Microsoft Windows XP Power Pack ®
®
Microsoft Windows XP Power Pack ®
®
James Michael Stewart, Stu Sjouwerman, et al
201 West 103rd Street, Indianapolis, Indiana 46290
Microsoft Windows XP Power Pack Copyright © 2003 by Que
Publisher Paul Boger
All rights reserved. No part of this book shall be reproduced, stored in a retrieval system, or transmitted by any means, electronic, mechanical, photocopying, recording, or otherwise, without written permission from the publisher. No patent liability is assumed with respect to the use of the information contained herein. Although every precaution has been taken in the preparation of this book, the publisher and author assume no responsibility for errors or omissions. Nor is any liability assumed for damages resulting from the use of the information contained herein.
Associate Publisher Greg Wiegand
International Standard Book Number: 0-7897-2858-3
Managing Editor Charlotte Clapp
Library of Congress Catalog Card Number: 2002110538 Printed in the United States of America First Printing: April 2003 06
05
04
03
4
3
2
1
Trademarks All terms mentioned in this book that are known to be trademarks or service marks have been appropriately capitalized. Que cannot attest to the accuracy of this information. Use of a term in this book should not be regarded as affecting the validity of any trademark or service mark.
Executive Editor Rick Kughen Acquisitions Editor Rick Kughen Development Editor Todd Brakke
Project Editors Carol Bowers Sheila Schroeder Elizabeth Finney Copy Editor Lisa M. Lord Indexer Rebecca Salerno Proofreader Jessica McCarty
Windows XP is a registered trademark of Microsoft Corporation.
Technical Editor Brian Fulk
Warning and Disclaimer
Team Coordinator Sharry Lee Gregory
Every effort has been made to make this book as complete and as accurate as possible, but no warranty or fitness is implied.The information provided is on an “as is” basis.The authors and the publisher shall have neither liability nor responsibility to any person or entity with respect to any loss or damages arising from the information contained in this book or from the use of the CD or programs accompanying it.
Multimedia Developer Dan Scherf Interior Designer Anne Jones Cover Designer Anne Jones
Contents At a Glance Introduction 1 I Windows XP Overview 1 Introducing Windows XP 7 2 Common Windows XP Administrative Utilities 25 3 The Windows XP Layout 47 II Nuts and Bolts of Windows XP 4 Windows XP and Hardware 77 5 Keeping Windows XP Current 99 6 Windows XP Installation and Upgrade Secrets 119 7 Booting Windows XP 129 8 Windows XP Control Panel Utilities 151 9 Introducing the Windows XP Registry 179 10 Editing the Windows XP Registry 199 11 Important Registry Keys and Values 229 III Networking Windows XP 12 Windows XP Networking Explored and Explained 249 13 Windows XP Networking Models 261 14 Windows XP and TCP/IP 273 15 Windows XP and Legacy Protocols 307 16 Windows XP Meets Unix 331 17 Remote Access 353 18 Windows XP and Terminal Services 393
IV Managing Your Windows XP System(s) 19 Windows XP and Storage 413 20 Windows XP Backup and More 437 21 Scripting and Automation 457 22 Tuning and Optimizing Windows XP 485 23 Managing Applications 509 24 Printing with Windows XP 543 25 Managing System Security 565 26 Managing System Recovery 599 V Windows XP Goes Online: Internet or Intranet Access 27 Windows XP as a Web Client 621 28 Windows XP as an E-mail Client 643 29 Internet Services from Windows XP Professional 669 30 Sharing an Internet Connection 685 31 Maintaining Internet Security 695 VI Appendixes A Windows XP Information Resources, Online and Off 709 B Key Windows XP Utilities: Native, Resource Kit, and Downloads 719 C Windows XP Command-Line Reference 737 D Windows XP Performance Monitor Objects and Counters 789 E Windows XP Keyboard Commands and Shortcuts 819 F CD-ROM Contents 833 Index 837
Table of Contents Introduction
1
I Windows XP Overview 1 Introducing Windows XP
7
Windows XP History and Description 7 Birth of Network Operating Systems 7 Windows NT 9 Windows 2000 10 Windows XP 11 Windows XP Architecture 12 Kernel Mode 13 User Mode 19 Differences Between Windows XP Professional, XP Home Edition, and XP 64-bit Edition 21 The Many Advantages of Windows XP 23 Upgrading to Windows XP 23 For More Information 24
2 Common Windows XP Administrative Utilities 25 What Administration Really Means 25 Administering a Windows XP System 26 The Control Panel and Administrative Tools 26 The Microsoft Management Console:Where Management Begins 29 Computer Management 31 Event Viewer 32 Shared Folders 34 Local Users and Groups 35 Performance Logs and Alerts 37 Disk Management 39 Services 40 System Information 42 Backup 43
Third-Party Administrative Utilities 45 For More Information 46
3 The Windows XP Layout
47
Windows XP Directory Structures 47 System Partition 48 Boot Partition 49 Key Windows XP Executables 55 Main Windows Root Folder 55 Windows\System32 56 The Windows XP Distribution CD 71 Living with Service Packs and Hotfixes 71 For More Information 72
II Nuts and Bolts of Windows XP 4 Windows XP and Hardware
77
Plug and Play in Windows XP 77 Universal Plug and Play 79 Documenting a Current Hardware Configuration 80 Planning to Add New Hardware 82 Checking Minimum Requirements and Recommendations 84 Working with Video Devices 86 Working with Audio Devices 88 Working with Storage Devices 89 Working with Common Peripherals and New Interfaces 89 Windows XP on a Laptop 93 Multiple CPUs and Windows XP 94 Troubleshooting Hardware Problems on Windows XP 94 Third-Party Hardware Troubleshooting Utilities 96 For More Information 97
5 Keeping Windows XP Current
99
What Happens When You Install a Program? 99 Building Windows XP Systems with Room to Grow 102
Contents
Windows Update 105 The Automatic Updates Tab of System Properties 106 Controlling Access to Windows Update 109 Living with Service Packs and Hotfixes 110 The Joys of Slipstreaming 111 Keeping Up with Changing Hardware, Software, and More 112 Advanced Device Driver, DLL, and System File Management 113 Device Driver Management 113 The Driver Signing Options Dialog Box 114 Windows File Protection 117 For More Information 117
6 Windows XP Installation and Upgrade Secrets 119 Maintaining User Profiles and Configurations 119 Windows Activation 122 Dos and Don’ts of Upgrading 123 Performing a Smooth Migration 125 Automating Windows XP Installation 125 Troubleshooting Installations 126 Windows Crashes During Installation 126 My Existing OS Won’t Recognize the CD-ROM Drive 127 Windows XP Fails to Boot After Installation 127 For More Information 128
7 Booting Windows XP
129
System and Boot Partitions 129 The Windows XP Boot Sequence 130 Power On Self Test (POST) 131 Initializing the System 132 Booting the System 133 Detecting the Hardware 139
ix
x
Contents
Kernel Loading and Initialization 139 Logging in to the System 139 Building Boot Disks 139 Boot Disk Requirements 140 Creating the Boot Disk 140 Advanced Options Menu 141 Multi-Boot System Implementation 142 Troubleshooting Boot Problems 143 Ntldr Boot Errors 143 Ntdetect.com Boot Errors 144 Ntoskrnl.exe Boot Errors 144 Bootsect.dos Boot Errors 144 Boot.ini Errors 145 Third-Party Troubleshooting Tools 145 Turn Off, Restart, Hibernate, Standby 146 Logging Off and Fast User Switching 148 For More Information 149
8 Windows XP Control Panel Utilities The History of the Registry 151 A New Way to View Control Panel 152 The Control Panel Applets 156 Accessibility Options 156 Add Hardware 157 Add or Remove Programs 158 Administrative Tools 160 Date and Time 161 Display 162 Folder Options 163 Fonts 164 Game Controllers 164 Internet Options 164 Keyboard 164 Mouse 165 Network Connections 165 Phone and Modem Options 165 Power Options 165
151
Contents
Printers and Faxes 166 Regional and Language Options 166 Scanners and Cameras 166 Scheduled Tasks 166 Sounds and Audio Devices 167 Speech 167 System 167 Taskbar and Start Menu 175 User Accounts 177 For More Information 178
9 Introducing the Windows XP Registry
179
Registry Overview 179 Registry Differences 181 Windows XP Registry Hives 182 HKEY_LOCAL_MACHINE 183 HKEY_USERS 184 HKEY_CURRENT_CONFIG 184 HKEY_CLASSES_ROOT 184 HKEY_CURRENT_USER 185 Windows XP Registry Files and Structures 185 HKEY_LOCAL_MACHINE 185 Security Information in the Registry 192 Securing the Computer 192 Alternative Ways to Secure the Registry 194 How Programs Interact with the Registry 195 Group Policies 196 For More Information 198
10 Editing the Windows XP Registry
199
Backing Up the Registry 200 Editing the Registry 201 File: Import and Export 202 File: Load Hive and Unload Hive 202 File: Connect Network Registry and Disconnect Network Registry 202 Edit: New 203 Edit: Permissions 203
xi
xii
Contents
Working with Existing Keys and Values 203 The HKEY_CLASSES_ROOT Key 203 The HKEY_CURRENT_CONFIG Key 204 The HKEY_USERS Key 204 The HKEY_CURRENT_USER Key 204 The HKEY_LOCAL_MACHINE Key 204 Data Formats of the Registry 206 Binary or REG_BINARY 206 DWORD or REG_DWORD 206 Multi-String or REG_MULTI_SZ 207 Expandable String or REG_EXPAND_SZ 207 String or REG_SZ 207 Importing and Exporting Registry Data 208 Importing Registry Files 208 Exporting Registry Files 208 Avoiding Registry Problems 209 Last Known Good Configuration 209 Registry Security 210 Troubleshooting the Registry 210 Uninstalling Applications 211 Third-Party Registry Editing and Management Utilities 212 REG 213 REGINI.EXE 217 REGFIND.EXE 221 REGBACK.EXE 222 REGDMP.EXE 224 COMPREG.EXE 224 REGREST.EXE 225 RegMon 226 For More Information 226
11 Important Registry Keys and Values
229
Basic Console Operations 229 Windows XP Logon and Logoff Controls 231 Windows XP Shell 235 Mouse and Keyboard Settings 238 Device Keys and Controls 238
Contents
Important Registry Miscellany 239 Windows XP Filename Completion 240 Restore an Explorer-Like Task Manager 240 Remove Nag Prompt for File Location 240 Disable Source Routing 240 Disable 8.3 Name Creation in NTFS 240 Ghosted Connections 241 Manage the Mapped Network Drive DropDown List 241 Move Shares from One Windows XP Server to Another 241 Change the Default Spool Folder 241 Prevent Printer Popups and Event Logging 242 Activate a Screensaver from an Icon 242 Control Which Errors Pop Up in Windows XP 242 Create Separate Processes for the Desktop, the Taskbar, and Windows XP Explorer 243 Prevent Windows XP from Running an Unknown Job at Logon 243 Connect to Microsoft’s FTP Site as a Drive 244 Shareware and Freeware Tools 244 Hyena 244 HideIT! 245 WinInfo 245 For More Information 245
III Networking Windows XP 12 Windows XP Networking Explored and Explained 249 The Redirector 249 The Workstation Service 250 The Server Service 251 Protocol Stacks 252 Multiple Universal Naming Convention Provider 254 Multi-Protocol Router 255
xiii
xiv
Contents
Administrative Shares 255 Protocols and Network Bindings 256 Binding Optimization 257 Changing the Binding Order 258 For More Information 259
13 Windows XP Networking Models
261
Workgroup Networks 261 Domain-Based Networks 263 Understanding Groups 264 Administrators 266 Backup Operators 266 Guests 266 HelpServicesGroup 267 Network Configuration Operators 267 Remote Desktop Users 267 Power Users 267 Replicator 267 Users 267 Understanding the Security ID 267 Troubleshooting Techniques for Networks 268 IP Address Connection Works, but Name Resolution Fails 268 TCP/IP Connection to Remote Host Hangs 269 NET Commands 270 For More Information 271
14 Windows XP and TCP/IP
273
TCP/IP Explored and Explained 274 Understanding IP Addressing, Subnet Masks, and Domain Names 277 IP Address Classes 278 IP Subnets and Subnet Masks 280 IP Addresses on Your Network 283 Working with Network Address Translation (NAT) 283
Contents
Routers, Proxies, and Firewalls 284 Static and Dynamic Routers 285 Proxies and Firewalls 286 DNS,WINS, Active Directory, and Other IP Matters 287 Fully Qualified Domain Names (FQDNs) and DNS 288 NetBIOS Names and WINS 289 Static Name Resolution Techniques 291 Using the Dynamic Host Configuration Protocol (DHCP) 291 Installing and Configuring TCP/IP 294 IP Settings 294 DNS 295 WINS 296 Options 297 Managing Internet Connections 297 Creating and Managing a Dial-Up Connection 298 Creating and Managing an Always-On Connection 298 Managing IP Information Services 299 Managing IP-Based E-mail 299 Managing Your Web Browser 300 Serving the Web from Windows XP Professional 301 FTP Utilities 301 Troubleshooting IP 302 The IP Connectivity Drill 303 For More Information 305
15 Windows XP and Legacy Protocols NetBEUI and Windows XP 307 NetBIOS Versus NetBEUI 308 When to Use NetBEUI 309 Managing NetBEUI 311 Mixing and Matching Protocols 312
307
xv
xvi
Contents
Keeping NetBEUI Secure 312 Troubleshooting NetBEUI 312 Performance Monitoring and NetBEUI 313 Integrating Windows XP with Older Versions of NetWare 314 What Is the NWLink Protocol? 314 Installing NWLink 315 CSNW Versus GSNW 316 Microsoft Clients Versus Novell Clients 322 Windows Services for NetWare Version 5 324 File Migration Utility (FMU) 324 Microsoft Directory Synchronization Services (MSDSS) 325 File and Print Services for NetWare (FPNW) 325 The Realities of Integrating NetWare and Windows 2000 325 Dealing with Duplicate Names 326 Dealing with Supervisor Rights 326 Dealing with File Migration 326 Best Practices for Migration 328 Mechanics of NDS Versus Active Directory 328 Troubleshooting NetWare-to-Windows XP Connections (and Vice Versa) 329 Performance Tuning When Using Multiple Protocols 329 For More Information 330
16 Windows XP Meets Unix
331
Windows XP Strengths and Weaknesses 331 Unix Strengths and Weaknesses 334 Hybrid Environments 335 The OSI Model 336 IEEE 802 Networking Specifications 336 Name Resolution 338 DHCP 340
Contents
Windows 2000 Server and Unix Integration 341 The Realities of Integrating Unix and Windows 2000 342 Microsoft Windows 2000 Services for Unix 342 Server Message Block (SMB) 343 Common Internet File System (CIFS) 343 Samba 344 Other SMB/CIFS Implementations 344 Unix File Services Running on Windows XP 345 The Domain Name System 346 Unix DNS 348 Windows 2000 Server DDNS 349 Troubleshooting Windows XP-to-Unix Connections (and Vice Versa) 350 For More Information 352
17 Remote Access
353
Connecting to Remote Systems 353 Working with Modems, ISDN, Cable Modems, and More 354 Working with Analog Modems 355 WinModems 356 Using Unsupported Modems with Windows XP 357 Working with ISDN 360 Setting Up ISDN 362 Troubleshooting Remote Access Problems with Modems 365 Using HyperTerminal to Test Modem Connections 366 Special Information for Business Users 368 Working with Cable Modems 368 DSL and ADSL 369 Looking to the Future: Satellite Technology 371 The Dark Horse Entry:Wireless 372
xvii
xviii
Contents
Broadband:Which One Should You Choose? 373 Security Issues for Always-On Connections 373 Connecting Broadband to Your Computer 374 Troubleshooting Broadband Connections 376 Remote Access Versus Remote Control 377 Remote Desktop 379 Remote Assistance 382 Problems with Remote Assistance 385 Working Across Virtual Private Networks 385 Point-to-Point Tunneling Protocol (PPTP) 385 Layer 2 Tunneling Protocol (L2TP) 386 Which VPN Protocol Should You Use? 387 Tools for Diagnosing VPN Problems 388 Third-Party DUN, RAS, and VPN Utilities and Hardware 389 For More Information 390
18 Windows XP and Terminal Services
393
Terminal Services History and Overview 393 What Is Terminal Services Good For? 395 Terminal Services Advantages and Disadvantages 396 Working with Terminal Services 398 Terminal Services in Application Mode 398 Terminal Services in Remote Administration Mode 399 Using Windows XP as a Terminal Services Client 399 Using the Remote Desktop Connection Client 400 Remote Desktop Client Configuration Options 402 Setting Up Windows XP as a Remote Management Workstation 406 Troubleshooting Terminal Services 408 Third-Party Terminal Services and Related Utilities 409 For More Information 410
Contents
IV Managing Your Windows XP System(s) 19 Windows XP and Storage
413
FAT and NTFS 413 Installing, Configuring, and Partitioning Disks 415 Basic and Dynamic Disks 416 File Management Utilities 418 Disk Quotas 420 Data Management 421 Cleaning Up Files and Folders 421 Compressing Files and Folders 422 Defragmenting Disks 423 Repairing, Replacing, or Moving Data 425 Working with Removable Media 425 Encrypting File System (EFS) 428 Encrypting Files and Folders 429 Recovery Agents 432 Third-Party Storage Management Utilities 433 Troubleshooting Disk Drives/Storage Subsystems 433 For More Information 435
20 Windows XP Backup and More
437
The Windows XP Built-in Backup Utility 437 Backup Options 439 Backing Up Data 442 Restoring Data 442 Other Backup Alternatives 443 Iomega Zip Drives and the Like 443 Iomega Jaz Drives and Similar Products 443 CD-Recordable (CD-R) 444 CD-Rewritable (CD-RW) 444 DVD-Recordable 444 Duplicate Drives 444 Choosing an Appropriate Backup Device 445 Backup Space 445 Backup Window 446
xix
xx
Contents
Downtime 447 Affordability 447 Rules for Backing Up 448 Temporary Files 448 The Page File 448 Managing Backup Media 449 Son 449 Father-Son 450 Grandfather-Father-Son 451 Benefits of Offsite Storage 452 Third-Party Backup Tools and Utilities 452 Ultrabac 453 ARCserve 2000 453 Backup Exec 453 Networker 454 Tivoli Storage Manager (TSM) 454 Other Backup Tools and Utilities 454 Troubleshooting Backup Problems 455 Hardware Problems 455 Software Configuration 456 Permissions 456 For More Information 456
21 Scripting and Automation
457
The Computer Can Take Care of Itself 457 Windows Batch Files and Commands 458 Windows Script Host 462 Working with CScript 463 Working with WScript 464 Working with the WSH 464 AT and the Scheduled Tasks Service 468 AT 468 The Scheduled Tasks Applet 470 SCHTASKS 473 Scripting and Automation Scenarios 475 Adding a Shortcut to a User’s Desktop 475 Modifying the Registry 475
Contents
Windows Remote Installation Service (RIS) 476 Troubleshooting Scripting and Automation 478 Troubleshooting Problems with Scripts 479 Troubleshooting Problems with the Scheduled Tasks Applet 479 Third-Party Scripting and Automation Alternatives 481 Arcana Scheduler 481 Macro Scheduler 481 OpalisRobot 481 Opalis JobEngine 482 ScriptLogic 482 Perl 482 Python 482 For More Information 482
22 Tuning and Optimizing Windows XP Establishing a Baseline 485 Working with System Monitor 487 Graph View 488 The Report View 490 Histogram 491 The Alerts Container 491 Counter and Trace Logs 492 Trace Logs 494 Characterizing System Performance 494 Key Objects and Counters 495 Memory Object 496 Processor Object 498 Disk Objects 499 Network Objects 500 Identifying Bottlenecks 501 Troubleshooting System Monitor Problems 502 Process Time Starvation 502 Process and Thread IDs 502 Zero Measurements and Logging 502 Resource Kit Performance Tools 503
485
xxi
xxii
Contents
Other Windows XP Performance Tools 503 Task Manager 504 Windows XP System Information 504 Virtual Memory Management 505 Third-Party Performance Monitoring Tools 505 Monitoring Tools 507 Third-Party Network Monitoring Tools 508 For More Information 508
23 Managing Applications
509
Understanding Foreground Priority 509 Managing Application Priority 511 Using the Run and Run As Commands 513 Using the Run Command to the Max 514 Using the Run As Command 516 Environment Subsystems 517 Win32 517 VDMs 518 Win16 (WOW) 525 Making the Most of Virtual Memory 526 The Virtual Memory Manager 527 Optimizing the Page File 527 Using Compatibility Mode 533 Using the Program Compatibility Wizard 534 Configuring Program Compatibility Manually 536 The Application Compatibility Toolkit 537 Third-Party Application Management Tools 537 Troubleshooting Application Difficulties 537 MS-DOS Applications 538 General Applications 538 Using DualView to Display the Desktop Across Two Monitors 539 For More Information 542
Contents
24 Printing with Windows XP
543
The Windows XP Print Architecture 543 Adding Printers 548 Locally Attached Printers 548 Plug and Play Printers 550 Network-Shared Printers 550 Network-Attached Printers 552 Updating Print Drivers and Determining Who Needs Them 556 Printer Pooling 556 Managing Printer Users, Queues, and Priorities 557 Server Management 557 Print Job Management 558 Web-Based Print Management 560 Third-Party Print Management Tools 560 Troubleshooting Printing Problems 561 For More Information 563
25 Managing System Security
565
Windows XP Security Components 565 Windows 2000 Security Overview 567 The Windows XP Security Model 567 Certificate Services 570 Encrypting File System (EFS) 571 TCP/IP Security Enhancements 573 Using Policies to Manage Windows XP Security 574 Establishing a Windows XP Security Regimen 576 Managing Users and Groups 576 Establishing Secure Account Controls 577 Avoiding Internal Attacks 580 Applying Service Packs and Hotfixes 582 Securing Well-Known Windows XP Vulnerabilities 585 Auditing as a Security Tool 587
xxiii
xxiv
Contents
Security Is a Way of Life 589 Exposure to Theft 590 Raising Users’ Security Consciousness 590 Viruses Threaten Security,Too 591 Interesting Security Tools 592 Security Tweaks for ACLs, Events, and the Registry 592 Resource Kit Nonpareils 593 Security Scanners 594 For More Information 595
26 Managing System Recovery
599
Some Preventive Techniques 600 Repairing a Damaged Windows XP System 601 Common Recovery Tools 603 Boot Options 608 Preparation for Recovery 610 Working with the Recovery Console 611 Using IntelliMirror 613 User Data Management 614 Software Management 615 User Settings and Desktop Environment Management 616 Remote Installation Services 616 Third-Party System Recovery Tools 618 For More Information 618
V Windows XP Goes Online: Internet or Intranet Access 27 Windows XP as a Web Client Types of Internet Access 621 Dial-Up Connection 621 DSL 622 Cable 623 Selecting an ISP 623
621
Contents
Equipment to Use 623 Modem Installation 624 Using the New Connection Wizard 624 Internet Explorer 6.x 627 Customizing the Toolbar 628 Selecting Your Options 628 Exploring Other Browsers (Netscape, Opera) 632 Exploring Netscape 633 Exploring Opera 633 Working Outside the Web with E-mail, Newsgroups, and FTP 633 Using E-mail Programs 633 Using Newsgroups 635 File Transfer Protocol 637 The Internet Explorer Administration Kit (IEAK) 638 Troubleshooting Internet or Intranet Access Problems 639 Verify Your Network Connection 639 Check the Hardware 640 Check the Configuration 640 Check the Network 641 Don’t Forget the Modem 641 For More Information 641
28 Windows XP as an E-mail Client Outlook Express and Outlook 2002 643 Outlook Express 644 Outlook 2002 646 Configuring E-mail Access 647 Multiuser Support 648 Address Books 648 Directory Services 649 Customizing and Configuring Your Messages 650
643
xxv
xxvi
Contents
Managing and Searching E-mail Folders 651 Encryption 652 Searching E-mail Folders in Outlook Express 652 Searching E-mail Folders in Outlook 2002 653 Filtering E-mail 653 Filtering E-mail in Outlook Express 653 Filtering E-mail in Outlook 2002 655 Creating Calendars 657 Handling Appointments 659 Building Outlook Applications 660 Integrating Newsgroups and Mailing Lists 661 Newsgroups 662 Mailing Lists 663 Troubleshooting E-mail Problems 664 E-mail Messages Stay in the Outbox 664 General Problems Sending E-mail 665 Corrupted E-mail 665 Third-Party E-mail Tools 665 For More Information 667
29 Internet Services from Windows XP Professional 669 IIS Limitations and Options in Windows XP 669 Internet Information Services (IIS) 670 IIS Management 671 Setting Up a Web Site with IIS 671 Creating and Managing Content 673 Creating Virtual Directories 673 Managing Virtual Directories 674 Managing the Default Web Site 675 Tools for Web Success 676 Microsoft Office 676 FrontPage 677 Visual Studio 677 Site Builder 677
Contents
Static Versus Dynamic Content 677 Push Versus Pull Publishing 678 Personal Web Site Tools 679 Third-Party Personal Web Tools 680 Troubleshooting Personal Web Sites 681 For More Information 682
30 Sharing an Internet Connection
685
Using XP as a NAT Proxy 685 What Are the Benefits of NAT? 686 Internet Connection Sharing 686 Enabling ICS 687 Configuring the ICS Client 690 Tradeoffs of Sharing a Link 691 Controlling the Flow of Data 692 Creating a Service Definition 693 For More Information 694
31 Maintaining Internet Security
695
Using Firewalls 695 Internet Connection Firewall 697 ICS and ICF 698 Enabling ICF 698 Third-Party Firewall Options 700 Controlling the Flow of Data 700 Watching Out for Violations and Vulnerabilities 702 Watching Out for Attacks 703 Closing Down Common Access Points 704 Testing for Weakness 705 For More Information 706
VI Appendixes A Windows XP Information Resources, Online and Off 709 Internet Resources 709 Listservers 713
xxvii
xxviii
Contents
Newsletters 714 Publications 714 Training 717
B Key Windows XP Utilities: Native, Resource Kit, and Downloads 719 Windows XP Support Tools 719 Active Directory Tools 720 Computer Management Tools 720 Deployment Tools 721 File and Disk Tools 721 Network Management Tools 722 Performance Tools 722 Security Tools 722 Windows 2000 Professional Resource Kit 723 Administration Scripts 723 Debugging Utilities 725 Deployment Utilities 726 Desktop Management Utilities 726 File and Disk Utilities 727 Management Utilities 728 Network Utilities 730 Performance Tuning Utilities 732 Scripting Utilities 733 Security Utilities 733 System Diagnostic Utilities 734 Microsoft Power Toys for Windows XP 735
C Windows XP Command-Line Reference 737 APPEND ASSOC AT
738 739
739
740 BOOTCFG 740 CACLS 741 CALL 742 ATTRIB
Contents
743 743 CHKNTFS 744 CIPHER 744 CMD 745 COLOR 746 COMP 747 COMPACT 747 CONVERT 748 COPY 748 DATE 749 DEFRAG 750 DEL/ERASE 750 DIR 751 DISKCOMP 752 DISKCOPY 753 DISKPART 753 DOSKEY 753 DRIVERQUERY 754 ECHO 755
CHDIR (CD) CHKDSK
ENDLOCAL/SETLOCAL EXPAND
756
756 757 FORMAT 757 FSUTIL 759 GOTO 759 GPRESULT 760 GPUPDATE 760 HOSTNAME 761 IF 761 LABEL 762 MKDIR (MD) 762 MORE 762 MOUNTVOL 763 MOVE 764 FC
FIND
755
xxix
xxx
Contents
764
MSINFO32 NET
765 765 766 CONTINUE 766 GROUP 766 HELPMSG 767 LOCALGROUP 767 PAUSE 768 PRINT 768 SEND 768 SESSION 769 SHARE 769 START 770 STOP 770 TIME 770 USE 771 USER 772 VIEW 773
NET ACCOUNTS NET COMPUTER NET NET NET NET NET NET NET NET NET NET NET NET NET NET NET
774 PAUSE 774 PRINT 774 PATH
RENAME (REN)
775
775 REXEC 776 REPLACE
RMDIR (RD) RSH
776
777 777
RUNAS
SCHTASKS SECEDIT SET
778 778
779
SETLOCAL/ENDLOCAL
781 781 SORT 781 START 782 SFC
SHIFT
780
Contents
SUBST
783
SYSTEMINFO
784
784 785 TREE 785 TYPE 785 VER 785 WINMSD 786 XCOPY 786 TIME
TITLE
D Windows XP Performance Monitor Objects and Counters 789 Hard Disk Counters 789 Enabling Storage Counters 789 Identifying Storage Device Bottlenecks 790 Disk Bottleneck Removal 791 CPU Counters 792 Identifying CPU Bottlenecks 792 CPU Bottleneck Removal 793 Memory Counters 793 Identifying Memory Bottlenecks 793 Memory Bottleneck Removal 794 Network Counters 795 Identifying Network Bottlenecks 795 Network Bottleneck Removal 796 Miscellaneous Counters 797 Performance Counters for Detailed Diagnosis 798 Cache Counters 799 LogicalDisk Counters 801 Memory Counters 802 NBT Counters 805 Objects Counters 806 Paging File Counters 806 PhysicalDisk Counters 806 Process Counters 808 Processor Counters 809
xxxi
xxxii
Contents
Redirector Counters 810 Server Counters 814 System Counters 816
E Windows XP Keyboard Commands and Shortcuts 819 Remote Desktop Connection 828 Keyboard Accessibility Features 829
F CD-ROM Contents
833
AutoPilot 833 Double-Take 833 iHateSpam 834 OpalisRobot 834 PestPatrol 834 Retina 834 ScriptLogic 834 Security Explorer 835 StorageCeNTral 835 Sunbelt Remote Administrator 835 Ultrabac 835 UpdateEXPERT 836
Index 837
About the Author Stu Sjouwerman is the founder of Sunbelt Software, an international company providing best-of-breed system, network, and security management software to keep mission-critical Windows NT/2000 and Server 2003 servers up and running. He is the Editor-in-Chief of W2Knews, which goes to 500,000 subscribers every week, and the publisher of WinXPnews, which has well over two million readers. James Michael Stewart is a partner of ITinfo Pros, Inc., a technology-focused writing and training organization. His work focuses on Windows NT/2000/XP/.NET, certification, and security. Michael has coauthored numerous books on Microsoft and security certification and administration and written articles for several print and online publications. He has developed and presented certification courseware and training materials. He is also a regular speaker at Networld+Interop.With nearly 20 years of experience with computers, he has also been an MCSE since 1997 and holds the following certifications: CISSP,TICSA, CIW SA, CCNA, MCSE NT and W2K, and iNet+.You can reach Michael by e-mail at
[email protected]. Lee Scales, BSEE, MCSE + I, has been working in the computer industry for more than 20 years, including stints with IBM and Microsoft. He is currently employed as a senior consultant with a Microsoft Gold Partner, where his duties include designing Windows networks. He has also been developing courseware for the Windows platform for several years and has been a contributing author to titles in the Exam Cram and the Windows Power Toolkit series. Gale Pomper has 20 years of experience installing and designing computer networks and holds CompTIA’s newest network certification, Server+. She is a certified trainer and engineer for both Microsoft (MCT, MCSE) and Novell (CNI, CNE). For the past 10 years she has been an independent consultant providing network design services and customized training. In 2001 she filmed a Web-based course on Windows 2000 Server. She is the principal author for an exam guide for Windows 2000 Active Directory published in December 2001. She has recently returned from an 8-month sailing hiatus in the Bahamas with her family. Diana Huggins, B.Ed., MCSE, MCT, A+, Server+, and I-NET+, is an independent trainer and technical writer who has coauthored several certification books on Windows Server 2003,Windows 2000 Directory Services Design, ISA Server, Server+, and Windows XP Professional.
Dawn Rader has been a networking writer, editor, and researcher since 1993. Before joining LANWrights, Inc. in 1995, she was the Managing Editor at NetWare Solutions magazine. Since joining LANWrights full time, she has performed duties as Managing Editor on more than 85 books. She is a contributing author on numerous titles, including the Windows 2000 Power Toolkit (New Riders), Windows 2000 Server Exam Prep (Certification Insider Press), Computer Telephony (AP Professional), The PC Networking Handbook (AP Professional), and the Networking Essentials Exam Cram (Certification Insider Press). Todd Klindt is an Infrastructure Associate for EDS PLM Solutions. His day-to-day activities include the care and feeding of Windows servers. He spends his free time riding his motorcycle, trying to do martial arts, and spending time with his new bride, Jill.
Acknowledgements Stu Sjouwerman: Grateful acknowledgements to Tom Shinder, the editor of WinXPnews.Without his help, this would never have been possible. James Michael Stewart: Thanks to Ed Tittel and LANWrights, Inc. for allowing me to contribute to this book.Working with you guys is and always has been a pleasure. Thanks to my editor, Dawn Rader, for putting up with bad grammar and sporadic submission schedules.To my parents, Dave and Sue, thanks for your love and consistent support.To my sister, Sharon, and nephew,Wesley, it’s great having family like you to spend time with.To Mark, you are the best friend a guy could ever have.To HERbert and Quin, it is all because of you I have to dust every week to keep the cat hair from congealing into world-dominating fuzz monsters. And finally, as always, to Elvis—I just got your latest release of the top-30 #1 hits. I can’t believe you are still making so much cash from beyond! By the way, can I get a cut? Lee Scales: Thanks to our editor, Dawn Rader, a fellow Scorpio, for all her hard work in keeping us focused. In addition, thanks to my son, Davin, who was very understanding on those days when Daddy couldn’t come out and play. Gale Pomper: I would like to thank Dawn Rader for all her kindness and support during this project. I appreciate the reformatting and graphics work you were doing for me on the side. I would also like to express my appreciation to all the editorial staff at LANWrights for the behind-the-scenes work that we know takes place but never have to see.Thank you, Ed Tittel, for allowing me to join your team again. As always, I owe the most gratitude to my family, Gardner and Clara, for taking all those deadlines in stride. Diana Huggins: First and foremost, I’d like to thank my agent, David Fugate of Waterside Productions, and Dawn Rader of LANWrights, Inc. for bringing me on board this project. A special thanks as well to my family and friends for being so supportive. Dawn Rader: As always, thanks to my friends and coworkers at LANWrights: Ed Tittel, Michael Stewart, Mary Burmeister, Kim Lindros, and Bill Brogden—I couldn’t ask for a better bunch of folks to work with. I would also like to thank John Davidson for sticking by me and for being a mighty, mighty good man. Todd Klindt: I would to thank the LANWrights team for including me in this book, especially Dawn Rader and her Job-like patience. I would also like to thank my new bride, Jill, for her patience and support.
We Want to Hear from You As the reader of this book, you are our most important critic and commentator.We value your opinion and want to know what we’re doing right, what we could do better, what areas you’d like to see us publish in, and any other words of wisdom you’re willing to pass our way. As an associate publisher for Que, I welcome your comments.You can e-mail or write me directly to let me know what you did or didn’t like about this book—as well as what we can do to make our books better. Please note that I cannot help you with technical problems related to the topic of this book.We do have a User Services group, however, where I will forward specific technical questions related to the book. When you write, please be sure to include this book’s title and author as well as your name, e-mail address, and phone number. I will carefully review your comments and share them with the author and editors who worked on the book. E-mail:
[email protected] Mail:
Greg Wiegand Que 201 West 103rd Street Indianapolis, IN 46290 USA
For more information about this book or another Que title, visit our Web site at www.quepublishing.com.Type the ISBN (excluding hyphens) or the title of a book in the Search field to find the page you’re looking for.
Introduction
W
ELCOME TO THE Windows XP Power Pack! This book is designed to help Windows XP users at all levels—from novice to expert—function like a power user on steroids! We’ve designed this book to be easy to read, easy to use, and a great source of tips, tools, and techniques to enhance your Windows XP user experience.Windows XP features are also introduced and explained.
Who This Book Is For If you use the Windows XP operating system, this book is for you. By and large, this book is not aimed at the types of problems and topics that network or system administrators must solve on a day-to-day basis (but even those folks should find it useful). Rather, this book is aimed at helping those people who must work with Windows XP to get their work done on a day-in, day-out basis.Therefore, it provides information about what Windows XP is, how it works, and how to get the best use out of your system. But whether you’re a seasoned professional or a newbie, you’ll find a lot to help you improve your productivity in this book, including the following: n n n n n n n n
Lots of useful overview and orientation information How to manage Windows XP hardware and software The most useful Windows XP Registry tweaks Networking tips and tricks Making the most of the Windows XP file systems and utilities Scripting and automating everyday tasks Tweaking and tuning Windows XP for maximum performance And (as the saying goes) “much, much more!”
2
Introduction
What’s in This Book Each chapter is designed to cover some topic or technique related to Windows XP, from the fundamentals of its architecture to the ins and outs of remote access, printing, protocols, and system security.Throughout the book, you’ll find pointers to built-in Windows XP software, Resource Kit utilities, new Windows features, and third-party software products designed to improve your ability to get your work done.Whenever possible and practical, you’ll find copies of this software on the CD that accompanies this book. To help organize the voluminous material this book contains, it’s organized into six parts, described in the following sections.
Part I: Windows XP Overview This part of the book contains three chapters, which together provide an overview of Windows XP capabilities and a roadmap to its visible contents. Chapter 1, “Introducing Windows XP,” covers a bit of Windows history, compares various versions of the software, and discusses upgrade and migration issues. Chapter 2, “Common Windows XP Administrative Utilities,” covers the common administrative utilities in Windows XP, and Chapter 3, “The Windows XP Layout,” provides a roadmap to various Windows XP directory structures, files, and elements and explains how to live with the routine of change so common on modern systems.
Part II: Nuts and Bolts of Windows XP This part of the book contains eight chapters.The first chapter, Chapter 4, “Windows XP and Hardware,” covers how Windows XP interacts with hardware. Chapter 5, “Keeping Windows XP Current,” discusses how to keep Windows XP current. Chapter 6, “Windows XP Installation and Upgrade Secrets,” covers how to install and upgrade to Windows XP. Chapter 7, “Booting Windows XP,” explains how Windows XP boots itself during startup. Chapter 8, “Windows XP Control Panel Utilities,” examines how to control and configure your system with the Windows XP Control Panel utilities.The remaining three chapters focus on that all-important Windows data repository—the Registry. Chapter 9, “Introducing the Windows XP Registry,” includes an overview of its structures and functions. Chapter 10, “Editing the Windows XP Registry,” discusses safe editing techniques to manipulate Registry contents. Chapter 11, “Important Registry Keys and Values,” contains a slew of details about important Registry keys and values.
Part III: Networking Windows XP This part of the book contains seven chapters, beginning with a Windows XP networking overview in Chapter 12, “Windows XP Networking Explored and Explained.” Chapter 13, “Windows XP Networking Models,” follows with a discussion of Windows
Introduction
XP networking. Chapter 14, “Windows XP and TCP/IP,” provides coverage of TCP/IP. Chapter 15, “Windows XP and Legacy Protocols,” explores working with legacy protocols, such as NetBIOS and NWLink. In Chapter 16, “Windows XP Meets Unix,” issues related to Windows XP support for Unix interoperability are explored. Chapter 17, “Remote Access,” covers the Remote Access Service. Chapter 18, “Windows XP and Terminal Services,” discusses the use of a Windows XP system as a Terminal Services client.
Part IV: Managing Your Windows XP System(s) This part of the book contains eight chapters, starting with coverage of Windows XP file systems and storage capabilities in Chapter 19, “Windows XP and Storage.” Chapter 20, “Windows XP Backup and More,” covers Windows XP backup hardware, software, and recommended backup methods and techniques. Chapter 21, “Scripting and Automation,” includes a discussion of the Windows XP built-in scripting facilities, along with batch files and commands.We also provide information on third-party automation alternatives to help you turn routine work over to your computer instead of performing tasks repeatedly by hand. Chapter 22, “Tuning and Optimizing Windows XP,” covers tuning and optimizing Windows XP, and Chapter 23, “Managing Applications,” explains what’s involved in managing newer 32-bit applications along with older 16-bit applications in a Windows XP environment. Chapter 24, “Printing with Windows XP,” surveys printing in the Windows XP environment, starting with an overview of the Windows XP print architecture and moving on to installing, configuring, and updating printers on a Windows XP system. Chapter 25, “Managing System Security,” discusses Windows XP security, documents well-known holes and backdoors in the system, and provides some tips and tricks on how to close them for good! Part IV concludes with Chapter 26, “Managing System Recovery,” which provides a discussion of system recovery of a failed Windows XP system.The chapter also introduces you to the built-in Recovery Console and IntelliMirror and lists some third-party tools.
Part V: Windows XP Goes Online: Internet or Intranet Access The five chapters in this part cover the software components in Windows XP that support Internet or intranet access and services. Chapter 27, “Windows XP as a Web Client,” documents the Windows XP capabilities as a Web client, primarily using Internet Explorer. Chapter 28, “Windows XP as an E-mail Client,” switches its focus to the Windows XP capabilities as an e-mail client, primarily using Outlook 2000. Chapter 29, “Internet Services from Windows XP Professional,” explores the Windows XP Webserving software, namely Internet Information Services (IIS). Chapter 30, “Sharing an Internet Connection,” looks into the use of Windows XP as a NAT proxy to share an Internet connection with a network.To round out coverage of Internet utilities and services, Chapter 31, “Maintaining Internet Security,” covers essential Internet security issues so that you can keep your environment safe from malicious people and software.
3
4
Introduction
Part VI: Appendixes These six elements cover a variety of useful explanatory and supplementary information related to Windows XP. Appendix A, “Windows XP Information Resources, Online and Off,” offers a concise but useful compendium of Windows XP information resources, both online and off. Appendix B, “Key Windows XP Utilities: Native, Resource Kit, and Downloads,” provides an overview of some built-in and Resource Kit utilities. Appendix C, “Windows XP Command-Line Reference,” supplies a command-line reference, and Appendix D, “Windows XP Performance Monitor Objects and Counters,” has a comprehensive list of Performance Monitor objects and counters. Appendix E, “Windows XP Keyboard Commands and Shortcuts,” describes important Windows XP keyboard commands, shortcuts, and equivalents. Finally, in Appendix F, “CD-ROM Contents,” you’ll find a list of all the software and information included on the CD-ROM that accompanies this book. All in all, there’s a tremendous amount of information, along with a great collection of tools and utilities to help you use what you learn.
How to Use This Book You can use this book in any of a variety of ways. If you’re a relative newcomer to Windows XP, you’ll probably benefit from reading the book in sequence because many of the later chapters reference information in earlier chapters. If you’re an intermediate user, look for chapters on topics of interest and tackle them as you please. Just remember that for some topics—such as the Windows XP Registry covered in Chapters 9, 10, and 11—you might have to read more than one chapter to cover the necessary ground. If you’re a Windows XP expert, we recommend that you use the book’s Index and Table of Contents to point your reading to more precise topics. But no matter what your level of expertise is, we also suggest that you investigate the contents of the CD that accompanies the book, simply because you’ll find so much good stuff there. So roll up your sleeves, dust off your favorite reading chair, and get down to it. Also, please feel free to share your comments with the authors. Send your comments, suggestions, questions, and criticisms to
[email protected]; we’ll do our best to answer all e-mail within 24 hours (by noon the next working day if sent on weekends or holidays). Thanks for buying our book, and enjoy your reading experience!
I Windows XP Overview 1
Introducing Windows XP
2
Common Windows XP Administrative Utilities
3
The Windows XP Layout
1 Introducing Windows XP
O
N OCTOBER 25, 2001, MICROSOFT OFFICIALLY launched Windows XP, the newest member of the Windows family.With this release of Windows, Microsoft realized a goal that had been eluding it for years: combining the home and corporate versions of Windows, using the same architecture.Windows XP unites the friendliness of its ancestors in the Windows family line with the robustness of its corporate heritage.This combination makes Windows XP the best desktop OS yet.
