration wizard will run. Duringthe wizard, supply the following information.

Information Description

Sender informationThis information identifies you or your company.Information you enter is used on the default fax cover pages.

Fax deviceIf more than one device is installed, select the device that will be used tosend or receive faxes.

Enable send and/orreceive

Specify whether the device will automatically send and/or receive faxes.If receive is enabled, configure the number of rings before the deviceanswers a call.

Transmitting SubscriberIdentification (TSID)

This identifies your device to other devices when you send a fax. TheTSID is usually a combination of the phone number and business name.You can only configure this option if the device is enabled to send faxes.

Called SubscriberIdentification (CSID)

This identifies your device to other devices when it answers (CSID) a

fax. The CSID is usually a combination of the phone number andbusiness name.You can only configure this option if the device is enabled to receivefaxes.

Routing options

Identify what to do with faxes when they are received. By default, theyare stored in the Inbox in the Fax Console. In addition, you can printthem automatically or save them in a folder.You can only configure this option if the device is enabled to receivefaxes.

Sending a fax is only slightly more complicated than printing a document. To send a fax:

1. Create the document.2. From within the document, print the device. Select the fax device as the printer to use.

3. Use the Send Fax wizard to specify parameters (such as the phone number to dial) andsend the fax.



48/58

P a g e | 48

Internet Explorer URLs

Using a customized URL in the Active Directory Web browser allows you to access varioustypes of resources. The following table shows the syntax for common URLs.

To access... Use... Example

A custom port on aWeb server

http://sitename:port http://www.mysite.com:8080

A secure Web siteusing SSL

https://sitename https://www.mysite.com

Internet printing http://servername/printers http://mysite.local/printers

Files on an intranet http://servername/sharename/filename http://mysite.local/docs/report.htm

An FTP site ftp://sitename ftp://ftp.mysite.com

An FTP site thatrequires a usernameand password

ftp://username:password@sitename ftp://maryg:[email protected]

Applications Facts

You should know the following information about applications:

All 16-bit applications run in the same NTVDM process by default. One malfunctioning 16-bit application can cause all other 16-bit apps running in the

same memory space to hang.

Stop the NTVDM process to stop the virtual DOS machine and all programs running in it.

Each 16-bit application can be configured to run in a separate memory space in its ownNTVDM.

Windows XP allows local programs running in XP to be configured to run in compatibilitymode. Compatibility mode applies a predefined set of modifications that changes theoperating systems behavior to more closely emulate a previous version of Windows.

Applications that consume excessive resources can be assigned a lower priority level. This is alist of the program priority levels (from highest to lowest):

Realtime High

AboveNormal

Normal

BelowNormal



49/58

P a g e | 49

Low



50/58

P a g e | 50

Processes and Services Facts

You should know the following information about managing processes:

End processes using Task Manager or the Tskill command. View processes running on a system with Task Manager or the Tasklist command.

You should know the following information about scheduled tasks:

Task Scheduler is a service that can be stopped and started in the Services applet. Scheduled tasks can run daily, weekly, monthly, or any other specified time.

Use the Scheduled Task wizard to schedule new tasks.

Scheduled tasks run under the security context of a particular user. Open the properties

for the task and enter the account information in the Run as box.

The Pause Task Scheduler command prevents scheduled tasks from running.

The Continue Task Scheduler command allows paused tasks to begin running.

Disable tasks individually by editing their properties to prevent a task from running at anundesired time.

Installer Package Facts

The following table describes the file extensions that are used with installer packages.

File Extension Description

.msi A Windows Installer package file. Use the Msiexec command to deploy .msifiles. Use the /i switch to specify the package file.

.msp A patch file. An .msp file can be applied to an .msi, but the .msi must beredeployed after the patch is applied.

.mst A transform file. Transform files are applied when a software package isassigned or published. Transform files change .msi files. To apply a .mst toa .msi during deployment, append TRANSFORMS= followed by a list of .mstfiles to the Msiexec command.

.zap A file to reference a Setup.exe file on a network, for example.

Using Group Policy, you can either assign or publish software. You can also associate softwarepackages with either users or computers.

Applications may be published to users, but not to computers. You can assignapplications to either users or computers.



51/58

P a g e | 51

When you publish an application, it does not appear in the user's Start menu. Instead,the user goes to Add/Remove Programs to install the program.

Assigning software to a computer installs the software when the computer starts up.Users cannot use Add/Remove Programs to remove computer assigned software.

Assigning software to a user puts a shortcut on the users Start menu. The software isautomatically installed when the shortcut is clicked.

System Monitor

To optimize the system, you need to identify system bottlenecks. A bottleneck is any componentor device that slows down your system. You can examine how each component of the system isbehaving. Each component is broken down into objects, and each object has multiple countersthat measure the object's performance.

The following table outlines the major objects and critical counter values:

Object Purpose Counters Optimum

Processor Measures the CPU performance% Processor timeInterrupts/sec

< 80% sustained< 3500/sec

Memory Measures RAM performancePages/sec

Available space< 20 pages/sec> 4 MB available

PagefileMeasures the performance of the portionof the hard disk dedicated to functioning asmemory

% Usage < 90% used

Logicaldisk

Measures the performance of the volumes

and partitions on the hard disk

% Disk time

Disk queue

< 90%

< 2

PhysicaldiskMeasures how the individual, physicaldisks are performing (the read/writes andpercentage to be written to the disk)

% Disk timeDisk queue

< 90%< 2

NetworkMeasures the performance of the systemon the network

Bytes total/sec < Network capacity

You can also view the Performance tab in Task Manager to monitor systemperformance.



52/58

P a g e |