Windows XP History and Description In its earliest form, Microsoft Windows was simply a desktop operating system built as an extension to MS-DOS that provided a graphical interface for users to access applications. Over the years, and through many iterations,Windows has grown to encompass the latest and greatest computing advances. In recent years, with the rise of the Internet and business networks,Windows has embraced networking technology for sharing resources.
Birth of Network Operating Systems These days, computer networks are a normal part of any advanced computer user’s working environment. Most of us use a computer network every day without thinking twice about it. But computer networks have not been around very long. Before the wonderful features of today’s networks were so broadly available, most users relied on a networking technology known as sneakernet. Sneakernet was a great invention. It almost never failed, was easy to upgrade, and was extremely scalable. Every time you added a computer system to your organization, that machine automatically joined your current network and configured itself.
8
Chapter 1
Introducing Windows XP
In case you haven’t already guessed, using sneakernet meant copying the information you needed to transfer to a floppy disk, taking that floppy disk to the destination computer, and copying the information onto that system.The key mode of transportation for this network was its users’ shoes, hence the name sneakernet.To some users, sneakernet is a fond memory; to others, it’s a relic of a bygone era; to a surprising number, it’s still business as usual. The first commercially available local area network (LAN) was the Attached Resource Computer Network (ARCNet) architecture from Datapoint Corporation, which was developed in 1977. It was based on a scheme of file and application processors, servers, and clients. More than 500,000 ARCNet systems were in use before Ethernet (a LAN technology developed by the Xerox Palo Alto Research Center) was a commercial product. The first commercially successful network operating system was Novell’s NetWare, which hit the streets in 1984. Because of its success, many believe that Novell was the first company to offer a system that allowed users to share information and resources across a network. Not to be outdone, Microsoft released its first version of a network operating system in early 1985 under the name MS-NET. MS-NET worked hand-inhand with MS-DOS 3.10.When MS-NET was released, Microsoft was still a relatively small company and did not choose to market the software aggressively. It did, however, establish a relationship with IBM that helped move the MS-NET networking software into the marketplace. In 1985, there were really only two mainstream options for organizations that wanted to implement PC-based networks: MS-NET and NetWare. Unfortunately for Microsoft, although MS-NET was inexpensive and easy to implement, NetWare outperformed MS-NET and offered corporate users more powerful file and print services. In this first networking encounter between the two companies, Novell carried the day. Microsoft realized that it needed to close the gap between its products and Novell’s if it was to succeed in the networking market.To accomplish this goal, the company designed a second-generation network operating system based on the OS/2 1.0 operating system. This network operating system, called Microsoft LAN Manager, involved extensive collaboration with the networking giant 3Com Corporation. As with MS-NET, Microsoft did not intend to market LAN Manager directly, but hoped that IBM and other partners would sell the product. Although IBM did sell LAN Manager, some of those other partners (including Compaq Computer Corporation) decided not to participate in this venture.This prompted Microsoft to enter the marketplace directly to market and sell LAN Manager. Unfortunately, NetWare had a head start on LAN Manager and continued to outperform it.When Microsoft released LAN Manager version 2, however, the new product further closed the gap, in terms of both market acceptance and adoption, between the two network operating systems.
Windows XP History and Description
Windows NT While working on the OS/2 operating system with IBM, Microsoft was developing a new operating system intended to replace LAN Manager.This new operating system was initially designed to run on OS/2. It was Microsoft’s intention to develop a processorindependent operating system. Processor independence would allow this new operating system to venture into the Unix world and permit it to run on processors—such as RISC—that, until then, could run only Unix. In October 1988, Microsoft hired David Cutler, an operating system guru who had worked for Digital Equipment Corporation (DEC) and helped that company develop its VMS operating system. Microsoft decided to call this project its “New Technology” operating system. The product’s original name was to be OS/2 NT. In early 1990, however, Microsoft decided that it would base the interface for this operating system on its current desktop operating system, Microsoft Windows 3.0, instead of on OS/2. Because Windows 3.0 gained a large installed base rather quickly, we can only speculate that Microsoft wanted to leverage the success of that product with the introduction of the new product. In early 1991, IBM learned that Microsoft was planning to base its new operating system on Windows rather than on OS/2, and withdrew from its development. IBM continued to work on the OS/2 operating system for several years and ultimately developed the OS/2 Warp product family before giving up and switching its focus to Windows NT in 1997 and 1998. Finally, on July 17, 1993, Microsoft released LAN Manager NT, calling it Windows NT Advanced Server. Although this product was a new operating system, Microsoft marketed it as version 3.1.Two powerful factors helped motivate this strategy: n
n
Microsoft was already marketing its Microsoft Windows 3.1 desktop operating system and felt that users might not adopt Windows NT Advanced Server if it had a 1.0 version number. NetWare was already on version 3.11 and Microsoft’s marketing wizards believed that people might assume Windows NT Advanced Server was an inferior product, solely because of its lower version number.
What’s in a Name? There is some discussion as to how the name “New Technology” was derived. Some think that Microsoft (and David Cutler) decided on the name and called it Windows NT (WNT). Others believe that the initials WNT were decided on first, and that Windows New Technology was derived from the initials. Here’s one explanation we find interesting, be it gospel truth or imaginative fiction. Anyone who has seen the movie 2001: A Space Odyssey cannot help but remember that one of the main characters in the movie is named HAL. Many people wonder where that name came from. But if you take
9
10
Chapter 1
Introducing Windows XP
each letter in that name and increase its letter value by one, you will see immediately where the name comes from—that is, the next letter after H is I, the next letter after A is B, and the next letter after L is M. You can apply the same technique to the Windows NT characters, WNT. The next letters in this sequence are VMS, which is, of course, the operating system that David Cutler worked on when he was with DEC. Conspiracy theorists are welcome to find significance here! We simply find it amusing.
In September 1994, Microsoft released a new version of the Windows NT operating system and dropped the word Advanced from its name (although this is not the last you will see of Windows Advanced Server).This new version, called Microsoft Windows NT 3.5, was a tuned-up version of 3.1.Windows NT 3.5 required less memory, included built-in NetWare and TCP/IP connectivity, and was separated into Server and Workstation versions.Windows NT 3.5 also included new administration tools that could be run from a Microsoft Windows for Workgroups (version 3.11) system. In 1995, Microsoft released Microsoft Windows NT 3.51, which fixed some bugs from the previous version and added new functions, including file and directory compression and support for new hardware.Version 3.51 also represented a turning point for Windows NT sales and marketplace acceptance and marked the beginning of its incredible ramp up to the market share that Windows NT/2000/XP enjoys today. In August 1996, Microsoft released Windows NT 4.0. Many people at that time believed it was simply version 3.51 with the Windows 95 interface grafted on. Nothing could be further from the truth:Windows NT 4.0 added significant functionality to its predecessor, including Domain Name System (DNS) services, and its graphics-handling architecture was modified to increase overall performance.
Windows 2000 In the nearly four years between the release of Windows NT 4.0 and Windows 2000, Microsoft released six different service packs.With the service packs, it adopted the practice of releasing not only bug fixes but also product enhancements. Each subsequent service pack included new administrative utilities and enhancements to existing tools and services. As you will see, administrators did not adopt this practice as Microsoft had hoped they would (because installing 60+MB service packs every several months on many systems became a nightmare for many administrators). On February 17, 2000, Microsoft released Windows 2000. More than one billion dollars was spent on developing and testing the new operating system. Unlike previous releases, Microsoft decided not to succumb to external pressure to release the operating system, opting instead to wait until it felt the OS was stable and relatively bug free and could deliver what Microsoft had been promising for years.
Windows XP History and Description
Windows 2000 added major new functionality, including the following features:
n
Active Directory (a data structure that allows any network object to be tracked) Full Plug and Play support COM+, a major improvement to Microsoft’s Component Object Model File system improvements, including disk quotas, encryption, and defragmentation capabilities Improved security using certificates, IP Security (IPSec), and Kerberos FAT32 file system support (FAT stands for file allocation table)
n
More flexible upgrade paths from previous operating systems
n n n n
n
With Windows 2000, the term workstation is no longer used. Instead, the following names have been assigned to the different flavors of Windows: n n n
Windows 2000 Professional. Equivalent to Windows NT Workstation. Windows 2000 Server. Equivalent to Windows NT Server. Windows 2000 Advanced Server. Equivalent to Windows NT Server— Enterprise edition.
Microsoft also created a new category of the server operating system, called Windows 2000 Datacenter Server.This was Microsoft’s high-end server product, which supported up to 32 processors simultaneously in a system with 64GB of RAM.
Windows XP October 25, 2001 was the release date for Microsoft’s most ambitious desktop OS to date,Windows XP. Microsoft chose the letters XP to stand for eXPerience.With Windows XP, Microsoft is not just selling an OS and applications; it is selling an entire experience. Windows XP started its existence as a project code-named Whistler. It merged the home line of Windows 95, 98, and Me and the corporate line of Windows, NT, and 2000.The internal version of Windows XP is NT 5.1, which suggests it is a point upgrade to Windows 2000, or NT 5.The following upgraded features are included with Windows XP: n n n n n
New “Luna” skinnable interface Faster boot times Internet Connection Firewall Support for burning CDs Support for 64-bit Intel Itanium processors
Windows XP came out in three flavors:Windows XP Professional,Windows XP Home Edition, and Windows XP 64-bit Edition.Windows XP Professional corresponds to
11
12
Chapter 1
Introducing Windows XP
Windows 2000 Professional, and Windows XP Home Edition corresponds to Windows 98 and Windows Me. Microsoft has not yet released a corresponding server OS; Windows .NET Server is currently slated for release in Q1 of 2003. You can learn more about the Windows XP product line by visiting the Web sites listed at the end of this chapter in “For More Information.”
Windows XP Architecture To understand how and why Windows XP operates the way it does, you must understand its architecture. Knowing the “lay of the land” also allows you to understand why some programs run better than others on Windows XP and why some applications do not run at all.This section covers the Windows XP architecture in detail. Windows XP is designed around a modular architecture, which means it incorporates a collection of separate and distinct components.This separation of components allows the operating system to be ported from one processor platform to another without requiring its developers to rewrite or recompile the entire system (although currently,Windows XP is available only for the Intel platform, including 64-bit Itanium processors, whereas Windows NT was available for the Intel, PowerPC, Mips, and Alpha platforms). The Windows XP architecture can be divided into two main components: the Kernel mode and the User mode (see Figure 1.1). Note If you understand the Windows 2000 architecture, you are well on your way to grasping Windows XP architecture because they are nearly identical.
The Kernel mode represents a highly privileged mode of system operation. Components that run in this mode have direct access to all hardware components and memory on the system.This includes all address spaces for all User mode processes. The User mode, on the other hand, is a less privileged mode that has no direct access to hardware.This is why you cannot run a lot of older software, such as games, that require direct access to hardware on Windows XP. Components that run in this mode can access only whatever address space is assigned to them. But to access even their own assigned address space, components must request access from the Kernel mode.When the User mode requires access to system resources, it uses operating system application programming interfaces (APIs) to request them and waits for those APIs to grant (or deny) their requests.
Windows XP Architecture
WOWEXEC
NTVDM
NTVDM
POSIX Application
Win32 Application
OS/2 Application
Win32
Win32
POSIX Subsystem
Win32 Subsystem
OS/2 Subsystem
Security Subsystem
User Mode Kernel Mode
Executive Services
I/O Manager
Security Reference Monitor
Memory Manager
Plug and Play Manager
Power Manager
Process Manager
IPC Manager
Window Manager
Object Manager File Systems
Device Drivers
Microkernel
Graphics Device Drivers
Hardware Abstraction Layer (HAL)
Hardware
Figure 1.1 The Windows XP architecture.
These two modes can be described as being similar to a bank. Everything behind the bank counter represents the Kernel mode, whereas everything in front of the counter represents the User mode. Assuming that you have an account at a bank, you can access any information about your account, but you must ask a bank teller to access the bank’s systems on your behalf. Just being a client of the bank does not give you access to any other clients’ information.Tellers operate in Kernel mode.They can access information about any bank client, handle funds for deposits and withdrawals, and transfer funds between accounts.The following sections explain the Kernel and User modes in more detail.
Kernel Mode The primary component of the Kernel mode is the Windows XP Executive.The Executive is further divided into four major components: n n
Hardware Abstraction Layer (HAL) Device drivers
13
14
Chapter 1
n n
Introducing Windows XP
Microkernel Executive services
It is important that you understand these four components, what they enable Windows XP to accomplish, and how they communicate with one another. Hardware Abstraction Layer (HAL) The Hardware Abstraction Layer (HAL) is the component that makes Windows XP a truly portable operating system. By portable, we do not mean that it runs on a laptop computer. Being portable means that it can be easily translated, or ported, to operate on a variety of processor platforms. In fact, the HAL is simply a library of routines that enables Windows XP services to access and manipulate a system’s primary hardware component: its central processing unit (CPU).Windows XP is also capable of operating on systems with more than one CPU, again by invoking a special version of the HAL and the Microkernel. Microsoft provides the library of routines that makes up the HAL; this library is installed during the Windows XP setup process.The HAL lies at the bottom of the Windows XP Executive between the physical hardware and the operating system. The HAL gets its name from the fact that it hides, or abstracts, the physical characteristics of the processor platform behind a standard interface.This standard interface allows the Windows XP Executive to make calls to the hardware without any need to know the specifics of the hardware it is addressing.The Executive simply makes a call, and the HAL translates it to match the characteristics of whatever hardware is in use and then passes this information to that hardware. The HAL allows the same operating system to run different processor platforms without having to be completely recompiled.That’s because the HAL for the Intel x86 CPU family is different from the HAL for other processors, but all HALs share a common interface to the rest of the Windows XP Executive; therefore, the rest of the system can remain oblivious to CPU differences. As previously mentioned, the HAL is installed during the setup process. It is rare that you will need to change the HAL, but such modification is required in some cases. For example, if a dual-processor–capable system had only one processor when Windows XP Professional was first installed and a second processor was added later, changing from the uniprocessor HAL to the multiprocessor HAL would be necessary. Device Drivers Simply put, the device drivers are the bits of the operating system that allow the Executive services to communicate with the hardware, or devices, installed on the
Windows XP Architecture
system.They are the same device drivers that are normally installed when adding or changing a hardware component. When a device driver is added, it simply acts as the interface between the Windows XP system and the hardware device.This interface enables multiple devices to be added to the system without having to teach each application how to use the device. Microkernel The Microkernel is the heart and soul of Windows XP. It lies just above the HAL and operates in close cooperation with the HAL.The Microkernel schedules all threads—a thread is a unit of processor execution—in the system and takes care of all interrupts and exceptions.The Microkernel really starts to earn its keep in multiple-processor systems. In such systems, the Microkernel schedules and synchronizes activity between all available processors. The Microkernel operates like a dispatcher at a trucking office. It’s up to the dispatcher to ensure that all truckers are kept busy. If one trucker is constantly working while others sit idle, the organization suffers.The same is true with a multiple-processor system. If a single processor is utilized while others stay idle, the system’s resources are not being used to their maximum potential. When threads are ready to be executed by the processor, the Microkernel schedules them based on their dynamic priority, a numerical value that ranges from 1 to 31.This number indicates the importance of a thread: 1 is the lowest importance and 31 is the highest.Threads with the highest priority assigned always run first on the processor.This is true even if a thread with a lower priority must be interrupted so that the higherpriority thread can run. When a process is executed, it is assigned a priority. Normally, this priority remains constant unless one of two things happen: n
n
An administrator increases the priority of the process by using Windows Task Manager (as shown in Figure 1.2). The Process Manager modifies the process priority level up or down by two levels to improve process performance or restrict it.
Under Windows XP, most user applications are assigned Normal priority (set between 6 and 10), as shown in Figure 1.2. User mode priorities generally occur in the range of 1 to 15; Kernel mode priorities generally occur in the range of 16 to 31. Among other things, this means that User mode execution invariably takes a back seat to Kernel mode execution.The priorities for Windows XP are listed in Table 1.1.
15
16
Chapter 1
Introducing Windows XP
Figure 1.2 Modifying the process execution priority.
Table 1.1 Windows XP Thread Priorities Priority
Priority Level
Thread Priority
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 22 23 24
Idle Idle Idle Idle Idle Idle/Normal Normal Normal Normal Normal High High High High High Real-Time Real-Time Real-Time Real-Time
Idle Lowest Below normal Normal Above normal Highest/lowest Below normal Normal Above normal Highest Lowest Below normal Normal Above normal Highest/time critical Idle Lowest Below normal Normal
Windows XP Architecture
Table 1.1 Continued Priority
Priority Level
Thread Priority
25 26 31
Real-Time Real-Time Real-Time
Above normal Highest Time critical
Note: 31 is the highest priority, whereas 1 is the lowest.
Note Setting an application’s priority too high can render your system unusable for the remainder of that session because it could bring certain critical system processes to a halt. In addition, these settings affect only the current session. When you reboot the computer, the system default settings are restored.
You can use several tools to modify an application’s priority.The tool that you should use most often to control priority settings is Windows Task Manager.To modify an application’s priority—in this case, explorer.exe—follow these steps: 1. To run Windows Task Manager, press Ctrl+Alt+Delete. Alternatively, you can right-click on the taskbar and choose Task Manager from the pop-up menu or press Shift+Ctrl+Esc. 2. Click the Processes tab, shown in Figure 1.3.
Figure 1.3 You can halt processes or alter process priority through the Processes tab in Task Manager.
3. Select the process whose priority you want to change, and then right-click its entry in the list. (In this case, it appears as explorer.exe.)
17
18
Chapter 1
Introducing Windows XP
4. Click Set Priority on the shortcut menu, and then choose the priority.You can select Realtime, High, AboveNormal, Normal, BelowNormal, or Low. (Realtime is available only if you log on with administrative privileges.) Windows XP Executive Services The Windows XP Executive Services are really a collection of services that can be invoked by any operating system component.These services include the following: n
Object Manager. This component handles all objects in the Windows XP system, including their creation, management, and deletion. Because every aspect of Windows XP is considered an object, the Object Manager handles all actions performed on the system.
n
I/O Manager. This provides a consistent interface for the majority of I/O operations on a Windows XP computer.
n
Security Reference Monitor. This fields all requests for system objects or resources from other Windows XP processes, regardless of whether they are in User or Kernel mode.
n
Memory Manager. This maps virtual addresses on a process’s 4GB address space—2GB for the process’s use and 2GB for system use.Windows XP 64-bit Edition supports 16 terabytes of memory—8TB for User mode and 8TB for Kernel mode.
n
Plug and Play Manager. This controls all Plug and Play capabilities on the system, including device detection, installation, and management.
n
Power Manager. This controls all of Windows XP power management capabilities.
n
Process Manager. This creates and deletes processes, tracks process and thread objects, and provides services for creating processes and threads.
n
Interprocess Communication (IPC) Manager. This component is responsible for all communication between clients and servers on the network. Window Manager. This handles user interaction with the Windows XP GUI, moving and resizing windows, selecting icons, and moving the cursor.
n
n
File Systems. This component controls all the file systems supported by Windows XP, including FAT12, FAT16, FAT32, NTFS, Compact Disc File System (CDFS), and Universal Disk Format (UDF) 2.01.
n
Graphics Device Drivers. This supplies the necessary software that permits the operating system to communicate with hardware.
Situated just above these service groups are the System Services, which act as the interface between User and Kernel mode components.
Windows XP Architecture
User Mode When Microsoft created the Windows NT operating system, it knew that the only way the computer and networking market would embrace the operating system was if a large software base existed.The company had two primary options it could adopt: It could work with independent software vendors (ISVs) to build applications for release with the operating system, or it could make Windows NT as compatible with previous operating systems as possible. For obvious reasons, Microsoft chose both options. It encouraged developers to build native, 32-bit multithreaded applications that could take full advantage of Windows NT, but it also chose to support as much backward-compatibility with 16-bit Windows and DOS applications as possible.The same is true with Windows XP. Although Windows XP is a major upgrade to Windows NT and 2000, it is still backward-compatible with these versions, and most applications run on Windows XP as well as (if not better than) on Windows NT or 2000. Microsoft accomplished its goal of supporting modern 32-bit applications alongside legacy 16-bit applications by creating User mode components named environment subsystems. These components enable different applications to run seamlessly on the same desktop. In fact,Windows XP can run multiple instances of applications that are written for the following operating systems: n n n
MS-DOS Windows 3.x Win32
Because these subsystems emulate different operating systems, they allow Windows XP to support a variety of runtime environments.You might notice that unlike its predecessors,Windows XP no longer supports OS/2 or POSIX subsystems. If you need Unix support in Windows XP, you can purchase Windows Services for Unix, which includes the Internix subsystem. For additional information, go to the Windows Services for Unix Web site at http://www.microsoft.com/windows/sfu/default.asp. One of the best features of this model is that each of these subsystems runs in its own “playground.”Therefore, each application runs in its own space on the system.This separation protects each subsystem from being shut down as a result of a misbehaving application in another subsystem.Think of placing four toddlers in a single playground with one toy. How long before an all-out fight breaks out? This fighting problem is solved by placing each toddler in a separate area with his or her own toy. For applications written for older Microsoft operating systems (such as MS-DOS and Windows 3.x),Windows XP creates what is known as a Virtual DOS Machine (VDM). Windows XP provides the following protected subsystems and VDMs:
19
20
Chapter 1
n n n
Introducing Windows XP
MS-DOS NTVDM Win16 NTVDM Win32 subsystem
These systems are covered in detail in the following sections. The MS-DOS Environment When MS-DOS applications run on a Windows XP system, a process called the Windows NT Virtual DOS Machine (NTVDM) is created.The NTVDM is simply an application that emulates the environment an MS-DOS application would experience on an Intel 486–based system. In native MS-DOS, you are limited to running one application at a time (excluding terminate-and-stay-resident, or TSR, applications—that is, applications that remain in memory after they are opened).When MS-DOS applications run under Windows XP, this limitation is eliminated because each MS-DOS application runs in its own separate NTVDM. As stated earlier, each NTVDM emulates an Intel 486–based system. Likewise, because each NTVDM is assigned its own virtual address space, whichever MS-DOS application occupies that NTVDM believes it is running on its own Intel 486–based system.This protects each MS-DOS application from other such applications, while protecting the operating system from corruption or damage. The number of NTVDMs that can run on a Windows XP system at any one time is limited only by the system’s hardware. If this limit is ever reached, you can simply upgrade the CPU or install more memory. Note Although each MS-DOS application runs in its own NTVDM, all active NTVDMs appear as NTVDM.EXE in Task Manager.
The Win16 Environment Like MS-DOS applications, 16-bit Windows applications also run in an NTVDM.The main difference lies in the way these applications run. Because most 16-bit Windows applications are better behaved than MS-DOS applications (mostly because they are somewhat aware of one another),Windows XP runs them within a single NTVDM process with a shared address space by default. Another name for the Win16 NTVDM is WOW, which is an acronym for Windows-on-Windows (or Win16-on-Win32).When you run a Win16 application within an NTVDM, the WOWEXEC.EXE process shows up beneath that instance of NTVDM.EXE in Task Manager.
Differences Between Windows XP Professional, XP Home Edition, and XP 64-bit Edition
Note Windows XP isolates programs from resources, such as the display adapter, printers, and COM ports. Programs written to take direct control of such resources (for example, most DOS-based games) will not work under Windows XP. Only programs that use standard APIs to communicate with resources will run properly.
The Win32 Subsystem The Win32 subsystem is the system Windows XP uses when it runs native applications. In Windows NT/2000, the Win32 subsystem also included windows, graphics, and messaging support.With Windows XP, these services have moved into the Kernel mode or, more specifically, Executive Services. Win32 has two primary built-in functions: n
Console. The console simply gives Windows XP the capability to handle hard errors and shutdowns and to support text windows.
n
Miscellaneous environment functions. The Miscellaneous environment functions support highly specialized functions that let 32-bit Windows XP applications create and delete processes.
Differences Between Windows XP Professional, XP Home Edition, and XP 64-bit Edition Windows XP is Microsoft’s answer to the question of how to develop an operating system that serves the needs of both business and home desktop users.Windows XP Professional is geared mostly toward organizations, whereas Windows XP Home Edition is geared toward individuals using their systems at home.With its heritage from Windows 2000,Windows XP is considerably more stable than Windows 9x or Me (Millennium Edition). It also outperforms both of these “home” operating systems on the same hardware.Windows XP also has an Application Compatibility program that enables it to run legacy programs; this makes it more appealing to home users who want to play games or use other non-work-related software. Windows XP 64-bit Edition is geared to run on 64-bit Intel processors, such as the Itanium. For now, these processors are found only in high-end workstations.These machines are used for tasks such as computer-aided drafting (CAD), 3D graphics, and animation. Windows XP Home Edition is a subset of Windows XP Professional. So instead of comparing the features of each, the following lists the features that are available only in Windows XP Professional:
21
22
Chapter 1
Introducing Windows XP
n
Remote Desktop: Both Windows XP Pro and Windows XP Home Edition have Remote Assistance capabilities, but only Windows XP Pro can also host a Terminal Services connection, allowing one inbound connection to the system. . For more information on the Remote Desktop feature, see Chapter 17, “Remote Access,” p. 353.
n
Multiprocessor support: Windows XP Home Edition supports only one processor, whereas Windows XP Pro supports two. Automatic System Recovery (ASR): With Windows XP Professional, you can use Backup to configure ASR to recover your machine in case of a catastrophic failure.Windows XP Home Edition does not include a backup utility. It can, however, be installed from the CD, if you can find it in the \valueadd folder. (Many OEM versions of Windows do not have this folder.)
n
.
n
Dynamic Disks: Windows XP Home Edition supports only standard disks. Windows XP Pro, if not installed on a portable computer, supports Dynamic Disks. .
n
For more information on IIS, see Chapter 29, “Internet Services from Windows XP Professional,” p. 669.
Encrypted File System (EFS): Windows XP Pro enables you to encrypt files, which renders them inaccessible except to the person who created them. .
n
For more information on Dynamic Disks, see Chapter 19, “Windows XP and Storage,” p. 413.
Internet Information Services (IIS): You cannot install IIS on your computer with Windows XP Home Edition. It is an option with Windows XP Pro. .
n
For more information on ASR, see Chapter 26, “Managing System Recovery,” p. 599.
For more information on EFS, see Chapter 19, p. 413.
Domain membership: You cannot join a Windows domain with Windows XP Home Edition.You can access Windows domain resources, but all Windows XP Home Edition computers are in the workgroup MSHOME, and this cannot be changed. .
For more information on Windows domains, see Chapter 13, “Windows XP Networking Models,” p. 261.
Windows XP 64-bit Edition is feature-equivalent to Windows XP Professional.
Upgrading to Windows XP
The Many Advantages of Windows XP We could easily dedicate entire chapters to all the new features and advantages of Windows XP over Windows 2000. Instead, a list of some of the most important and substantial features are listed: n n n n n n n n n n n n n n n
Skinnable interface that supports Visual Styles Remote Desktop Remote Assistance Simultaneous user logons .NET integration Most recently used programs on Start menu Built-in CD burning Faster boot time Faster recovery from standby or hibernation Support for digital cameras and scanners Movie Maker video editor Internet Connection Firewall Built-in 802.11b support System restoration Error reporting
Upgrading to Windows XP Fortunately, the upgrade path from previous versions of Windows to Windows XP is relatively smooth.The Windows XP Setup program automatically detects any installed version of Windows. Upon finding an existing installation, the Windows XP Setup program gives you the options of upgrading the existing installation or installing a new copy. If you choose to install a new copy of Windows XP, you must be aware of these issues: n
n
If you install Windows XP in the same directory as an existing installation, the Windows XP Setup program attempts to upgrade the system (even though you have instructed it otherwise). If you choose to install Windows XP into a different directory, you will be required to reinstall all applications, re-create all user and group accounts, and reconfigure all security information on the new system.This is because the Windows XP Setup program does not migrate any old settings when a new installation is performed.
23
24
Chapter 1
Introducing Windows XP
If you choose to upgrade your current installation of Windows to Windows XP, it must be one of the Windows versions that is eligible for a Windows XP upgrade.Table 1.2 lists the Windows versions that support upgrading to XP. Table 1.2 Potential Windows XP Upgrade Paths Current Version of Windows
XP Professional
XP Home Edition
Windows Windows Windows Windows Windows
Yes Yes Yes Yes Yes
Yes Yes No No No
98 and 98SE Me NT Workstation 2000 Professional XP Home Edition
The following is a list of operating systems that do not currently have an upgrade path; instead, a full installation of the operating system is required: n n n n n n n
MS-DOS Windows 3.x Windows 3.1x Windows 95 Windows NT Server 3.51 Windows NT Server 4.0 Windows 2000 Server
For More Information For more information about the Windows XP architecture, consult the following references: n
Microsoft KnowledgeBase: A compilation of questions to and answers from the Microsoft technical support operation. It is available online at http:// support.microsoft.com, but is also included on CD with a TechNet subscription.
n
Microsoft Windows XP Web site: http://www.microsoft.com/WindowsXP. TechNet: A monthly, CD-based technical subscription service from Microsoft that includes most Resource Kits and related software, service packs, a KnowledgeBase, and a great deal more useful information. For information about obtaining a subscription and access to online information, you can register for the TechNet Subscription CD online at http://technet.microsoft.com. Windows XP Resource Kit. Microsoft Press, October, 2001. ISBN: 0735614857, or online at http://www.microsoft.com/WindowsXP/pro/techinfo/ productdoc/resourcekit.asp.
n
n
2 Common Windows XP Administrative Utilities
M
ICROSOFT WINDOWS XP INCLUDES SEVERAL UTILITIES to aid system configuration and administration.These tools are accessed via the Administrative Tools folder in Control Panel.This chapter takes a look at the Windows XP administrative tools as well as several third-party tools that can make maintaining a Windows XP system a little easier.
What Administration Really Means Keeping a Windows network functioning encompasses many activities, ranging from maintaining user accounts to configuring security, monitoring network traffic, correcting system problems, and enabling local and remote access.The number of tasks required to keep a network up and running is directly related to its size and complexity. For example, all networks require managing user accounts, applying security controls, and backing up data. Other networks might also require remote access management, performance monitoring, and error tracking. Administration really means planning the network, mapping out configurations, implementing decisions, and monitoring network activity over time. As the network grows, you need to adjust various settings and configurations to support the changes.You might find that your original decisions sustain a growing network adequately, or you may need to make adjustments unexpectedly. In either case, vigilance is your primary asset for sustaining the network. To minimize downtime, you must anticipate problems that are likely to occur and correct problems when they occur.That’s why it’s so important to learn your system, understand your tools, and plan. Otherwise, you could find yourself working over the weekend or pulling an all-nighter to get the network running smoothly again.
26
Chapter 2
Common Windows XP Administrative Utilities
Administering a Windows XP System Not all administration takes place at the network level. Individual systems on a network require at least some of the same administrative tasks, if not more.Windows XP system administration is a task-based responsibility that requires you to rely on the tools and utilities at your disposal. If you are unfamiliar with your tools, you cannot perform the required tasks. Just as a handyman needs the right tool for a job, you need to know which tools can perform which functions. In the following sections, we walk you through the administrative, management, monitoring, and related tools included with Windows XP. In addition to reviewing the discussion in this chapter, you should take the time to work with the tools themselves. Hands-on experience is invaluable and cannot be replaced.You might also want to review the tools’ online help documentation as well as materials from the Windows XP Professional Resource Kit,Windows 2000 Server Resource Kit, and TechNet (discussed in the following sidebar, “Microsoft Resources”). Microsoft Resources The resources Microsoft provides are among the best for product documentation, troubleshooting information, and general, all-around information. Following are two items you cannot live without: n
Microsoft Technical Information Network (TechNet). A monthly CD-based publication that delivers numerous electronic titles on Windows products. Its offerings include all the Microsoft Resource Kits (see next bullet), product facts, technical notes, tools, utilities, the entire Microsoft KnowledgeBase, service packs, drivers, and patches. A single user license to TechNet costs $299 per year (TechNet Plus, which includes Beta versions of Microsoft products, costs $429), but it is well worth the price. For more details, visit http://www.microsoft.com/technet/ and check out the information under the TechNet Subscription heading in the About TechNet menu entry.
n
Microsoft Resource Kits. These kits are available on nearly all major products from Microsoft. The Microsoft Resource Kits are essential references for Windows information. The book sets come with CDROMs that contain useful tools. Visit http://mspress.microsoft.com for additional information on the resource kits. The Windows 2000 Server Resource Kit contains eight volumes and nearly 7,300 pages.
Additional resources that provide information about Windows XP are also available. For instance, a quick search at http://www.amazon.com using the phrase “Windows XP” turns up a list of more than 100 additional references on this subject.
The Control Panel and Administrative Tools The Windows XP Control Panel is the folder containing the majority of the tools you use for system configuration and administration.The common tools you use for administration of Windows XP are contained in a subfolder of Control Panel aptly named Administrative Tools.
The Control Panel and Administrative Tools
Note You must have administrative rights to use all the tools mentioned in this chapter.
To determine whether Control Panel is displayed on your Start menu, follow these steps: 1. Right-click the Start button and select Properties. 2. Click the Customize button in the Start Menu tab. 3. In the Customize Start Menu dialog box, click the Advanced tab (see Figure 2.1).
Figure 2.1 Customizing the Start menu properties.
In the Start Menu Items section, you have three choices that control how you access Control Panel: n
Display as a Link. This option places a Control Panel icon on your Start menu. Clicking this icon opens the Control Panel folder.
n
Display as a Menu. This option places a Control Panel icon on your Start menu. Clicking or hovering over this icon displays a submenu, listing all the icons contained in the Control Panel folder.
n
Don’t Display This Item. The Control Panel icon is not displayed.This option is useful on shared machines where you don’t want inexperienced users fiddling with the system configuration.
Farther down in the same list box are similar options available for the Administrative Tools folder: n
Display on the All Programs Menu. This option places the Administrative Tools icon on your All Programs section of the Start menu. Clicking this icon opens the Administrative Tools folder.This is similar to the configuration in Windows 2000.
27
28
Chapter 2
n
n
Common Windows XP Administrative Utilities
Display on the All Programs Menu and the Start Menu. This option places the Administrative Tools icon on the Start menu and the All Programs menu. Clicking or hovering over this icon displays all the icons in the folder (see Figure 2.2). Don’t Display This Item. The Administrative Tools icon is not displayed.This option is useful on machines that will be used by inexperienced users.
Figure 2.2 You can configure the Administrative Tools to be displayed on the Start menu.
Of course, you’re probably wondering how you can access Control Panel or Administrative Tools if the tools’ icons are not displayed. Microsoft has provided a way for the system administrator to open the folders from the command line. Control Panel can be opened by entering control on the command line. Most applets and folders in Control Panel can be opened by entering the commands listed in Table 2.1. Table 2.1 Commands to Open Control Panel Applets Command
Folder or Applet
control
Opens Control Panel Opens the Administrative Tools folder Opens the Add Hardware applet
control admintools control hdwwiz
The Microsoft Management Console: Where Management Begins
Table 2.1 Continued Command
Folder or Applet
control appwiz
Opens Opens Opens Opens Opens Opens
control timedate control desk control inetcpl control netconnections control sysdm
the Add or Remove Programs applet the Date and Time applet the Display applet the Internet Options applet the Network Connections applet the System applet
To see a complete list of the Control Panel applets that can be started from the command line, look in the %systemroot%\system32 folder for files with the .cpl extension. For more information, consult the Microsoft KnowledgeBase article “How to Open Control Panel Folders from the Command Prompt.” Note The number of items in Control Panel and the Administrative Tools folder varies by machine, depending on the installed hardware and software options. .
For more information on working with the applets and utilities in Control Panel, see Chapter 8, “Windows XP Control Panel Utilities,” p. 151.
The Microsoft Management Console: Where Management Begins When Microsoft released the Windows NT Option Pack version 4.0, it introduced the Microsoft Management Console (MMC).The Microsoft vision was that it would become the de facto tool for administration in future versions of Windows NT.This vision has become a reality in Windows XP. What makes the MMC different from earlier versions of Windows NT administration tools is that it performs none of the administration tasks. Instead, it is simply a shell into which administration tools can be added, modified, and removed. As you can see in Figure 2.3, when the MMC is started (by issuing the mmc.exe command), a blank window opens.
29
30
Chapter 2
Common Windows XP Administrative Utilities
Figure 2.3 The Microsoft Management Console window allows you to create a custom console for managing Windows XP.
The administrative tools that can be added to the MMC are known as snap-ins.The capability to pick and choose which administrative tools a console will have makes MMC extremely flexible, especially in an environment in which several administrators perform different tasks. Each administrator can create (or have the system administrator create) an MMC that has only the tools he or she requires. For example, Sue is responsible for monitoring server performance, the event logs, and the Domain Name System, and Joe’s job is to create users and groups and set security policies for users.To create Joe’s MMC, follow these steps: 1. Click Start, Run, type mmc in the Open text box, and click OK to open the MMC window. 2. Choose File, Add/Remove Snap-In from the menu, and click the Add button. 3. Select the Group Policy Snap-In, and click the Add button to launch the Select Group Policy Object Wizard. 4. Specify whether the Group Policy is for this computer or another computer, and click the Finish button. 5. Select the Local Users and Groups Snap-In, and click the Add button. 6. Specify the target machine for the snap-in, and click the Finish button. 7. Click the Close button. 8. Click OK.The MMC shown in Figure 2.4 should appear. You can access the rest of the tools covered in this chapter through their own administrative tool or by creating a custom MMC and adding the corresponding snap-in.
Computer Management
Figure 2.4 You can customize the MMC to suit your administrative needs.
Computer Management The Computer Management snap-in comes populated with the following commonly used administrative tools (see Figure 2.5): n n n n n n n n n n n
Event Viewer Shared Folders Local Users and Groups Performance Logs and Alerts Device Manager Removable Storage Disk Defragmenter Disk Management Services WMI Control Indexing Service
Note This list can change depending on the machine’s configuration. For example, IIS will appear if it is installed on the machine.
31
32
Chapter 2
Common Windows XP Administrative Utilities
Figure 2.5 The Computer Management snap-in provides a central location for most administrative tools.
The purpose of the Computer Management snap-in is to group a selection of Windows utilities in a single MMC that can be connected to a local or remote computer.To connect the Computer Management snap-in to a remote computer, follow these steps: 1. Click Start, Control Panel, Administrative Tools, Computer Management to open the Computer Management snap-in. 2. In the left pane, right-click Computer Management. 3. Click Connect to Another Computer from the shortcut menu to open the Select Computer dialog box. 4. In the Select Computer dialog box, click Browse to locate the other computer, or enter its name. 5. Click OK.
Event Viewer The Event Viewer in Windows XP is available in the Computer Management snap-in or as a standalone MMC snap-in (see Figure 2.6).This Windows XP utility records information about various system occurrences. As in previous versions of Windows, there are three log files: System, Security, and Application.These three logs still exist in Windows XP, but the Event Viewer has been expanded to allow other components or third-party applications to use the Event Viewer as the global location for log files.The logs appearing in your installation of Windows XP will vary depending on the components that are installed. DNS, for example, maintains its own log in the Event Viewer.
Computer Management
Figure 2.6 The Event Viewer shows information on application, security, and system events.
All Windows XP systems have at least the three logs mentioned earlier, described in the following list: n
The System log file records events related to system operation, most often associated with device drivers and services.
n
The Application log file records events related to applications, programs, and utilities, not native Windows XP tools.
n
The Security log file records events related to security and auditing.The Security log does not record any information until an audit policy is enabled.
Anyone can view the System and Application logs, but only administrators can view the Security log.To view a log file, select it from the list in the left pane of the window. .
For information to be recorded in the Security log, auditing must be turned on and configured. For complete details on Windows XP security, see Chapter 25, “Managing System Security,” p. 565.
The default settings for logs restrict each log file to a maximum of 512KB and a time period of seven days.When the fixed file size is reached, events older than the specified day length are overwritten by new events. If you need to retain events for longer periods, you should increase the file size and day limit.You can change these options by right-clicking the log and selecting Properties from the shortcut menu. Each log file has its own size and day limit settings. You can view log files from a remote system on your network by choosing Action, Connect to Another Computer from the menu. Being able to diagnose a system remotely via Event Viewer instead of having to sit at the other computer’s keyboard simplifies your administrative tasks.
33
34
Chapter 2
Common Windows XP Administrative Utilities
You can save logs to a file or use them with other applications.When saved, they get the .evt file extension.You can load the .evt file type into another Event Viewer.The log’s .txt file can be in standard monospace-columned or comma-delimited format. Use the View, Filter command to quickly locate events of a certain type or those pertaining to a particular source, category, user, computer, or event ID.To search through the selected log’s contents for an event by keywords, use the View, Find command. A handy feature of the Windows XP Event Viewer is its capability to sort logs based on the columns displayed in the utility. For example, to sort the logs based on event ID, simply click on the Event column heading in the pane on the right. If you don’t understand an error message, write down the event ID.You can use it to perform a search using the Microsoft KnowledgeBase at http://support. microsoft.com.The articles in the KnowledgeBase can sometimes be useful in figuring out a problem or at least giving you more information to work with. Event Viewer can record a significant amount of useful, if not vital, information, but extracting or even locating the data in the log files can be daunting.You might want to invest in an intrusion detection solution that can automatically and semi-intelligently scan Event Viewer.These tools look for patterns of system failure, intrusion, or degradation and report the findings to you in a concise format. Please look for recommendations in the “Third-Party Administrative Utilities” section at the end of this chapter.
Shared Folders The Shared Folders MMC snap-in in Windows XP is available in the Computer Management snap-in or as a standalone MMC snap-in, accessed by typing fsmgmt.msc at the command line.The Shared Folders utility enables you to manage file shares, not only on your machine, but on any machine on the network to which you have the appropriate rights (see Figure 2.7).
Figure 2.7 You can manage file shares from the Shared Folders MMC snap-in.
Computer Management
When you connect to a computer, either your local computer or a remote computer, all the shared folders are displayed.You can right-click on a folder to display a list of options, such as stopping sharing or configuring the folder’s properties.The properties for the folder include share security and the number of users who can access it concurrently. You can also create a new file share and add security options by right-clicking a folder and selecting Sharing and Security from the shortcut menu. Some of the shares are displayed with a name ending in a dollar sign. (For example, a hidden C drive appears as C$.) These are administrative shares that the operating system has created. Any share name ending in a dollar sign is invisible to the browse list.You can use this dollar sign character in shares that you create but want to keep hidden from most users. Any users who need to connect to one of these shares have to know the name because they won’t be able to locate it via browsing. You can use the Sessions folder to view all the users who are connected to your computer.The following statistics are displayed: n n n
n n n n
User. The user who is connected. Computer. The name of the computer the user is on. Type. The type of client connected to the share—Windows, Macintosh, or NetWare. #Open Files. The number of files the user has open. Connected Time. The length of time the user has been connected. Idle Time. The length of time the user has been inactive. Guest. Yes or No notes whether the user is connected as a Guest.
You have the option of disconnecting all users from the sessions.You use the Open Files folder to view lists of open files, named pipes, or active print jobs. As with the open sessions, you have the option of disconnecting all users listed in the Open Files folder. Fortunately, if you right-click the Shared Folders item, you get the option to send a console message to connected users.This option enables you to warn them that they are going to be disconnected, thus allowing them to save their work.
Local Users and Groups User management in Windows XP differs from that in Windows NT. In Windows NT, you used one of two tools: User Manager or User Manager for Domains. User Manager was used on Windows NT workstations or Windows NT standalone servers to control user and group information, whereas User Manager for Domains was used on domain controllers to control user and group information for the domain.The tool you use in Windows XP varies depending on your configuration. In Windows NT, User Manager and User Manager for Domains were essentially the same tools, but in Windows XP, they are radically different.
35
36
Chapter 2
Common Windows XP Administrative Utilities
In Windows XP, you use either the Local Users and Groups or the Active Directory Users and Groups administrative tools.This section introduces both, but concentrates on the Local Users and Groups tool. .
Windows XP includes the User Accounts utility, which can also be used to create and manage group and user permissions. For a complete description, see Chapter 8, “Windows XP Control Panel Utilities,” p. 151.
These two tools are the administration methods you use to perform the following functions: n n
Manage user accounts Manage groups
In Windows XP, the Local Users and Groups administration tool is found as one of the snap-ins in the Computer Management snap-in (see Figure 2.8).
Figure 2.8 You manage user and group settings from the Local Users and Groups administration tool.
Local Users and Groups is an extremely simple tool. One of its helpful features is the capability to create Taskpad views.These views enable you to modify the tool’s interface to simplify creating and configuring users. Figure 2.9 illustrates a Taskpad view of the Users container. Notice that the tasks of creating a user, deleting a user, renaming the user account, setting the password, and viewing the user’s properties are now simple buttons. When you are in a quandary about what to do with old user accounts, we recommend disabling rather than deleting them. Deleting a user account completely removes it from the system, which means it never existed. Even if you created another account with the same name and permissions, it would still have a different security ID (SID) and Windows XP would treat it as a different account.
Computer Management
Figure 2.9 A Taskpad view of the Users container.
In addition, if you need to perform a security audit or create a duplicate account, you’ll be unable to do so with a deleted user account. By disabling the account, however, you not only remove it from use, but also retain it for security audits and to be used as a template if duplicates are required. When giving a user membership in a group, be sure to think about the results of multigroup membership. In some cases, you might overlap group purposes, which can result in granting some users too much access. Also, if you use the No Access setting, you could end up blocking access to someone who legitimately needs it.
Performance Logs and Alerts The Windows XP Performance Monitor is known simply as “Performance” on the Administrative Tools menu.The Performance utility is Windows XP’s built-in investigation tool. Although it has some limitations and few automated capabilities, it is a useful tool in a system administrator’s arsenal.The Performance utility can measure the operations of a standalone system or an attached network, or it can manage measurements from multiple remote systems. The Performance utility is actually a combination of two MMC snap-ins (see Figure 2.10). One, the System Monitor, is available only by accessing the Performance utility. The other, Performance Logs and Alerts, is available via any MMC console. Take a look at the System Monitor component to see how both real-time and historical measurements operate.This component is used to view real-time measurements (refer to Figure 2.10) or to review data stored in a log file. Each counter is displayed as a colored line. Multiple counters from the same system or from remote systems can be viewed simultaneously. The Performance Logs and Alerts section has three containers: Counter Logs,Trace Logs, and Alerts.The Alerts container, shown in Figure 2.11, is used to define threshold alerts. An alert is issued when a specific counter crosses a defined threshold value.When this occurs, a trigger event is initiated.
37
38
Chapter 2
Common Windows XP Administrative Utilities
Figure 2.10 The Windows XP Performance utility enables you to monitor system efficiency.
Figure 2.11 Use the Windows XP Alerts container to view information about system events that triggered an alert.
Although threshold alerts can be used with real-time measurements or historical log files, they are most often used to monitor systems in real time.You can set an alert to notify you when a specific event or condition occurs, such as low disk space, swap file usage, and task queues for network cards and CPUs. Any of these items can point to a current or potential system problem. .
The Performance utility is a tool no system administrator can live without. For more information, see Chapter 22, “Tuning and Optimizing Windows XP,” p. 485.
Computer Management
Disk Management Like the Local Users and Groups tool, Disk Management is available in the Computer Management snap-in or as its own snap-in (as diskmgmt.msc). Disk Management is the primary tool for managing partitions (see Figure 2.12).When you add a new hard drive to your computer, use Disk Management to create primary and extended partitions and logical drives and to assign drive letters.You can also use Disk Management to create simple volume and striped volumes (RAID).The Windows XP versions of Disk Management cannot create fault-tolerant disk configurations. Only the Server versions of Windows 2000/.NET can create mirrored volumes, duplexed volumes, and RAID-5 volumes.
Figure 2.12 You can monitor and manage disk space in the Disk Management utility.
You cannot alter the boot or system partitions with the Disk Management tool. If you try to format or delete the partition where key Windows XP files reside, an error is displayed and the tool won’t allow the operation to take place. However, there is no such protection for other partitions. Be careful not to destroy partitions containing important data. A new type of disk was first introduced with Windows 2000: the dynamic disk. Any disk formatted before Windows 2000 is known as a basic disk. Disks can be converted from basic to dynamic and back. However, the only way to convert a dynamic disk back to basic requires repartitioning it, which means you lose your data.To convert a basic disk to a dynamic disk, right-click it in Disk Management and select Convert to Dynamic Disk from the shortcut menu. Dynamic disks can be moved from one system to another without reconfiguring them. For example, a RAID-5 volume created on one system can be imported by another without requiring a system reboot.
39
40
Chapter 2
Common Windows XP Administrative Utilities
The following operating systems cannot access dynamic disks locally: n n n n n
DOS Windows Windows Windows Windows
9x Me NT XP Home Edition
However, these operating systems can access a dynamic disk over the network. Unlike the disk utilities used in the Windows 9x and NT families, most operations can be completed without a reboot.
Services Like the Local Users and Groups tool, Services is available in the Computer Management snap-in or as its own snap-in (see Figure 2.13). Services is the tool used to manage system services.
Figure 2.13 The Services tool.
A service is a background task or application that runs without user intervention.These are typical services: n n n n n
Mail servers Database servers Web servers Print spoolers Security managers
Computer Management
The Services tool enables you to perform the following functions on a service: n n n n n n
Start Stop Pause Resume Restart Disable
You can use the Services tool to manage services on a local or remote computer and configure the account that each service uses to log on to the system. Depending on the type of service, it can be the Local System account or an account with domain privileges.The tool also enables you to configure what recovery actions to take if the service should stop unexpectedly. For example, if a service fails, you can configure it by right-clicking the service, and selecting one of the following from the Recovery tab (see Figure 2.14): n n n n
Taking no action Restarting the service Running a selected program Restarting the computer
Figure 2.14 You can configure recovery settings in the Recovery tab of a service’s Properties dialog box.
In addition, you have the option to configure the service’s characteristics for each hardware profile in the Log On tab.This feature is useful when configuring services for laptop users who spend part of their time roaming and part in a docking station.
41
42
Chapter 2
Common Windows XP Administrative Utilities
System Information The old Windows Diagnostics tool has been completely redesigned for Windows XP (actually, it was adopted from Windows 98) and is now known as the System Information tool (see Figure 2.15). It still contains the read-only information that its counterpart did (only in much more detail).The tool contains information about the hardware and environmental configuration of Windows XP systems.This MMC snap-in contains six different sections, described in Table 2.2.
Figure 2.15 The System Information tool enables you to view information about hardware, software, and other system components.
To access System Information, perform the following steps: 1. 2. 3. 4.
Click Start, Help and Support. In the Help and Support dialog box, click the Support button. Click the Advanced System Information link in the left pane. Click the View Detailed System Information (Msinfo32.exe) link in the right pane to open the System Information tool.
Table 2.2 System Information Sections and Details Section Name
Details Provided
System Summary Hardware Resources
Displays an overview of the system’s configuration Contains information on system interrupt requests (IRQs), I/O ports, direct memory access (DMA) channels, and memory Contains all the devices (hardware-wise) installed in the system and their configuration and settings
Components
Backup
Table 2.2 Continued Section Name
Details Provided
Software Environment
Contains the program groups, services, drivers, tasks, and startup programs existing on the system Contains all the properties and settings for Internet Explorer 5 Contains the application-specific information stored on the system
Internet Settings Applications
You cannot use the System Information tool to change or modify any displayed settings, but simply being able to view these items can help locate problems quickly.This tool also includes several utilities for diagnosing and troubleshooting your system: n n n n
n
Dr. Watson. A tool for capturing the error output of failed applications. DirectX Diagnostic Tool. A tool for troubleshooting DirectX installations. Net Diagnostics. Displays and diagnoses network connections on the system. File Signature Verification Utility. Ensures that applications and drivers are signed as tested with Windows XP. System Restore. Restores your Windows XP system to a previous state.This tool collects configuration information at specified intervals so that the system can be restored to that point in case of a failure. See Chapter 26, “Managing System Recovery,” for additional information on system restoration.
Backup Windows XP includes an advanced built-in backup tool. Microsoft opted to license software from Veritas Software (formerly Seagate Software) instead of developing the backup program. Although Backup is a big improvement over the previous versions included with Windows, it still has some limitations. Backup comes with the Backup or Restore Wizard that automates the process of backing up the following items: n
n n
Documents and settings for the current user, including the My Documents and Favorites folders, the contents of the desktop, and cookies Documents and settings for all users All information on the computer (also prompts you to create a system recovery disk)
The Backup or Restore Wizard includes an option allowing you to select what to back up.
43
44
Chapter 2
Common Windows XP Administrative Utilities
Scheduling backups with the native backup utility no longer requires the use of the Task Scheduler service.You no longer need to use the AT.EXE and WINAT.EXE utilities to schedule the backup. Instead, you simply click the Schedule Jobs tab and configure the backup (see Figure 2.16).
Figure 2.16 Scheduling backup jobs in Windows XP.
Aside from its ability to back up and restore files (including the Registry) to and from non-tape devices, such as floppy disks, Zip disks, Jaz disks, or hard drives, and to schedule these tasks, Backup includes a new feature, the Automated System Recovery Wizard. .
For more information about working with Windows Backup, see Chapter 20, “Windows XP Backup and More,” p. 437.
The Automated System Recovery Wizard enables you to create a disk containing the configuration settings for your computer.This disk, along with a media backup of your computer, will allow you to recover from a disaster. When selecting a third-party backup solution, make sure it exhibits the following features: n n n n n n
Backs up to tape, disk, floppy, and other media types Backs up and restores local and network resources Backs up and restores local and remote Registries Includes internal automation and scheduling of backups Fully supports Windows XP security, including Active Directory Supports backup tape locking, encryption, or other media security features
With these requirements, you are sure to find a backup product that meets your needs and can keep up with an expanding network. Note that many backup programs are
Third-Party Administrative Utilities
rated as “enterprise solutions.”This term is often used to indicate that the product can support a large network.You might also notice that these products have a price tag of over $1,000.That doesn’t mean you’ll have to shell out that much money to obtain good backup software.You should take the time to shop around. For example, Backup Exec from Veritas has a desktop version available online for under $100. You’ll find specific third-party backup utility recommendations in the next section.
Third-Party Administrative Utilities A number of third-party utilities are available to simplify the administration of Windows XP.There are commercial products as well as a wide variety of shareware and freeware utilities.We recommend the following backup software: n n n
Veritas’s Backup Exec: http://www.veritas.com. Computer Associate’s ARCserve: http://www.cia.com. UltraBac’s UltraBac: http://www.ultrabac.com.
You can find other utilities by searching with the keyword backup at the following Web sites: n
http://www.serverextras.com
n
http://www.bhs.com
n
http://www.sunbelt-software.com
n
http://www.beyond.com
n
http://www.davecentral.com
n
http://www.tucows.com
Although Windows XP includes a basic disk defragmentation tool, we recommend the following more advanced utilities: n n n
Executive Software’s Diskeeper: http://www.execsoft.com. Raxco’s Perfectdisk: http://www.raxco.com. Symantec’s SpeedDisk: http://www.symantec.com.
Here are several tools you can examine in the area of security auditing and intrusion detection software: n
n n
Internet Security Systems’s Web, intranet, and firewall scanners: http://www.iss.net. Harris Corporation’s STAT: http://www.sunbelt-software.com. Blue Lance’s LT Auditor+: http://www.bluelance.com.
45
46
Chapter 2
n n
Common Windows XP Administrative Utilities
Cybersafe Corporation’s Entrax: http://www.cybersafe.com. Qualys’s QualysGuard: http://www.sunbelt-software.com.
According to Microsoft, NTFS partitions are not accessible from MS-DOS or nonWindows NT/2000/XP operating systems. However, several third-party utilities and file drivers are available that make such access possible. Reading data from NTFS partitions was previously restricted to Windows NT/2000/XP. Now, with NTFSDOS from Systems Internals, you can read, rename, and even copy over files from an NTFS partition (providing the new file is exactly the same size) using MS-DOS.You can download this tool from the Systems Internals Web site at http://www.sysinternals.com/. Caution Note that use of these tools opens a potential security risk. Both tools enable you, or any other user, to bypass the security on NTFS files.
Note In addition to NTFSDOS, Systems Internals offers many other great tools. You should take the time to review this site and all the utilities available.
For More Information If the information about Windows XP native administration tools in this chapter has increased your desire to learn more, here are some resources you can research: n n
n
Microsoft TechNet: http://www.microsoft.com/technet. Microsoft Windows XP Professional Resource Kit. Microsoft Press, 2001. ISBN: 0735614857. Microsoft Windows 2000 Server Resource Kit. Microsoft Press, 2000. ISBN: 1572318058.
3 The Windows XP Layout
W
HEN COMPARED TO OTHER MICROSOFT operating systems,Windows XP has many important differences, ranging from capabilities to functions and security, but one rarely discussed area is the layout of Windows XP files and components.
Note Although the terms folder and directory are synonymous, Microsoft typically prefers to use folder. This falls in line with its endeavor to simplify computing for nontechnical users who might more readily understand the concepts of files and folders (like a filing cabinet) rather than files and directories.
This chapter looks at the file and folder structure created by a Windows XP installation, provides a roadmap for important programs, and discusses other issues related to file structure and layout.
Windows XP Directory Structures The Windows XP installation routine makes several changes to your hard drives. Windows XP uses two different partitions to store its information: a system partition and a boot partition.These partitions can exist on a single physical partition or on two physical partitions. Unfortunately, the way these terms are used is the reverse of common sense usage.The system partition is the partition containing the initial bootstrap components and the boot menu.The boot partition is the partition hosting the Windows XP root folder and all operational drivers and files. The boot and system partition files can be located on the same partition, on different partitions, or even on different hard drives. However, the system partition must always be on the first hard drive in the system and must be an active primary partition.The boot partition can be a primary partition or a logical drive within an extended partition.
48
Chapter 3
The Windows XP Layout
System Partition Table 3.1 shows the files contained on the system partition for an x86 computer. Table 3.1 Files Located on the System Partition for an x86 Computer File
Description
NTLDR
Controls the operating system boot selection process and hardware detection before the actual Windows XP Kernel is launched. It requires that boot.ini, ntdetect.com, bootsect.dos (if dual booting), and ntbootdd.sys (if booting on a non-BIOS enabled SCSI drive; that is, scsi() is used instead of multi() in the ARC name in boot.ini) exist in the root system partition. Contains the contents of the boot menu displayed by NTLDR.This file contains the default operating system selection, the timeout period for the selection, and an ARC name or pathname for each listed operating system boot selection. Detects the major components of the computer before NTLDR selects a configuration and loads the Kernel. Present only on dual-boot systems. NTLDR uses this file when the selected operating system is not Windows XP. Bootsect.dos in turn seeks out the OS-specific operating system loader file, such as io.sys for MS-DOS or os2ldr.exe for OS/2. Used only on systems with SCSI drives that do not have on-board BIOS translation enabled. It is a copy of the device driver for your particular SCSI drive. Available if hibernation is enabled on the computer.
boot.ini
ntdetect.com bootsect.dos
ntbootdd.sys
hiberfil.sys
Note When BOOTSECT.DOS is installed using the DOS-mode setup (for example, a Windows 98 startup disk), the file will still appear, even though it is not really a dual-boot system, meaning there is no COMMAND.com to boot into DOS. In this scenario, there is only one OS entry in the boot.ini file, and the boot selection menu does not appear. .
For more information on the boot.ini file, see Chapter 7, “Booting Windows XP,” p. 129.
Other files can appear in the system partition on x86 dual-boot and multi-boot systems. The addition of these files does not affect the function or capabilities of the required Windows XP boot files in the system partition. Installing multiple operating systems on a single computer with Windows XP Professional (or Home Edition) often requires a specific installation order or manual post-installation configuration changes. Both the Microsoft Windows XP documentation and TechNet include detailed articles on
Windows XP Directory Structures
performing multi-boot setups with Windows XP Professional,Windows 2000 Professional,Windows Server 2003,Windows 95,Windows 98, MS-DOS, and OS/2. Multi-booting Windows XP with non-Microsoft operating systems, such as Linux, often requires third-party boot and partition managers. For popular tools, see the “For More Information” section at the end of this chapter. Red Hat Linux contains two boot loaders—LILO and GRUB—that can also be used for a dual-boot configuration with Windows XP. The system partition does not include any folders. It exists as a root folder only with three or more files. Having additional folders in the system partition does not affect the operation of boot files. You might notice that the files in the system partition are among the files found on an Emergency Repair Disk (ERD).This should not be surprising because an ERD is used to restore files to the system partition if these files are corrupted, deleted, or otherwise destroyed.
Boot Partition The directory structure and subsequent files installed into the boot partition are quite a bit more complex than those of the system partition.Table 3.2 describes the five folders created in the boot partition’s root folder (normally the C:\ drive) during the installation of Windows XP. Table 3.2 Folders Created by Windows XP in the Boot Partition’s Root Folder Directory
Description
Documents and Settings
This folder is used to hold the configurations for each user who accesses the system. In Windows NT, this information was stored in the \Windows\profiles folder. This folder is the default installation location for Windows applications. This folder stores all disk permission and security information.
Program Files System Volume Information Recycler
Windows
This is not a true folder; instead, it is the system-controlled temporary repository for deleted files.You can access its contents by launching the Recycle Bin tool from the desktop.Note that this folder does not appear until a file is deleted. This is the main folder containing all the Windows XP system files, and the default folder for Windows XP.
49
50
Chapter 3
The Windows XP Layout
The root of the boot partition is also the default location for pagefile.sys, which is the page file the Windows NT virtual memory system uses. .
For information on how to tune Windows XP performance by placing and configuring the page file, see Chapter 22, “Tuning and Optimizing Windows XP,” p. 485.
Note The file and folder structure discussed in this chapter is derived from a fresh installation of Windows XP on an x86 desktop system with Service Pack 1 integrated. The typical installation method was chosen. No other applications from Microsoft or any third-party vendors were present on the system. That means no additional services or applications were installed from the Windows XP distribution CD, no hotfixes were applied, and Internet Explorer was not updated.
The Program Files folder is home to 16 subfolders: n n
Common Files. This folder contains files shared with the Microsoft applications. ComPlus Applications. This folder contains files used by ComPlus applications. If there are no ComPlus applications installed on your XP machine, this folder will be empty. COM+ builds on the Microsoft Component Object Model (COM) integrated services and features, making it easier for developers to create and use software components in any language, using any tool.
n
Internet Explorer. This folder contains the files and executables for Internet Explorer, a Web-browsing tool.
n
Messenger. This folder contains files and executables for the new Windows Messenger Service.This service combines features found in MSN Messenger with an improved communications infrastructure.
n
Movie Maker. This folder contains the files and executables for the Movie Maker application.
n
MSN. This folder contains the files and executables for MSN Explorer, the new Internet connectivity tool from Microsoft that combines Web, e-mail services, and Internet setup services.
n
MSN Gaming Zone. This folder contains the files and executables for the MSN Gaming Zone.
n
NetMeeting. This folder contains all the files used by Microsoft NetMeeting. Online Services. This folder contains files used to establish Internet connectivity. These files enable you to set up Internet access through MSN or to select another available Internet service provider.
n
n
Outlook Express. This folder contains all the files and executables needed by Microsoft Outlook Express, a simple e-mail application.
Windows XP Directory Structures
n
n
n
n
n
Uninstall Information. This is a hidden folder containing files and information for uninstall services. Windows Media Player. This folder contains the Microsoft Media Player application. Windows NT. This folder contains any applications that have been ported over from other Windows operating systems (such as Pinball).This folder has empty folders in it if the ported components were not selected during installation. Windows Update. This folder contains all the files used by the Windows Update Service. Xerox. This folder contains all the files used by Xerox applications. By default, this folder is empty.
The Windows root-level folder contains an extensive subfolder hierarchy but very few files.The Windows\System32 folder is the main repository of all files required to launch and operate Windows XP.The following files are among those stored in the Windows folder:
n
Wallpaper and tiling images (.bmp) Initialization and configuration files for backward-compatibility with various 16-bit utilities and applications (.ini)
n
Readme, log, and documentation files (.txt, .log, and .wri)
n
The following is a listing of the subfolders under the Windows folder: n n n
Addins. ActiveX controls files. AppPatch. Contains application compatibility .dlls and Appfix packages. Config. Contains configuration .idf files used by the MIDI sound system. Depending on system configuration, this folder might be empty.
n
Connection Wizard. Files used for establishing Internet connectivity. Can be an empty folder.
n
CSC. The Client Side Cache is where contents of mapped network drives are cached so that the contents of these drives will be available offline. By default, this folder contains empty folders.
n
Cursors. Contains static and animated cursor files.You can use these files by configuring the Mouse applet.
n
Debug. Contains .log files that can be used to debug network connectivity and other setup functions.
n
Downloaded Program Files. Contains ActiveX controls and Java applets that have been downloaded from the Internet.
51
52
Chapter 3
n
n n
n
The Windows XP Layout
Driver Cache. Contains a platform subdirectory and a copy of the driver.cab file so that new devices can be easily installed without needing the Windows XP CD. Might contain SP1.cab if installing an integrated copy of the operating system. Fonts. Contains all installed fonts. Help. Contains the help files used by the Windows XP Help system and all its native utilities. Ime. Files to support the Input Method Editor. Provides language support for Windows XP.
n
Inf. Contains the .inf (system information) files used to install software components.This is a hidden folder.
n
Installer. The location for temporary files used by the Windows Installer program. This is a hidden folder.
n
Java. Folder structure for Java files. Media. Contains media files (sound and video) used by sound themes. Msagent. Microsoft agent files, which are software services that support using animated characters in the Windows interface to assist users in manipulating the operating system.
n n
n
Msapps. Contains files for backward-compatibility with applications that use shared components.
n
Mui. MUI (Multilingual-User Interface) Packs give companies flexibility in making language options available to users.
n
Offline Web Pages. Any Web pages designated as offline accessible are stored in this folder, along with any images and other files that go with it.
n
PCHEALTH. Contains files and subfolders to support the Microsoft Help Center Service.These files support all the Windows XP Help services, including features such as Remote Desktop Assistance.
n
Prefetch. Contains the files that XP is tracking for prefetch execution. Caching frequently used files decreases startup time for applications and optimizes XP performance.
n
Registration. Contains files that support COM+ applications. Repair. Contains backup copies of the permanent Registry hives.The NTBackup program updates this directory with the System State option.
n
n n
n
Resources. Contains files to support the user’s shell interface. Security. Contains subfolders and files related to security. Includes log files that define the default security applied during setup and templates for assigning new security privileges. Srchasst. Contains files and subfolders for Search Companion, the updated search assistant included with XP. Includes files to support an indexing function that improves search performance.
Windows XP Directory Structures
n
n n n n
System. Contains 16-bit versions of protected and real mode drivers and .dll files used by applications.These files are provided for backward-compatibility with older applications. Additional 16-bit driver files can be stored in this folder. System32. Contains the core operating system files and subfolder trees. Tasks. Contains scheduled tasks that run without operator intervention. Temp. Contains any temporary files used by the system and applications. Twain_32. Contains files to support Twain technology, enabling a scanner document to be inserted into a file.
n
Web. Contains files and subfolders to support Internet printing and document access.
n
WinSxS. A folder to store the shared components of side-by-side applications. These can be multiple versions of the same application or the same assembly.
The System32 subfolder contains most of the files used by Windows XP.This is the primary storage location for DLLs, Control Panel applets (.cpl), device drivers (.drv), help files (.hlp and .cnt), MS-DOS utilities (.com), language support files (.nls), screensavers (.scr), setup information files (.inf), and a handful of other files used for support, configuration, or operation. The most commonly accessed subfolders in Windows\System32 are described in the following list: n
n n n n
1025, 1028, 1031, 1033, etc. Contains locationization languages files. Most of these folders will be empty.The English language is 1033.The complete list of locale IDs can be found at http://www.microsoft.com/globaldev/ win2k/setup/lcid.asp. CatRoot. Contains security catalog files. CatRoot2. Contains catalog database files. Com. Contains COM object information. Config. Contains the Registry hives used during bootup and is the storage location for the System, Security, and Application log files viewed through Event Viewer. Config now contains a new folder called \systemprofile that holds a standard profile for the local system.
n
DHCP. This is an empty folder used to hold Dynamic Host Configuration Protocol (DHCP) database files if the host becomes a DHCP server.
n
DirectX. Contains files to support the accelerated performance features of game devices.
n
Dllcache. Contains backup copies of the operating system files that are under the Windows File System Protection system.
n
Drivers. Contains driver files (.sys); the \etc folder contains sample copies of the TCP/IP text-based configuration files, such as Hosts and LMHosts files.
53
54
Chapter 3
n n
n n n n n
The Windows XP Layout
Export. This is an empty folder. IAS. If there is no Internet connection capability, this is an empty folder used to hold configuration files for the Internet Authentication Service.This service is typically found on servers. If the machine has a device capable of connecting to the Internet, the IAS folder should not be empty. It will contain two files: DNARY.MDB (used to phrase IAS log files) and IAS.MDB (used to store remote access policies). Icsxml. Contains files for Univeral Plug and Play. IME. Contains files for Input Method Editors. Intsrv. Contains files used by the World Wide Web service.This folder is empty. Macromedia. Contains a subfolder with the Shockwave Flash .ocx file. MsDTC. Contains Microsoft Distributed Transaction Coordinator files that control transaction output and message delivery between two different applications or processes.
n
MUI. Contains Multilingual-User Interface files that are created by applications, such as Service Pack 1.
n
Os2. Contains drivers used by the OS/2 subsystem. NPP. Contains files to support collecting network traffic from an XP PC by a Network Monitor server.
n
n
Oobe. Contains “Out of Box Experience” files that prompt users to complete product activation and registration and to create a new user other than Administrator.This feature is activated only after setup.
n
Ras. Contains the default scripts used by Dial-Up Networking. Restore. Contains a list of files to be monitored and saved to an alternative location in case of file corruption.The System Restore service takes snapshots of the XP system periodically to enable the system to be restored from a previous set of data.This folder also contains the machine GUID.
n
n
Setup. Contains setup files for additional services, such as FrontPage Server Extensions and Microsoft Fax.
n
ShellExt. By default, this folder is empty. Spool. Used by the printing system to store spooled print jobs and related files. The Printers subfolder is used to store spool files.The other folders found here vary based on printer drivers and configuration.
n
n
USMT. USMT stands for User State Migration Tool.This folder contains files to support both USMT and the File and Settings Transfer Wizard. Both tools enable user files and settings to be copied to another PC.
n
WBEM. Used by Web Based Enterprise Management to store its data and executable files and utilities.The Microsoft implementation of WBEM is the Windows
Key Windows XP Executables
n
Management Instrumentation (WMI) Service.With WMI, programmers can create applications that control network devices, using the same commands regardless of platform. Wins. Contains files to support the Windows Internet Name Service (WINS). This folder is empty.
As you can see, the folder structure that the Windows XP setup process creates is quite extensive. If you add services and applications from the Windows XP distribution CD, install service packs and hotfixes, upgrade Internet Explorer, add Microsoft Outlook, or install other Microsoft and third-party applications, this folder structure increases in depth and complexity.
Key Windows XP Executables The range and number of files included in the Windows XP folder structure are enormous. Most of these files are drivers, DLLs, or some type of configuration storage. Driver, configuration, and DLL files sustain the operating environment. However, most of the executable (.exe) files and the MS-DOS utilities (.com) are quite useful.You can launch them from the Start menu or other standard GUI launch site (when applicable), or you can launch them from Windows Explorer, My Computer, or a command prompt or through the Run command from the Start menu.The following sections list the files you can launch manually and briefly describe each utility or application.
Main Windows Root Folder The following executables reside in the main Windows root folder: n
EPLORER.EXE (Windows XP Explorer). Used to interact with the file systems hosted by Windows XP. It is also the program responsible for creating the Start button and associated objects. If you ever lose the desktop, the Start button, and the taskbar, you can usually restore them by pressing Ctrl+Alt+Delete, selecting Task Manager from the pop-up menu, and starting Explorer back up with the Run command, accessed by choosing File, New Task (Run) from the menu.
n
HH.EXE (HTML help). Opens an HTML-based Help window. NOTEPAD.EXE (Notepad). Used to edit text files. REGEDIT.EXE (Registry Editor). A 16-bit Registry-editing tool that you can use to search the entire Registry at once.
n n
n
TASKMAN.EXE (Task Manager). Used to view active applications and processes and view CPU and memory performance.
n
TWUNK_16.EXE (Thunking Server). Allows 16-bit DOS applications to make 32-bit calls.
55
56
Chapter 3
n
n n
The Windows XP Layout
TWUNK_32.EXE (Thunking Server). Allows 32-bit DOS applications to make 16-bit calls. WINHELP.EXE (Windows Help). A 16-bit Windows Help reader. WINHLP32.EXE (Windows Help). A 32-bit Windows Help reader.
Windows\System32 The following list of executables resides in the Windows\System32 folder: n
ACCWIZ.EXE (Accessibility Wizard). Used to configure the different accessibility options of your system.
n
ACTMOVIE.EXE (DirectShow Setup Tool). Part of the the DirectX series of tools. Used for media capture and playback.
n
AHUI.EXE (Application Compatibility User Interface). Used to configure the different accessibility options of your system.
n
ALG.EXE (Application Layer Gateway Service). Used to configure the different accessibility options of your system.
n
APPEND.EXE (Append). Allows applications to open or access files in folders other than the current working, or active, folder by appending the path parameter. This utility is from MS-DOS 5.0.
n
ARP.EXE (ARP). The Address Resolution Protocol command-line utility used to manage the ARP cache on TCP/IP systems.
n
ASR_FMT.EXE (ASR). The Automated System Recovery utility. ASR_LDM.EXE (ASR). The Logical Disk Manager ASR utility. ASR_PFU.EXE (ASR). The Automated System Recovery Protected Files utility.
n n
n
n n n
AT.EXE (AT). Used to schedule tasks to occur at a specific time and date. It requires that the Scheduler service be running. ATIEVXX.EXE (ATI). The ATI Hotkey Polling utility. ATMADM.EXE (ATM). The ATM Call Manager utility. ATTRIB.EXE (Attributes). Displays or changes file attributes (read-only, archive, hidden, or system).
n
AUTOCHK.EXE (Auto Check Disk). Launches automatically during Windows XP bootup if a volume is marked as dirty (has bad clusters, has error blocks, or is otherwise damaged).
n
AUTOCONV.EXE (Auto Convert). Used by the Windows XP setup routine to convert a FAT volume to NTFS.
n
AUTOFMT.EXE (Auto Format). The Auto File System conversion utility.
Key Windows XP Executables
n
n
n
n
AUTOLFN.EXE (Auto Long Filenames). Used by the Windows XP setup routine to repair, copy, or enable long filenames on drives that have been converted from another file system (usually FAT) to NTFS. Also capable of converting long filenames to the 8.3 format. BOOTCFG.EXE (Boot Configuration Tool). A command-line tool for editing the boot.ini file. BOOTOK.EXE (Boot Acceptance). Used with the Last Known Good Configuration process to save the configuration parameters after a successful logon. BOOTVRFY.EXE (Boot Verify). Used with the Last Known Good Configuration process to verify a boot selection.
n
CACLS.EXE (Change ACLs). A command-line utility used to change or edit permissions for files and folders.
n
CALC.EXE (Calculator). A GUI calculator that can act as a standard or scientific calculator.
n
CHARMAP.EXE (Character Map). A GUI utility that displays the characters in each font installed on the system.
n
CHKDSK.EXE (Check Disk). A disk inspection tool that can search for and repair disk errors.
n
CHKNTFS.EXE (NTFS Drive Checker). Used to verify the integrity of Windows XP NTFS partitions.
n
CIDAEMON.EXE (Content Index Filter Daemon). Process that determines which files will be indexed on the hard disk for faster search queries.
n
CIPHER.EXE (Encrypted File System Configuration Manager). A command-line utility used to encrypt/decrypt files and folders using EFS.
n
CISVC.EXE (Content Index Service). The Content Index engine that performs file indexing to improve performance of resource searches.
n
CKCNV.EXE (Cookie Converter). A supporting process that controls how cookies are handled under Windows XP.
n
CLEANMGR.EXE (Disk Space Cleaner). A utility used to remove unused temp files from a hard drive to reclaim used space.
n
CLICONFG.EXE (SQL Server Client Network Utility). Used to configure connections from network clients to SQL servers.
n
CLIPBRD.EXE (Clipboard Viewer). Used to view the contents of the object or data currently copied into memory (also known as the Clipboard).
n
CLIPSRV.EXE (Clipboard Server). The network dynamic data exchange (DDE) clipboard service used by Clipboard Viewer to access objects or data copied into memory.
n
CMD.EXE (Command Prompt). An executable that provides the command prompt (MS-DOS shell interpreter) for Windows NT.
57
58
Chapter 3
n
n
n
n
The Windows XP Layout
CMDL32.EXE (Auto Connection Manager). Tracks network addresses to their appropriate connection destinations to support auto-dial functions. CMMON32.EXE (Connection Manager). The Connection Manager Monitor. CMSTP (Connection Manager Installer). Installs and configures Connection Manager service profiles. COMP.EXE (Compare). An MS-DOS utility used to compare the contents of two files or sets of files.
n
COMPACT.EXE (Compact). A command-line utility used to compress individual files or directories on an NTFS volume.
n
CONIME.EXE (IME Console). The console for the Input Method Editor used to convert non-Arabic letters from a 101-keyboard.
n
CONTROL.EXE (Control Panel). Provides the Control Panel window where all Control Panel applets are displayed.
n
CONVERT.EXE (Convert). Used to convert partitions from FAT to NTFS and from NTFSv4 to NTFSv5.
n
CSCRIPT.EXE (Command Based Script Host). A command-line version of the Windows Script Host that enables you to run previously created VBScript and JScript from the command line.
n
CSRSS.EXE (Client-Server Runtime Server Subsystem). Used to maintain the Win32 system environment console and other essential functions.
n
CTFMON.EXE (CTF Loader). Supports speech recognition, handwriting recognition, and other Alternative User Input services.
n
DCPROMO.EXE (Domain Controller Promotion). Used to promote and demote a Windows NT or 2000 server. Installs Active Directory on the system.
n
DCOMCNFG.EXE (DCOM Configuration). Used to display and configure DCOM settings and configuration.
n
DDESHARE.EXE (DDE Share). Displays the active DDE shares and enables property editing for these shares.
n
DEBUG.EXE (Debugger). A command-line debugging tool. DEFRAG.EXE (Disk Defragmenter). A command-line utility that consolidates files so that they are saved in contiguous locations on the hard disk.
n
n
DFRGFAT.EXE (FAT Defragmentation Tool). Used to defragment FAT partitions.
n
DFRGNTFS.EXE (NTFS Defragmentation Tool). Used to defragment NTFS partitions.
n
DIANTZ.EXE (Cabinet Maker). Allows a file to be compressed and included in a cabinet file.
Key Windows XP Executables
n
n
n n n
DISKPART.EXE (Microsoft Diskpart). A command-line tool for disk management. DISKPERF.EXE (Disk Performance Counters). Used to switch performance counters for the disk subsystem on and off. DLLHOST.EXE (COM+ Server Process). The COM+ process manager. DLLHST3G.EXE (COM Surrogate). A COM+ process component. DMADMIN.EXE (Logical Disk Manager Administrative Service). Runs during hard disk configuration only.
n
DMREMOTE.EXE (Logical Disk Manager). A Logical Disk Manager component.
n
DOSKEY.EXE (DOS Keyboard). An MS-DOS 5.0 keyboard history utility that provides a history of command-line executions and macros.
n
DOSX.EXE (DOS Extender). A virtual DOS machine (VDM) MS-DOS extender for standard mode.
n
DPLAYSVR.EXE (Microsoft DirectPlay Helper). Supports game connections over a modem, the Internet, or a LAN.
n
DPNSVR.EXE (DirectPlay8 Server). A forwarding service for games that have multiple processes using the same IP or IPX port.
n
DRIVERQUERY.EXE (Driver Query). A command-line tool that displays a list of currently installed drivers and associated properties.
n
DRWATSON.EXE (Dr. Watson). A 16-bit GUI application failure-detection and fault-logging utility that watches over the Win16 subsystem.
n
DRWTSN32.EXE (Dr. Watson 32). A 32-bit GUI application failure-detection and fault-logging utility that watches over the Win32 subsystem and native Windows XP applications.
n
DUMPREP.EXE (Windows Error Reporting). A dump reporting tool. DVDPLAY.EXE (DVD Play). A placeholder application. DVDUPGRD.EXE (DVDUpgrd). Upgrades a non-XP compatible DVD decoder.
n n
n
DWWIN.EXE (Microsoft Application Error Reporting). The application used to report errors in Microsoft applications.
n
DXDIAG.EXE (DirectX Diagnostic Tool). A tool for troubleshooting DirectX components.
n
EDLIN.EXE (Edit Line). An MS-DOS–based line editor. ESENTUTL.EXE (Windows XP Database Tools). A collection of tools used to check and repair the Windows XP folder.
n
59
60
Chapter 3
n
n
n
n
The Windows XP Layout
EUDCEDIT.EXE (Private Character Editor). An application that enables you to create up to 6,400 unique characters, such as special letters and logos, for your font library. EVENTCREATE.EXE (Event Create). Allows creating custom events in an event log. EVENTTRIGGERS.EXE (Event Triggers). This application displays and configures event triggers. EVENTVWR.EXE (Event Viewer). The executable for the Event Viewer.
n
EXE2BIN.EXE (Executable to Binary). A programmers’ tool from MS-DOS used to convert .exe files to .bin files.
n
EXPAND.EXE (Expand). A command-line utility used to decompress individual files or folders on an NTFS volume.
n
EXTRAC32.EXE (CAB File Extract Utility). Allows cabinet files to be extracted to disk.
n
FASTOPEN.EXE (Fast Open). An MS-DOS utility that improves performance on systems that have large folders by decreasing the time it takes to open frequently accessed files.
n
FC.EXE (File Comparison). An MS-DOS utility that compares files or sets of files to reveal their differences.
n
FIND.EXE (Find). A command-line utility used to search for a string of characters in a file or files.
n
FINDSTR.EXE (Find String). A command-line utility used to search for a string of characters in a file or files.
n
FINGER.EXE (Finger). A TCP/IP utility used to obtain information about a user account via a remote system.
n
FIXMAPI.EXE (MAPI Repair Tool). Detects and resolves problems with Messaging Application Programming Interface (MAPI) files.
n
FONTVIEW.EXE (Font View). A command-line utility that displays a sample output for a font in a printable GUI window.
n
FORCEDOS.EXE (Force DOS). Instructs Windows XP to launch an application as an MS-DOS utility when it contains the code for both OS/2 and MS-DOS.
n
FREECELL.EXE (Free Cell). A GUI card game. FSUTIL.EXE (FSUtil). A volume management tool. Manages reparse points and sparse files.
n
n
FTP.EXE (FTP). A TCP/IP command-line File Transfer Protocol (FTP) utility used to transfer files between the local system and a remote FTP server.
Key Windows XP Executables
n
n
n
n
GDI.EXE (Graphical Device Interface). A core system component that provides the Win16 Graphical Device Interface API library for backwardcompatibility with Win16 applications. GETMAC.EXE (Get MAC Address). Displays the Media Access Control (MAC) address of the specified system. GPRESULT.EXE (Query RsoP Data). A tool that displays the Group Policies applied to a user or computer. GPUPDATE.EXE (Group Policy Refresh Utility). Manually applies Group Policies after the Group Policy administrator makes changes instead of waiting for the next automatic update.
n
GRPCONV.EXE (Group Convert). Converts Microsoft Windows 3.x and Microsoft Windows for Workgroups Program Manager groups into Start menu items.
n
HELP.EXE (Help). Displays basic and general help information about many Windows XP commands.
n
HOSTNAME.EXE (Hostname). A TCP/IP command-line utility that displays the hostname of the current system.
n
IE4UINIT.EXE (IE Install Utility). The IE 5.0 Per-user Install utility. IEXPRESS.EXE (Self Extracting/Installing Creator). Creates self-extracting or self-installing executable files.
n
n
IMAPI.EXE (CD-Burning COM Service). Manages CD recording using Image Mastering Applications Programming Interface (IMAPI). If this service is stopped, the computer cannot record CDs.
n
IPCONFIG.EXE (IP Configuration). A TCP/IP command-line tool that displays the IP configuration for all installed interfaces and can be used to renew and release DHCP leases.
n
IPSEC6.EXE (Ipv6 Security Configuration Utility). A tool for configuring IPv6 security.
n
IPV6.EXE (Ipv6 Configuration Utility). A tool to install and configure IPv6. IPXROUTE.EXE (IPX Route). A utility used to display and control the IPX routes when using the IPX protocol.
n
n
KRNL386.EXE (Kernel 386). Contains the core Kernel routines for Win16 enhanced mode functionality.
n
LABEL.EXE (Label Drive). A command-line tool used to display, edit, or change a drive’s volume label.
n
LIGHTS.EXE (Lights). Provides the settings for modem status lights in Windows 95/98 by monitoring the COM ports.
n
LNKSTUB.EXE (Win95-Winnt Migration Utility). The Windows 95 side of a Windows 95–to–Windows NT upgrade program.
61
62
Chapter 3
n
n
n
n
The Windows XP Layout
LOCATOR.EXE (Locator). Adds support for Remote Procedure Calls (RPCs) to the Windows XP environment. LODCTR.EXE (Load Counters). Used to add new counters to Performance Monitor. LOGAGENT.EXE (Windows Media Player LogAgent). The application that logs errors with Windows Media Player. LOGMAN.EXE (Performance Log Utility). Manager and scheduler for trace logs and performance counters.
n
LOGOFF.EXE (Session Logoff Utility). A utility to terminate a user’s session on the PC.
n
LOGONUI.EXE (Windows Logon User Interface). The user interface that appears when Windows XP first starts.
n
LPQ.EXE (Line Printer Queue). Displays printer queue information on a printer hosted on a Unix system.
n
LPR.EXE (Line Printer). Prints to a printer hosted on a Unix system. LSASS.EXE (LSA Security Service). The Local Security Authority server process.
n
n
MAGNIFY.EXE (Microsoft Magnifier). Magnifies portions of the screen for visually impaired people.
n
MAKECAB.EXE (Cabinet File Maker). Creates .cab files for install packages. MEM.EXE (Memory). A command-line utility that displays the current state of memory.
n
n
MIGPWD.EXE (Migration dll). A Windows 95–to–Windows NT migration utility.
n
MMC.EXE (Microsoft Management Console). A built-in programming interface where most administrative tasks can be added through snap-ins, ensuring the same interface for all administrative functions.
n
MNMSRVC.EXE (NetMeeting Remote Desktop Sharing). Allows authorized users to remotely access your desktop.
n
MOBSYNC.EXE (Offline Web Synchronizer). Synchronizes offline Web sites. MOUNTVOL.EXE (Volume Mounter). Creates, lists, and modifies volume mount points.
n
n n
n
MPLAY32.EXE (Multimedia Player). A GUI multimedia player. MPNOTIFY.EXE (Multiple Provider Notify). Used by the WinLogon service to notify non-Microsoft network servers about security events. MQBKUP.EXE (MSMQ Backup/Restore Utility). A backup and restore utility for Microsoft Message Queuing (MSMQ) service messages.
Key Windows XP Executables
n
n n
n
MQSVC.EXE (Message Queuing Service). A messaging service between source and destination computers running distributed applications. MQTGSVC.EXE (MSMQ Trigger Service). Message queuing trigger service. MRINFO.EXE (Multicast Information). A command-line tool to query a multicast router about its interfaces. MSCDEXNT.EXE (Microsoft CD-ROM Extensions). Provides CD-ROM extensions for the Windows XP environment, enabling data CDs to be accessed just like hard drives.
n
MSDTC.EXE (DTC Console Program). The console for the Distributed Transaction Coordinator (DTC).
n
MSG.EXE (Message Utility). A utility for sending messages to other users. MSHEARTS.EXE (Hearts Network). A multiplayer Hearts card game. MSHTA.EXE (HTML Application Host). The application used to run an HTML Application (HTA) file.
n n
n
MSIEXEC.EXE (Windows Installer). Used to create install packages for applications and programs.
n
MSPAINT.EXE (Microsoft Paint). A basic graphics creation and viewing tool. MSSWCHX.EXE (Onscreen Keyboard Program). Provides keyboard access for mobility-impaired people.
n
n n
MSTINIT.EXE (Task Scheduler Setup). Allows scheduling automated tasks. MSTSC.EXE (Remote Desktop Connection). An application that enables a computer to be accessed remotely.
n
NARRATOR.EXE (Microsoft Narrator). Reads files for people who are hearing impaired.
n
NBTSTAT.EXE (NBT Statistics). Displays NetBIOS over TCP/IP statistics. NDDEAPIR.EXE. The server-side application programming interface (API) for the Network DDE Agent.
n
n
NET.EXE (Network). Used to manage, configure, and view network-related controls, such as NET USE, NET PRINT, NET USER, and so on.
n
NET1.EXE (Network). Another network command utility that performs the same functions as NET.EXE.
n
NETDDE.EXE (Network DDE). A background network DDE provider. NETSETUP.EXE (Network Setup Wizard). A utility to help configure other PCs on your network using a floppy disk.
n
n
NETSH.EXE (Routing and Remote Access Service Configuration Tool). Used to configure RRAS settings.
n
NETSTAT.EXE (Network Statistics). Displays TCP/IP network statistics.
63
64
Chapter 3
n
n n
n
n
The Windows XP Layout
NLSFUNC.EXE (National Language Support Function). Used to load country-specific language support. NOTEPAD.EXE (Notepad). The Notepad text-editing utility. NSLOOKUP.EXE (Name Server Lookup). Used to display diagnostic and statistical information from DNS servers. NTBACKUP.EXE (Windows NT Backup). The Windows XP Backup executable. NTKRNLPA.EXE (NT Kernel and System). A Windows Kernel component.
n
NTOSKRNL.EXE (Operating System Kernel). The Windows XP operating system Kernel.
n
NTSD.EXE (Symbolic Debugger). A troubleshooting utility that gives a detailed view of the system state at the moment of failure.
n
NTVDM.EXE (NT Virtual DOS Machine). An executable that provides the VDM used to host MS-DOS applications and Windows-on-Windows (WOW— support for Win16).
n
NW16.EXE (NetWare Redirector). The NetWare VDM Redirector. NWSCRIPT.EXE (Netware Logon Script Utility). A tool to allow logons to a NetWare server from a Windows PC.
n
n
ODBCAD32.EXE (ODBC Administrator). Used to administer ODBC connections.
n
ODBCCONF.EXE (MDAC Installer). Used to reconfigure and reinstall Microsoft Data Access Components (MDAC).
n
OPENFILES.EXE (Open Files). Displays and allows disconnects of open files on a system.
n
OSK.EXE (On Screen Keyboard). Displays an onscreen keyboard that can be used to enter information with the mouse.
n
OSUNINST.EXE (Uninstall Utility). A utility to uninstall Windows XP and return to an earlier Windows OS. Can be run from a command prompt in Safe mode.
n
PACKAGER.EXE (Object Packager). Used to create icon links to embedded data for use in documents.
n
PATHPING.EXE (PathPing Command). A command for verifying an IP route that enables the user to specify options to test for along the path.
n
PENTNT.EXE (NT Pentium Test). A command-line tool that tests the system for the Pentium floating-point error.
n
PERFMON.EXE (Performance Monitor). The Performance Monitor executable.
n
PING.EXE (PING). A TCP/IP utility used to test the existence of, or the capability to communicate with, remote systems.
Key Windows XP Executables
n
n
n
n
PING6.EXE (Ipv6 Ping Command). A utility that verifies connectivity to a specific IP address or hostname. PRINT.EXE (Print). A command-line print utility used to send print jobs to a port. PROGMAN.EXE (Program Manager). An alternative shell that can be used in place of Windows XP Explorer. It is the main interface used in Windows 3.x, Windows for Workgroups, and Windows NT 3.51. PROQUOTA.EXE (Profile Quota Manager). An application for limiting the size of user profiles.
n
PROXYCFG.EXE (Proxy Configuration Tool). A command-line tool to view and change your current proxy settings.
n
QAPPSRV.EXE (Query Terminal Server Utility). Identifies terminal servers on the network.
n
QPROCESS.EXE (Query Process Utility). Displays processes running on a machine. Can be sorted by username and other criteria.
n
QWINSTA.EXE (Query Session Utility). Displays session information and related statistics, such as connect and flow control settings.
n
RASAUTOU.EXE (Remote Access Dialer). A program that allows remote dial-up connections between PCs.
n
RASDIAL.EXE (RAS Command-Line Dialer). A client-side user interface. RASPHONE.EXE (RAS Phone). The Dial-Up Networking Phonebook application.
n
n
RCIMLBY.EXE (Remote Assistance). A program used to help another user with a computer problem over the network or Internet.
n
RCP.EXE (Remote Copy). A TCP/IP utility used to copy files between the current system and a remote RSHD (Remote Shell) server.
n
RDPCLIP.EXE (RDP Clip Monitor). A Remote Desktop Protocol component.
n
RDSADDIN.EXE (Remote Desktop Addin). A Remote Desktop Terminal Services session add-in.
n
RDSHOST.EXE (RDSHost Server Module). A Remote Desktop Service module.
n
RECOVER.EXE (Recover). A command-line utility to recover readable data from a defective drive.
n
REDIR.EXE (Redirector). A Win16 network redirector. REG.EXE (Registry Console Tool). A command-line tool for querying and editing the Registry.
n
65
66
Chapter 3
n
n
n
n
The Windows XP Layout
REGEDT32.EXE (Registry Editor). A 32-bit Registry-editing tool that can set security permissions on Registry keys and values. REGINI.EXE (Registry Initializer). A utility to change Registry values from a command line or script. REGSVR32.EXE (Registry Server). A program for viewing and editing the Registry. REGWIZ.EXE (Registration Wizard). Automates the process of registering your XP operating system.
n
RELOG.EXE (Performance Relogging Utility). Displays performance counter data in other formats.
n
REPLACE.EXE (Replace). A command-line tool used to replace files. RESET.EXE (Reset Utility). A Terminal Services reset utility. REXEC.EXE (Remote Execute). Used to issue commands on remote systems running the REXEC service.
n n
n n
ROUTE.EXE (Route). Used to view and edit the local routing table. ROUTEMON.EXE (Router Console Monitor). A utility that is no longer supported. Refers you to the netsh command.
n
RSH.EXE (Remote Shell). Issues commands on remote systems running the RSH service.
n
RSM.EXE (Removable Storage Manager). Command-line interface for the Removable Storage Manager.
n
RSMSINK.EXE (Removable Storage Manager). Sink layer for the Removable Storage Manager.
n
RSMUI.EXE (User Interface). A Removable Storage Manager component. RSNOTIFY.EXE (Recall Notification). A Removable Storage Manager component.
n
n
RSOPPROV.EXE (RSoP Service Application). A Resultant Set of Policies (RSOP) application. Determines the current policies applied to a particular user or PC.
n
RSVP.EXE (Resource Reservation Protocol). A protocol that sets up a reserved pathway with a specific quality of service for a set of data packets.
n
RTCSHARE.EXE (RTC Application Sharing). A real-time clock component.
n
RUNAS.EXE (Run As Utility). A utility that allows a process to be implemented with a new user ID and password combination.Typically used to run a process or application as an Administrator or other user with higher levels of privileges than the currently logged on user.
Key Windows XP Executables
n n
n
n
n
RUNDLL32.EXE (Run DLL). Used to run DLL files from a command line. RUNONCE.EXE (Run Once). Used to perform tasks as defined in the RunOnce Registry key. RWINSTA.EXE (Reset Session Utility). A utility to reset a hardware or software session. SAVEDUMP.EXE (Save Dump). Saves the contents of memory to a dump file in the occurrence of a STOP error. SC.EXE (Service Development for Windows NT). A service management tool.
n
SCARDSVR.EXE (Smart Card Resource Management Server). Smart Card Server component.
n
SCHTASKS.EXE (Schedule Tasks). A command-line tool for scheduling unattended tasks.
n
SDBINST.EXE (Installer). AppFix and AppHelp installer. SECEDIT.EXE (Security Configuration Manager). Used to set and configure Windows XP security options.
n
n n n n
SERVICES.EXE (Services). Used by Windows XP to manage services. SESSMGR.EXE (Session Manager). A Remote Desktop help session manager. SETUP.EXE (Setup). The Windows Setup tool. SETVER.EXE (Set Version). Used to define the version of MS-DOS reported to an application.
n
SFC.EXE (Windows XP Windows File Checker). Verifies that all Windows XP files are present and of the correct version.
n
SHADOW.EXE (Session Utility). A Session Remote Control utility. SHARE.EXE (Share). An MS-DOS utility used to enable two applications to use the same file.
n
n n
SHMGRATE.EXE. A Windows XP user data migration tool. SHRPUBW.EXE (Shared Folder Creator). Used to create shared folders on a Windows XP system.
n
SHUTDOWN.EXE (Remote Shutdown Tool). Allows shutdowns and restarts on local or remote PCs.
n
SIGVERIF.EXE (File Signature Verifier). Verifies that the selected file is signed and authorized to run under Windows XP.
n
SKEYS.EXE (Serial Keys). A system service that adds support for the SerialKeys feature.
n
SMLOGSVC.EXE (Performance Logs and Alerts Service). An application that allows statistics to be monitored and collected on local and remote PCs.
67
68
Chapter 3
n
n n n n
n
The Windows XP Layout
SMSS.EXE (Session Manager). A session manager used to establish the Windows XP environment during bootup. SNDREC32.EXE (Sound Recorder). A sound recorder application. SNDVOL32.EXE (Sound Volume). A GUI volume application. SOL.EXE (Solitaire). A GUI solitaire card game. SORT.EXE (Sort). A command-line utility that sorts input and writes the results to a file or the screen. SPIDER.EXE (Spider). The Spider solitaire game.
n
SPOOLSV.EXE (Spooler Service). The spooler service for the print subsystem.
n
SPRESTRT.EXE. Used to restore the Registry to restart the GUI-mode portion of the Setup application.
n
STIMON.EXE (Still Image Devices Monitor). Enables a USB still-image device to transfer data.
n
SUBST.EXE (Substitute). An MS-DOS command used to associate a path with a drive letter.
n
SVCHOST.EXE (Service Host). A generic host process for Win32 services. SYNCAPP.EXE (Synchronize Application). A tool used by the Briefcase to synchronize contained files.
n
n
SYSEDIT.EXE (System Edit). A system file-editing utility that opens the system.ini, win.ini, config.sys, and autoexec.bat files in one editor window.
n
SYSKEY.EXE (Windows XP Account Database Manager). Used to secure the Windows XP account database.
n
SYSOCMGR.EXE (Optional Component Manager). The System Standalone Optional Component Manager.
n
SYSTEMINFO.EXE (System Information). Queries a system for configuration information, including hotfix and dynamic patches that have been applied, IP addresses, and so forth.
n
SYSTRAY.EXE (System Tray). The system tray provider. It controls the taskbar and icon tray.
n
TASKKILL.EXE (Kill Process). Ends a process or task on a local or remote system.
n
TASKLIST.EXE (Task List). Displays a list of all running processes on a local or remote computer.
n
TASKMAN.EXE (Task Manager). Used for backward-compatibility with older, non-Windows XP software instead of actually providing access to the Task Manager.
n
TASKMGR.EXE (Task Manager). The Task Manager application.
Key Windows XP Executables
n
n n
n
n
TCMSETUP.EXE (Telephony Client Setup). Used to set up the Telephony configuration on a Windows XP client. TCPSVCS.EXE (TCP Services). The TCP Services provider. TELNET.EXE (Telnet). A Telnet client used to access remote Telnet server systems. TFTP.EXE (Trivial FTP). An alternative FTP program for use over User Datagram Protocol (UDP). TLNTADMN.EXE (Telnet Administrator). Used to configure the settings for the Telnet server under Windows XP.
n
TLNTSESS.EXE (Telnet Sessions Viewer). Displays the currently connected Telnet sessions.
n
TLNTSVR.EXE (Telnet). An application that allows a Telnet terminal session with an online host.
n
TOURSTART.EXE (Windows Tour Launcher). A guided overview of Windows XP.
n
TRACERPT.EXE (Event Trace Report Tool). Provides trace analysis reports from trace logs or data generated by an event trace provider.
n
TRACERT.EXE (Traceroute). Used to identify the route between the local system and a remote system on a TCP/IP network.
n
TRACERT6.EXE (Ipv6 Traceroute Tool). A tool to trace the route a packet would take to get from the source host to the destination host.
n
TSCON.EXE (Session Connection Utility). Attaches a user session to a terminal session.
n
TSCUPGRAD.EXE (Setup Custom Action DLL). The Terminal Services setup component.
n
TSDISCON.EXE (Session Disconnect Utility). A Terminal Services utility for disconnecting a session.
n
TSKILL.EXE (End Process Utility). A utility to terminate a Terminal Services process on a session-by-session basis or for all sessions.
n
TSSHUTDN.EXE (System Shutdown Utility). A Terminal Services utility to perform a controlled shutdown of the server. Includes variables for rebooting or powering down the server.
n
TYPEPERF.EXE (Command-line Performance Monitor). An application that collects performance data and outputs it to a file or display.
n
UNLODCTR.EXE (Unload Counter). Used to unload Performance Monitor counters.
n
UPNPCONT.EXE (UPnP Device Host Container). A Universal Plug and Play component.
69
70
Chapter 3
n n n
n n
n
The Windows XP Layout
UPS.EXE (UPS Service). The uninterruptible power supply service. USER.EXE (Win16 User). A utility for Win16 compatibility. USERINIT.EXE (User Initialization). Used to establish the operating environment for a user after logon. USRMLNKA.EXE (U.S. Robotics Driver Interface). A driver utility. USRPRBDA.EXE (U.S. Robotics Enable/Disable Probe). U.S. Robotics device support utility. USRSHUTA.EXE (U.S. Robotics Shutdown Helper). A U.S. Robotics device support utility.
n
UTILMAN.EXE (Utility Manager). An application for configuring tools for disabled people.
n
VERIFIER.EXE (Driver Verifier Manager). Attempts to determine whether a driver will cause a system conflict by testing its operation.
n
VSSADMIN.EXE (Shadow Copy Service). Command-line interface for the Volume Shadow Copy Service.
n
VSSVC.EXE (Volume Shadow Copy Service). Manages and implements a volume shadow copy for backup purposes.
n
VWIPXSPX.EXE (Redirector). A NetWare redirector component. W32TM.EXE (Windows Time Service). The Windows Time Service diagnostic tool.
n
n
WEXTRACT.EXE (Win32 Cabinet Self Extractor). A component used in extracting cabinet files to disk during setup.
n
WIAACMGR.EXE (Windows Picture Acquisition Wizard). A program that steps you through downloading pictures from a digital device to a file location.
n
WINCHAT.EXE (Windows Chat). A chat tool. WINHLP32.EXE (Windows Help). The 32-bit Windows Help tool. WINLOGON.EXE (Windows Logon). The Windows Logon service. WINMINE.EXE (Mine Sweeper). The Mine Sweeper game. WINMSD.EXE (Windows XP Diagnostics). The Windows XP diagnostics application.
n n n n
n
WINSPOOL.EXE (WOW Spooler). The printer spooler service for WOW (the Win16 subsystem).
n
WINVER.EXE (Windows Version). Displays the current Windows version. WMPSTUB.EXE (Windows Media Player). The Windows Media Player autoplay loader.
n
n n
WOWDEB.EXE (WOW Debugger). The WOW debugger. WOWEXEC.EXE (WOW Execute). Runs Win16 applications for Win32 applications.
Living with Service Packs and Hotfixes
n
n n n n n
n
WPABALN.EXE (Windows Product Activation). Windows Product Activation Balloon reminder. WPNPINST.EXE (Internet Printing). Supports .exe files for Internet printing. WRITE.EXE (Write). A text and rich-text document-editing tool. WSCRIPT.EXE (Script Host). The Windows-based script host. WUAUCLT.EXE (Windows Update). An auto-update client. WUPDMGR.EXE (Windows Update). The Windows Update Manager for NT. XCOPY.EXE (Extended Copy). A command-line utility used to copy files and folders.
The Windows XP Distribution CD The Windows XP distribution CD contains more than just the files for installing Windows XP.There are extra tools, release notes, and value-added software from thirdparty vendors and Microsoft. The root folder of the distribution CD hosts four subfolders. Only one of these folders is a platform-specific version of the setup file. The \Docs subfolder contains documents that should be read before starting your Windows XP setup.There is a Read1st.txt file, a release notes document, and a document describing the setup procedure. The \i386 subfolder contains all the files (mostly in compressed format) that make up the Windows XP operating system.This is the folder the Setup program uses to install the OS. The \Support subfolder contains a \Tools subfolder with many troubleshooting and support tools for Windows XP (such as the Process Resource Monitor and the Quick Fix Application for resolving application compatibility problems with Windows XP). The \Valueadd subfolder contains some sample third-party tools and utilities for Windows XP as well as extra documents, fonts, utilities, and applications from Microsoft.
Living with Service Packs and Hotfixes All operating systems have their share of application fixes and driver updates, and Windows in any flavor is no exception. Microsoft is trying to make applying these fixes a smoother process, however, by continuing to add new features that assist in the update process.The latest feature is called Dynamic Update.You can launch this tool during setup so that critical fixes are applied to drivers that might cause problems during the
71
72
Chapter 3
The Windows XP Layout
setup process. Dynamic Update requires a PC to have an Internet connection to receive the updates. Network administrators on larger networks that are running a deployment cycle have the option of downloading these files to a network share so that large numbers of workstations can be updated at once without affecting wide area network (WAN) bandwidth. The service packs themselves contain only bug fixes. Any product enhancements are available through a different channel, so administrators can install relatively small service packs. Although service packs are expected to be a fairly regular event in the Windows XP world, bugs are detected between releases of these service packs.When the bug could affect the security or performance of systems, Microsoft releases what are known as hotfixes. In the past, hotfixes had to be individually downloaded and installed in a specific order. Beginning with Windows 2000, however,Windows Update is used to automatically detect, download, and install the required hotfixes. The Joys of Slipstreaming Many Windows administrators have learned to live with service packs. It has always been a real battle to get the configuration correct. A common question was “I just installed application X. Do I need to install service pack Y?” This dilemma has disappeared with the introduction of slipstreaming in Windows XP. In a nutshell, slipstreaming modifies the Windows XP distribution files while the system files are being updated. This ensures that the next time the distribution files are used to install an operating system, the system will be up to date with all service packs and hotfixes. This modification to the Windows XP distribution files provides two important items. First, it creates new files that can allow installating the OS with all service packs and hotfixes already applied. Second, it makes it unnecessary to reinstall service packs and hotfixes after adding applications or services to an existing Windows XP installation.
For More Information If the information about Windows XP file layout issues in this chapter has increased your desire to learn more, here are some resources you can research: n
Microsoft TechNet: http://www.microsoft.com/technet.
Following are two popular tools for multi-booting Windows XP with non-Microsoft operating systems: n
n
V Communications System Commander and Partition Commander, located at http://www.v-com.com/. PowerQuest’s Partition Magic (version 7), located at http://www.powerquest. com/.
For More Information
For more information about the tools and utilities found in the main Windows root directory, you can take the following action:
n
Use the help command from a command prompt. Look through the Windows XP Help and Support system. (Select Help and Support from the Start menu.) Use the /? parameter after the utility name from a command prompt. Run or start the program, and then look for help information. Consult the TechNet CD-ROM.
n
Search the Microsoft Web site: http://support.microsoft.com/.
n n
n n
The following tools monitor your system for changes, especially during software installation.You can use the recorded changes to uninstall software and return your system to its previous state: n
n
V Communications System Commander and Partition Commander, located at http://www.v-com.com/. IMSI Software’s WinDelete: http://www.imsisoft.com.
73
II Nuts and Bolts of Windows XP 4
Windows XP and Hardware
5
Keeping Windows XP Current
6
Windows XP Installation and Upgrade Secrets
7
Booting Windows XP
8
Windows XP Control Panel Utilities
9
Introducing the Windows XP Registry
10
Editing the Windows XP Registry
11
Important Registry Keys and Values
4 Windows XP and Hardware
W
INDOWS XP IS BY FAR THE BEST Microsoft operating system in terms of hardware support. It supports the widest and deepest range of hardware of any previous Microsoft OS.The range is wide because it encompasses many new technologies, such as wireless networking, digital photography, CD burning, FireWire (IEEE 1394), video capture, Digital Video Data (DVD) disks, and so forth.The range is deep because it supports both new technology and older or legacy devices. A simple statement by Microsoft program manager Eugene Li summarizes the hardware capabilities: “Buy it, plug it in, and it just works.” Although this is undoubtedly an oversimplification of the process in many cases, it’s not far off the mark.
Windows XP provides users with increased reliability, availability, and scalability of the hardware and drivers it supports. Microsoft has listened to the concerns of its clients and built new features into Windows XP that enable the operating system to remain stable as demands on it increase. Plus, to help extend the hardware compatibility reach of Windows XP, it supports Windows XP designated device drivers,Windows 2000 designated device drivers, and some Windows 98/SE/Me device drivers. Leveraging existing OS-specific drivers allows XP to support a broader range of devices without requiring hardware manufacturers to rewrite their established driver codes.
Plug and Play in Windows XP Windows XP expands upon the popular technology known as Plug and Play (PnP). PnP technology, introduced with Windows 95, is a way for the operating system to automatically detect and recognize devices. Allowing the operating system to control the configuration of devices diminishes the potential for resource setting conflicts.The operating system is able to recognize and adapt to hardware configuration and changes automatically and dynamically. PnP works as a combination of BIOS, hardware devices, system resources, devices drivers, and the operating system.Windows XP supports most PnP devices produced since 1995.
78
Chapter 4
Windows XP and Hardware
When Plug and Play was introduced, it was a novelty, and not without its pitfalls. Many in the industry who spent a good deal of time wrestling with Windows 95 and its PnP features affectionately called it “Plug and Pray.”Windows XP support for PnP is different from the PnP support in Windows 95. PnP in Windows XP does not rely on the Advanced Power Management (APM) BIOS or on the PnP BIOS, both of which were designed for Windows 95.Windows XP incorporates the Advanced Configuration and Power Interface (ACPI) specification.The ACPI specification defines a system board and BIOS interface that extends PnP to include power management and other configurations, which are under the operating system’s control. When a PnP piece of hardware is added to a Windows XP computer, the operating system detects the hardware and installs the drivers, thus saving the user from going through sometimes complicated instructions on installing the device and loading the correct driver. At times, even finding the driver on a manufacturer’s CD/disk can be a challenge.When the operating system finds a new piece of hardware that has been installed, it must first look at its inventory of all the devices currently residing on the system.This inventory is gathered during startup, when it communicates with PnP devices directly and allocates the resources they need to function. When a new device is installed, it is detected in a process called enumeration. After enumeration, if the correct driver is located in the Windows XP driver database, it is loaded and configured without requiring user input. Otherwise, you might have to tell the OS where to locate the required device driver. Internal resources are then allocated, and the other drivers and applications are notified that the new device is installed and available for use. Note When you install a new PnP device, allow Windows XP to detect and configure it. For Peripheral Component Interconnect (PCI) and Industry Standard Architecture (ISA) PnP cards, you must turn off the computer and insert the device. When you restart the system, Windows XP will enumerate the devices and start the PnP installation automatically.
There are numerous benefits to using PnP. It dynamically loads, initializes, and unloads drivers; automatically allocates resources during enumeration; provides a consistent driver and bus interface for all devices; and ensures that the correct drivers are loaded and installed during the automatic installation procedure.The types of devices that Windows XP supports include multiple display support, PC card services, infrared devices, wireless devices, DirectX, pluggable PCI, hot pluggable storage devices, directory-enabled networking equipment, Universal Serial Bus (USB), IEEE 1394 (FireWire), and others. To enable the full functionality of Windows XP PnP, the computer needs to have the ACPI system board. Although Windows XP does work with non-ACPI system boards, the operating system is limited in allocating resources and utilizing the PnP feature set.
Universal Plug and Play
You can still add non-PnP hardware by using the Add Hardware Wizard in Control Panel. If you are installing Windows XP on a PC with non-PnP devices, Microsoft recommends that you remove the devices first, install Windows XP, and then add the devices back by using the Add Hardware Wizard.There are two reasons for this recommendation. First, if two devices are using the same resource settings before the upgrade, it can cause installation problems. Second,Windows XP enumerates and sets the resource settings for PnP devices during installation.When the non-PnP devices are added later, Windows XP will allocate resources to them that do not conflict with other devices. You need to obtain a BIOS update from the manufacturer if you have an ACPI BIOSbased system board and experience any of the following problems: n n
n
You cannot install Windows XP because of an ACPI BIOS error. After you install Windows XP, power management or PnP functionality is not present. After you install Windows XP, power management or PnP is present but does not function properly.
ACPI has a few disadvantages that are worth noting.You lose the ability to manually set device resources in the system BIOS. ACPI also has a tendency to go overboard on IRQ sharing, in spite of Windows XP’s advanced interrupt request (IRQ) handling, which can affect system performance.
Universal Plug and Play Universal Plug and Play (UPnP) is a new technology that extends the capabilities of PnP from the local system to the network. UPnP allows systems to discover and install devices, such as printers and Internet connection sharing services, over a network.This sounds great in theory, but in practice it opens up serious problems. First, UPnP is broken right out of the box. It includes flaws that allow denial-of-service and buffer overflow attacks.When maliciously exploited, the buffer overflow vulnerability can grant someone complete control over a system. Both problems are addressed by a hot fix and by Service Pack 1. However, UPnP is still problematic. UPnP is designed to search a network for devices and to respond to any devices that advertise their presence on a network.Therefore, your Windows XP system can easily become the victim of a denial-of-service attack or any other attack that takes advantage of even the patched functionality of UPnP. To the credit of Microsoft, the Internet Connection Firewall (ICF) included in Windows XP can be used to block UPnP packets from traversing an Internet connection.
79
80
Chapter 4
Windows XP and Hardware
Additionally, many third-party firewall products can block UPnP traffic. If used within a protected network, UPnP can be a useful tool. However, in most business environments, UPnP simply represents another unused feature that reduces usable network bandwidth due to its chatter. You can quickly and easily turn off UPnP with a 22KB tool from Gibson Research Corporation named UnPlug n’ Pray.This tool works as a toggle switch for UPnP. Just run UnPlug n’ Pray and click Disable UPnP to turn it off. If you ever need UPnP, run UnPlug n’ Pray again and click Enable UPnP.To learn more about UPnP and to download the UnPlug n’ Pray utility, please visit http://grc.com/unpnp/unpnp.htm. Alternatively, you could simply block all communication on port 5000 or consider using a proxy server or firewall. .
For additional information on how to secure Windows XP, see Chapter 25, “Managing System Security,” p. 565.
Documenting a Current Hardware Configuration Windows XP Home Edition and Professional are not as picky as other versions of Windows about the hardware they support. However, that is not to say that some devices don’t work better than others (that is, some are more compatible than others) or that some legacy devices are simply not compatible with Windows XP. Some hardware does not function under Windows XP because of the presence of outdated hardware components that are no longer supported or because of driver code that is poorly written, contains errors, or exploits loopholes not present in Windows XP. Although Windows XP hardware support is broader and deeper than any other Windows version, it is not universal or exhaustive. Most users are aware of the many headaches and operating system problems created by faulty hardware. Sometimes it is tempting to buy an inexpensive PCI network card, thinking that all you need to do is push it into the slot, fire the system up, and insert the floppy when asked.The reality, however, is that improper card settings or faulty coding in the driver could knock another item’s resources out.The result is that the other item no longer functions correctly or, worse yet, renders your operating system unusable—all because a programmer did not thoroughly test the code for the driver. Many have suffered through the effects of faulty devices and drivers.You can imagine the shock when the simple job of adding a network card turns into a full-day circus, with the user wanting his computer back and the network administrator scrambling to find recovery disks. For the most part, the operating system has shouldered the blame for problems similar to this. How many service calls have come in from users who are “sick
Documenting a Current Hardware Configuration
of Windows,” when in fact the problem stemmed from a situation unrelated to the operating system? To get a handle on this, Microsoft clamped down on vendors producing additional hardware and drivers so that users of the operating system could focus on the tasks at hand instead of wrestling with hardware and driver-related issues. You should document the current hardware configuration before you install or upgrade to Windows XP and check whether your computer’s hardware meets the operating system’s requirements.You don’t want to buy Windows XP and then find out that it cannot be installed on your computer.You must be certain that you have met the minimum system requirements and have the specific hardware and drivers needed to install Windows XP. By doing so, you can make full use of the strength and power of Windows XP. At this point, you might be asking exactly what information you need to gather before adding new hardware for Windows XP.This is an excellent question, and because each computer is unique in some way, you gather general information first, and then expand on it with whatever additional devices you use. Proper planning before the actual installation of new hardware is vital with Windows XP. If you are planning to upgrade a Windows NT machine or Window 98 machine, more than likely you will need to purchase additional or new hardware before being able to complete the upgrade. If you are upgrading a Windows 2000 or Windows Me system, you are probably already using a system that meets the minimum system requirements of Windows XP, but it doesn’t hurt to double-check. In addition, you need to think about what type of role your computer will play. Is it going to be used as a standalone home system for surfing the Web and doing home accounting? Or will it be a desktop client for a complex network, where it will access locally installed software, such as Office 2000, access network and Internet resources, and interact with network services, such as databases and collaboration systems? Whichever way you decide to go, different resources are needed to fulfill your designs for the PC. A computer that is going to work as a high-end network client requires different types of resources than a home computer. The BIOS is a critical component.Windows XP supports the new ACPI BIOS, and if you have it, your computer can utilize the full features of Windows XP’s PnP.You should note the type of BIOS (APM, ACPI), settings that are enabled or disabled, boot sequence, and PnP settings. Next, take the cover off the PC and get under the hood, so to speak. Note what is inserted into the PCI and ISA slots. Check the modem’s make and speed, and note whether it is internal or external.Take a look at the sound card and network card, and make notes about type and settings.Table 4.1 lists items you should take into account before adding new hardware.
81
82
Chapter 4
Windows XP and Hardware
Table 4.1 Information to Gather Before New Hardware Installation Device
Information to Gather
BIOS PCI ISA PCMCIA/PC Card Modem USB IEEE 1394 FireWire Network card Video Sound card Mouse SCSI controller Processor RAM Hard disk
APM, ACPI, BIOS type, settings, PnP settings What is inserted and in which slots What is inserted and in which slots What is inserted and in which slots Internal, external, make, speed, COM port, IRQ, I/O, bus type What devices are attached What devices are attached IRQ, I/O, DMA, make, version, bus type, connector type Adapter, chipset, memory, make, version, bus type IRQ, I/O, DMA, make, version, bus type Make, port (COM, PS/2, or USB) Make, model, chipset, IRQ, bus type Make, type, speed Amount and type Size, partitions, usage
In addition to these items, it is important to document other hardware, such as network devices (for example, routers, hubs, switches), external devices (cable modems, label printers, audio devices, and so forth), printers, RAID arrays, and so on. Include BIOS and configuration settings for these peripheral devices. As you can see, this is quite a bit of work for just one PC. If you are in charge of a medium to large network, the task can seem overwhelming. In these situations, Microsoft recommends using Systems Management Server (SMS) to analyze your network’s infrastructure, gather the hardware inventory, and automatically report the information to the SMS server. Although going into depth on SMS is beyond the scope of this book, you can find more information about this robust tool on the Microsoft Web site at www.microsoft.com/smserver/.
Planning to Add New Hardware When you need to add new hardware or check whether your system can support Windows XP, proper planning to maximize the benefits of Windows XP is essential. Many have tried to load Windows XP on machines that were not compliant (with either hardware or minimum system requirements, which are covered in “Checking Minimum Requirements and Recommendations,” later in this chapter), and each time ended with an unsuccessful installation.
Documenting a Current Hardware Configuration
One method, which cuts right to the chase, is to simply insert the Windows XP setup CD into your PC.When the menu splash screen appears, click Check System Compatibility, and then click Check My System Automatically to launch the system inspection tool.This tool scans your PC’s hardware and informs you of the results.You will know if you can upgrade your machine as is with this report. If you already own the Windows XP installation CD, this is the best way to verify before installation that your system can support Windows XP. Plus, if you have Internet access, this tool downloads the latest Hardware Compatibility List (HCL; see later in this section) to perform the system check. If you don’t already have the Windows XP CD in hand, there are two other methods you can use to check your computer for compatibility with Windows XP.The first alternative is to manually check every component of your computer against the HCL, which is a database of components that have been tested against Microsoft OS products and deemed supported or not.The HCL is accessed online at www.microsoft.com/hcl/. If you are a subscriber to Microsoft TechNet, you can find the HCL on the monthly subscription CD. If the hardware is not listed, it is not supported, which means that setup could fail when it comes to this particular piece of hardware, or worse, your system can have intermittent problems if it is able to complete the installation with the unsupported hardware. The following list shows what types of information the HCL contains: n n n n n n n n n n n n
CPU (single and multiple) System (motherboards) Storage devices Storage controllers Network devices Video cards Input devices Modems Printers Audio Uninterruptible power supply (UPS) International devices
The second alternative is to use the Upgrade Advisor, a downloadable tool that automatically compares every component in your computer with the HCL. So unless you enjoy the tedious operation of checking the HCL manually, using the Upgrade Advisor is the method of choice.
83
84
Chapter 4
Windows XP and Hardware
You can obtain the Upgrade Advisor from www.microsoft.com/windowsxp/pro/ howtobuy/upgrading/advisor.asp.The tool is about 50MB, so make sure you have a high-speed Internet connection before initiating the download. After the file is downloaded, run it.The Upgrade Advisor contacts the Microsoft HCL Web site and downloads the latest version of the HCL.Then it scans the system hardware, compares it to the HCL, and produces a compatibility report. If you discover that you have components that are not HCL-compliant, there are three courses of action you can take. First, you can remove the non-compliant component and replace it with an HCL-compliant component. Second, you can remove the noncompliant component without replacing it, if that component is not a core system component.Third, you can attempt installation despite the non-compliant component, if it is not a core system component. In some cases, a component may be compatible, but its compatibility testing has not been completed by the Microsoft Hardware Quality Lab (MHQL), which maintains the HCL. In such cases, make sure you have the latest driver from the manufacturer for the component on hand.
Checking Minimum Requirements and Recommendations After you have gathered the information, you can check it against the Windows XP minimum requirements.Table 4.2 gives the minimum and recommended hardware requirements for Windows XP. Table 4.2 Minimum and Recommended Hardware Requirements for Windows XP Hardware
Minimum
Recommended
CPU RAM Hard disk Monitor CD-ROM/DVD drive Keyboard Mouse
233MHz x86 compatible 64MB 1.5GB (space or partition) Super VGA (800×600) Strongly recommended Required Strongly recommended
300MHz x86 compatible 128MB 5+GB Higher resolution High-speed drive Required Required
In addition to these essential core requirements, there are many other peripherals and expansion components you could add. One of the most important items you should consider adding to a bare-bones system is a communications device. It could be a network interface card (NIC) or an Internet connection device (such as a modem, cable modem, DSL modem, ISDN modem, and so forth).Without a communications device, you’ll be unable to connect to the Internet for drivers and updates or to share resources with other systems on a network.
Documenting a Current Hardware Configuration
The key with Windows XP is that the more RAM, processor power, and hard disk space you can give it, the better.The minimum requirements are just that—the absolute minimum level at which Windows XP can operate. If you want a system that operates at an adequate speed, double the recommended requirements, or just put all the power you can afford into the system from the beginning. No matter what you do, don’t skimp on memory.Windows XP gobbles up RAM as fast as you can serve it. Figure 4.1 shows Task Manager’s graphical representation of system resources in use.
Figure 4.1 Task Manager is displaying the amount of memory Windows XP uses.
Although Windows XP works with 64MB of RAM, if you can give it more, do it. Windows XP supports up to 4GB of RAM. Because RAM is relatively inexpensive these days, populate it with as much as you can afford.The same principle applies to the CPU. It is almost a joke to try to load Windows XP on a 233MHz processor, and at the rate AMD and Intel are increasing processor speeds, 300MHz seems low. Although paying for the cutting edge in high-speed technology isn’t cost effective, getting a fast processor improves the responsiveness of the system. So the faster the processor, the better. Hard disk space is yet another fuzzy area. It is hard to even buy a hard disk with less than 20GB of space on it.You can squeeze Windows XP on a partition of 1.5GB, but you will be hampering the operating system, especially if you install lots of software. Although there is no set optimal size of a hard disk or partition for the operating system, allowing for 4GB to 8GB of space is a safe bet. If you don’t have a good reason to partition a hard drive, don’t.
85
86
Chapter 4
Windows XP and Hardware
Tip To install a mass storage controller not listed on the HCL, watch closely for the status line at the bottom of the screen during the early stage of setup that prompts you to press F6. When you do so, you will be guided through the installation process. Be sure to have your driver disks from the manufacturer handy.
It is important to check the HCL for any new technology that you might want to have installed on your Windows XP computer. Check to be sure that the hardware’s brand and make is listed, and if not, return it for one that is. As mentioned earlier, a component might not be listed on the HCL simply because it has not been through MHQL testing. If the manufacturer supplies a Windows XP driver, you may be able to use the component despite its status on the HCL. Although Windows XP setup automatically checks your hardware and software and reports any potential conflicts, thoroughly checking your system’s resources first is better. Gather the information and check it against the HCL. Read through the Read1st.txt file in the \Docs folder on the CD before installation for information that might pertain to your specific configuration or conditions. Other important files to read before installation include the Pro.txt (or Home.txt for Windows XP Home Edition) and RELNOTES.HTM files, which provide information on hardware, networking, applications, printing, and post-installation notes. Note Another alterative to building a Windows XP HCL-compliant system is to purchase a new, prefabricated Windows XP–ready system. Many of the PC vendors offer prequalified systems that are fully Windows XP HCL compliant and ready for immediate deployment. Microsoft maintains a Web area with details on these ready-to-roll PCs at www.microsoft.com/windowsxp/ready/us.asp.
Working with Video Devices With the presence of PnP in Windows XP, the troublesome task of adding a video card and driver is a thing of the past. In fact, the last time hardware installation was difficult for an experienced user was with Windows NT. If you add a new video card that is on the HCL or if you are installing Windows XP, PnP detects and installs the card without user interaction. After installation, you can go to the Control Panel, Display applet and make any adjustments you want to the monitor.You can also use the Display applet to configure a variety of display-related settings, such as changing the display driver, changing the screen resolution and depth, changing color schemes and text styles, viewing changes to the display before they take effect, configuring display settings for each hardware profile, and configuring multiple monitors (up to nine).This chapter covers configuring the display driver.
Documenting a Current Hardware Configuration
A superb feature of Windows XP is the system’s capability to keep incompatible display drivers from preventing access to the system. If a display driver fails to load during startup,Windows XP uses the generic SVGA display driver so that you can start Windows XP and fix the display driver problem. Tip For a monitor to be supported as PnP with Windows XP, the monitor, the display adapter, and the display driver must all be PnP; otherwise, the monitor is detected as “Default Monitor.” Although some devices, such as USB devices, can be hot-plugged, internal adapters should not be taken out while the computer is running. Check the documentation that came with the hardware to verify the correct installation and removal procedure.
You can display, change, configure, or upgrade a display driver in the Control Panel Display applet or through Device Manager. PnP detects the new monitor during startup, and the wizard guides you through the process. After the process is finished, go to Device Manager, and click the Monitors node. Double-click the previous monitor, and click Uninstall to remove it. Display monitors consume a lot of energy, so manufacturers have made attempts to incorporate energy-saving features.Through signals from the display adapter, software can place the monitor in standby mode or even turn it off completely, which can reduce the power the monitor needs. Most of the instruction/guide booklets that come with new monitors list the power-consumption levels.These features have been available for quite some time. Here are some tips to keep in mind when working with the Display applet: n
A solid background color uses fewer resources than a pattern. Likewise, wallpaper backgrounds use even more resources than a pattern. If you need to conserve system resources, stick to a plain/solid background.
n
Screensavers should not be used on a system that needs to be functional 24/7. Screensavers are graphics intensive and use a great deal of resources that other services or applications might need.
Windows XP has a feature called Mode Pruning, which can be used to remove display modes that the monitor cannot support. Mode Pruning compares the graphics modes of the monitor with the adapter, and only modes that are usable to both will be made available.To enable Mode Pruning, follow these steps: 1. 2. 3. 4. 5.
Go to Control Panel (Classic view) and double-click Display. Click the Settings tab. Click the Advanced button and then click the Monitor tab. Select the Hide Modes That This Monitor Cannot Display check box. Click the Apply button.
87
88
Chapter 4
Windows XP and Hardware
If the card is not on the HCL but does state it is Windows XP compatible, you should be able to watch PnP detect the card and apply the settings. If this doesn’t happen, and you are asked for a driver disk from the manufacturer, that might mean the card is not fully PnP compatible.There are few problems when HCL-listed video cards are loaded via PnP. Windows XP should be able to load a specific or a generic video driver to make any PnP video card function. However, many video cards are equipped with special features and capabilities that the generic drivers are unable to access. Review the installation instructions from the video card manufacturer. In many cases, the manufacturer provides an installation CD that installs specific drivers for the video card and OS so that you can take full advantage of the features and capabilities of the new high-end video cards. Tip If you are going to install a device that is not listed on the HCL, be sure to search at least the manufacturer or vendor’s Web site to see whether the device is compatible with Windows XP. In some cases, new hardware is supported by Windows XP but has not yet been added to the HCL.
If you inadvertently make a change and the screen becomes unreadable, follow this keystroke pattern to reboot the system: Ctrl+Alt+Delete, Alt, U, R. During the reboot, press F8 to access the Windows Advanced Options menu.You have to press F8 just after the POST and just before the animated Windows XP screen appears. From the Windows Advanced Options menu, you can select Enable VGA Mode, which boots the system with a generic VGA driver at 800×600 with 256 colors, at which point you can see and access the desktop and readjust your display settings. Tip Although Windows XP installs a driver to make the video card work, it is a good idea to use the driver supplied by the manufacturer, preferably an MHQL-signed driver. Often, the drivers from Microsoft offer the functionality but not the options of the manufacturer’s driver. When it comes to video, a custom device driver is always the better choice. Additionally, video drivers are updated quite frequently, so you should check with the manufacturer from time to time for newer versions.
Working with Audio Devices Most audio cards developed since 1995 are PnP compatible, which makes their installation a breeze. So if you have a sound card in a Windows 98 machine that you are upgrading to Windows XP, odds are that the device will be found and installed. Again, checking whether that particular card is on the HCL would be beneficial.
Documenting a Current Hardware Configuration
To attempt to install a non-PnP sound device, you need to use the Add Hardware Wizard from Control Panel.You need the driver disk supplied by the manufacturer to complete the installation. Because Windows XP supports USB and the IEEE 1394 bus, it can also support digital audio. Both USB and IEEE 1394 have the bandwidth that digital audio requires. Windows XP can handle multiple streams of audio, which means that two applications can run at the same time while playing sound, and you will be able to hear both. Windows XP can also redirect the audio output to external USB and IEEE 1394 devices, which give better-quality sound.
Working with Storage Devices Storage devices are vital to an operating system.This is where the key operating system data and your own personal and business data are stored. Understanding the storage capabilities in Windows XP is an important matter. Data management has been a key point for Microsoft in designing Windows XP, which has new features that make managing and storing data much more secure and robust. Managing data and storage ensures that your system runs more effectively.The tools provided with Windows XP enable the system administrator to make the most of available disk space.The system administrator also has better control of the operating system and its data. Two key features of Windows XP, Removable Storage and Remote Storage, address data management, such as compression and encryption, and storage management, such as quotas.The use of data compression creates extra storage space on the volumes, whereas data encryption ensures that users who are not supposed to be viewing the data cannot view it.With disk quotas, network administrators can maintain control over how much disk space users can have. .
For more detail on these storage features, see Chapter 19, “Windows XP and Storage,” p. 413.
Working with Common Peripherals and New Interfaces Users who are working offline can quickly add peripheral devices to their computers with Windows XP. PnP automatically detects and installs most new hardware devices. The following sections detail the various device types. USB Universal Serial Bus (USB) gives Plug and Play capability for devices such as keyboards, mouse devices, and hard drives outside the computer. USB devices can be used as soon as they are plugged in, which means they are hot-pluggable, the system can use them
89
90
Chapter 4
Windows XP and Hardware
immediately, and there is no need for a reboot. In addition, because most USB peripherals receive their power from the computer, there is no need for additional power cords and outlets to plug them into.You can also plug multiple USB devices into a single USB port by using a USB hub.Table 4.3 shows a partial list of the different types of USB devices available. Table 4.3 Partial List of USB Devices Type of Device
USB Device
Output Imaging Communications Input Storage
Monitor, printers, audio Scanners, digital cameras Modems, ISDN Adapter, network adapter Keyboard, joystick, mouse CD-ROM, removable media
USB uses a tiered topology and enables you to attach 127 devices to the bus simultaneously. USB currently supports up to five tiers, and each device can be located up to 5 meters from its hub. An important item to note is that, although you can attach 127 devices, many need to have their own power supply or a powered hub must be used; otherwise, the number of USB devices you can attach is limited. A bus-powered hub connected directly to the PC receives its power from the host, which in turn receives its power from the power supply connected to the motherboard. If another device that needs to receive power from the host is attached to the device directly connected to the host and is drawing its power from it, the second device will not receive enough power to operate. The reason for this is that the first device connected to the host is receiving just enough power for it to operate. It does not have the capability to accept a larger amount of power, take what it needs, and pass the remaining power on down the line.This is why you cannot have more than one bus-powered hub:There is simply not enough power to facilitate the next unit. In addition, you cannot have a bus-powered hub more than four units downstream from the port because, in this situation, the power flowing downstream slowly loses its integrity until it can no longer meet the minimum requirement for the power supply the bus-powered hub needs. Finally, if you have a bus-powered device that draws more than 100 mill amperes (mA), you cannot connect that to a buspowered hub. Three components make up USB.The first is the actual component of the USB that connects to the motherboard.The host (also known as the root, root tier, or root hub), is built into the motherboard, or it is installed as an adapter card on the computer’s motherboard. If you are thinking of buying a host adapter card, make sure you don’t have a preinstalled host already on your motherboard, as it will create untold system conflicts. The host controls all traffic on the bus.
Documenting a Current Hardware Configuration
The second component is the hub, which provides a port for attaching a device to the bus.The hub is the narrow slot into which you plug the device’s cable. Hubs also detect devices that are bus powered, meaning they need to draw their power from the PC, or self-powered, meaning they can be plugged into the wall. The third component is the device. A USB device is attached to the bus through a port. USB devices can also function as hubs. For example, if you have a USB monitor with ports for attaching a mouse and keyboard, this device is a hub as well. USB supports two data transfer modes: isochronous and asynchronous. An isochronous transfer requires constant bandwidth within certain time constraints because of the requirements of multimedia applications and devices.With isochronous transfer, there is no form of handshaking and delivery is not guaranteed. Asynchronous transfer, on the other hand, does use a form of handshaking and guarantees delivery. Windows XP supports configuration of USB devices by using one of two types.The first is hot plug-in capability, in which the hub driver enumerates the devices and notifies the system that the device is present.The other is persistent addressing, in which the USB device uses descriptors to identify the device, its capabilities, and the protocols it uses. A descriptor contains a Vendor ID (VID) and a Product ID (PID) that tells the computer exactly what to load. There are two versions of USB: 1.1 and 2.0. USB 1.1 was the only version available at the time Windows XP was developed and released. However, the USB 2.0 standard has finally been completed and can be added to Windows XP via Windows Update.The only real difference between USB version 1.1 and 2.0 is speed. USB 2.0 can support throughputs up to 480Mbps, whereas 1.1 is limited to just 12Mbps. USB 2.0 is backward-compatible with 1.1 devices, so you can still use your older USB devices on a new USB 2.0 system. However, a driver update and cable with support for USB 2.0 might be needed for the device to work properly. .
For more on Windows Update, see Chapter 5, “Keeping Windows XP Current,” p. 99.
FireWire (IEEE 1394) The IEEE 1394 (also known as FireWire) is a bus designed for high-bandwidth devices, including digital camcorders, digital cameras, digital VCRs, and storage devices, and can send data at speeds ranging from 100Mbps to 400Mbps. It provides a high-speed PnPcapable bus and supports both isochronous and asynchronous data transfer.You can connect up to 63 devices to one IEEE 1394 bus and interconnect up to 1,023 buses to form a network of over 64,000 devices, with each device having 256 terabytes of memory addressable over the bus. IEEE 1394 devices not listed on the HCL can cause problems, however.Windows XP supports only IEEE 1394 devices that are Open Host Controller Interface (OHCI) compliant, so if a device is not OHCI compliant, it will not work with Windows XP.This
91
92
Chapter 4
Windows XP and Hardware
includes devices that are pre-OHCI. Make sure that Windows XP supports any IEEE 1394 device you purchase and that it is listed on the HCL. Infrared Devices The Infrared Data Association (IrDA) protocol enables users to transfer files and folders and share resources between computers with no physical cables.Windows XP supports IrDA, and most new laptops are equipped with IrDA support and functionality. IrDA automatically configures the connection between two computers that are IrDA compliant, simply by placing the two computers near one another. Users can then share documents or print to a shared printer (given that appropriate permissions have been set). Windows XP also supports allowing or limiting access to a computer’s resources and controlling what can and cannot be sent via infrared for users other than the owner. In Windows XP, users can also specify a location to place documents transferred by infrared. Additional Device Types Digital Versatile Disk (DVD) provides storage for audio, video, and computer data. It is most well known for viewing movies; playing a movie on DVD can offer better image quality than a standard TV. DVD can also be used as a storage device and can be cost effective for storing large data files.The architecture for DVD is complex, and DVD demands a lot from the system. Devices such as image scanners and digital cameras are examples of Still Images (STI). Windows XP supports SCSI, IEEE 1394, USB, and serial digital still image devices.You can access an STI device through the Scanners and Cameras Wizard in Control Panel. The Scanners and Cameras Wizard appears in Control Panel when a Plug and Play STI device is detected, or if you install it through the Add Hardware Wizard. The PCI bus meets most Plug and Play requirements. Devices that use the PCI bus have set means for identifying themselves and setting resources.Windows XP collects PCI and ISA PnP device resource information from the system BIOS and can reassign PCI device resource requirements dynamically. ISA, on the other hand, is different. ISA bus design allows Plug and Play devices because the specification does not require any change to ISA buses. Windows XP obtains the resource requirements and capabilities, allocates resources to the card, and reserves these resources so that they cannot be assigned to other Plug and Play cards in the computer. PCI devices can be dynamically allocated and changed, but ISA devices are fixed after the resources are allocated. For this reason, if you look at an ISA device’s resource setting in Device Manager, you’ll see that you cannot change the setting. Other devices not listed here can take advantage of Plug and Play. One of the key requirements is that the device has to provide a mechanism for identification and
Windows XP on a Laptop
configuration. If the device complies with Plug and Play specifications and is designed for Windows XP, odds are that it will work. Some of these devices include Integrated Device Electronics (IDE) controllers, Extended Capabilities Ports (ECP), and communications ports. One of the most common ports used on a computer is the parallel port for peripheral devices. If the parallel port is Plug and Play compliant, it will meet the Compatibility and Nibble mode protocols defined in IEEE P1284.These modes allow two-way communication between the host and peripheral device. For devices that connect to the parallel port (such as Zip drives and digital camera disk readers), both the device and the port must be PnP compliant; otherwise, there will be compatibility problems.This is akin to the problems caused when an IEEE 1284 printer cable was plugged into the back of a Zip drive that was plugged into the computer’s parallel port using a non-IEEE 1284 cable. Users were in an uproar because they could not print to the new printer. For a system that is totally Plug and Play, the BIOS must also meet Plug and Play specifications, and the recommended BIOS for Windows XP is one that supports the ACPI standard. By using ACPI and Plug and Play devices, the operating system and BIOS can communicate with each other and share information about the system’s resources and how the settings should be allocated.This provides a more secure and robust system. Fortunately, purchasing new motherboards and expansion cards that are not PnP compliant is nearly impossible now, so these issues arise only when recycling older components or purchasing used equipment.
Windows XP on a Laptop Windows XP generally comes preinstalled on laptop computers because successful installation may require special CMOS settings, drive configuration tools, or system drivers. The manuals included with a laptop purchase often do not cover these issues in sufficient detail. Windows XP offers laptop users the same work environment, whether they are online or offline.The Offline Files and Folders feature enables you to take any combination of files, folders, or drives offline. It is as simple as selecting the file you want, right-clicking, and choosing Make Available Offline.The file’s location is maintained, making it seem that a connection to the network is still active, which makes it easier to find the file. If you know your folder resides on the server under \profiles\mystuff, that same path will be there when working offline. After working on a file offline, if you come back to the office and go online, the file or folder is automatically synchronized with the file/folder on the server.With the Synchronization Manager in Windows XP, users can specify when they want synchronization to run or what they want to have synchronized. Only resources that have been changed are updated, which speeds up the process considerably.
93
94
Chapter 4
Windows XP and Hardware
ACPI BIOS provides laptop users with advanced tools to manage a system’s power state as a result of input from users, applications, or drivers. An interesting example is a laptop with a modem connected to a wireless phone.The laptop can be placed in a “wait for fax mode,” in which only the modem is on, thus conserving power.When the phone rings, the modem fires up the computer and answers the fax call. Afterward, the computer goes back into the wait for fax mode and turns itself off.
Multiple CPUs and Windows XP Windows XP Home Edition can use only a single processor, whereas through the use of Symmetric Multiprocessing (SMP),Windows XP Professional can run with up to two processors.With SMP, the operating system is able to run threads on any available processor.This creates additional processing capacity.Windows XP dynamically distributes the processes to available processors; however, you can restrict where some threads are sent.
Troubleshooting Hardware Problems on Windows XP As a general rule, always use hardware and drivers that are digitally signed and on the Windows XP HCL, and make sure the drivers are updated. Just because a driver is available from the Microsoft Web site or Windows Update utility (see Chapter 5) doesn’t mean that the manufacturer is not offering a newer and more compatible driver from its Web site. An ounce of prevention, as they say, will eliminate potential headaches and aggravations, and using good hardware will more than pay for itself in the long run. Keeping detailed records and having a good deal of patience are also essential for troubleshooting. Some general steps to take when trying to work out a problem are attempting to isolate the problem and then repeating the fault. Although this method seems simple enough, it is easy to quickly become overwhelmed by a problem so that you lose all perspective. By isolating the problem situation, you can conduct separate tests that should point you to the solution.Testing compartmentalized elements of the situation makes it easier to locate the problem and come up with a solution. Additionally, let the problem guide your solution.Try not to force something that could do more harm than good. Suspect the most recent change or addition, and inspect the most common points of failure. If something has been working for a while and then suddenly quits (and there was no user interaction), you can immediately suspect something is wrong with the hardware. Finally, if you get to the point of total frustration, walk away and do something else.You will be surprised how a solution surfaces when you give yourself a breather to clear your mind.
Troubleshooting Hardware Problems on Windows XP
Windows XP has several resources for you in the event of a hardware problem.You can use the Event Viewer for messages that might pertain to the problem.You can collect information about the date, time, source, category, event, and other vital data that might help resolve the condition.You can use the Last Known Good Configuration to restore the system configuration to the most recently working version, but this method works only if the system has not been logged on to yet.Whenever someone logs on, the system records a new Last Known Good Configuration. Windows XP, like Windows 98/SE/Me and Windows 2000, has a Safe Mode, which starts the system with a minimum amount of drivers loaded.You could edit the Registry to get there, but this should be done only as a last resort and by an experienced system administrator. The Device Manager can be used to configure, update, or change a device, and if a device was recently updated by Windows Update, you can restore the original files by running Update Wizard Uninstall, a handy feature to have. The following steps discuss using Device Manager to change a conflicting device’s resource settings: Note You should print out your system’s device settings before making any changes. If you are not familiar with device resource settings, you should not attempt to change them.
1. In Device Manager, expand the device class to show the available devices. 2. Double-click the device to which you want to make changes.This opens the Device Properties dialog box. 3. Click the Resources tab. Notice that the Conflicting Device list shows any conflicting values for resources used by other devices. 4. In the Resource Type list, select the setting you want to change. Make sure the Use Automatic Settings check box is not selected. 5. Click the Change Setting button.The dialog box for editing the particular setting is displayed. Note If a conflict arises, a message is displayed in the Conflict Information field.
6. Choose a setting that does not conflict with any other devices, and then click OK.
95
96
Chapter 4
Windows XP and Hardware
Note If you have a legacy device that uses jumpers, you need to make the changes on the device’s jumpers as well so that they match the changes made in Device Manager. If you are working with an ISA card, you might need to alter the device’s BIOS with a manufacturer-supplied editing tool or use the system’s CMOS to force resource setting alterations.
7. Restart Windows XP.Verify that the new settings have taken effect and are working correctly. It takes a great deal of time and effort to create good records and gain an understanding of the layout, cabling, previous problems and solutions, upgrades, updates, and hardware installation dates, which are all vital. Most hardware problems stem from using equipment that is not on the HCL. A perfect example is when a machine is upgraded to Windows XP without checking its internal hardware or keeping any records.The installation finishes successfully, but intermittent problems occur whenever a non-compliant device is activated or software needs to interact with the device.Without a record of what was on this machine and which hardware is and is not on the HCL, determining where the problem resides becomes quite a daunting task. You might also encounter a piece of hardware that is on the HCL but has a physical defect, or a defect has surfaced even though the device worked previously. In this case, there is no other alternative but to replace the device. Sometimes, however, the device was not properly installed or configured. In such a case, opening the computer and making sure the device is seated properly is well worth the effort. There are technical newsgroups that offer peer support for common computer problems. You can post persistent problems and get suggestions from others who might have had the same experience.The Help file in Windows XP contains information about online support, and you can find information about newsgroups from the Microsoft Web site. .
For more detail on Windows XP hardware-troubleshooting features, such as Driver Rollback and System Restore, see Chapters 5, “Keeping Windows XP Current,” p. 99, and 26, “Managing System Recovery,” p. 599.
Third-Party Hardware Troubleshooting Utilities There are not a lot of hardware utilities to use. Because most of the checking you will do on your system is to see whether it is compatible with Windows XP, Microsoft is a good place to start.The HCL is located at www.microsoft.com/hcl/default.asp. The Microsoft Hardware Quality Lab maintains this site. Another good Microsoft resource is Windows XP Upgrade Advisor, located at www.microsoft.com/ windowsxp/pro/howtobuy/upgrading/advisor.asp.
For More Information
System Internals has several tools for recovering data from drives on non-bootable systems, allowing you to read data from the damaged system, write to the drives, and perform disk repair functions. Check out its offerings at www.sysinternals.com. SmartLine Vision has a tool called DeviceLock for adding security to hardware devices. You can secure floppy drives, RAM drives, and serial and parallel ports as you would secure shares on a hard drive. DeviceLock includes a cache flush to force storage devices to clean out their buffers before going offline; you can find more information at www.protect-me.com/dl/. SupportSource offers general information and tips on various configurations and troubleshooting.You can visit the Web site at www.supportsource.com.
For More Information If the information about Windows XP hardware issues in this chapter has increased your desire to learn more, here are a few resources you can research: Books n
Configuring and Troubleshooting Windows XP Professional. Syngress, 2001. ISBN: 1-928994-80-6.
n
Cowart, Robert and Knittel, Brian. Special Edition Using Windows XP Professional. Que, 2001. ISBN: 0789726289.
n
Glenn,Walter. How to Use Microsoft Windows XP. Que, 2002. ISBN: 0789728559. Microsoft Windows XP Professional Resource Kit Documentation. Microsoft Press, 2001. ISBN: 0735614857.
n
Magazines and Web Sites Microsoft Certified Professional Magazine: www.mcpmag.com PC Magazine: www.pcmag.com TechNet CD or Web site: www.microsoft.com/technet/ Windows and .NET Magazine: www.winnetmag.com Windows XP CD: Read1st.txt, relnotes.htm, pro.txt n n n n n
97
5 Keeping Windows XP Current
W
INDOWS XP IS AN OPERATING SYSTEM, which is something you already knew when you picked up this book. However, you might not have known that operating systems change over time.They change through upgrades from the vendor, through alterations caused by applications, through changes implemented by users, through damage caused by malicious code, and through a thousand other causes.These changes can make the task of maintaining a system’s efficiency and performance difficult.
In this chapter, you look into what makes these changes happen and learn the numerous ways to counteract them.This is not exactly a troubleshooting chapter. It is more of a guide for preventive maintenance and ongoing care. Later chapters in this book include some overlapping topics, such as security updates, system restores, and managing hardware though Control Panel. However, the goal of this chapter is to focus your attention on keeping your Windows XP system tuned up. Just as a high-performance car needs regular maintenance, adjustment, and TLC to keep it in top working order,Windows XP needs foresight, understanding, and a bit of know-how to keep your computer running as efficiently as possible.This chapter isn’t about performance monitoring and tuning; it’s about making sure Windows XP has all the elements it needs to keep the environment stable and preventing problems before they occur.
What Happens When You Install a Program? Installing programs on your Windows XP system is an activity you can expect to perform often, but have you ever taken the time to think about the effects of installing applications on your system? Without delving into developer and programming-level details, there are some important aspects of software installation that all system administrators or just powerful home users need to be aware of.
100
Chapter 5
Keeping Windows XP Current
First, let’s get the obvious out of the way: Installing an application adds new files to your system.The files added to your system and stored on the hard drives can alter your system.Those effects can be minuscule and unimportant, such as consuming a small amount of your available drive space, or they can be drastic and critical to system performance, such as the files consuming all available space on a drive or overwriting core system files or device drivers. The process of installing software can implement other changes, including alterations to the Registry, changes to device drivers, changes to core system files, alteration of the Start menu, proliferation of icons and shortcuts, and more. In most cases, the changes an installation causes are innocuous and expected, but that is not always the case. Some applications are very well designed and make easily reversible changes to a system. These applications install all their files into a single newly created folder (or folder hierarchy) and make no alterations to key system files or device drivers. Some applications make few or inconsequential changes to the Registry. Some applications deposit their files not only in newly created folders, but throughout the system’s root folder hierarchy.Those deposited files can replace or change device drivers and core system files. In most cases, this process does not negatively affect the system’s overall performance or functionality, but sometimes these activities can damage a system or render it unbootable. Unfortunately, not all applications are well designed or perform their installation procedures in an easily reversible manner.The extent to which an application makes irreversible changes to a system depends on the programmers who designed the application and the installation process. Most commercial software products include an uninstall routine that can remove most if not all of an application’s footprint.You can use the Windows XP Add or Remove Programs Wizard to install programs so that they are easier to remove or to initiate a removal process for programs that don’t offer a native uninstall routine. In most cases, if an application is uninstalled immediately after it was installed (or at least before any other application is installed), the uninstall process can usually restore the system to exactly the state it was in just before the installation. However, few of us install a program, use or test it, and then immediately uninstall it before installing another product. As the number of other applications installed before an application is removed increases, so does the likelihood that the uninstall process will damage the system or render those applications inoperable.This potential for damage is caused by the way most uninstall procedures operate. Generally, a log file is recorded during an application’s installation. This log file details the steps the application takes as it is installed, including altering Registry keys and depositing files.When the application is uninstalled, this log file is used to reverse the process. Unfortunately, applications installed later might rely on the
What Happens When You Install a Program?
changes the previous application imposed; by uninstalling the previous application, those changes are removed, thus hamstringing those dependent applications. .
To learn about System Restore, a Windows XP feature used to restore the system to a previously saved state, see Chapter 26, “Managing System Recovery,” p. 599.
The more applications installed on a system, the more likely one of them will implement irreversible changes to the system or cause damage in the process of performing the installation.The Windows XP self-healing mechanism (see “Windows File Protection,” later in this chapter) might be able to automatically repair this damage, but it could result in decreased performance, reduced capabilities, or system failure.When these problems are combined with uninstallations that cause as much damage as a poor installation, chaos is not far away. Rather than delve into troubleshooting application problems caused by installing and removing applications, this chapter focuses on managing the changing nature of your system. If you don’t think through the changes you purposely impose on your system, you will soon find yourself working with a system that doesn’t do what you expect, performs unreliably, and possibly even loses or damages your data.When those changes cause enough damage, your only real recourse is to reinstall the operating system itself. .
For more on application management, see Chapter 23, “Managing Applications,” p. 509.
Note More than half the chapters in this book tackle various troubleshooting issues. Check the “troubleshooting” listing in the index for specific topics and locations.
Fortunately,Windows 2000 and Windows XP include numerous safeguards to reduce the number of problems that occur through everyday, normal, typical activities and use. Some of these safeguards function automatically, behind the scenes, without any intervention. Others are useful and effective only if you are aware of them and use them to their fullest extent.This chapter examines many of these features and instructs you on how to best prevent reinstallations. One of the first activities you should embark on when deploying a new Windows XP system (or any OS, for that matter) is to determine the system’s purpose or role.Will the computer be a client on a business network, will it be a home computer for the family, will it be an audio/video-editing station, will it be used to support your home-based business, or will it be used as a gaming system? Windows XP can support all these roles and many more, but knowing which role you have chosen for the system helps you avoid pitfalls in the system’s deployment and ongoing lifespan.
101
102
Chapter 5
Keeping Windows XP Current
Based on a system’s role, you can choose the software and hardware it comprises.With HCL-compliant hardware and stable software, you can construct a system that will remain useful and efficient for a long time.What follows are some guidelines on how to decide what type of hardware to use. You should decide how stable you want the system to be.The more stability you want or need directly affects the number of applications you install on the system. In other words, the keys to OS stability are to restrict the number of changes imposed on that system and to manage the changes that must occur.The Internet has become a downloader’s dream. If you want some application, tool, utility, or game, you can find it free online with minimal effort. Plus thousands of commercial products are available for purchase through brick-and-mortar and online computer software retailers. It should be obvious that you can’t install everything on one system. Limit yourself to the applications you know you will use, and steer clear of installing software you don’t need and won’t use.This simple axiom seems obvious, but it is often ignored.The primary violation is downloading new programs from the Internet and installing them just to see what they do. Not all applications are written with your best interests in mind. Even if the program is not actually malicious code, such as a virus or Trojan horse, it can still cause irreparable damage to your system. Also, you might not be able to fully uninstall them and restore the system to its original state, especially if you fail to uninstall the application immediately or don’t use the Windows XP System Restore capability. If you are in the habit of installing a lot of software, you need a dedicated test system that is separate and distinct from your primary work, home, or play computer—that is, unless you enjoy reinstalling Windows XP and all your essential applications often. If you can determine early which software products you want to keep on your system, you can almost guarantee that your system will remain stable longer.
Building Windows XP Systems with Room to Grow Another method to keep your system stable is to plan out the hardware resources and build in room to grow.The minimum system requirements for Windows XP are rather skimpy. In most cases, they are woefully inadequate for supporting and operating an efficient high-performance system. If you want a peppy system, you need to build highperformance capability into the hardware before you even start the OS installation. When building a new computer (or purchasing a preassembled system) to host Windows XP (or any operating system), you should consider your needs and wants today as well as in the near future. Most computers have a useful lifetime of two to three years.Within three years, technology advances usually warrant purchasing an entirely new computer.
Building Windows XP Systems with Room to Grow
The cost of computer components declines dramatically over time, too. It’s frustrating to purchase a system that is surpassed within a year by a system that’s twice as powerful for half the cost. The most cost-effective time to purchase hardware for your system is when you first obtain or assemble the computer. However, if you purchase only the latest and greatest technology, you will be buying premium technology at a premium price. In general, it is a good idea to purchase components that are one or two generations, iterations, or versions behind the absolute newest cutting-edge components. For example, purchasing the fastest Intel CPU available costs around $750, but purchasing the second fastest Intel CPU costs around $500.The difference in the actual speed of these two CPUs is only 2.6%.That imperceptible difference would cost you $250.The third fastest Intel CPU costs around $300. It is only another 5.1% slower, or 7.7% slower than fastest available. The 7.7% decrease is probably detectible in some instances, but that difference costs $450. It’s up to you to decide whether your priority is obtaining the latest and greatest technology available or getting a decent return on your investment. In other words, spend as much as you can afford outfitting your computer with the highest performance components within reason. It’s best to opt for more RAM and a faster and larger storage system than the highest speed CPU available. A good, highquality system for running Windows XP would contain the following: n n
n
n n n
n n n
The second or third fastest CPU available. The fastest motherboard for the CPU. Generally, a motherboard’s performance hinges on the quality of the chipset with which it was designed. Fully populating the motherboard with the fastest RAM available (that the motherboard supports). The largest and fastest hard drives available (at least two, if not four, drives). The second best video card available in terms of speed and on-board RAM. A fast CD-RW burner (20x–40x) with buffer overrun protection and support for the Mount Rainier standard (CD-MRW). The second fastest DVD player. A system case with the quietest power supply available. All the normal/essential trimmings: keyboard, mouse, floppy drive, printer, and 17inch or larger CRT monitor (the LCDs are great, but still too expensive for my taste).
Building a computer to host Windows XP with room to grow delays the need to upgrade or expand the system for a considerable amount of time. As your system ages, its use of system resources will change. A system ages in time, as you and I do, but also in terms of the functions it is used for and the intensity of activities.
103
104
Chapter 5
Keeping Windows XP Current
Systems that are rarely used wear their age better than systems used constantly for demanding activities.The signs of premature aging vary, but here are a few common symptoms to look for: n n n n n
Insufficient drive space Errors in stored files Failing applications Stutters, freezes, or other interruptions in normal functionality and performance Involuntary reboots
An aging and ailing system typically means the OS or other software has become corrupted or the hardware is insufficient or damaged.These symptoms can occur for many reasons, but you can eliminate several by planning ahead and building a computer more than capable of handing your current and immediate future needs. Doing so provides Windows XP with enough resources to perform all requested operations and the capability to maintain itself through its internal self-healing and self-repair features. The more computing capability you build into a computer, the longer the system can offer efficient performance.The better the system is today, the longer it can remain in service before you need to replace it. As for the size of the hard drives, there seems to be a trend toward consuming more and more hard drive space over time. I have more than 200GB of storage space on my current system, and nearly 160GB of it has been consumed.Two years ago, I had a system with only 20GB of storage space, and I was using barely 4GB of it. Running out of storage space is probably the second most common problem, second only to insufficient RAM. Having large hard drives is not the complete solution, however.When Windows XP is installed, you get to choose the size of the partition for hosting the OS.The Microsoft minimum system requirements state that you need only 1.5GB to install Windows XP, but don’t limit yourself to the minimums. Don’t install any OS into a partition that is not at least 8GB. Unless there is a specific justifiable reason that the primary hard drive must be split into partitions, you should just format the whole drive as a single partition to use as the installation destination for Windows XP. Since the release of Windows NT in 1996, there hasn’t been any compelling and justifiable reason to divide hard drives into partitions. As you install applications and use the system, the amount of space consumed on the primary system partition increases. If you prepare for this increase by creating a partition with more than enough room for expansion, you avoid the ugly issue of running out of space on your primary drive.When this problem does occur, you have only a few options. One, you can search for unnecessary files and delete them.Two, you can uninstall applications.Three, you can uninstall applications, and then reinstall them onto other
Windows Update
drives. However, keep in mind that this option moves only some of the files for the application to the new designated directory; many files must still be installed in the main system partition. Fourth, repartition the hard drive and reinstall the OS and all your software. I don’t like any of these options, so I plan ahead and never create a partition less than 8GB.
Windows Update In case you don’t know this already, humans are imperfect.Therefore, nearly everything humans create has flaws, and this extends to computers and software.Windows XP is no exception. Because of trials and tribulations with previous operating systems, Microsoft created an online update mechanism, called Windows Update, to distribute corrections and updates for Windows and other software. The purpose of Windows Update is to provide an easy-to-use update distribution method that anyone from anywhere can access over the Internet.Windows Update is used to distribute patches, corrections, and updates for various versions of Windows, Internet Explorer, Office, and many other Microsoft software products. There are two ways to use or access Windows Update: automatic and manual. Soon after you complete the installation of Windows XP, the Dynamic Update icon (a globe with the Windows XP logo over it) appears in the notification area. Click this icon to open the Automatic Updates Setup Wizard.Through this wizard, you configure the automatic update mechanism and define the schedule for applying downloaded updates. After this initial wizard walkthrough of configuring automatic updates, you can reconfigure automatic updates by using the following steps: 1. Click Start, Control Panel to open Control Panel. 2. If you are in Category view, click Performance and Maintenance, and then click System. 3. If you are in Classic view, double-click the System applet. 4. The System Properties dialog box opens. Select the Automatic Updates tab (see Figure 5.1). 5. Change your Settings selection or toggle the master on/off check box at the top. 6. Click OK to save your changes, and close the System Properties dialog box. 7. Close Control Panel by clicking the Close button (the red X box).
105
106
Chapter 5
Keeping Windows XP Current
Figure 5.1 In the Automatic Updates tab of the System Properties dialog box, you can configure Windows XP to download and install updates.
The Automatic Updates Tab of System Properties The check box at the top of the System Properties dialog box is the master switch for automatic updates.When this check box is selected,Windows XP automatically contacts the Windows Update Web site to search for new updates for your system. If discovered, Windows XP follows the action selected in the Settings section of the dialog box.There are three Settings choices: n
n
n
Notify me before downloading any updates and notify me again before installing them on my computer Download the updates automatically and notify me when they are ready to be installed Automatically download the updates, and install them on the schedule that I specify [day selection] at [hour selection]
Note To change the Automatic Update settings, you must be logged in as a Computer Administrator or a member of the Administrators group.
It’s best to keep your Windows XP systems set to the middle (second) setting.This setting automatically downloads the updates, but prompts you to initiate the actual installation.This is preferable because you can choose whether a specific update is applied to your system and when it gets applied. Some updates from Microsoft require a system reboot, but the Automatic Update system does not automatically reboot your system.
Windows Update
When updates are available and ready to be installed, the Dynamic Update icon appears in the notification area.You’ll also see a pop-up message bubble indicating that updates are ready to be installed.To initiate the process, double-click the Dynamic Update icon to open the Automatic Updates dialog box. From this dialog box, you can elect to install the updates now (clicking the Install button), be reminded of the updates later (clicking the Remind Me Later button), or view the details of the updates (clicking the Details button). If you select to view the details of the updates, you gain the opportunity to selectively deny or refuse the installation of individual updates. Clicking the Details button displays a list of available updates. Clearing the check box beside an update prevents that update from being installed. If you decline offered updates, you can regain access to them in two ways. First, you can click the Declined Updates button in the Automatic Updates tab of System Properties. After responding to a prompt to confirm the restoration of declined updates, all declined updates are offered again the next time Automatic Update checks for new updates.You can still refuse some or all of the updates by using the same process you did the first time you declined to install them. The second method to access declined updates is to visit the Windows Update Web site. All declined updates are presented as available in the list of updates. Keep in mind that the notion of declining updates is in effect only on your local system.When you contact the Windows Update Web site, it customizes the list of available updates based on whether they are installed.The site does not inquire whether you have declined an update via the Automatic Update system. Visiting the Windows Update site offers a much broader range of control over installing updates.To access the default Windows Update site for Windows XP (see Figure 5.2), click the Windows Update icon in the Start menu or choose Tools,Windows Update from the Internet Explorer menu bar.To install updates, follow these steps: 1. Click the Scan for Updates link. 2. After the scan is complete, click each of the following items in turn to view details about available updates: Critical Updates and Service Packs Windows XP Driver Updates 3. To install any available update, click the Add button for that update. n n n
Note Some updates must be installed alone, such as version updates for Internet Explorer or DirectX. These updates prompt you to verify that you want to install them and indicate that electing to install the update disables all other updates. After the restricted update is installed and your system has been rebooted, you can return to Windows Update to select and install other updates.
107
108
Chapter 5
Keeping Windows XP Current
Figure 5.2 You can download updates manually via the Windows Update Web site.
4. To change your mind about an update that you’ve added to the install list, click the Remove button for that update. 5. After you’ve selected all the updates to install, click the Review and Install Updates link. 6. A list of all selected updates is displayed.You can elect to remove a specific update by clicking Remove next to it.To initiate the installation process, click Install Now. 7. You might be prompted to verify acceptance of a license agreement and a digital signature from Microsoft. Click Accept or Yes when prompted. 8. A dialog box displays the progress of the download and installation of selected updates. After the updates are installed, you’ll see a confirmation dialog box that states the installation was successful. If necessary, you’ll be prompted at this time to reboot the system or to allow the system to force a reboot. In general, you should install all updates in the Critical Updates and Service Packs category and anything in the Windows XP category that you think is worthwhile after reading its documentation. If you are not experiencing a specific problem or are not using a tool, service, or so forth that a Windows XP category update is designed for, don’t install it. Updates are actually hotfixes (see the “Living with Service Packs and Hotfixes” section, later in this chapter).What that means to you in practical terms is that they are single problem-focused solutions. However, fixing some problems can cause others, so unless you actually have the problem, don’t fix it with an update.
Windows Update
As for the Driver Updates section, that area is a bit more touch and go than the other two.The inclusion of third-party device drivers in Microsoft’s update distribution system is convenient. However, many have had at least one problem installing device driver updates through Windows Update (see the “Advanced Device Driver, DLL, and System File Management” section later in this chapter). More often than not, if you see that Microsoft is offering an updated driver for a device from another vendor, you should go to that vendor’s Web site to download its new device driver. If you are interested in seeing what updates you’ve installed, click the View Installation History link in the Windows Update site.This action displays a list of all updates and the installation date. Each update is accompanied by a description that usually indicates a KnowledgeBase document. KnowledgeBase documents are identified by a code that always begins with the letter Q and is followed by four to seven numbers. Clicking the Read More link in the Description column for an update displays a brief description of the update and information on uninstalling it.You can read the KnowledgeBase document for the update through the online version of TechNet at www.microsoft.com/technet. Just search on the KnowledgeBase document code number (be sure to include the Q). To uninstall an update, you have at least three options: n
Follow the instructions in the document that’s displayed when you click the Read More link in the Description column of an update from the View Installation History window.
n
Use the Add and Remove Programs Wizard.This requires that you know the KnowledgeBase document code or the exact name of the update.
n
Use System Restore to roll back the entire system to a previously stored state.
Note If Windows Update is displayed in the wrong language, you need to check the language settings for Internet Explorer (through the Internet Options applet in Control Panel) and the language settings for the entire system (through the Regional and Language Options applet).
Controlling Access to Windows Update Fortunately, access to Windows Update is restricted to users with Administrator-level access. However, that won’t prevent most users from attempting to run the utility.When a non-administrator attempts to run Windows Update, a Windows Update warning page is displayed. It indicates that only administrators can access Windows Update, but goes on to explain how the Run As command can be used to impersonate an Administrator user if you know an administrator’s username and password. If non-administrators are not allowed to use Windows Update, they shouldn’t have an icon for it on their Start menu. Removing the Start menu icon is fairly easy. One way is
109
110
Chapter 5
Keeping Windows XP Current
to modify the default user profile so that it does not include the Start menu icon.This method has the best effect on standalone systems or systems that are members of a workgroup. .
For information on configuring user profiles, see Chapter 6, “Windows XP Installation and Upgrade Secrets,” p. 119.
If your Windows XP systems are members of a domain, the best course of action is to create a group policy to remove Windows Update from the Start menu.To do this, click Start, Run, type MMC in the Open text box, and click OK. Expand the following items: Administrative Templates, Start Menu & Taskbar, User Configuration.The group policy is named Remove Links and Access to Windows Update.When this policy is enabled, it removes the Windows Update icons from the Start menu and the command from the Internet Explorer Tools menu. It also blocks the user from accessing the site directly with the URL windowsupdate.microsoft.com.
Living with Service Packs and Hotfixes Windows Update is the primary means by which Microsoft distributes service packs and hotfixes. A hotfix is a single-purpose patch, update, or correction. Microsoft tests hotfixes only modestly in-house before posting them to the Windows Update site.This means that although the hotfix may correct the problem it is designed to address, it can cause other problems with your system.The general rule for hotfixes is to install them only if you are actually experiencing the problem for which they are designed. (The exception is security fixes, which you should always apply as soon as possible.) Another drawback to hotfixes is that they can void your service contract with Microsoft. So be sure to read the documentation for the hotfix and discuss the issues with your service contract manager before you install hotfixes. Service packs are a larger collection of hotfixes and other patches, updates, and new software features/tools/components. Service packs are much more thoroughly tested both inside Microsoft and by many beta testers (which include many large enterprise organizations and PC-savvy individuals). For the most part, service packs are stable and safe to install. In a few instances in the past (such as the first release of Service Pack 6 for Windows 2000), the service pack caused noticeable problems, but those issues were remedied quickly with the release of SP6a. Service packs should be installed only after you are sure they will not cause problems in your particular environment. Service packs will not void your service contract with Microsoft. In fact, often the installation of a service pack is required to remain covered under such contracts. Again, read the documentation for the service pack and discuss the issue with your service contract manager before installing. Whether you are dealing with hotfixes or service packs, you should always test them before installing them on production systems. In many cases, after a hotfix or service
Windows Update
pack is applied, it cannot be uninstalled completely.This means whatever gets broken will stay broken unless you made a complete backup before the install and are good at restoring backups. So test, test, test.Then after you are sure, retest again.
The Joys of Slipstreaming Slipstream service pack installation is just a fancy name for installing a service pack at the same time as the initial OS installation.This is accomplished by integrating the service pack files with the installation files for the OS.This combined file set is then used to perform a single, quick-and-easy installation. Follow these steps to perform a slipstream installation: 1. Copy the entire Windows XP distribution CD to a folder on a hard drive.Take note of the destination drive and directory, such as d:\winxpcd. 2. Download the network installation version of the service pack from the Microsoft Web site. 3. Perform the initial extraction of the service pack into a temporary directory, such as d:\winxp\sp1. 4. Create a destination directory for the second service pack extraction, such as d:\winxpsp1\. 5. Perform the second extraction of the service pack by issuing the following command from a command prompt: d:\winxp\sp1\xpsp1 -x.When prompted, point the extraction utility to the destination directory, such as d:\winxpsp1\. Note The main file for Service Pack 1 is XPSP1.EXE, but this might change for other service packs. You can open a command prompt by clicking Start, Run, typing CMD, and then clicking OK.
6. From the command prompt, change to the d:\winxpsp1\update directory, and then issue the following command: update -s:. Substitute your path to the host folder for your duplication \i386 directory: xpsp1 -s:d:\winxp. 7. A dialog box displays the progress of the service pack integration. After it’s finished, click OK. 8. To initiate an install, run Setup from the d:\winxpcd folder. The combined files can be shared with a network or burned to a CD as an easy distribution method to multiple systems for installation. If you are installing more than a handful of systems, slipstreaming is the way to go.
111
112
Chapter 5
Keeping Windows XP Current
Keeping Up with Changing Hardware, Software, and More Through the life of your computer system, there is a good chance that you will be upgrading, replacing, or adding components.You might add more RAM, add another hard drive, replace the video card, and so forth. As your system’s hardware composition changes, so too will the operating system. Keeping your system as clean and pristine as possible is important to maintain efficiency and performance and to avoid problems. There are several steps for keeping your system in tip-top shape, even in the face of significant internal component changes.The first step in managing change is documentation.You should actively maintain relevant documentation for your system, which includes the following: n
n
n n n
n n
n
An exhaustive list of each component inside or outside or otherwise connected to your computer Exact details about each component: vendor, make, model, specifications, customizations, upgrades, and so on Versions of drivers currently being used Exhaustive list of all software, drivers, and patches installed A log of all changes to the system, including component replacement, driver updates, patch installations, troubleshooting activities, and so forth Manuals for all components and software Written details on all custom configurations, including network addressing, naming, security, and so on CD or floppy disk copies of all installation files, including OS, software, drivers, patches, and the like
From a solid foundation of documentation, you can effectively manage a single system or a thousand systems. If you are adding a new device to your computer, follow these steps: 1. Gather manuals and documentation for the new component. 2. Locate the latest drivers for the component. 3. Read installation documentation from the manufacturer, and look for the known issues information (the section where known problems are discussed). 4. Follow the manufacturer’s instructions to install the component.This typically involves physical installation followed by software/driver installation. 5. Update the system documentation based on changes made by the installation process.
Advanced Device Driver, DLL, and System File Management
If you are replacing an existing device, follow these steps: 1. Read and follow the documentation on the uninstallation procedure for the device.Typically, this involves removing the software/driver first, followed by physical device removal. 2. When possible, boot the system without the new component to verify that all remnants from the previous device are removed. 3. Update the system documentation based on changes caused by the removal process. 4. Perform the component install, using the same five steps for adding new devices. As for software, the process is the same, except there is usually no physical component to add or remove. Just be sure to fully document the changes to the system that the installation causes.
Advanced Device Driver, DLL, and System File Management Windows XP has made numerous advancements in file management.The specter of a dead system after a software installation or a system update is nearly gone.Windows XP now actively protects itself against alterations to its core system files and helps manage changes in other important files, such as device drivers and dynamic link libraries (DLLs). The most beneficial aspect of these new self-preservation tactics is that the OS performs them automatically.This means that as a system administrator, you no longer have to worry about core system files, juggle driver versions, or deal with DLL conflicts.
Device Driver Management Managing device drivers has long been a problem for Windows. Until the introduction of driver signing in Windows 2000, drivers were not protected or insured.When a driver is digitally signed, it has been tested and verified by Microsoft to work with Windows, and it has not been changed by another program’s installation process. Drivers that are not protected can be easily overwritten or changed without the consent of the system administrator. Drivers that are not signed and verified can be corrupt, contain Trojan horses or malicious code, or simply be the wrong driver.Through the use of driver signing,Windows XP helps reduce or eliminate these problems. Driver signing is configured through the System applet: 1. Open Control Panel by clicking Start, Control Panel. 2. In Category view, click Performance and Maintenance. (In Classic view, continue to the next step.)
113
114
Chapter 5
Keeping Windows XP Current
3. Open the System applet. (Click once in Category view or click twice in Classic view.) 4. Select the Hardware tab. 5. Click the Driver Signing button to open the Driver Signing Options dialog box (see Figure 5.3).
Figure 5.3 You can configure how Windows manages driver installation through the Driver Signing Options dialog box.
The Driver Signing Options Dialog Box In the Driver Signing Options dialog box, you can select how the system handles drivers.There are three options: n n n
Ignore—Install the software anyway and don’t ask my approval Warn—Prompt me each time to choose an action Block—Never install unsigned driver software
The default setting is Warn. Only administrators are allowed to install software and change drivers.Through the use of driver signing, you can ensure that no one else is installing drivers on your system and control whether unsigned drivers are used when you attempt to install drivers. Drivers are signed exclusively by the Microsoft Hardware Quality Labs (MHQL) and only after the MHQL has thoroughly tested them. All devices on the HCL have signed drivers. If you install a driver that you want to remove and return to the previous driver, you can use the driver rollback feature. Driver rollback does exactly what it says: It removes the
Advanced Device Driver, DLL, and System File Management
current driver from the system and restores the previous driver.This process is possible because Windows XP automatically retains the previous driver files when new drivers are installed. To use driver rollback, you must access the Properties dialog box for the device through Device Manager.To do so, follow these steps: 1. Open the Control Panel by clicking Start, Control Panel. 2. In Category view, click Performance and Maintenance. (In Classic view, continue to the next step.) 3. Open the System applet. (Click once in Category view or click twice in Classic view.) 4. Select the Hardware tab. 5. Click the Device Manager button. 6. Expand a device category type to locate the device. 7. Double-click on the device to open its Properties dialog box. 8. Select the Driver tab (see Figure 5.4).
Figure 5.4 You can configure drivers in the Driver tab of a device accessed through Device Manager.
9. To roll back a driver, click the Roll Back Driver button. 10. If no previous driver is available, you will be notified and given the option to launch the Troubleshooter. If you think you need the Troubleshooter, click Yes. Otherwise, click No.
115
116
Chapter 5
Keeping Windows XP Current
11. If a previous driver is available, you are prompted to confirm the driver rollback process. Click Yes to continue or click No to cancel. 12. After the previous driver is restored, you might be prompted to reboot the system. Even if you are not prompted, always reboot after rolling back a driver. If you’d like to scan your system for signed and unsigned files, you can use the File Signature Verification (sigverif) tool.This is the same tool that the driver-signing protection mechanism uses when scanning new drivers upon installation. Note You must be logged in as an administrator to use the sigverif tool.
To use sigverif, follow these steps: 1. Click Start, Run, type sigverif, and then click OK. 2. The File Signature Verification tool opens. Click the Advanced button. 3. The Advanced File Signature Verification Settings dialog box opens. In the Search tab, you can select these options: Notify me if any system files are not signed Look for other files that are not digitally signed The second option requires that you provide a wildcard search keyword and a folder hierarchy to search. 4. In the Logging tab, you can elect to log the results of the scan and decide whether to append to the current log file or create a new log file each time the tool is used. n n
Note The log file is stored in the main Windows directory by default.
5. Click OK to return to the tool. 6. Click Start to initiate the scan. 7. After the scan is finished, sigverif displays a report of its findings.You can also view the details in the log file. The sigverif report lists the files it discovered that were not properly signed and displays their location, modification date, file type, and version number. If the discovered culprits seem abnormal or questionable, consider replacing them with signed versions.
For More Information
Windows File Protection Windows File Protection (WFP) is an invaluable mechanism that automatically protects core system files from corruption, deletion, alteration, or unauthorized replacement.WFP watches over the distributed versions of most .sys, .dll, .exe., and .ocx files as well as a few TrueType font files critical to the system.The system maintains a database of signatures and a backup copy of each protected file.When you install hotfixes or service packs that update these files,Windows updates their signature and backup copies. WFP actively scans the system, looking for any change to the protected files.When a change is detected, the file is scanned and its signature compared against the WFP database. If the file fails the inspection, it is instantly replaced with the backup copy of the original file.The backup copies of protected files are stored in the \System32\DLLCACHE folder within the main system root and on the original distribution CD. In some cases,WFP prompts you to provide the Windows XP CD to perform a key file restoration. In most cases, the activities of WFP are invisible to the user. However, when a critical system file is involved, you might be prompted to reboot the system. Just as driver signing has a user-accessible tool behind its operations, so does WFP.The tool behind WFP is the System File Checker (SFC).You can run this tool manually from a command prompt. For a complete listing of the syntax and parameters for SFC, just type sfc /? at a command prompt. Note You must be logged in as an administrator to use the SFC tool.
The SFC tool can be used to scan the system immediately, scan immediately after the next reboot, or scan after every reboot.You can also use the SFC tool to purge and rebuild the DLLCACHE folder and to set its maximum size.The default size is 50MB. The scan that the SFC tool performs simply checks that all essential core system files match their recorded signatures and are exact duplicates of their backup copies. If it finds any discrepancies, the backups are used to correct the altered version of the file.
For More Information There is very little in the way of third-party tools for keeping Windows XP up to date because it already has vastly improved mechanisms over previous Windows versions for managing and handling updates and changes to system files. Most of the tools available for Windows 2000 also work on Windows XP. But if you do venture down that path, ask the vendor whether testing has been performed on Windows XP and test the tools yourself before using them in production systems. If you fail to plan, you plan to fail.
117
118
Chapter 5
Keeping Windows XP Current
If you are managing a large deployment of Windows XP, you might find Sunbelt Software’s UpdateEXPERT useful.This tool manages the download, network distribution, and installation of service packs and hotfixes for Windows XP, 2000, and NT.To check it out, visit www.sunbelt-software.com. If the information about Windows XP management issues in this chapter has increased your desire to learn more, here are a few resources you can research. Books n
Configuring and Troubleshooting Windows XP Professional. Syngress, 2001. ISBN: 1928994806.
n
Cowart, Robert and Knittel, Brian. Special Edition Using Windows XP Professional. Que, 2001. ISBN: 0789726289.
n
Glenn,Walter. How to Use Microsoft Windows XP, Bestseller Edition. Que, 2002. ISBN: 0789728559.
n
Microsoft Windows XP Professional Resource Kit Documentation. Microsoft Press, 2001. ISBN: 0735614857.
Magazines and Web Sites n n n n n
Microsoft Certified Professional Magazine: www.mcpmag.com PC Magazine: www.pcmag.com TechNet CD or Web site: www.microsoft.com/technet/ Windows and .NET Magazine: www.winnetmag.com Windows XP CD: Read1st.txt, relnotes.htm, and pro.txt files
6 Windows XP Installation and Upgrade Secrets
W
INDOWS XP INSTALLATIONS CAN RANGE FROM simple and uneventful to complex and problem prone.Windows XP can be installed on single standalone systems or distributed to multiple clients on a large network. Knowing how to install Windows XP and understanding how to best prepare for the process can make every installation attempt a success.
Maintaining User Profiles and Configurations One of the first decisions to make when installing any operating system is whether to upgrade or to perform a clean installation. However, no matter which method you choose, you might need to retain data that’s already on the system. If the destination system has a pre-existing operating system, there is probably some data that should be maintained, saved, or backed up. Windows XP provides a means for backing up and retaining personal data across upgrades and installations.You can use the Files and Settings Transfer Wizard to create a backup of all user profile data and any data files on the system. After making this backup, you can restore it to any Windows XP installation.This backup makes the transfer of your preferred desktop environment from one OS or system to another not just possible but easy. The Files and Settings Transfer Wizard can create a backup set from a Windows 95, 98, SE, Me, NT, 2000, or XP system.The tool can be used in two modes: live transfer mode and disk transfer mode. In live transfer mode, the selected data is transferred from the source to the new destination system over a LAN connection, a dial-up link, or even a direct serial connection. In disk transfer mode, the selected data is copied to a disk.
120
Chapter 6
Windows XP Installation and Upgrade Secrets
To use the Files and Settings Transfer Wizard, you must be able to run it on both the source and destination systems. As long as the system has a CD-ROM drive, you can just run the Fastwiz.exe file from the \Support\Tools folder on the Windows XP distribution CD. If the system does not have a CD-ROM drive, you can build a wizard disk on a floppy disk. The process of backing up or transferring data between systems can consume a considerable amount of time.The larger the data’s total size, the longer the process will take.The wizard’s default settings are to grab every file that is not native to the Windows OS installation or installed applications. In other words, every single file that did not originate from Microsoft or a software vendor is included in the backup set. Fortunately, you can custom-tune the wizard to grab just the data elements you want to retain. Using the customize option greatly reduces the time needed to perform the transfer. There are two ways to use the File and Settings Transfer Wizard.The first method is to back up personal data, perform an upgrade or a clean install, and then restore the personal data.The second method is to transfer personal data from one system to another via a network link. To use the first method, perform the following steps: 1. Log on to the old system (the one that hosts the personal data you want to back up or retain) with the user account associated with the personal data. 2. Insert the Windows XP distribution CD into the CD-ROM drive. 3. Use the Start, Run command to locate and run Fastwiz.exe from the \Support\Tools folder on the Windows XP CD. 4. Click Next. 5. Select the Old Computer radio button, and then click Next. 6. If the media you’re transferring to has enough free space to accommodate your files, select the Floppy Drive or Other Removable Media option. If not, select Other. If you selected Removable Media, select the appropriate drive in the drop-down list. If you selected Other, define the drive and path where the personal data files will be deposited. 7. Click Next. 8. In the What Do You Want to Transfer? page, select one of the following radio buttons: Settings Only, Files Only, or Both Files and Settings. If you want to customize the selections, click the check box at the bottom (see Figure 6.1), and then click Next.
Maintaining User Profiles and Configurations
Figure 6.1 Select which files and settings to transfer in the Files and Settings Transfer Wizard.
9. If you decided to customize the option you chose in step 8, the Select Custom Files and Settings dialog box opens, where you can add and remove files and settings from the backup set (see Figure 6.2).
Figure 6.2 You can customize which files and settings are transferred.
10. After finalizing your choices for the backup set, click OK. A list of settings and/or files to back up is displayed. Click Next to start the backup. 11. The selected elements are backed up into the selected destination.When it’s completed, click Finish.
121
122
Chapter 6
Windows XP Installation and Upgrade Secrets
Now that you have the backup set, you can perform your upgrade install or clean install and install all your applications. After that is finished, you can restore your settings to the new Windows XP system.To restore your personal files, perform the following steps: 1. Log on to the new system with the user account that will be associated with the personal data. 2. Insert the Windows XP distribution CD into the CD-ROM drive. 3. Use the Start, Run command to locate and run Fastwiz.exe from the \Support\Tools folder on the Windows XP CD. 4. Click Next. 5. Select the New Computer radio button, and then click Next. 6. Select the I Don’t Need the Wizard Disk, I Have Already Collected My Files and Settings from My Old Computer radio button. 7. Click Next. 8. Select the Removable Media option or the Other option. (Make the same selection you made in step 6 of the previous procedure.) Be sure to insert the removable media or provide access to the other storage location. 9. Click Next. 10. Your personal files and settings are imported.When the import is completed, click Finish. 11. Reboot the system for the settings to take effect. If you are transferring data from one system to another and can establish network connectivity, you can use the File and Settings Transfer Wizard to move the data directly from one system to the other. Just follow the same basic process, but instead of selecting Removable Media or Other, select the Direct Cable option. Configure the old system first, and then the new.
Windows Activation Microsoft has implemented a piracy prevention mechanism into Windows XP known as Windows Activation.Windows Activation requires verification of your registration code when an installation is performed.The verification can occur over the Internet automatically or over the phone.The primary purpose of Windows Activation is to prevent a single copy of Windows XP from being installed on multiple systems.When Windows XP is activated, its registration key is stored in a Microsoft database along with an identification code for your specific computer. After it’s activated, that version of Windows XP can be legally used on only that one system. The identification code for your computer is created by taking details, IDs, and parameters from various core components of your computer to create a unique 50-digit code.
Dos and Don’ts of Upgrading
Microsoft claims this code cannot be used to trace or locate a specific computer; however, the code is specific enough to prevent reuse of the same registration code on a system with a different ID. Microsoft also claims that the activation process is fully anonymous and privacy is maintained. Activation is required within 30 days of installation. If you fail to activate Windows XP within that time period, the system ceases normal operations until activation is completed. Activation is easiest if your system has Internet access during the installation. However, if you add Internet access after installation, activation is just as simple. In most cases, activation takes less than 30 seconds. However, if the system doesn’t have Internet access in any form, activation can be done over the phone by dialing the phone number that the Activation Wizard displays. Activation ensures that you’ve purchased a fully legal copy of Windows XP and that no one else can steal or duplicate your copy of Windows XP. However, activation can bring new problems to your door. Microsoft claims that 10 aspects of a computer are analyzed to create the unique system ID for activation. However, as you upgrade or alter your system’s hardware configuration, these components might change. If the upgraded system’s generated ID is significantly different from the one registered with Microsoft, your Windows XP installation is automatically deactivated. Fortunately, Microsoft will reactivate your system if you call and explain that you’ve upgraded your computer’s hardware. Reactivation can take place only over the phone. Activating during installation is easiest, but if you skip it then, you can launch the Activate Windows utility from the Start, Programs menu.
Dos and Don’ts of Upgrading Migrating from one operating system to another can be smooth as silk or as difficult as reaching the moon from a ladder. Upgrading, on the other hand, is the process by which the new operating system is installed into the existing OS.When this works properly, the result is an updated system that retains most of the configuration, layout, and settings from the previous OS. However, when upgrading goes bad, you might need to format the partition/hard drive and start a clean installation from scratch. To achieve a smooth upgrade or migration to Windows XP, there are many issues to consider and several actions to take before launching the Windows XP installation routine. .
If you are interested in performing a multi-boot installation, see Chapter 7, “Booting Windows XP,” p. 129.
The first action you should always take when considering or pondering a migration is read the documentation.The Windows XP distribution CD includes several important
123
124
Chapter 6
Windows XP Installation and Upgrade Secrets
documents you need to review before performing the install. Read1st.txt, in the root directory of the distribution CD, contains last-minute installation information that wasn’t available until just before Microsoft burned the CD. Pro1 (Professional) or Pers1 (Home), found in the CD’s Setuptxt folder, are files containing version-specific information on topics such as installation, customization, and startup. Next, visit the Windows XP Web site at www.microsoft.com/windowsxp and read through everything related to installation, migration, and deployment. Windows XP supports upgrading from a limited selection of operating systems: n n n
Windows 98, OSR2, SE, Me Windows NT 4.0 Workstation (with service packs) Windows 2000 Professional (with service packs)
You can also upgrade Windows XP Home Edition to Windows XP Professional. If your system hosts any other operating system, including Windows 95,Windows NT Server,Windows 2000 Server,Windows 3.x, or even—God forbid—a non-Microsoft OS, you have to perform a clean install.Try using the Files and Settings Transfer Wizard (when supported) to migrate your essential files and settings to Windows XP. When performing an upgrade, keep in mind that the process does not always produce expected or desired results.The upgrade could possibly crash your system, delete wanted data files, or even default to a clean install. Backing up your system is the only way to protect yourself against the numerous potential failures of an operating system migration. During an upgrade, you’ll be prompted whether to upgrade the hard drive to NTFS (if applicable). In most cases, this option is preferred. FAT and FAT32 offer no security controls and have numerous problems with fragmentation and directory corruption. NTFS offers security, reliable fault tolerance, and self-repairing capabilities and supports very large partition sizes. Before any upgrade, be sure to remove or disable all disk compression tools.The Windows XP upgrade process is not compatible with most of these third-party tools. If your hard drive is so small that you must use drive compression to host Windows 9x, you have bigger issues to resolve than upgrading your OS—namely, installing a larger hard drive. You should also remove all drive and file encryption.You might be able to reinstall these tools after the upgrade, but there is too much potential for a catastrophe if they are present and active during the upgrade. If you choose to partition your primary hard drive instead of dedicating it entirely to the boot partition, be sure to create at least a 4GB partition to host Windows XP. Believe me, you don’t want the headache of having to juggle files when you discover the operating system’s boot partition is running low on space.
Automating Windows XP Installation
Tip It is also a good idea to exit any virus or Trojan horse scanners and to start the upgrade after a fresh boot of the current OS.
Performing a Smooth Migration A smooth migration to Windows XP is dependent on a few key issues. First, you need to ensure that all components of the system are compliant with the Hardware Compatibility List (HCL), found at www.microsoft.com/hcl/. Second, make sure your system exceeds the system requirements for Windows XP.Third, having Internet access will enable you to activate the system and quickly access Windows Update. During an upgrade installation, the setup routine inspects your system for compliance with the Windows XP HCL and produces an upgrade report listing all the software (including device drivers) that might not function properly under Windows XP.The purpose of the upgrade report is to forewarn you of possible problems so that you can seek out updated versions, drivers, patches, and so forth. If you’d like to perform the upgrade check without starting the upgrade installation process, just issue winnt32 /checkupgradeonly from Start, Run or a command prompt. Remember, the winnt32 executable is located in the i386 directory on the Windows XP distribution CD.
Automating Windows XP Installation Windows XP installation can be automated by using scripting or push installations. Scripting automation allows for upgrade or clean installs, whereas push installations are limited to clean installs only. You can use the Setup Manager Wizard to quickly create custom installation scripts.To install this tool, extract the contents of the Deploy.cab file from the \Support\Tools folder on the Windows XP distribution CD into a folder of your choice.You can then use the Setup Manager (Setupmgr.exe) to create an answer file named Unattend.txt.This file is used as a command-line parameter of winnt32 to supply answers to installation questions, which eliminates the need for human interaction during the installation.The Setup Manager is easy to use; in fact, it’s a wizard that prompts you for every iota of information needed to perform a completely unattended installation. If you name the answer file Winnt.sif and place it on a floppy disk, you can launch the automated install by booting from the Windows XP CD and placing the floppy disk in the floppy drive. Otherwise, the answer file is used to launch an installation from a preexisting OS, either from a network share of the i386 directory on the Windows XP CD or from a local CD-ROM drive.
125
126
Chapter 6
Windows XP Installation and Upgrade Secrets
The basics of scripted installations are fairly straightforward and easy to manage. However, there are lots of details and complex alterations that can be used as well. For an in-depth discussion of scripted installations for Windows XP, please consult the Windows XP Resource Kit’s Chapter 2, “Automating and Customizing Installations.”You can access it online by going to www.microsoft.com/technet/ and searching with the keywords “Automating and Customizing Installations.” The Windows 2000 Remote Installation Service (RIS) can be used to push out installations of Windows XP to destination clients.To use RIS to install Windows XP, the destination clients need a special booting NIC or a RIS boot disk. For details on using RIS to install Windows XP, please see the Windows 2000 Resource Kit. See the Windows XP Resource Kit’s Chapter 2, “Automating and Customizing Installations” for details on Windows XP installations pushed via RIS and information on RIS installation, configuration, setup, and use.
Troubleshooting Installations The Windows XP installation process is very robust and difficult to break—that is, if you’ve started with an HCL-compliant set of hardware. I’ve easily performed over 100 installations of Windows XP on various desktops and notebooks, and I’ve had only one or two failures; as it turns out, those failures were caused by defective or legacy hardware. After the components were replaced, the installation was completed without a hitch. However, just because the installation routine normally goes smoothly doesn’t mean it always will.To help you troubleshoot installation problems, I’ve collected a few scenarios I’ve encountered in the past and a viable solution for each.
Windows Crashes During Installation In the first scenario, the Windows XP installation process crashes before it completes. In most cases, a crashed install is caused by a hardware problem. If your hardware is not 100% HCL compliant, expect problems. However, hardware is not always the culprit. In some cases, the settings you choose during the install could stress the preinstalled OS to the point of failure. For example, complex network configurations and high-end video settings are best left for configuration after the OS has finished its initial installation. If your first attempt at installation fails, try it again, and stick with the defaults or the basic selections during the installation process. After the install is finished, use the Control Panel applets to implement other configuration changes. The installation can also crash because of a hardware hiccup, an electricity fluctuation, or the moon being half out of phase.The setup routine maintains a log file of its progress, which makes it easy to restart and pick up where it left off.Therefore, another possible solution is just to restart the installation and let the setup process try it again.
Troubleshooting Installations
If the failure occurs at the switch between the setup’s text portion and the graphical portion, you can suspect your video card. It might not be HCL compliant or have enough RAM to function.You should try a different video card to see if you can finish the install.Then follow the video card vendor’s instructions on installing the card back into the system and be sure to use the latest drivers.
My Existing OS Won’t Recognize the CD-ROM Drive In this next scenario, your current operating system won’t “see” your CD-ROM drive, making it difficult to launch the install. Fortunately, you have a few other options. First, if you can configure the system to boot from the CD-ROM drive, you can launch the install to perform an upgrade or a clean install directly from the CD. If you don’t have a bootable CD-ROM, you can try creating a DOS boot disk with DOS-based CD-ROM drivers and launch the install (located in the i386\winnt directory) from the DOS prompt. Another method is creating the setup boot disks for Windows XP.The tool to create these disks is available on the Microsoft Web site at http://support. microsoft.com/default.aspx?scid=KB;EN-US;q310994&ID=310994.You’ll need six blank floppy disks to create the set.There is one set for Windows XP Home Edition and another for Windows XP Professional.With the setup boot disks, just boot from the first floppy disk in the set and follow the instructions. If none of these methods succeed, you have a hardware issue (for example, an incompatible CD-ROM drive or an out-of-date motherboard) that needs to be resolved.
Windows XP Fails to Boot After Installation In another scenario, the installation finishes but Windows XP does not boot afterward. In most cases, this failure has to do with the system partition, which contains the files that the computer uses to load the boot menu and the actual OS files. If this partition is not created correctly, the system will not boot. However, this event is rare. It’s more common for the system partition to be on a special drive controller, such as SCSI, and the wrong device driver has been installed for that driver controller. Make sure you know whether the drivers for your drive controller are native to Windows XP or if you must install them during the initial stages of setup (by pressing F6 during the text portion of the setup routine). Another possible problem involves configuration settings in the BIOS. If your motherboard’s BIOS is not Windows XP compatible, you need to see if it’s upgradable to a newer BIOS. If it’s not, you might have to upgrade your system. If it is compatible, then a configuration setting could be causing a problem.The problem could be in the area of a boot password, power management, boot order, or any number of other locations. A possible correction is resetting the BIOS to its defaults. However, before you take that
127
128
Chapter 6
Windows XP Installation and Upgrade Secrets
action, back up the BIOS settings if your system offers that feature; otherwise, record the salient details manually.
For More Information If the information about Windows XP installation issues presented in this chapter has increased your desire to learn more, here are a few resources you can research: Books n
Configuring and Troubleshooting Windows XP Professional. Syngress, 2001. ISBN: 1928994806.
n
Cowart, Robert and Knittel, Brian. Special Edition Using Windows XP Professional. Que, 2001. ISBN: 0789726289.
n
Microsoft Windows XP Step by Step. Microsoft Press, 2001. ISBN: 0735613834. Microsoft Windows XP Professional Resource Kit Documentation. Microsoft Press, 2001. ISBN: 0735614857.
n
Other Resources n n
TechNet CD or Web site: www.microsoft.com/technet/ Windows XP CD: Read1st.txt, relnotes.htm, and pro.txt files
7 Booting Windows XP
A
FTER WORKING WITH WINDOWS XP FOR a while, you will realize that most system crashes occur during the boot process. Although the boot process looks simple on the surface, it is actually quite complex.This chapter describes the steps that Windows XP takes from the time you initially turn on your computer to when you are given the login prompt.
In addition, you examine some of the available tools (from both Microsoft and thirdparty vendors) for recovering a failed Windows XP system, including the Windows XP boot disk.
System and Boot Partitions When Windows NT was created, Microsoft made decisions that, to this day, we are still trying to figure out. Many of these decisions have remained in effect through Windows 2000 and now in Windows XP.The distinction between the system and boot partitions is one of these decisions. Common sense tells us that the boot partition should contain the boot files, and the system partition should contain the system files.Well, who needs common sense, anyway? In the Windows XP, 2000, and NT worlds, the opposite is true. As a rule, boot files reside on the system partition, and system files are on the boot partition. Just remember that it’s the opposite of common sense, and you’ll do just fine. Although there is some logic behind the choice of terms, Microsoft selected the logical choice that is not the most obvious choice.The system partition contains the files that tell the system (that is, the hardware itself) what to boot and how.The boot partition contains the files needed to actually boot the operating system.Try to pick a method to help you remember the distinction and stick with it. Otherwise, you’ll get confused just when clarity matters most. To properly boot an operating system (Windows XP included), you must have at least one system partition configured; this is also known as the active partition.To select and
130
Chapter 7
Booting Windows XP
configure an active partition, use the Windows XP Disk Management administrative snap-in to the Microsoft Management Console (MMC). To use the Windows XP Disk Management MMC snap-in, follow these steps: 1. Start the Disk Management MMC snap-in by opening the Administrative Tools window from Control Panel, and then double-clicking the Computer Management icon. 2. Click Disk Management under the Storage container in the left pane of the Computer Management window. 3. Select the disk to be marked as active by clicking it, and then choosing Action, All Tasks, Make Partition Active from the menu. In most cases, you do not need to define or alter the active partition throughout your system’s lifetime.When you perform the initial Windows XP installation, the installation process takes care of this detail for you automatically.The only time you might need to perform this operation is when you create a dual-boot system in which the active partition is changed.
The Windows XP Boot Sequence Although the Windows XP boot process is lengthy and complex, it follows a distinct, logical path. Knowing the steps Windows XP takes during its initialization stages can help you in troubleshooting exactly where the boot process might be failing.The Windows XP boot process can be divided into the following areas, occurring in this order: 1. 2. 3. 4. 5. 6. 7. 8. 9.
Power On Self Test (POST) Initializing the system Booting the system Choosing the operating system Detecting the hardware Choosing the boot configuration Loading the Kernel Initializing the Kernel Logging in to the system
Before you can examine how Windows XP boots, you need to know which files are involved in this process.The Windows XP boot process uses several files. Some of them exist in all circumstances, and others exist only if certain conditions are met.The following is a list of the most commonly used files:
The Windows XP Boot Sequence
n n n n n n n
Boot.ini Ntldr Ntdetect.com Bootsect.dos Ntoskrnl.exe Hal.dll Ntbootdd.sys
Note Note that these are exactly the same files found on a Windows 2000 system.
Power On Self Test (POST) One of the first tasks any Intel-based computer performs is the Power On Self Test (POST). POST is a set of tests your computer performs to check itself. Covering all the tests would be impossible because they vary greatly, depending on the BIOS version installed in the system. Some of the most common tests include checking the hard drives, memory, video card, and keyboard. Although most people assume that only computers run a POST, some adapter cards run their own POST as well (based on the information stored in their BIOS). One of the most common types of adapter cards that perform this task is a small computer system interface (SCSI) card. In most cases, a SCSI card can run tests to check its configuration and to detect any devices that might be connected to the system. A SCSI card that can perform this task is known as a SCSI adapter with the BIOS enabled, which is explained in further detail in “The [operating systems] Section” later in this chapter. When POST runs into a problem, it usually notifies you, the user, by displaying an error message onscreen or by sounding a preset series of beeps (the most common method of notifying you of errors).The number, length, and sequence of beeps depend on the BIOS. At first, it might seem weird that the system would beep instead of displaying an error message, but when you think about it, it does make sense. How else would you know there is a problem with the video card if the system could not display the message onscreen (because of the problem with the video card)? It’s important to note that the POST has nothing to do with the operating system installed on the machine.The POST performs the same routine every time the machine is powered on and must finish successfully before the system looks to any storage medium for information. Failure here is always hardware related.
131
132
Chapter 7
Booting Windows XP
Beeping Errors If your system is one that informs you of errors by sounding a sequence of beeps, you can “break” the code by checking out the FAQ at the PC Guide Web site. The PC Guide’s code page on troubleshooting BIOS beeps can be found at http://www.pcguide.com/ts/x/sys/beep/index.htm. In addition, be sure to review the documentation that came with your motherboard for the most useful information for your particular system. Also, check the Web site of your motherboard’s manufacturer, as additional information might be listed there.
When the POST is finished, the system moves into the next phase of its startup process, initializing the system.
Initializing the System The machine must now find a way to boot the operating system (OS).To accomplish this task, and because each OS boots differently, it must find information on how to pass control to the OS. If the startup process detects a floppy disk in the drive, it searches the disk’s first sector for the partition boot sector. If one is found, it treats that floppy disk as a startup disk and passes control to it. If a floppy disk is detected in the drive but determined to be a non-system disk, a message similar to the following appears: Non-System disk or disk error Replace and press any key when ready
If, however, the floppy disk is deemed a bootable disk, the partition boot sector then loads into memory.The partition boot sector contains information on how to pass control to the OS on that disk. After this information is gathered, all control is transferred to the OS. If the system does not detect a floppy disk in the floppy disk drive, it checks the next device (as defined by the system’s BIOS) to see if it is bootable. On most systems, it is the CD-ROM drive. If a bootable CD-ROM is present, you are asked whether to boot from it. In most cases, your response will be pressing the spacebar to confirm booting from the CD-ROM, or doing nothing to indicate that the system should boot from the next boot device. After the OS is installed, there is little reason to boot from a CD other than to load a CD-based OS. Usually, the next available device is a hard drive.The first area on a hard drive is known as the Master Boot Record (MBR). Note With the advent of bootable CD-ROMs, Zip disks, and other forms of media, BIOS manufacturers have changed the way the BIOS detects bootable devices. You can select the order in which the system attempts to detect bootable devices on most new computers, so the previously described boot order might not occur on your system. Because of the large number of combinations and boot device orders, we won’t cover each bootable device.
The Windows XP Boot Sequence
If the system does not find an MBR on the hard drive, you get the following message: Missing operating system
If the system finds an MBR on the hard drive, it loads it into memory, processes it, and passes control to the OS as outlined in that MBR.The BIOS then steps into the background and is not used again.
Booting the System At this point, the OS boot process has begun, and control is passed to a Windows XP file known as Ntldr.This file displays the boot menu, detects the hardware, and initializes any adapters that might be used to boot the system. Unlike Windows NT, which informed you as to what was happening throughout the startup,Windows XP keeps this information somewhat secret. Instead,Windows XP displays a title window, shown in Figure 7.1, while it initializes the system.The option of pressing the F8 key to enter a troubleshooting menu is covered in the “Troubleshooting Boot Problems” section later in this chapter.
Figure 7.1 During the boot process, you should see this Windows XP title window.
Ntldr then detects the file system used to format the hard drive (FAT or NTFS) and loads the appropriate driver so that it can continue to read information off the hard drive. In a multi-OS environment, it then loads the Boot.ini file into memory, processes it, and displays the Windows XP boot menu. (See the “Choosing the Operating System” sidebar later in this chapter.) If only a single operating system is installed (a Windows XP
133
134
Chapter 7
Booting Windows XP
OS, obviously), no boot menu is displayed. Instead, Ntldr simply continues with the startup of that OS. If you select a non-Windows XP or a previously installed OS, Ntldr finds the Bootsect.dos file.This file contains the MBR as it existed before being replaced with the Windows XP MBR. Ntldr loads this file, runs it as though the MBR is being read, and passes control to it. At this point,Windows XP is out of the picture and has no say in how the OS is booted. If you select a Windows XP installation, Ntldr locates and runs the Ntdetect.com file, which detects and gathers information about your system’s hardware configuration. After Ntdetect.com gathers this information, you are given the option of placing Windows XP startup into the Hardware Profile/Configuration Recovery menu. (This menu appears only if you have multiple hardware configurations.) As you may already know,Windows XP can boot into several different hardware configurations.You will find this feature handy if you are running a notebook computer with a docking station.When the notebook is “docked,”Windows XP has access to several hardware components that are not available when the notebook is “undocked,” such as SCSI controllers, high-speed networking devices, and directly connected printers. Use this menu option to select the preferred configuration. Note With Windows XP finally supporting full Plug and Play, profiles are not as necessary as they were with Windows NT. They are normally used only with non-PnP devices.
The final task Ntldr performs is loading and running the Windows XP Kernel (Ntoskrnl.exe). After running the Kernel, Ntldr passes all the information it received from Ntdetect.com to the Kernel and terminates itself. Understanding the Boot.ini File An important part of booting and troubleshooting Windows XP is understanding how the Boot.ini file works.When you fully understand how Ntldr uses the information stored in the Boot.ini file, you will be well on your way to troubleshooting most Windows XP boot problems. Choosing the Operating System Ntldr displays a boot menu where you choose the OS the system should boot. One item on the boot menu is always highlighted—the default operating system. Also, notice a countdown timer at the bottom of the menu (on the right side). When the timer reaches zero, it automatically boots the default OS. This feature allows Windows XP to automatically reboot itself without having a user present.
The Windows XP Boot Sequence
When you install Windows XP, the setup program automatically creates a Boot.ini file and stores it in the root folder of the startup disk. If you run the Windows XP installation program after Windows XP is installed and choose to install another copy of Windows XP (or Windows NT or 2000), the setup program appends the existing Boot.ini file and makes the latest installation the default boot option.When you boot Windows XP, Ntldr uses the information stored in the Boot.ini to display and run the boot menu. Assuming that a single copy of Windows XP Professional is installed over an existing Windows 98 installation, a default Boot.ini file might look like this: [boot loader] timeout=30 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= ➥ “Microsoft Windows XP Professional” /fastdetect C:\=”Windows 98”
The Boot.ini file can be divided into two separate, yet equally important, sections: n n
The [boot loader] section The [operating systems] section
The [boot loader] Section Two variables are set in the [boot loader] section of the Boot.ini file.The first, timeout=, is the amount of time (measured in seconds) the user has to select an OS before Ntldr automatically starts the default OS.The default value for the timeout variable is 30 seconds. If you set the value to zero, Ntldr automatically starts the default OS without showing the boot menu. If you set the timeout value to –1, Ntldr displays the boot menu without counting down the time. In other words, it waits indefinitely for you to make a selection.You can achieve the same result by pressing any key except Enter while the boot menu is displayed and counting down. The second variable, default=, defines which OS is booted by default.The default variable is simply a link to the [operating systems] menu and gets its boot information from there. The [operating systems] Section The [operating systems] section of the Boot.ini file contains a list of operating systems that are available to boot. Each entry contains the path Ntldr uses to find the OS system files, the string to display in the boot menu, and an optional switch that controls how Windows XP boots.
135
136
Chapter 7
Booting Windows XP
You can use this section to define multiple operating systems as well as the options for booting the same OS with different switches enabled.The path for each OS is defined by using the industry-standard Advanced RISC Computing (ARC) naming convention. ARC naming enables you to define the location of the OS files regardless of the type of controller, the physical hard drive, or the partition. It is written according to the following formula: Controller(w)drive(x)drive(y)partition(z)\%systemroot%
Two different ARC statements can be used in the Boot.ini file: n
Multi(w)disk(x)rdisk(y)partition(z)\%systemroot%
n
Scsi(w)disk(x)rdisk(y)partition(z)\%systemroot%
The Multi option can be used for IDE controllers or SCSI controllers that have the BIOS enabled (meaning they can detect and mount SCSI drives).The Scsi option is used for SCSI controllers that have the BIOS disabled.This option requires the Ntbootdd.sys file (the SCSI controller driver) to load the SCSI controller so that Ntldr can access the drives.The value of the w variable is the number of the controller installed in the system (when there are multiple controllers).The first controller is given a value of 0, the second a value of 1, and so on. The disk variable defines which hard drive is to be accessed on a SCSI controller with the BIOS disabled. As with the controllers, the first drive on the controller is given a value of 0, the second a value of 1, and so on.The SCSI and disk variables work together to define the controller and the hard drive where the OS files reside. If the Multi option is used, disk will always be 0. The rdisk variable defines which hard drive is to be accessed on an IDE controller or a SCSI controller with the BIOS enabled. Again, the first drive on the controller is assigned a value of 0, the second a value of 1, and so on.The Multi option and rdisk variable work together to define which controller and drive are used to store the OS files. If the Scsi option is used, rdisk will always be 0. Next, the partition variable defines which partition on the hard drive stores the OS files. Unlike the other variables in the ARC naming convention, the first partition on the hard drive is given a value of 1, the second a value of 2, and so on. Finally, the %systemroot% variable defines the folder in which the OS files are stored. The default, when you install Windows XP, is the WINDOWS folder. For example, assume you have a RAID system with two IDE controllers, with three hard drives on each controller and two partitions on each hard drive.The Windows XP system files are located in the \Windows folder on the second partition, which is on the third hard drive connected to the first controller.This is the ARC statement that would appear in the Boot.ini file: Multi(0)disk(0)rdisk(2)partition(2)\WINDOWS
The Windows XP Boot Sequence
The information in quotes at the end of the ARC statement is what will appear as the menu entry for this statement. Finally, you can add one or more switches.When you install Windows XP, the Windows XP setup program assigns a single boot entry for each installed OS (unlike the two entries per installed OS in Windows NT).The Boot.ini switches are defined in the next section. The Boot.ini Switches You can add several switches to the end of Windows XP ARC statements in the [operating systems] section of the Boot.ini files.These switches, which are not case sensitive, are listed in Table 7.1. Table 7.1 The Boot.ini Switches Boot.ini Switch
Description
/3GB
This switch specifies that 3GB of virtual address space is reserved for applications and only 1GB is reserved for the Kernel in each virtual machine, as opposed to the 2GB/2GB default. This switch boots Windows XP using a standard VGA video driver, which is compatible with every VGA video card. Use this switch if you have installed a new video driver and Windows XP does not boot properly.You can then change the video driver to one that does work.This switch is used with the /SOS switch in the default ARC statement in the Boot.ini file. This switch enables you to select the baud rate to use when debugging the system. If you do not select a value (indicated by xxxx), the value of 9600 is used by default when a modem is installed.This switch automatically enables the /DEBUG switch. This switch enables recording a boot log in the %systemroot%\ntbtlog.txt file. This switch defines an amount of memory (nnn) in megabytes that Windows XP is restricted from using.This setting is often used to test problems related to RAM depletion. When you enable this switch, it loads the Windows XP debugger. Unless a Kernel error occurs, however, the debugger is inactive.The Windows XP debugger is useful if your system is experiencing Kernel errors.
/BASEVIDEO
/BAUDRATE=xxxx
/BOOTLOG /BURNMEMORY=nnn
/CRASHDEBUG
137
138
Chapter 7
Booting Windows XP
Table 7.1 Continued Boot.ini Switch
Description
/DEBUG
This switch enables the debugger when Windows XP is loaded. /DEBUG allows you to start the debugger using a host debugger connected to the computer. Use this switch if your errors are easily reproducible. This switch designates the serial port (comx) to be used for communication with the host debugger. Like the /BAUDRATE switch, this switch starts the /DEBUG switch automatically. This switch disables serial and bus mouse detection. Specifying a COM port (com1 and so on) disables the scan just on that port; not specifying a COM port disables the scan on all ports.This switch is useful if you have an uninterruptible power supply (UPS) connected to your system. Many UPSs are disabled when Windows XP attempts to detect a mouse on the port on which they are communicating. This switch enables you to limit the amount of memory (x) Window XP can use. This switch disables the Windows XP bitmap splash screen during bootup; it also disables the blue screen of death because the same driver is used for both. This switch tells the system not to use the debug information. This switch controls the number of processors (nnn) the system can use. This switch stops the OS from dynamically assigning system resources (I/O ports, IRQs) to PCI expansion cards. It forces the settings in BIOS to take precedence. This switch forces a boot into Safe Mode. Options for parameter include minimal, network, and minimal(alternateshell). This switch displays device driver names and locations as it is loaded. Use this switch if you suspect that a device driver is corrupt or missing.This switch is used with the /BASEVIDEO switch in the default ARC statement in the Boot.ini file.
/DEBUGPORT=comx
/FASTDETECT={com1|com2|comx...}
/MAXMEM:x /NOGUIBOOT
/NODEBUG /NUMPROC=nnn /PCILOCK
/SAFEBOOT:parameter
/SOS
Building Boot Disks
Detecting the Hardware During this phase of bootup, Ntldr calls Ntdetect.com, which detects your video card, keyboard, mouse, drive controllers, CPU, and communication ports.
Kernel Loading and Initialization After the hardware has been successfully detected and the Hardware Profile/Configuration Recovery menu has been completed, the system loads the Windows XP Kernel (Ntoskrnl.exe). During this phase, several services are being loaded, the most important being the Windows XP Kernel (Ntoskrnl.exe) and the Hardware Abstraction Layer (Hal.dll). Although the system loads these two key services, they do not actually run until the next phase of the boot process. Next, the system checks the Registry and determines which services need to be started for the system to complete its boot process.Then the services are started. When all services have been loaded into memory, it is time to initialize the Kernel. Any services that were not initialized during the Kernel loading phase are then started.
Logging in to the System The last phase of the boot process initializes the logon subsystem (WinLogon) and passes control to it.Windows XP then displays the initial logon screen. It is important to note that, although you can begin the logon process,Windows XP might not be completely initialized. It has initialized only the components that must be in place for the logon to occur. Any non-dependent services, such as Internet Information Services, run after the logon screen appears.
Building Boot Disks This section details how to create and use boot disks. A boot disk enables you to boot a machine into MS-DOS to run diagnostic software to determine why Windows XP won’t boot. Because of the overhead needed to boot Windows XP, there is no built-in way to build a bootable copy of Windows XP using floppy disks. It would just require too many disks. If you recall, when you installed Windows XP (if you used the floppy jump-start method), it took six floppy disks just to get to the point where you could begin to install Windows XP. After that, the setup program copied enough files off the CD-ROM so that you could reboot the system and continue with a Windows XP–based installation. Note Windows XP can also fail to boot if a file is missing or becomes corrupt on the system partition. A boot disk can be used in this situation as well.
139
140
Chapter 7
Booting Windows XP
There is, however, a way to start a machine that has corrupted or missing boot files.The Windows XP boot disk provides enough information to start a computer and point it to the existing Windows XP installation. Note, however, that the existing Windows XP installation must be on the disk and accessible.The boot disk is only for troubleshooting boot errors. It is not uncommon for a small configuration change in your Windows XP environment, such as changing the partitions on a hard drive, to make your Windows XP system unbootable with the regular boot method (although the chances of this happening have been greatly reduced since Windows NT). Luckily, there is a way that you can boot Windows XP from a floppy disk.This disk is known as the Windows XP boot disk.
Boot Disk Requirements A couple of requirements must be met for a boot disk to be created successfully.The first and most important is how the floppy disk is formatted. Second, several files must be copied to the floppy disk to make it usable. When creating a Windows XP boot disk, remember that it must be formatted in Windows XP. A disk formatted in DOS,Windows 3.x,Windows 9x,Windows NT, or even Windows 2000 will not work because of the partition boot sector. Remember that the partition boot sector finds the OS and passes control to it. A boot disk from a different OS looks for the files that OS uses to boot.When you format a floppy disk in Windows XP, it modifies the partition boot sector so that it looks for Ntldr and passes control to it if it’s found. The second requirement has to do with files being copied to the boot disk.Which files are required depends on the system configuration (SCSI controllers, old OS, and so on). These are the required files for an x86-based system: n n n n n
Ntldr Ntdetect.com Boot.ini Bootsect.dos (if you are booting a previously installed OS) Ntbootdd.sys (if you have a SCSI controller with the BIOS disabled in your system)
Creating the Boot Disk Creating the boot disk is quite easy. Remember, all it does is replace the boot process described in “The Windows XP Boot Sequence” at the beginning of this chapter. It does not place the Windows XP OS on the floppy disk.To create the boot floppy disk, you need to simply format the floppy disk using an existing Windows XP system. Copy the
Building Boot Disks
following files from the system partition (generally, the root of drive C:) of the existing Windows XP installation to the newly formatted floppy disk: n n n
n n
Ntldr. Ntdetect.com. Boot.ini.This file might have to be edited so that it looks for the Windows XP boot partition in the right location. Bootsect.dos.You’ll need this file if a previous OS was installed. Ntbootdd.sys. Although it’s rare, if your system has a SCSI adapter with the BIOS disabled, you need this file. It is the driver for the SCSI card and is specific to the SCSI card you have installed in the system. Ntbootdd.sys is actually the SCSI driver copied and renamed.
Note Remember, for the Windows XP boot disk to be of any use to you, you must already have Windows XP installed and configured. It is not a replacement for Windows XP. That is, this disk has just enough “smarts” to look for the Windows XP installation and pass control to the Windows XP Kernel.
Advanced Options Menu During the initial startup phases of Windows XP, you are given the option of pressing the F8 key to enter the Advanced Options menu shown in Figure 7.2.This menu gives you a wide range of options for booting a Windows XP system that is not starting properly.
Figure 7.2 The Advanced Options menu offers several options that can help you troubleshoot a system that does not boot properly.
141
142
Chapter 7
Booting Windows XP
The Advanced Options menu items are described in the following list: n
n
n
n
Safe Mode. Boots Windows XP with a minimal set of drivers and services, using the Vga.sys video driver. Safe Mode with Networking. Boots Windows XP using Safe Mode, but adds networking support. Safe Mode with Command Prompt. Boots Windows XP using Safe Mode, but runs Cmd.exe rather than Explorer.exe. Enable Boot Logging. Starts Windows XP in Safe Mode and logs all steps to the Ntbtlog.txt file in the %systemroot% directory.
n
Enable VGA Mode. Boots Windows XP into VGA mode (640×480) using the currently installed video driver (not the generic Vga.sys driver).
n
Last Known Good Configuration. Boots Windows XP using the most recently working configuration stored in the Registry.
n
Directory Services Restore Mode. Boots Windows XP domain controllers into restore mode so that System State data can be reinstated.
n
Debugging Mode. Boots Windows XP in debug mode, which allows debugging information to be sent over a serial cable (at COM2) to a debugging workstation.
n
Start Windows Normally. Exits the Advanced Options menu and boots the system normally.
Multi-Boot System Implementation If you have Windows XP installed on your system, you know what the Microsoft multiboot system looks like. Next, you’ll look at its strengths and limitations. Simply stated, the Microsoft multi-boot system is written so that it works with Microsoft operating systems.This is both a strength and a weakness. Its strength comes from its simplicity.To modify the boot menu, you can simply edit a text file in the system partition’s root folder.The next time you boot the system, the changes appear. In addition, because Microsoft fully supports the multi-boot system, literally hundreds of TechNet and KnowledgeBase documents are available from Microsoft on the subject. You have to remember that the Microsoft multi-boot system is very simple; this limitation is its weakness. It cannot handle more than one “non-Windows NT/2000/XP” OS (not directly from the boot menu, anyway). It is limited to only 10 entries on the boot menu. For example, create a Windows XP boot disk and modify the Boot.ini file so that it has the following information:
Troubleshooting Boot Problems
[boot loader] timeout=10 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=”Windows multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=”Windows multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=”Windows multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=”Windows multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=”Windows multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=”Windows multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=”Windows multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=”Windows multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=”Windows multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=”Windows multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=”Windows multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=”Windows multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=”Windows multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=”Windows multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=”Windows
Installation Installation Installation Installation Installation Installation Installation Installation Installation Installation Installation Installation Installation Installation Installation
# # # # # # # # # # # # # # #
1” 2” 3” 4” 5” 6” 7” 8” 9” 10” 11” 12” 13” 14” 15”
Now boot your system using the Windows XP boot disk. Notice that it displays only the first 10 entries in the menu. Most users never reach the 10-entry limit in the Boot.ini file, but it’s important to note this limitation anyway. There are several third-party multi-boot systems, many of which simply improve on the Microsoft version.The main player in the multi-boot market is BootMagic. BootMagic, which ships with PowerQuest’s PartitionMagic, enables you to easily change between operating systems, regardless of the type of volume on which it is located, the OS, or the type of hard drive.You can purchase PartitionMagic online directly from PowerQuest’s Web page at http://www.powerquest.com.Two other solutions are BootPart by Gilles Vollant Software (http://www.winimage.com) and System Commander by V Communications (http://www.v-comm.com).
Troubleshooting Boot Problems Some of the most common error messages you might see when booting Windows XP are discussed in the following sections.They usually appear when files are missing or corrupt. Possible solutions for these problems are suggested in the following sections.
Ntldr Boot Errors A common error with the Ntldr file is this: BOOT: Couldn’t find Ntldr. Please insert another Disk.
143
144
Chapter 7
Booting Windows XP
If the Ntldr file is missing, you see this error message.The message appears before the boot menu is displayed because it is Ntldr’s role to display the menu. Simply replace the file by using the emergency repair process. .
For information on the emergency repair process, see Chapter 26, “Managing System Recovery,” p. 599.
Ntdetect.com Boot Errors A common error with the Ntdetect.com file is this: NTDETECT V4.01 Checking Hardware... NTDETECT failed
Or you might get the following error message: Error Opening NTDETECT Press any key to continue
These errors usually mean that the Ntdetect.com file is missing or corrupt and must be replaced by using the emergency recovery process. Another possible cause of these error messages is an incorrect ARC path in the Boot.ini file.
Ntoskrnl.exe Boot Errors A common error with the Ntoskrnl.exe file is this: Windows XP could not start because the following file is missing or corrupt: \windows\system32\NTOSKRNL.EXE Please reinstall a copy of the above file.
The Windows XP Kernel file is missing or corrupt.The best way to recover this file is to run the Windows XP emergency repair process.
Bootsect.dos Boot Errors A common error with the Bootsect.dos file is this: I/O Error accessing boot sector file Multi(0)disk(0)rdisk(0)partition(1)\\bootss
You might also get the following error message: Couldn’t open boot sector file Multi(0)disk(0)rdisk(0)partition(1)\BOOTSECT.DOS
These two error messages usually mean that the Bootsect.dos file is missing or corrupt. Use the emergency repair process to reinstall the files.
Third-Party Troubleshooting Tools
Boot.ini Errors One of the most common errors in the Boot.ini files is an incorrect ARC statement. If the statement is incorrect, or if Ntldr cannot find the partition and folder defined in the ARC statement, you might see an error message similar to the following: OS Loader V4.01 The system did not load because of a computer disk hardware configuration problem. Could not read from the selected boot disk. Check the boot path and disk hardware. Please check the Windows XP documentation about hardware ➥ disk configuration and your hardware reference ➥ manuals for additional information. Boot failed.
Having said that, however, Microsoft has modified the boot process slightly in Windows XP. Microsoft knows that most Windows XP systems use the \Windows folder as the %systemroot% directory, so Windows XP looks there if the Boot.ini file is missing or corrupt. If the Boot.ini file is not found or is corrupt, Ntldr assumes that it is in the \Winnt folder of the first hard disk and tries to boot from that location.
Third-Party Troubleshooting Tools Sometimes, you simply need to boot enough of Windows XP to enable you to rename or replace files in your installation. Although the emergency repair process solves many of these problems, it does not help in some cases. For example, many Microsoft TechNet documents tell you to delete a file or a combination of files to clear the user database or to reset security. In this situation, Microsoft suggests that you install a new copy of Windows XP and use it to repair the damaged installation.This process can be tedious and time-consuming. Luckily, some third-party tools are available that speed up and simplify this process. The NTFSDOS utility from Sysinternals enables you to boot from a regular MS-DOS, Windows 3.x, or Windows 9x boot disk and to mount NTFS volumes so that they are available to you.The NTFS volumes appear the same as the FAT volumes and enable you to view, navigate, and run files and applications stored on these volumes. The free download version is read-only.The fully functional program, called NTFSDOS Tools, gives you some limited write capabilities. It adds two commands to the read-only version of NTFSDOS: NTFSCopy and NTFSRen. You can use NTFSCopy to copy files to an NTFS volume as long as the following conditions are met: n n
The destination file must exist for the copying to take place. The source and destination files must be the same size.
145
146
Chapter 7
Booting Windows XP
You can use NTFSRen to “delete” a file by renaming it.This powerful feature does come with a price: n
n
The user cannot choose the new name of the file.The program changes the last character in the filename. The new filename cannot already exist in the directory.
Both of these extremely powerful commands can easily save you hours of repairing and installing Windows XP to fix a blue screen of death or a corrupted system file.
Turn Off, Restart, Hibernate, Standby When you’ve finished using your system, you can elect to leave the computer up and running or use one of the shutdown options. In just about every instance except when the system has crashed or frozen and fails to respond to the keyboard or mouse, you’ll want to use a graceful shutdown option. A graceful shutdown option is one that allows the system to save data, informs the network that your resources are being removed, updates recovery files, prompts you to save any unsaved work, performs system housecleaning, and properly terminates processes before the system reboots or the power is turned off. Performing graceful shutdowns is an essential step in maintaining the health of your system over the long run. Windows XP offers four standard shutdown options, accessed by clicking Start,Turn Off Computer or using the Shut Down menu in Task Manager:Turn Off, Restart, Hibernate, and Standby. Turn Off is the renamed shutdown action. It is just what it sounds like:The system terminates all current processes and, depending on its power management configuration, either automatically turns off its power or informs you that you can safely turn off the power to the system. The Restart option, a modification of the Turn Off option, performs a turn off, but instead of shutting down the power, the system reboots itself.This action is useful when you’ve installed a new application, applied a software update, or made a significant configuration change to the system. Hibernation saves the system state to the hard drive, and then the system performs a turn off. Upon rebooting, the system restores the saved system state instead of booting normally.Therefore, the system is returned to the exact same state it was in when you initiated the Hibernation option. Every application and window that was open and active before reappears just as it was. Hibernation is a great option if you regularly use the same programs every time you boot your system. Plus, using Hibernation cuts the boot time by about 50%.
Turn Off, Restart, Hibernate, Standby
To use Hibernation, you must have at least as much free hard drive space on your boot partition as the amount of physical RAM you have. Otherwise, the system cannot save the contents of memory (that is, the system state) to the hard drive. If Hibernation is not enabled by default, you can manually enable it in the Hibernate tab of Control Panel’s Power Options applet.This tab also clearly reveals the amount of free disk space required to support Hibernation and the available free disk space on the boot partition. The Standby option is similar to Hibernation, but instead of saving the system state to the hard drive, it stores it in memory, so the system state can be restored extremely quickly, usually in less than 10 seconds. Standby is available on most notebooks, and many desktop systems equipped with motherboards that offer the Advanced Power Management (APM) or Advanced Configuration and Power Interface (ACPI) feature. The only drawback to using Standby is that the system must remain powered. If power is lost while in Standby mode, the saved system state is lost.The next time the system is booted, it performs a normal boot. If the user account is protected by a password, after the system reboots or restores the system state in Hibernation or Standby mode, you are prompted for the password before you are granted access to the environment. Many notebooks can be configured to automatically enter Standby or Hibernation mode when the lid is closed or after a specified time interval when no activity has passed. It is also common for a notebook to enter Standby mode initially, and then after a defined length of time, such as 30 minutes or an hour, enter Hibernation mode.This configuration helps ensure that even with waning battery power, the system state is not lost and a fast reboot to the saved state is still possible. The dialog box that displays the shutdown options in Windows XP has only three buttons.The Hibernate and Standby options are regulated by a single button. If your system supports both capabilities, Standby is displayed by default.To access the Hibernate option, press the Shift key, which transforms the Standby button into the Hibernate button.Table 7.2 summarizes the various shutdown options and in what situations you should choose each option. Table 7.2 Use of Shutdown Options Issue
Turn Off
Restart
Hibernate
Standby
Completed work on system New device drivers were installed A new application was installed Power will be terminated, but want to retain system state Power will be maintained, but want
Y N N N
N Y Y N
Y N N Y
N N N N
N
N
Y
Y
147
148
Chapter 7
Booting Windows XP
Table 7.2 Continued Issue
Turn Off
Restart
Hibernate
Standby
Want the fastest boot time possible to retain system state Want a faster than normal boot time Want to save system state, but battery power is low A power outage is imminent Want to turn off the system quickly
N
N
N
Y
N N
N N
Y N
Y Y
Y Y
N N
Y Y
N N
Logging Off and Fast User Switching Windows XP offers two other non-shutdown options.The first is logging off. If you are the sole user of a system or just one of many people who use the same computer, the Log Off option enables you to exit your desktop and user environment and ready the system for another user to log in. If you have used a network client in the past, this procedure is nothing new to you. Logging out of one account before logging in with a different account is standard practice on networks. The second option, Fast User Switching, is available only on systems that are not network clients.When a Windows XP system becomes a network client, the fast user switching capability is disabled because it is incompatible with network logons. With fast user switching, multiple users can be logged in to the same system at the same time. Only one user is active at any given time, but the desktops of all logged on users are actively running. Fast user switching works by using the Standby shutdown option’s capability of saving a system state to memory, switching back to the logon screen, and allowing another user to log on. To engage fast user switching, click Start, Log Off and click the Switch User button.This saves the current desktop/system state to memory (usually pushed off into the page file section of virtual memory) and presents the Windows XP logon/welcome screen.The next user logs on normally. You can use fast user switching for numerous users simultaneously; the only restriction is the system’s computing capability and available memory.When two or more users are logged in simultaneously, users can switch between any user’s desktop/system state just by clicking the Switch User button again.While viewing the logon/welcome screen, all users who are logged on via fast user switching see a line next to their icon and username that states the number of active programs in their desktop environment. To terminate a fast user switching session, just click Start, Log Off to end each user’s desktop session, or any of the logged on users can initiate a shutdown option. Note,
For More Information
however, that this prompts the current user to go ahead with the shutdown and causes other users to possibly lose data. Fast user switching is available only if the welcome screen logon mode is enabled in Control Panel’s User Accounts applet. In the Change the Way Users Log On and Off section, you can select the Use the Welcome Screen check box to enable the welcome screen logon mode. If this check box is not selected, the classic Ctrl+Alt+Del logon window mode is used. If the welcome screen logon mode is enabled, the Use Fast User Switching check box becomes available. Both check boxes are enabled by default in standalone Windows XP systems.When the Windows XP Professional system is made a member of a domain, both options are disabled.
For More Information For more information about the boot process for Windows XP, please consult the following references: n n
Microsoft KnowledgeBase: http://support.microsoft.com/. TechNet (the technical subscription service from Microsoft): http://technet.microsoft.com/.
149
8 Windows XP Control Panel Utilities
I
N MICROSOFT WINDOWS XP, A MULTITUDE of Control Panel applets are installed by default. An untold number of applications and devices install their own Control Panel applets to simplify management and configuration tasks specific to those devices or applications.This chapter reviews those Control Panel applets that need additional documentation.
The History of the Registry Although the Windows XP Registry is discussed in detail in Chapter 9, “Introducing the Windows XP Registry,” we provide a definition of the Registry here so that you understand what the Control Panel applets are and how to use them.The Registry is one of the most powerful features of Windows XP. In fact, it replaces the different .ini (initialization) files as well as Config.sys, Autoexec.bat,Win.ini, System.ini, and several other configuration files used by different Windows versions. Remember that Windows 95 and Windows 98 also contain a Registry, but those versions are not compatible with the one in Windows XP. Anyone who has used Windows 3.x will remember that any time you installed a new application, two internal initialization files—namely,Win.ini and System.ini—were modified to add functionality to Windows. Usually, the application’s installation also added its own .ini file.There were three major problems with this approach. First, there was no real “standard” for the files’ names or structure. Second, these files could exist anywhere
152
Chapter 8
Windows XP Control Panel Utilities
on the hard drive.They were not limited to the default Windows installation directory (Winroot), which made it difficult at times to track down the correct file and modify it. Third, .ini files are flat repositories of information, which makes editing them more difficult, whereas the Registry is a hierarchical structure containing subfolders. Although more complex than .ini files, the Registry provides a standard way to make modifications to Windows XP systems.The main problem with the Registry is its complexity. Novice and intermediate users are warned to keep away from the Registry; one wrong move, and a reinstallation of Windows XP and all your applications and settings is required.To simplify configuration issues, Microsoft created several Control Panel applets. Looking back at Windows 3.x, you will notice that it, too, had Control Panel applets. The main difference between Windows 3.x and Windows XP Control Panel applets is that the former communicates with .ini files and the latter communicates with the Registry. In essence, the Windows XP Control Panel applets are utilities that enable you to make modification to a specific part of the Registry, without affecting any other components. Note For simplicity, the Control Panel applets are presented in alphabetical order in this chapter. Some of the Control Panel applets discussed might not exist in your current installation. Some of these applets are added when you install applications or components to Windows XP. When this is the case, the application or component is mentioned, and the process of adding it is covered.
A New Way to View Control Panel Windows XP introduces a new method of presenting the controls offered through Control Panel. By default, Control Panel is displayed in the new Category view (see Figure 8.1). In Category view, Control Panel displays wizard-like interfaces called “categories” instead of “applets.”Within each category are easy-to-use wizards to perform the most common activities. If the activity or configuration option you want to perform is not displayed within a category, you can open the applet directly from the collection of applets listed in each category. For example, if you want to install a scanner, you would click the Printers and Other Hardware link, and then select Scanners and Cameras in the next window. Category view offers nine categories, each with wizards for common functions and applets associated with those functions.Table 8.1 lists the categories and their associated applets.
A New Way to View Control Panel
Figure 8.1
Control Panel in Category view.
Table 8.1 Category Wizards in Control Panel Category Wizard
Related Applets
Accessibility Options Add or Remove Programs Appearance and Themes Date,Time, Language, and Regional Options Network and Internet Connections Performance and Maintenance
Accessibility Options Add or Remove Programs Display, Folder Options,Taskbar, and Start Menu Date and Time, Regional, and Language Options
Printers and Other Hardware
Sounds, Speech, and Audio Devices User Accounts
Internet Options, Network Connections Administrative Tools, Power Options, Scheduled Tasks, System Game Controllers, Keyboard, Mouse, Phone and Modem Options, Printers and Faxes, Scanners, and Cameras Speech, Sounds, and Audio Devices User Accounts
Within each category are tasks representing the most common activities performed through Control Panel.These tasks have been created to offer easy-to-use, step-by-step wizards for novice users to follow. In Tables 8.2 through 8.8, the tasks associated with each category are listed, and the corresponding Control Panel applet for each task is shown.
153
154
Chapter 8
Windows XP Control Panel Utilities
Note The Add or Remove Programs task simply launches the Add or Remove Applet; likewise, the User Accounts task simply launches the User Accounts subtask window (which is the User Accounts applet).
Table 8.2 Appearance and Themes Category View Task
Applet
Change the computer’s theme Change the desktop background Choose a screensaver Select how windows and buttons are presented Change the screen resolution
Display,Themes tab Display, Desktop tab Display, Screen Saver tab Display, Appearance tab Display, Settings tab
Table 8.3 Network and Internet Connections Category View Task
Applet
Set up or change your Internet connection Create a connection to the network at your workplace Set up or change your home/small office network
Internet Options, Connection tab Network Connections, New Connection Wizard Network Connections, Network Setup Wizard
Table 8.4 Sounds, Speech, and Audio Devices Category View Task
Applet
Adjust the system volume Change the sound scheme Change the speaker settings Troubleshoot audio devices
Sounds Sounds Sounds Sounds
and Audio and Audio and Audio and Audio
Devices,Volume tab Devices, Sounds tab Devices,Volume tab Devices, Hardware tab
Table 8.5 Performance and Maintenance Category View Task
Applet
See basic information about your computer Adjust visual effects
System, General tab Performance Options (System applet, Advanced tab, Settings button),Visual Effects tab Disk Cleanup (application)
Free up space on your hard disk
A New Way to View Control Panel
Table 8.5 Continued Task
Applet
Back up your data Rearrange items on your hard disk to make programs run faster
Backup or Restore Wizard (application) Disk Defragmenter (application)
Table 8.6 Printers and Other Hardware Category View Task
Applet
View installed printers or fax printers Add a printer
Printers and Faxes Printers and Faxes, Add Printer Wizard
Table 8.7 Date, Time, Language, and Regional Options Category View Task
Applet
Change the date and time Date and Time, Date & Time tab Change the format of numbers, dates, and times Regional and Language Options, Regional Options tab Add other languages Regional and Language Options, Languages tab
Table 8.8 Accessibility Options Category View Task
Applet
Adjust the contrast for text and colors on your screen Configure Windows to work for your vision, hearing, and mobility needs
Accessibility Options, Display tab Accessibility Wizard
Category view is mainly for those new to using Windows and configuring the system through Control Panel. If Windows XP is your first experience into the world of Windows, the categories can offer a primer of sorts to get started. However, those experienced in Windows will quickly grow tired of the limitations and extra clicks associated with categories. Fortunately, a single click can transform Control Panel from Category view into the Classic view that many of us know and love (see Figure 8.2). To switch to Classic view, click the Switch to Classic View option shown previously in Figure 8.1.The remainder of this chapter assumes you’ve converted Control Panel into Classic view.
155
156
Chapter 8
Windows XP Control Panel Utilities
Figure 8.2 Control Panel in Classic view.
The Control Panel Applets You can access the Windows XP Control Panel applets in several ways, as described in the following list. One method of accessing the Control Panel applets is not any simpler or better than another; it is really just a matter of preference. You can access the Control Panel applets by doing any of the following: n n n
Click the Start button, and then click Control Panel. Double-click My Computer, and then double-click Control Panel. Start Windows Explorer, navigate to the WINDOWS\System32 directory, and double-click any file with the .cpl extension.
n
From the Start menu, select Run or a command prompt, and then type CONTROL. You can specify an applet by entering it after typing CONTROL. For instance, to start the Add New Programs applet, you would type CONTROL APPWIZ.CPL. . To find the commands for launching applets from the command line, see Chapter 2, “Common Windows XP Administrative Utilities,” p. 25.
n
Drag and drop the applet from Control Panel onto the desktop and doubleclick it.
Accessibility Options The Accessibility Options applet, installed by default, is used to control all the Windows XP accessibility components (see Figure 8.3).The available options include the following:
The Control Panel Applets
n n n
n
n
n
StickyKeys: Keys can be pressed once and released rather than held down. FilterKeys: Ignores quickly repeated keystrokes. ToggleKeys: Plays a sound when Caps Lock, Scroll Lock, or Num Lock are pressed. SoundSentry and ShowSounds: Displays warnings, notifications, and other visual clues, instead of just playing a sound. High Contrast Colors: Makes it easier for people with vision problems to see the screen. MouseKeys: Configure the numeric pad to control the mouse cursor.
Figure 8.3 You can alter how to control Windows XP through the Accessibility Options applet.
Add Hardware The Add Hardware applet is used to install drivers for new hardware that the operating system (OS) doesn’t automatically detect at startup. In other words, you’ll rarely need to use this applet because Windows XP can detect and automatically install most Plug and Play (PnP) devices and a significant portion of non-PnP devices.The Add Hardware applet is actually a wizard instead of a multitabbed configuration dialog box. The Add Hardware applet also serves as a troubleshooting wizard. It accesses the same help and troubleshooting information that you find by clicking the Troubleshooter button in the Properties dialog box of a device from within Device Manager.
157
158
Chapter 8
Windows XP Control Panel Utilities
Add or Remove Programs The Add or Remove Programs applet has three major components. It enables you to change and remove programs from your system, add new programs, and add or remove Windows components. Changing and Removing Programs One of the problems with installing applications in previous versions of Windows was that when you attempted to remove the application, several program and initialization files were left behind.This caused Windows to load unnecessary drivers and information, slowing system performance. In Windows 3.x, the Uninstaller application was available to combat this problem. In essence, this application watched the installation process and kept track of what files were installed on the system and where they were placed.When you uninstalled an application, Uninstaller backtracked and removed any files installed during the installation process that were no longer needed. In Windows 95, Microsoft added this functionality as a Control Panel applet. Applications written to the Microsoft Windows 95/98 or Windows NT/2000/XP logo specification automatically appear in the Currently Installed Software list. If an application is listed there, you can simply click the Change/Remove button to run its setup program. One of the issues you might run into when attempting to remove an application is that the setup files have been deleted or the application itself has been erased.Windows XP does not dynamically change the Currently Installed Software list when an application is deleted manually. If you delete several applications manually, you will notice that several of the applications listed cannot be removed. It’s possible to get rid of them via the Registry, however.The key is HKEY_LOCAL_MACHINE/Software/Microsoft/ Windows/CurrentVersion/Uninstall. Just delete the subfolder that corresponds to the deleted program. In addition, certain software applications can help you clean this list. These are three of the most popular: n n n
ItweakU by Jockesoft.com Tweaki by JerMar Software TweakUI by Microsoft
The following sections briefly examine each tool as it relates to the Add or Remove Programs applet. ItweakU ItweakU was formerly known as TweakJr. Much like its counterparts, it enables you to “unlock” and change many hidden Registry keys in Windows XP. All the different
The Control Panel Applets
“tweaks” are separated by category into tabs. For additional information and downloads, visit www.jockesoft.com/itweaku.asp. Tweaki Tweaki is a shareware program by JerMar software.You can download it from http://www.jermar.com and evaluate it; if you decide to use it, you can register it for $15.Tweaki works with Windows XP,Windows NT,Windows 95, and Windows 98. Also included are tweaks for different Microsoft Office components. A helpful feature of this version is that tweaks are grouped by operating system. For obvious reasons, we will explore the Windows XP components. To modify the Currently Installed Software list with Tweaki, follow these steps: 1. 2. 3. 4. 5.
Run Tweaki.exe. Select the Win Tweaks tab. Click the Select for More Win Tweaks button. Click the Remove Entry from Control Panel’s Add/Remove Applet button. Select an entry, and then delete it (by clicking the Delete button) or modify its uninstall commands (by clicking the Edit button).
Tip The Edit button is handy if you add or repartition a hard drive and the drive letters have changed, leaving the uninstall program unavailable.
TweakUI TweakUI is available from Microsoft in a bundle with several other tools; the bundle is classified as a freeware program. ItweakU and Tweaki are installed as applications, but TweakUI is actually installed as a Control Panel applet.To download it, go to the Windows XP download area at http://www.microsoft.com/windowsxp/ pro/downloads/powertoys.asp. Adding New Programs You can install applications that are not written to Microsoft specifications by clicking the Add New Programs button.When you click the Add New Programs button, you are given the option to search a floppy or CD-ROM drive for the application (with the CD or Floppy button) or to install applications from Microsoft with the Windows Update button (see Figure 8.4). If the file is located, it is launched automatically, and the applet “watches” the installation process, noting all files that are added and Registry entries that are added or modified. If the file cannot be located, you are prompted to browse for the
159
160
Chapter 8
Windows XP Control Panel Utilities
setup application.When this file is located, the setup commences and is monitored by the applet. .
For additional information on Windows Update, see Chapter 5, “Keeping Windows XP Current,” p. 99.
Figure 8.4 The Add New Programs view of the Add or Remove Programs applet.
Adding or Removing Windows Components You use the third part of the Add or Remove Programs applet to add or remove Windows XP components that might have been installed during the installation process or are now required in your system. Notice that when you click the Add/Remove Windows Components button, a separate wizard is launched: the Windows Components Wizard (see Figure 8.5). From this wizard, you can select which Windows components to add or remove. Note If you are installing extra components, you might be prompted for your original Windows XP CD.
Administrative Tools The Administrative Tools applet is not actually an applet. Instead, it is a shortcut to the Administrative Tools folder, which makes it easy to add or remove administrative tools to your system.To add an administrative tool, simply add a shortcut in the Administrative Tools folder in Control Panel.
The Control Panel Applets
Figure 8.5 Selecting components in the Windows Components Wizard.
The items in this folder vary greatly, depending on the version of Windows XP and the components installed on your system.The following is a list of the most commonly found Administrative Tools: .
For more detail on the Administrative Tools, see Chapter 2, “Common Windows XP Administrative Utilities,” p. 25.
n
Component Services: Used to configure and manage COM+ applications. Computer Management: Used to administer local and remote computers and disk space.
n
n
Data Sources (ODBC): Used to add, remove, and configure ODBS drivers and data sources.
n
Event Viewer: Displays monitoring and troubleshooting information. Local Security Policy: Used to manage user rights and audit policies. Performance: Displays graphs and logs of system performance. Services: Used to start and stop system services.
n n n
Date and Time The Date and Time applet is used to set the date, time, and time zone for the system clock. It can also be used to configure Internet time server clock synchronization.When enabled,Windows XP contacts an Internet time server every 24 hours and adjusts its internal clock to match the time stamp provided by the time server. However, time synchronization is available only on non-domain Windows XP clients. When Windows XP becomes a domain member, the Internet Time tab is removed from this applet. As long as the system is a domain client, it synchronizes its clock with that of its domain controller.
161
162
Chapter 8
Windows XP Control Panel Utilities
Display The Display applet (see Figure 8.6) controls numerous aspects of the visual capabilities and features in Windows XP.You can access the Display applet through Control Panel or by right-clicking over an empty area of the desktop and selecting Properties.The Display applet has five tabs:Themes, Desktop, Screen Saver, Appearance, and Settings. Most of these tabs are familiar or at least clear as to their function.
Figure 8.6 You can customize the Windows appearance in the Display applet,Themes tab.
Use the Themes tab to select a theme for the Windows desktop environment. A theme is a set of background image, sounds, icons, and other visual effects that give the desktop environment a specific look or feel.Themes are a way to personalize or customize your computer with images and sounds that interest you.Windows XP includes the default Windows XP scheme and the classic Windows theme (as seen in Windows 2000). Other themes can be downloaded from the Internet or purchased from vendors. The Desktop tab is used to set the background image (that is, the wallpaper graphic) and/or background color. If an image is selected, you have the option of centering, tiling, or stretching it. Any BMP, JPG, or GIF file can be used as a background image. If you click the Customize Desktop button in the Desktop tab, the Desktop Items dialog box opens. In the General tab of this dialog box, you can elect to display the My Documents, My Computer, My Network Places, and Internet Explorer icons on the desktop. (They are all disabled by default.) You can customize the images used for common desktop icons.You can also enable/disable the Desktop Cleanup Wizard running automatically every 60 days.The Desktop Cleanup Wizard is used to move icons and shortcuts from the desktop that have not been used recently into the Unused Desktop
The Control Panel Applets
Items folder, which is added to the desktop. In the Web tab of the Desktop Items dialog box, you can add, remove, and manage Web components displayed on the desktop. Use the Screen Saver tab of the Display applet to enable and configure screensavers.To alter or configure the power options for the monitor, click the Power button or open the Power Options applet. Use the Appearance tab to select the style for windows and buttons, the color scheme, and the font size.You can click the Effect button to access additional visual effect configuration options, such as fast fading and smoothing the edges of screen fonts.The Advanced button is used to customize the color and font selection of window elements. Use the Settings tab to set the screen resolution, set the color quality (color depth), access the display troubleshooter, and open the Advanced properties for the video card and monitor subsystem.
Folder Options The Folder Options applet is accessed through Control Panel or by choosing Tools, Folder Options in My Computer or Windows Explorer.The Folder Options applet (see Figure 8.7) is used to configure functional and visual parameters of the file management tools native to Windows XP—namely,Windows Explorer and My Computer.
Figure 8.7 You manage how folders are presented via the Folder Options applet.
You can also use this applet to do the following: n n
Define display options for tasks and folders. Specify whether single or double clicks activate (open or execute) objects.
163
164
Chapter 8
n n n n
Windows XP Control Panel Utilities
Choose whether to display or hide system files. Enable simple file sharing. Associate file extensions with applications. Configure offline files. .
For information on offline files, see Chapter 4, “Windows XP and Hardware,” p. 77.
Fonts The Fonts applet is used to install and remove fonts from the system and view samples of font typefaces.To view a font typeface, double-click its font icon.You can install new fonts by choosing the File, Install New Font menu command, copying the font into the \Windows\Fonts folder, or using the font vendor–supplied installation process. Caution It is important not to remove fonts blindly. Windows XP requires these system fonts to function properly: Courier, MS Sans, MS Sans Serif, Small Fonts, and Symbol. They all have the hidden attribute, so they do not even appear in the Fonts applet unless you’ve configured the Folder Options applet to show all hidden files.
Game Controllers The Game Controllers applet is used to install, remove, and configure I/O interface devices commonly used to play computer games. Devices such as joysticks, steering wheels, and throttle controls can be installed through this applet.This applet is somewhat redundant, however, because most gaming controllers are PnP compatible and installed by a vendor-supplied installation disk or automatically by the OS. Even if the device is not automatically detected, it can be installed by using the Add Hardware applet.
Internet Options Windows XP comes bundled with the Microsoft Internet Explorer Web browser.You use the Internet Options applet to modify how Internet Explorer looks and behaves and how it interacts with the Internet. .
For more detail on the Internet Options applet, see Chapter 27, “Windows XP as a Web Client,” p. 621.
Keyboard The Keyboard applet is used to customize how the keyboard functions. Controls include character repeat delay, character repeat rate, and cursor blink rate.
The Control Panel Applets
Mouse The Mouse applet is used to customize how the mouse functions. Depending on the installed mouse and the available buttons, wheels, and other controls, this applet varies. Common controls include switching primary and secondary buttons for left-handed operation, changing the double-click speed, and customizing pointers, cursor icons, pointer motion, and wheel-scrolling speed.
Network Connections The Network Connections applet is used to control all networking connections, from LAN links to Internet access to wireless connections or remote access links.This applet is discussed throughout Part III, “Networking Windows XP.”
Phone and Modem Options The Phone and Modem Options applet is used to configure modems for inbound and outbound remote access connections. .
For more details on the Phone and Modem Options applet, see Chapters 17, “Remote Access,” p. 353, and 18, “Windows XP and Terminal Services,” p. 393.
Power Options Microsoft has included many new advanced power features with Windows XP.The Power Options applet (see Figure 8.8) is used to manage these settings.
Figure 8.8 You can control power settings in the Power Options applet.
165
166
Chapter 8
Windows XP Control Panel Utilities
This applet allows you to configure the system to hibernate, save the current session to disk, power the system off, and restart where you left off after rebooting the system.You can configure different power schemes to decide what Windows XP should do with component power (such as the monitor and hard drives) in various situations.
Printers and Faxes The Printers and Faxes applet is used to install, configure, and manage printers, faxes, and other print devices, such as photo printers, slide printers, and even plotters. .
For more detail on the Printers and Faxes applet, see Chapter 24, “Printing with Windows XP,” p. 543.
Regional and Language Options The Regional and Language Options applet is used to define the settings for how Windows handles times, dates, numbers, currency, and, most important, language. By default, the regional settings are defined by the version of Windows XP installed; in most cases, this is American English. No matter what language version you originally purchase, however, you can always reconfigure Windows XP to use whatever language, country, region, or alien territory conventions your heart desires. The Regional and Languages Options applet includes dozens of predefined country-, language-, and region-specific formats to choose from. If you don’t see one that exactly matches your needs, customize the one that is the closest fit.
Scanners and Cameras The Scanners and Cameras applet is used to install and manage imaging devices, such as flatbed and handheld scanners, optical character recognition (OCR) converters, and digital still and video cameras. However, this applet is like the Game Controllers applet, in that it doesn’t add anything that can’t be found in other applets—namely, the Add Hardware and System applets. (The System applet offers access to Device Manager.)
Scheduled Tasks The Scheduled Tasks applet is used to define and manage automated execution of applications or scripts. .
For more detail on the Scheduled Tasks applet, see Chapter 21, “Scripting and Automation,” p. 457.
The Control Panel Applets
Sounds and Audio Devices The Sounds and Audio Devices applet is used to manage and configure the audio multimedia features of Windows XP.Through this applet, you can set the main volume for sound output, mute all sounds, access the volume control panel for all sound and audio devices and output mechanisms, configure speaker settings (for example, monotone, stereo, triple speakers, surround sound), associate system events with sounds, set playback and recording hardware, and access the troubleshooting and properties dialog boxes of the audio and multimedia hardware devices. (They are the same troubleshooting and properties dialog boxes accessible through Device Manager.)
Speech The Speech applet is used to manage the text-to-speech capabilities of Windows XP. Although the voice is still too computer-ish for my taste (it is the same automated voice used on most weather radar cable stations), it does enable your PC to read aloud dialog box text and even text from word processors. Basically, this applet enables you to select the voice (only Microsoft Sam is installed by default) and the speed at which the voice reads.To actually use the text-to-speech feature, you must use a third-party product that includes a text-to-speech function command.The Narrator tool (Start, Accessories, Accessibility, Narrator) uses the same voice, but the Speech applet does not configure or alter it.
System You can configure several important options in the System applet through these configuration tabs: General, Computer Name, Hardware, Advanced, System Restore, Automatic Updates, and Remote.The General tab displays information about the system, such as the OS version, registration, and basic computer resources. Use the Computer Name tab to define the local computer name and to join or leave a domain or workgroup.This tab is accessed when you choose the Advanced, Network Identification command in the Network Connections dialog box. Please refer to the chapters in Part III for more information. Use the Hardware tab (see Figure 8.9) to access the Add Hardware Wizard (which is the same as the Add Hardware applet), the Driver Signing Options dialog box, Device Manager, and the Hardware Profiles dialog box.These features are discussed in the following sections. Use the Advanced tab (see Figure 8.10) to access the Performance Options, User Profiles, Startup and Recovery, Environment Variables, and Error Reporting dialog boxes (also discussed in the following sections).
167
168
Chapter 8
Windows XP Control Panel Utilities
Figure 8.9 Most hardware-related settings are accessible through the System applet, Hardware tab.
Figure 8.10 The System applet, Advanced tab allows you to configure many advanced settings in Windows XP. .
For information on the remaining tabs in the System applet, see Chapter 26, “Managing System Recovery,” p. 599 (System Restore tab); Chapter 5, “Keeping Windows XP Current,” p. 99 (Automatic Updates tab); and Chapter 17, “Remote Access,” p. 353 (Remote tab).
The Control Panel Applets
Driver Signing Driver signing is a means of ensuring that only tested and approved drivers for Windows XP are allowed to be installed on the system. Signed drivers are device drivers that the Microsoft Hardware Quality Lab has tested and approved.The Driver Signing Options dialog box offers two controls.The first is what level of protection against unsigned drivers you want to implement, and you have the following options:
n
Ignore - Install the Software Anyway and Don’t Ask for My Approval Warn - Prompt Me Each Time to Choose an Action (default)
n
Block - Never Install Unsigned Driver Software
n
.
For information on driver signing in Windows XP, see Chapter 5, “Keeping Windows XP Current,” p. 99.
The second control is whether to make this setting the default for the entire system. Driver signing configuration is restricted to computer administrators, and setting the level of protection to Warn or Block is usually a good idea. Device Manager Device Manager is used to view information, perform troubleshooting, and access configuration controls and settings for installed hardware devices. All installed devices and their operational status are listed through this tool. Devices that are operating normally are displayed with their default device icon. Devices that are functioning abnormally or need attention have a yellow circle with an exclamation point displayed over their icon (see Figure 8.11). Devices that are not functioning at all or experiencing conflicts have a red stop sign with a white × displayed over their icon.
Figure 8.11 The Device Manager shows whether devices are operating normally.
169
170
Chapter 8
Windows XP Control Panel Utilities
You can access the Properties dialog box for each device through Device Manager.These device-specific dialog boxes often contain a wide variety of tabs, information, and controls. In most cases, they include details about the device, manufacturer, device status, driver version, and configuration settings; indicate whether the device is enabled in the current profile; offer access to the troubleshooter and driver management controls; and supply information on the device’s assigned and configurable resources. By default, Device Manager displays devices sorted by type. It can also display devices by connection, resources by type, and resources by connection.When you’re installing new hardware, use Device Manager’s Resource by Type view to quickly determine whether sufficient resources (IRQ, I/O port, DMA, and memory, for example) are available for the new device. Hardware Profiles A hardware profile is to hardware as a user profile is to a user.With hardware profiles, you can handle changes in hardware components smoothly and efficiently. Each distinct collection of hardware can be assigned a unique hardware profile that includes only the necessary drivers for the existing hardware. At startup, the computer first attempts to identify the available hardware and match it against a predefined hardware profile. If one is located, the system boots using that hardware profile; if one is not located, the default profile is used, or the system prompts the user for a selection. Hardware profiles, when they are used, are used primarily on portable, notebook, or laptop systems that have significant changes in hardware between one use and another.With the widespread use of PnP technology, the need for hardware profiles is waning. To create hardware profiles, use the following steps: 1. Open the Hardware Profiles dialog box from the Hardware tab of the System applet. 2. Create a copy of the original default profile (it is named Profile 1) and assign it an appropriately descriptive name. 3. Reboot the system and, when prompted, select the newly created profile. 4. Through Device Manager, open the Properties dialog box of the hardware you want to disable. In the Device Usage drop-down list, change the selection from Use This Device (Enable) to Do Not Use This Device (Disable). That’s it. Now you can power down the system and remove any disabled hardware (or leave it—your choice). Each time you boot using a hardware profile, only the devices enabled for that profile are functional.You can re-edit any profile simply by booting into it and reopening the Properties dialog boxes of the devices via Device Manager.
The Control Panel Applets
Performance Options The Performance Options dialog box is used to manage a wide range of visual effects and control several system-level performance options. For the controls in the Visual Effects tab, you can let Windows adjust itself automatically, choose the global setting for best appearance, choose the global setting for best performance, or customize the effects. Customizing the effects simply means marking or clearing the check boxes beside the 16 or so visual effect controls, such as fading menus or sliding taskbar buttons. The controls in the Advanced tab include processor scheduling, memory usage, and virtual memory (see Figure 8.12). Processor scheduling is just a simple switch to allocate system resources for programs or background services.The Programs selection is most appropriate for systems being used as standalone systems or network clients.The Background Services selection is most appropriate for systems being used as a network repository for services and file storage.The memory usage control is also a simple choice: programs or system cache. Again, the Programs selection is most appropriate for systems being used as standalone systems or network clients.The System Cache selection is most appropriate for systems being used as a network repository for services and file storage.
Figure 8.12 You configure advanced performance settings in the Performance Options dialog box, Advanced tab.
The virtual memory control is actually the control to manage the page file’s size and location (see Figure 8.13). By default,Windows XP creates a page file 1.5 times the size
171
172
Chapter 8
Windows XP Control Panel Utilities
of physical RAM on the boot partition.You can elect to customize the page file’s size and location or leave the management up to the system.
Figure 8.13 You control how Windows XP manages virtual memory through the Virtual Memory dialog box.
Note There is an option to use no page file. This is technically and theoretically possible, especially if you have 1GB or more of RAM and the system does little more than serve as a low-end desktop or network client. However, I’ve never successfully maintained a system for more than a few weeks with the page file disabled.
If you have multiple hard drives (not just multiple partitions) that offer good performance, you can elect to move all or part of the page file to them. If you have the Shutdown and Recovery options configured to create a memory dump file, you need at least a 2MB page file on the boot partition. Other than this limitation, you can move the page file to any hard drive you want. Changing the page file settings requires customizing two parameters: Initial Size and Maximum Size.The initial size is the amount of space the system pre-allocates to the hard drive and relegates to the page file. No other file will be able to write into this preallocated space.The maximum size is the amount of space the system allows the page file to expand to as needed. However, the space difference between the initial size and the maximum size is not specified, so other files could use the space. If the space is not available, a warning message is displayed to the user when the page file expansion attempt fails.The warning advises the user to terminate applications, increase the size of the page
The Control Panel Applets
file (which really means freeing up space on the host drive), and/or rebooting. In most cases, using the same value for both the Initial Size and Maximum Size parameters is recommended. However, if your system infrequently but periodically needs much more page file space than is used in normal operations, you can use a larger value for Maximum Size. There are a few important caveats and conditions to keep in mind when managing the page file: n
Never place two or more sections of the page file in separate partitions on the same hard drive.
n
Always use the fastest hard drive possible. Always reboot between alterations to the page file.
n
As a rule of thumb, most systems perform best when a page file is used and defined with an initial size 1.5 to 2 times the size of physical RAM. User Profiles User profiles are the saved desktop and environmental settings stored for each individual user.They enable each user to have a different layout, look, and feel to the Start menu, desktop, and other aspects of the operating environment.The User Profiles dialog box is used to manage local user profiles stored on the local system. For Windows XP systems that are members of a domain, domain user profiles are managed from the domain controller.Windows XP automatically caches the profiles of both local and roaming users in the Registry and in the Documents and Settings folder. Local user profile management through the User Profiles dialog box consists of changing a profile’s type, deleting a profile, or copying a profile to another folder. A profile’s type is roaming or local. Roaming profiles exist only in a domain network, and appear in the User Profiles dialog box only if a roaming profile user logs in to the Windows XP client. After a copy of that user’s profile is stored on the system, it can be converted to a local user profile. A profile that has been changed to a local user profile cannot be reconfigured into a roaming user profile through the User Profiles dialog box. A local user profile is often used when traveling users create local logs on notebooks that are disconnected from the network. By duplicating the roaming profile from the network, users can have a desktop environment similar to the one they have when connected to the network. Deleting a user profile removes the local copy of a user’s profile from the system by deleting its files from the Documents and Settings folder and its entries from the Registry. Copying a user profile enables other users to use that profile.When a user profile is copied, you indicate a destination location where an exact copy of the user profile is created, and you select the local user account(s) that will be granted access to the copied profile.
173
174
Chapter 8
Windows XP Control Panel Utilities
Startup and Recovery The Startup and Recovery dialog box (see Figure 8.14) is used to configure the activity of the boot menu and various system failure responses.The boot menu appears by default only if two or more operating systems are present on the system. If only Windows XP is present, the boot menu is never displayed because there is only one option of which OS to boot.
Figure 8.14 You can configure how Windows XP responds to system failures through the Startup and Recovery dialog box.
If multiple OSs are present, this dialog box is used to select the default OS to boot, the length of time to display the Boot menu before selecting the default OS, and the length of time to display the recovery options (when needed). Click the Edit button in this dialog box to open a Notepad window where you can edit the Boot.ini file manually. The system failure responses control how the system will react when a STOP error occurs.The options include writing an event to the system log, sending an administrative alert to the local computer administrator, automatically restarting the system, and creating a memory dump file. A memory dump file is a file on the boot partition containing an exact copy of the RAM contents and the page file.The memory dump file can include all of virtual memory, just the memory components used by the Kernel, or a 64KB chunk of the most important addresses in the virtual memory space. In most situations, a memory dump file is useless. If you are performing high-end debugging operations and are willing to perform detailed dump file extraction activities, disable this feature to allow faster reboots and prevent memory dump files from consuming your boot partition.
The Control Panel Applets
Environment Variables The Environment Variables dialog box (see Figure 8.15) is used to view, define, and alter the environment variables for the current user and the system. In most cases, there is no need to alter the default settings. However, if modifications are necessary, the software or troubleshooting documentation will instruct you on what changes to make to which variables. I don’t recommend altering anything in this dialog box unless specifically instructed to do so.
Figure 8.15 You can alter a user’s environment via the Environment Variables dialog box.
Error Reporting The Error Reporting dialog box (see Figure 8.16) simply determines whether Windows XP will report data on program and Windows OS errors back to Microsoft via the Internet. All data gathered and submitted to Microsoft via this feature is anonymous, so don’t feel threatened by it. Some data on the hardware and system configuration is collected, but no hardware-identifying or software-registration information is gathered or transmitted.The upside of this feature is that it may encourage Microsoft to resolve common problems with its OS and other products in a more efficient and consumerfriendly manner.
Taskbar and Start Menu The Taskbar and Start Menu applet (see Figure 8.17) is used to configure the layout, contents, and operation of the taskbar and Start menu.You can access this applet through Control Panel or by right-clicking over the Start button and selecting Properties.
175
176
Chapter 8
Windows XP Control Panel Utilities
Figure 8.16 You configure whether Windows XP reports system errors to Microsoft via the Error Reporting dialog box.
Figure 8.17 You configure the layout of the Start menu and Taskbar via the Taskbar and Start Menu applet.
Use the Taskbar tab of this applet to enable or disable options for locking, auto-hiding, keeping the taskbar on top, grouping similar taskbar buttons, showing quick launch icons, showing the clock, and hiding active icons. Click the Customize button to control which notification area icons are displayed and which are hidden. Use the Start Menu tab to choose the Windows XP–style Start menu or the classic Start menu from Windows 2000. After selecting a style, click the related Customize button to configure style-specific Start menu features and contents.
The Control Panel Applets
User Accounts The User Accounts applet (see Figure 8.18) is used to manage local user accounts. If the Windows XP system is used as a domain client, this applet is disabled and the domain controller’s Active Directory Users and Computers tool is used to manage network user accounts.
Figure 8.18 You configure user accounts via the User Accounts applet.
For local user accounts, the User Accounts applet makes it quick and easy to create and manage user accounts.There are just two types of local user accounts: computer administrator and limited account.Technically, there is a third type, the guest account, but there is only a single instance of this account, which the system creates automatically during installation. You can select a task in this applet to perform the following activities: create new accounts, change account settings, and alter the way users log on and log off. .
For more information on changing how users log on and off, see Chapter 7, “Booting Windows XP,” p. 129.
177
178
Chapter 8
Windows XP Control Panel Utilities
For More Information For more information about performance monitoring and network monitoring of Windows XP, please consult the following references: n
n
n
n
Configuring and Troubleshooting Windows XP Professional. Syngress, 2001. ISBN: 1928994806. Cowart, Robert and Knittel, Brian. Special Edition Using Windows XP Professional. Que, 2001. ISBN: 0789726289. Microsoft Windows XP Professional Resource Kit Documentation. Microsoft Press, 2001. ISBN: 0735614857. TechNet:The technical subscription service from Microsoft at http://www.microsoft.com/technet/.
9 Introducing the Windows XP Registry
I
N THE PREVIOUS CHAPTER, YOU LOOKED at the Control Panel applets used to configure a Windows XP computer.The configuration information that these applets store is located in the Registry.The Microsoft Windows XP Registry is a 32-bit hierarchical database that stores hardware, software, and user system configuration information. At first glance, the Registry can seem quite formidable; however, after working with it, it will seem simple. In this chapter, you learn about the Windows XP Registry and the type of data stored in it.
Registry Overview Versions of Microsoft Windows before Windows NT stored system configuration and initialization information in the System.ini and Win.ini files. In addition, most older applications stored their own application-specific data in dedicated .ini files that could be located anywhere on the hard drive.This made it difficult to make configuration changes because an application’s .ini files could be hard to find or could not be easily identified because they all have similar names. It was not unusual to have 9 or 10 files named Config.ini, each assigned to a different application. Another major limitation of .ini files was that they were limited to a maximum file size of 64KB. As the Windows operating system and applications became more sophisticated, the problems with .ini files became more pronounced.When Microsoft released Windows NT 3.1 (the first version of NT), the company centralized system storage and application and configuration settings in a hierarchical database called the Registry.The Registry database was designed to overcome the size limitations and the difficulties of managing system configuration data with .ini files.
180
Chapter 9
Introducing the Windows XP Registry
In Windows XP, the Registry is used to store hardware and software control information for the operating system.The Registry can contain many types of data, including:
n
Hardware configuration User profiles Passwords Desktop color settings Installed applications and their configuration Installed device drivers
n
Machine name and address
n n n n n
Although most of the data in the Registry is static and changes very little, the Registry also contains dynamic data that the operating system constantly updates. Because the Windows XP Registry is 32-bit, 16-bit device drivers do not work correctly in Windows XP. However, 16-bit applications can run in Windows XP by using the Windows NT Virtual DOS Machine (NTVDM) and the Windows-on-Windows (WOW) Executive Service.The NTVDM and WOW Executive allow Win16 applications to run within a Win32 subsystem by using a protected memory space. In Windows XP, 16-bit applications continue to reference the System.ini and Win.ini files for configuration information. .
For more information on running 16-bit applications in Windows XP, see Chapter 23, “Managing Applications,” p. 509.
Ordinarily, changes to the Registry are accomplished automatically with utilities such as the Control Panel applets and the setup and configuration programs in commercial applications or device drivers. However, there are many utilities available that enable administrators to view the Registry and make changes to it manually. The native Registry-editing utility included with Windows XP is RegEdit, or the Registry Editor.With this utility, users can view, modify, and save portions of the Registry to disk.To prevent the casual user from having easy access to the Registry, Microsoft has left the Registry Editor out of the Start menu and Control Panel (and Administrative Tools) utilities. To launch the Registry Editor, select Start, Run and type REGEDIT (or REGEDT32— both launch the same tool). Figure 9.1 peers into the Windows XP Registry with the Registry Editor.The Registry hierarchy and Registry keys are shown in the left pane. The right pane lists the value labels (Name,Type, and Data) and values associated with each key or subkey.The first-level keys are named root keys, root handles, or hives.The name HKEY is a combination of the words handle and key. By that definition, HKEY_CLASSES_ROOT is considered a hive, or root key. Subkey values contain information in different formats, including binary, hexadecimal, decimal, text, and other value types.
Registry Overview
Figure 9.1 The Registry as seen through the Registry Editor.
Each value in the right pane has an associated data type and can also contain data. If the value is blank in the right pane, it is actually a null value rather than a blank.Table 9.1 lists the most commonly used Windows XP data types. Table 9.1 The Windows XP Registry Data Types Data Type
Data Type Description
REG_BINARY
Binary data with no size limitation, expressed in hexadecimal format. 32-bit binary data in hexadecimal format. Expandable string data, such as %username%.This value expands to accept data length based on the username. Multiple string data, such as combo box values. Text data type.
REG_DWORD REG_EXPAND_SZ REG_MULTI_SZ REG_SZ
Note The terms key and subkey are often interchangeable in meaning. A subkey can also be referred to as a key. Therefore, when people refer to a key or subkey, they are generally indicating something about its location within the hierarchy instead of implying a fixed naming convention.
Registry Differences The Windows 95 and 98 Registries are not compatible with those of Windows NT, 2000, or XP.The Windows XP Registry information in this book is nearly identical to
181
182
Chapter 9
Introducing the Windows XP Registry
Registry information for Windows 2000 and (to a lesser degree) Windows NT, so comparing the Registries in those versions isn’t necessary. Discussing the Registry differences between Windows XP and Windows 95/98, however, is important. Windows 95 and 98 use an additional Registry key: HKEY_DYN_DATA.This key holds the Plug and Play (PnP) configuration information for both Windows 95 and Windows 98. Although Windows XP supports Plug and Play, it does not use this key. All PnP information is stored under HKEY_LOCAL_MACHINE in Windows XP.The Registries of Windows XP and Windows 95/98 look similar, but do not contain the same information.Therefore, when installing (not upgrading) Windows XP on a computer running Windows 95 or 98, you must reinstall all 32-bit applications, create user accounts, and configure the environment to match the original settings. Fortunately, Microsoft wrote its Windows XP upgrade program so that it would recognize the differences in the Windows 95/98 Registries and make the changes needed to successfully upgrade to the Windows XP Registry.
Windows XP Registry Hives In this book, the files making up the Registry are referred to as hives. Each hive is discussed in a later section.The hive files and their locations in the Registry are shown in Table 9.2 (see also Figure 9.2). Table 9.2 Registry Hive Files and Their Locations Registry Hive File
Location
Default Hardware SAM Security Software System Ntuser.dat
HKEY_USERS\DEFAULT HKEY_LOCAL_MACHINE\HARDWARE HKEY_LOCAL_MACHINE\SAM* HKEY_LOCAL_MACHINE\SECURITY HKEY LOCAL_MACHINE\SOFTWARE HKEY_LOCAL_MACHINE\SYSTEM HKEY_USER\SID (security identifier of currently logged in user)
*Security Accounts Manager
A listing of these files is located in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\hivelist. Most of the Registry information is contained in these hive files, which are stored on disk in two locations. Machine-specific files are stored in the %systemroot%\SYSTEM32\CONFIG folder, and user-specific files are stored in the \Documents and Settings\%USERNAME% folder.
Windows XP Registry Hives
Figure 9.2 The Registry location of the Windows XP hive files.
The Registry is subdivided into hierarchically organized hives.The five hives that make up the Registry are as follows: n n n n n
HKEY_LOCAL_MACHINE HKEY_USERS HKEY_CURRENT_CONFIG HKEY_CLASSES_ROOT HKEY_CURRENT_USER
The classification of five Registry hives is, in reality, incorrect.When the Registry Editor opens, it displays five hives, but they are actually part of two major hive groupings: HKEY_LOCAL_MACHINE and HKEY_USERS.The remaining hives are subhives, if you will, of the two major ones. Microsoft aliases the subhives and presents the five hives for ease of editing and locating information within the hives.
HKEY_LOCAL_MACHINE HKEY_LOCAL_MACHINE maintains hardware configuration and corresponding software driver data.This hive manages configuration data for processors, video adapters, disks and controllers, network cards, and all other system hardware. HKEY_LOCAL_MACHINE also stores software-related information, such as product keys and configuration information, that is specific to the local computer. HKEY_LOCAL_MACHINE contains all of HKEY_CURRENT_CONFIG and HKEY_CLASSES_ROOT. HKEY_CLASSES_ROOT is a copy of HKEY_LOCAL_MACHINE\SOFTWARE\Classes.
183
184
Chapter 9
Introducing the Windows XP Registry
HKEY_USERS HKEY_USERS manages database information specific to the user’s profile, such as screen color, desktop preferences, backgrounds, and icon appearance order in the Start menu. Each time a new user is created, an additional HKEY_USERS hive is created in \Documents and Settings\%USERNAME%. (%USERNAME% is the Windows XP ID for that particular user.) Files with .sav, .log, and .alt extensions reside within the user’s profile subdirectory.The .sav files maintain a copy of the hive file after the text-mode portion of setup is completed.The .log files hold logging of all changes to the hive.The .alt files hold a backup of a hive. If the system fails during a load process, the .alt files are automatically used as a backup.
HKEY_CURRENT_CONFIG HKEY_CURRENT_CONFIG is an alias that points to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current. It was originally added to Windows 4.0 for compatibility with Windows 95, and later carried over to Windows 2000 and now Windows XP to maintain compatibility with Windows 95, 98, 98 SE, and Me.When a Windows XP machine boots, configuration information about the system’s hardware is gathered and stored.This is the same hive that maintains the Last Known Good Configuration data. Also, if multiple hardware profiles are configured for a computer, each profile is stored in HKEY_CURRENT_CONFIG. You might use hardware profiles for a variety of reasons. In a hardware profile, specific devices can be included in one profile and excluded from another (for example, a LAN card for use on a laptop computer while attached to an office LAN, and a modem card to be used when out of the office). During the Windows XP boot process, a menu is displayed, listing the available hardware profiles. Choosing a profile invokes the settings configured for that profile, and the system is started accordingly. Suppose you have a laptop that runs Windows XP.The laptop has three hardware profiles: docked, undocked with PCMCIA NIC, and undocked without a network connection. Specific hardware is configured to start each profile when that profile is selected.
HKEY_CLASSES_ROOT HKEY_CLASSES_ROOT manages the file extension for applications to reference data. For example, the .doc extension might relate to Microsoft Word for Windows.The extension and the application associated with it are included in this hive. HKEY_CLASSES_ROOT also keeps track of shortcut menu information when an item is right-clicked.
Windows XP Registry Files and Structures
HKEY_CURRENT_USER HKEY_CURRENT_USER (HKCU) is a subkey of HKEY_USERS. HKCU is the user currently logged into the system. Any changes to HKCU are written in HKEY_USERS.The user is not identified by name, but by a unique serial number called the security identifier (SID). For example, S-1-5-21-1882598320-9519350021660491571-500 is the current user logged into the system.This key lists each attribute assigned to the current user.The DEFAULT key immediately above this serial number lists the default system attributes for all users.
Windows XP Registry Files and Structures The following sections discuss the Windows XP Registry files and structures.To fully understand how the Windows Registry works, you need to have a complete understanding of these files and their organization.
HKEY_LOCAL_MACHINE HKEY_LOCAL_MACHINE contains five keys: HARDWARE, SAM (the Security Accounts Manager), SECURITY, SOFTWARE, and SYSTEM.These keys are discussed in the following sections. HARDWARE HKEY_LOCAL_MACHINE\HARDWARE (shown in Figure 9.3) amasses the keys and values that make up the hardware inventory of a Windows XP system. It also contains information about devices and specific device drivers and settings associated with each piece of hardware.Windows XP does not allow an application to directly control or access a hardware device; therefore, when Windows XP boots, all system hardware is queried and the resulting data is stored in this key. Because this key is generated dynamically, making permanent changes is not possible. The information in this key is gathered each time a Windows XP system is booted. On an x86-based system, Ntdetect.com extracts the system’s hardware information and populates the HKEY_LOCAL_MACHINE\HARDWARE subkey’s values.The Hardware Abstraction Layer (Hal.dll) then calls these values to access system hardware. Use Windows XP Diagnostics to view the HARDWARE key information.To launch this tool, select Run from the Start menu and type WINMSD at the prompt.
185
186
Chapter 9
Introducing the Windows XP Registry
Figure 9.3 The HKEY_LOCAL_MACHINE\HARDWARE subkey holds information about system hardware.
HARDWARE\DESCRIPTION The HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION key holds the descriptions for all system devices. Figure 9.4 illustrates values from the CentralProcessor key used in Control Panel’s System Properties applet.This key indicates that the processor is a type x86 Family 6, Model 5, Stepping 0, and is a 231MHz processor, shown by converting the ~MHz:REG_DWORD:0x00001fff value to decimal.The Description key holds the descriptions of hardware devices referenced by device or driver name throughout other parts of the Registry.
Figure 9.4 The HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION subkeys contain information about specific system hardware.
Windows XP Registry Files and Structures
HARDWARE\DESCRIPTION\System The System key houses information about the BIOS, system board, daughter boards, and video BIOS. HARDWARE\DESCRIPTION\System\CentralProcessor The CentralProcessor key has one subkey of 0, indicating that the system has a single processor. Additional keys indicate multiple processors, as in 0 (for the first) and 1 for the second. Because Windows XP Professional is limited to a maximum of two processors, 0 or 1 are the only valid values for this key. HARDWARE\DESCRIPTION\System\FloatingPointProcessor This key holds information about the floating-point processor. HARDWARE\DESCRIPTION\System\MultifunctionAdapter The name assigned to the MultifunctionAdapter key is chosen based on the computer’s architecture. If the bus type is ISA or Multichannel (MCA), the subkey name is MultifunctionAdapter. If the bus type is EISA, the subkey name is EisaAdaptor. Finally, if the bus type is TurboChannel, the subkey name is TcAdapter. Note Although the majority of systems have only the three MultifunctionAdapter subkeys listed here, there might be others. For example, there might be a listing for Advanced Power Management (APM) or Docking State. Some systems can have up to 12 entries (0–11). So although the information is correct for most machines, it’s not carved in stone. The same applies to the following list of values for subkey 2; for example, a CardBus controller could be listed under an OtherController subkey or a drawing pad might create a more proprietary entry.
The MultifunctionAdapter key lists three subkeys: 0, 1, and 2.The 0 key is for the PCI bus. BIOS-supported PCI devices are listed under this key.The 1 key is PNP BIOS (Plug and Play).The 2 key holds information for one of the following: n n n n n
DiskController. Hard disk and floppy disk controller information KeyboardController. Keyboard controller information ParallelController. Configured parallel ports and controllers PointerController. Configured input/mouse devices SerialController. Configured COM ports and controllers
187
188
Chapter 9
Introducing the Windows XP Registry
Each subkey under the MultifunctionAdapter key can contain the following values: n
n
n
ComponentInformation Default: 0. Stores the version number of the component and other information. ConfigurationData. Stores information about the hardware component as a resource, such as I/O port addresses and IRQ number. If data about the component is not available, this entry does not appear in the Registry, or the entry has no value. Identifier. Stores the name of a component. If the component name is not available, this entry does not appear in the Registry, or the entry has no value.
HARDWARE\DEVICEMAP The DEVICEMAP subkey contains device drivers and the corresponding created names. When a device is called, a related, bound device driver is loaded.The DEVICEMAP subkey manages the relationships between the device names and the device drivers bound to them. HARDWARE\DEVICEMAP\AtDISK The AtDISK subkey stores information for AtDisk, the driver for non-SCSI hard disk controllers on Intel-based computers.This subkey appears in the Registry only if nonSCSI disk controllers are installed on the computer. HARDWARE\DEVICEMAP\KeyboardClass The KeyboardClass subkey maps to \REGISTRY\Machine\System\ ControlSet001\_Services\Kbdclass. HARDWARE\DEVICEMAP\PARALLEL PORTS The PARALLEL PORTS subkey maps to \DosDevices\LPT1. Additional mappings appear for each additional parallel port. HARDWARE\DEVICEMAP\PointerClass The PointerClass subkey maps to \REGISTRY\Machine\System\ ControlSet001\_Services\Mouclass (mouse, trackball, and so forth). HARDWARE\DEVICEMAP\PointerPort The PointerPort subkey maps to \REGISTRY\Machine\System\ ControlSet001\_Services\i8042prt.The i8042prt subkey stores data for the i8042prt driver.The i8042prt driver handles the keyboard and mouse port (also known as a PS/2compatible mouse) for the Intel 8042 controller.
Windows XP Registry Files and Structures
HARDWARE\DEVICEMAP\Scsi The Scsi subkey holds information about SCSI host adapters and devices. Figure 9.5 shows three SCSI ports, each with its own SCSI bus. Scsi Port 0 is the first SCSI device the system identifies, and Scsi Port 1 is the second SCSI device the system identifies, and so on.The Logical Unit ID 0 subkey holds the identifier name and the type of device. The Scsi Port 0 subkey holds the DMAEnabled status, the current driver, the current interrupt used by the system, and the I/O address of the device.This subkey is useful when you attempt to isolate interrupt conflicts with SCSI devices.
Figure 9.5 The Scsi subkey lists information on SCSI devices.
SAM (Security Accounts Manager) The Security Accounts Manager (SAM) database, also known as the directory services database, is managed by using User Manager for Domains or User Manager.The HKEY_LOCAL_MACHINE\SAM key is an alias of HKEY_LOCAL_MACHINE\_Security\SAM.This key contains security information about each local user and group and is found on all Windows XP computers that are not domain controllers. SECURITY The HKEY_LOCAL_MACHINE\SECURITY key holds information about user rights, system and user policies, and group memberships. By default, the system account is granted Full Control. Administrators are granted only Special Access and cannot view the SECURITY key’s contents without modifying Registry permissions.
189
190
Chapter 9
Introducing the Windows XP Registry
SOFTWARE The HKEY_LOCAL_MACHINE\SOFTWARE key, which holds software settings unique to a specific computer, is where many of your software applications store their configuration data.The Classes subkey, under the SOFTWARE key, is aliased to HKEY_CLASSES_ROOT and keeps track of programs and file extension associations. This key also contains a Microsoft subkey that records settings specific to the Windows XP installation and configuration. SYSTEM The HKEY_LOCAL_MACHINE\SYSTEM key holds the Control Sets (see Figure 9.6). A Control Set is a database of hardware settings, device drivers, and service configuration information that Windows XP uses on startup.
Figure 9.6 The System\CurrentControlSet subkey lists information that Windows XP uses at startup.
The SYSTEM key has many important subkeys that directly affect the boot process. In essence, a Control Set is like a hardware profile with each Control Set configured with potentially different settings. SYSTEM\ControlSet and SYSTEM\CurrentControlSet The ControlSet00# subkeys, numbered 0 through 3, are most likely numbered ControlSet001 and ControlSet002, but the numbering sequence might vary. ControlSet001 and CurrentControlSet are the same. CurrentControlSet is mapped to ControlSet001 and contains duplicate information.They are the primary Control Sets used to boot Windows XP. ControlSet002 or ControlSet003 is used if Windows XP fails to boot.
Windows XP Registry Files and Structures
SYSTEM\CurrentControlSet\Control This subkey holds a vast amount of information, such as system layout, computer name, boot verification program, session manager, time zone information, product options, WOW settings, and the hive list. SYSTEM\Select The Select key holds values indicating which Control Set should be loaded when Windows XP boots, including which Control Set holds the Last Known Good Configuration.The values of this key are Current, Default, LastKnownGood, and Failed. Current is the value of the Control Set Windows XP is using, Default is the default Control Set that Ntoskrnl.exe uses, LastKnownGood is the value of the Last Known Good Configuration Control Set, and the Failed value indicates the last Control Set that failed to boot. A 0 value indicates that no boot failures have occurred during any Windows XP boot process. HKEY_USERS The HKEY_USERS hive contains all actively loaded user profiles on the system. It contains two subkeys: DEFAULT, which stores the profile used when no users are logged on to the computer (such as when the Ctrl+Alt+Delete login prompt or the initial Windows Welcome screen is displayed), and SID#, named for the current local user’s SID. SID# contains the current user’s profile. If the user is logged on remotely, the data for his or her profile is stored in the local computer’s Registry.The data in HKEY_USERS\SID# also appears in HKEY_CURRENT_USER. In Windows XP, the default user profile is not stored in the Registry—it is stored in the \Documents and Settings\%USERNAME%\Ntuser.dat file. HKEY_USERS\DEFAULT\AppEvents The AppEvents (Application Events) key holds associations between Windows XP events and their associated program sound files. HKEY_USERS\Console The Console key holds settings for character-based programs.The command window is an excellent example of these settings in action.To open the dialog box, right-click the program icon in the upper-left corner of a command window, and then select Properties.This dialog box enables you to set window size, color, fonts, and other options. HKEY_USERS\Control Panel The Control Panel key holds setting data from many of the Control Panel applets. It is highly recommended that you use Control Panel applets to indirectly modify this data instead of direct manipulation through the Registry.
191
192
Chapter 9
Introducing the Windows XP Registry
HKEY_USERS\Environment The Environment key holds some of the data displayed in the Control Panel System applet’s Environment tab.These items include environment variables, system path, user profile information, and startup/shutdown options. HKEY_USERS\Keyboard Layout The Keyboard Layout key holds language values and key preload information if, for example, you want to preload function settings or change the keyboard layout. HKEY_USERS\Software The Software subkey holds software settings that are unique to each named user. It holds such information as Microsoft software settings and system security certificates. HKEY_USERS\UNICODE Program Groups The UNICODE Program Groups key holds values associated with the Windows Program Manager utility, which was the original shell for Windows 3.x systems; Program Manager was removed starting with Windows 95.Windows Explorer does not use this key.
Security Information in the Registry It is important to remember that the local accounts database for non-domain controller Windows XP machines is stored in the Registry. How long would it take to break every password in your Windows XP security accounts database? Also, how long would it take to break a single Administrator password? Answer: too little time. If your Registry is like most, today’s password-cracking programs can connect anonymously or as a service to your Registry, copy it, close the connection, begin a dictionary, and brute-force password crack in the hope of obtaining one or more passwords. It seems that every time Microsoft changes the encryption method for the SAM, someone releases a shareware cracking program to defeat it. Although the Registry is complex and seemingly secure, it is not.You must take additional measures to successfully thwart this level of attack.The following sections focus on ways to secure the Registry from malicious hackers.
Securing the Computer Microsoft recommends the following strategies to secure your computer and Registry from hackers: n
Rename the Administrator account, and make sure it has a strong password.This makes gaining administrative rights and Registry information more difficult for a potential hacker.
Security Information in the Registry
n
n
n
n
n n
n
n
n
n
Create a fake Administrator account that has no rights.This gives a potential hacker a bogus account to try to infiltrate and gives you time to detect the intrusion. Limit the membership of the local Administrators group.The more members in this group, the more targets a hacker has to gain administrative privileges. Disable the Guest account, which is enabled by default in Windows XP. If the Guest account must remain enabled, give it a strong password as an added safety measure. Set your local account policy to ensure that strong passwords with a minimum of seven characters are used. Enable account lockout for local accounts. Secure the system’s SAM.The SAM file contains encrypted copies of users’ passwords. If it is not secured, hackers could get it and use it to crack the passwords. You can secure the SAM only by using NTFS file permissions, so you must be using NTFS instead of FAT/FAT32. Secure the main copy of the SAM by securing the Winnt\System32\Config directory. Remove the Everyone group from the list of users and groups that have permission to access the directory and files. Add the Users group to the list of users and groups that have permission to access the directory and files. Secure the backup copy in the Winnt\Repair directory. (This directory exists only if you have created a repair disk.)
n
Allow only the System account and the local Administrators group to have access to the directory and files.
n
Secure the system Registry, which requires these three steps: 1. Restrict Anonymous Access to the Registry by creating the RestrictAnonymous value under the LSA key (see KnowledgeBase article Q143474). 2. Restrict Network Access to the Registry with the Winreg key (see KnowledgeBase article Q155363). 3. Change the file association for the .reg extension to something like Notepad.This prevents a malicious Web site from inserting new keys into your Registry while you are browsing the Web. Also, double-clicking on any file with a .reg extension attempts to overwrite current information with information in the .reg file.
193
194
Chapter 9
Introducing the Windows XP Registry
Remote Registry Access The KnowledgeBase article Q314837 explains actions to control remote Registry access. This fix restricts Registry changes to the local console only.The article states the following: “The default security on the Registry allows for easy use and configuration by users in a network. In some cases, it may be useful to regulate who has remote access to the Registry, in order to prevent potential security problems.” The security on the following Registry key dictates which users and groups can access the Registry remotely: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ Control\SecurePipeServers\Winreg. If this key does not exist, remote access is not restricted, and only the underlying security on individual keys controls access. In a default Windows XP installation, this key grants Administrators Full Control for remote Registry operations. The following optional subkey defines specific paths into the Registry that are allowed access, regardless of the security on the Winreg Registry key: KEY_LOCAL_MACHINE\_SYSTEM\CurrentControlSet\Control\SecurePipeServers \Winreg\AllowedPaths\Machine (entry of type REG_MULTI_SZ). The AllowedPaths Registry key contains multiple strings, which represent Registry entries that users in the Everyone group can read. It allows specific system functions, such as checking printer status, to work correctly regardless of how access is restricted via the Winreg Registry key.The default security on the AllowedPaths Registry key grants only Administrators the ability to manage these paths.
Alternative Ways to Secure the Registry The real threat to a Registry is a user. In general terms, administrators are not users and are certainly no threat to the Registry. However, for the sake of argument, administrators are also included in this discussion. Every user does not need Full Control, but users will argue this restriction. Users with political power often win this argument, but in general, locking down Full Control is a start to securing the Registry and Registry-related settings. Keep overzealous users out of harm’s way by deleting Regedit.exe and Regedt32.exe, plus any other tools discussed in Chapters 10, “Editing the Windows XP Registry,” and 11, “Important Registry Keys and Values,” that permit Registry manipulation. If users must have one of these tools, take actions to restrict remote Registry access, which limits Registry spelunking to their own machines. Use the Registry Editor to change the security settings on the different hives within the Registry. Note that the default permission for HKEY_LOCAL_MACHINE is that the Everyone group has Read permission.
How Programs Interact with the Registry
Understanding out-of-the-box Registry permissions, access points to the Registry, and potential ways to secure the Registry will help protect your assets. Caution Remember to reboot! Any changes to Registry entries require a reboot to take effect.
How Programs Interact with the Registry The Registry is the repository for configuration information for not only the operating system, but also programs and device drivers.This configuration information can be static or dynamic. For example, when a program is started, the icon that the user clicks to start the program resides in the user configuration stored in the Registry under the HKEY_ CURRENT_USER key.The information in this key tells the operating system the name and location of the program file to start.The program then looks at its entry in the Registry under the HKEY_LOCAL_MACHINE\SOFTWARE\vendor\appname subkey (see Figure 9.7).The entry for the program has subkeys containing the configuration information that the program needs to start itself and locate any data files,.dll files, or other files it needs.These subkeys also contain information to control how this program looks to the user, what options are available, and other features.While the program is in operation, it can store running values back in the Registry under its subkey.
Figure 9.7 Registry software key showing application configuration settings.
195
196
Chapter 9
Introducing the Windows XP Registry
However, the program doesn’t actually write directly to the Registry, which would be too dangerous.The Registry uses a type of journaling to update itself. For example, if you look in the \%systemroot%\System32\Config folder, you will see files with the extensions .alt and .log in addition to the Registry files. All changes to the Registry are written to the .log files. After the changes to the .log file are complete, they are written to the Registry hive. Each write to a .log file or to the Registry is assigned a sequence number.That way, if the computer crashes during a Registry write, when the computer is restarted, it will notice that the sequence numbers don’t match and complete the unfinished write operation. The SYSTEM key has a file with the .alt extension.This file is maintained as an exact duplicate of the SYSTEM key. Any changes from .log files that are written to the SYSTEM file are also written to the System.alt file.This way, if the computer crashes and the System file is corrupt, the computer automatically uses the System.alt file as a backup so that it can be booted.
Group Policies Like the System Policies used in previous versions of Windows NT, Group Policies can be used to control the configuration of a user or computer. Group Policies in Windows XP also have additional functions, such as: n n n
n n
Controlling what software is available on a machine or available to a specific user Assigning a logon or logoff script to a user and/or a machine Redirecting folders from the default Documents and Settings folder on the local computer to a network location Assigning predefined security templates to a machine Setting disk quota policies
Group Policies enable network administrators to control the actions of users and computers from a central location. Every Windows XP machine, whether it is a member of an Active Directory domain or not, has its own local Group Policy object. Unlike the Windows NT 4.0 System Policies, which were generally applied only at the domain level, Group Policies in Windows XP can be applied at several levels. Because of this, if the machine is a member of an Active Directory domain, any other non-local Group Policy objects assigned to that machine can override its local Group Policy object settings. Group policies are processed in the following order: n n n n
Local Site Domain Organizational Unit
Group Policies
The last settings applied override previous settings. For example, if a user configures the local policy to use a Star Wars screensaver but the domain policy specifies the corporate logo for a screensaver, the user will have the corporate logo screensaver. Another major difference is that changes that the Windows XP Group Policies apply to the Registry are not permanent. If you later decide that the configuration you are using is not satisfactory, you can disable the policy, and the changes will be removed from the Registry. Local Group Policies are created and managed by using the Group Policy snap-in to the Microsoft Management Console (MMC).To access this snap-in, perform the following steps: 1. 2. 3. 4. 5. 6. 7.
Click Start, Run. Type MMC, and then press Enter. Choose File, Add/Remove Snap-in from the menu. Click the Add button to open the Add Snap-in dialog box. Select Group Policy from the list of available snap-ins. Click the Add button to add this snap-in. Click Finish, and then click Close.The Group Policy Editor appears in the MMC (see Figure 9.8). 8. Click OK to close the MMC window.
Figure 9.8 The Group Policy Editor showing options for a Local Computer Policy.
Notice that there are two sections in the Group Policy snap-in: one for computer configuration and the other for user configuration. In each section, you can configure
197
198
Chapter 9
Introducing the Windows XP Registry
Software Settings,Windows Settings, and Administrative Templates.The settings configured in the Computer Configuration section apply to all users who log on to that machine, and the User Configuration settings can be assigned to specific users. In the Group Policy snap-in, right-click Administrative Templates under the Computer Configuration section, and select Add/Remove Templates. The Add/Remove Templates dialog box shows you the Administrative Templates currently installed in the Group Policy object.You can import any of the .adm files that you create or that were used with Windows NT 4.0 or Windows 2000 into Windows XP Group Policy objects. However, remember that some of the Windows NT .adm files made Registry changes that are outside the scope of the approved Windows XP changes. In addition, unlike other settings in Group Policies, the settings introduced by using Windows NT .adm files are not automatically disabled when the Group Policy object is disabled.They persist unless they’re explicitly disabled, just as they were in Windows NT 4.0. When a Windows XP computer is started, it first looks to see whether a local policy is stored in the local machine’s %SYSTEMROOT%\System32\GroupPolicy folder. If the folder contains a policy that affects any computer settings, they are applied to that machine’s Registry. If the computer is a member of an Active Directory domain, it then logs on to the domain and checks the \WINNT\SYSVOL\SYSVOL\domainname folder for any applicable policies.These policies are applied in the hierarchical order discussed previously, with conflicting settings being overwritten by policies that are higher in the hierarchy. This process is repeated when a user logs on to the machine. She will receive the local policy settings that pertain to her user account, and then the non-local settings in the hierarchical order. There is no limit to the number of policies you can implement at the non-local level. However, remember that these policies are applied when the machine is started or the user logs on to the system, so the number of policies that are processed can affect the startup time adversely.
For More Information For more information about the Windows XP Registry, please consult the following references: n
Hipson, Peter D. Mastering the Windows XP Registry. Sybex, 2001. ISBN: 0782129870.
n
Microsoft TechNet (http://www.microsoft.com/technet/) contains useful information about the Registry.Topics discussed in this chapter can be found by searching on keywords related to these topics.
n
Microsoft Windows XP Professional Resource Kit Documentation. Microsoft Press, 2001. ISBN: 0735614857.
10 Editing the Windows XP Registry
I
N THIS CHAPTER, YOU BEGIN WORKING with the Windows XP Registry, a data file with configuration information about all 32-bit hardware, 32-bit driver combinations, and 32bit Windows XP applications.To help you work with the Registry more efficiently, you learn about some of the available tools, both native and third-party.This chapter assumes that you are accustomed to manually adjusting values in the Registry and that you are interested in the useful tasks you can accomplish only by manipulating the Registry directly.
Editing the Registry is akin to tinkering with the brain—you should know what you’re doing, or you’ll suffer dire consequences.When you edit the Registry, you’re manipulating Windows XP configuration information; one wrong change and your Windows XP configuration could be toast. You can edit the Registry directly and indirectly.You do indirect editing by using the applets in Control Panel, making user or group membership changes, changing disk configurations in Disk Management, applying Group Policy objects, or changing the operating environment. Indirect editing using these methods is safest because these changes are accomplished programmatically. A method such as this is less likely to introduce Registry errors because programs, which are usually extensively tested before release, make any necessary changes for you. You can edit the Registry directly by using the native Registry Editor tool or one of the numerous third-party editing tools. Direct editing is extremely dangerous, however; a minor mistake in a binary number or deleting the wrong value can have dramatic effects on your system. Before you change the Registry, make a set of Windows XP boot disks and create a backup of the system state (an option in most Windows XP–compatible backup products, including the native backup tool) and the Registry files (see the next section). These disks enable you to get back to where you started if your Registry alterations
200
Chapter 10
Editing the Windows XP Registry
caused unwanted and unexpected catastrophic results. Always be prepared for a change to make your system fail or operate abnormally. If you’re prepared for disaster, you can usually find a way to get the system up and running again.
Backing Up the Registry The primary tools built into Windows XP to perform Registry backups and restores are the Registry Editor and the Backup utility, used to back up a computer’s local Registry. Backing up a Registry is not enabled by default. In the Backup utility (accessed by clicking Start, All Programs, Accessories, System Tools, Backup, Advanced Mode, and then clicking the Backup tab), you must select the System State check box to perform this task (see Figure 10.1). Unlike Window NT, which required a tape drive to be installed to back up a Registry, the Windows XP Backup utility can back up to tape, a floppy drive, or any other device.
Figure 10.1 Backing up the Registry in the Windows XP built-in Backup utility.
You can also use the Registry Editor to back up the Registry by choosing File, Export from the menu.Through this command, you can select to create a backup file of the entire Registry or a selected branch (that is, a subkey level and all contents). See the next section for discussion on launching the Registry Editor. .
For a complete discussion of using the Windows XP Backup utility, see Chapter 20, “Windows XP Backup and More,” p. 437.
Editing the Registry
Editing the Registry Windows XP includes a utility for editing and adding Registry data—the Registry Editor (see Figure 10.2)—but you cannot find this tool in the Start menu, Control Panel, or Administrative Tools. Because this tool’s only purpose is to edit the Registry directly, Microsoft deliberately kept it out of the Start menu and other common tool areas to discourage its use.You must start it from a command prompt or the Run command with REGEDIT or REGEDT32.
Figure 10.2 The Registry Editor.
Windows 2000 had two versions of the Registry Editor: 16-bit (launched with REGEDIT) and 32-bit (launched with REGEDT32). Microsoft opted to combine these two tools into a single utility, but retained the ability to access the tool with either program name. You can use the Windows XP Registry Editor to add, remove, and alter Registry keys; alter security settings (permissions and auditing); and perform Registry-wide keyword searches.The following sections detail the unique or special menu commands found in the Registry Editor. Caution Remember, when using the Registry Editor, you are viewing and altering the live, in-memory, in-use version of the Registry. When you make changes, no confirmation dialog boxes appear to warn you of impending changes. In general, any changes you make in the Registry affect the system immediately, but it is a good idea to reboot the system to be sure.
201
202
Chapter 10
Editing the Windows XP Registry
File: Import and Export Use the Import and Export commands to save to file (Export) or load from a file (Import) the entire Registry or selected branches (that is, a subkey level and all contents). Export can create normal Registry files (.reg), Registry hive files (._), text files (.txt), and Windows 9x/NT Registration files (.reg). With the Import command, you can import only normal Registry files (.reg) and Registry hive files (._). Also, by importing a Registry file, the contents of the imported file will overwrite the data in memory, thus permanently changing the Registry.
File: Load Hive and Unload Hive You can load a hive into the Registry that has been saved as a text file or remove a loaded hive from your system.The Load Hive and Unload Hive commands affect only the HKEY_USERS and HKEY_LOCAL_MACHINE predefined keys and are active only when these predefined keys are selected.When you load a hive into the Registry, the hive becomes a subkey of one of these predefined keys. To load a hive into the Registry, follow these steps: 1. 2. 3. 4.
Select HKEY_USERS or HKEY_LOCAL_MACHINE. Choose File, Load Hive from the menu. Select the hive file and click the Open button. In the Load Hive dialog box, enter the key name to assign the hive, and click OK. The selected hives now appear as subkeys of HKEY_USERS or HKEY_LOCAL_MACHINE.
To unload a hive, the hive must have been previously loaded.You cannot unload the default hives.When a hive is loaded into the Registry, it becomes a subkey of HKEY_USERS or HKEY_LOCAL_MACHINE. To unload a hive from the Registry, select a hive that was previously loaded into the Registry, and then choose File, Unload Hive from the menu. After you do this, the unloaded hive no longer exists in the Registry.
File: Connect Network Registry and Disconnect Network Registry The Registry Editor views the local Registry by default, but you can also use it to view and edit remote Registries of networked systems.When you choose File, Connect Network Registry, a browse dialog box appears.You use this dialog box to search for and select the remote system to connect with to access its Registry. By default, users who are members of the Administrators or Backup Operators group have remote access to the Registry on other Windows XP systems. If you want to enable
Working with Existing Keys and Values
access to remote Registries for other users or groups, see the Microsoft KnowledgeBase document Q314837 (http://support.microsoft.com/ default.aspx?scid=KB;EN-US;Q314837&). However, we don’t recommend performing this activity because it opens a serious security vulnerability that malicious users can exploit. Obviously, any time you open a system to remote access, you take the risk of an unauthorized user attempting to gain access to your system.When it comes to the Registry, you can never be too careful! After you’ve completed your remote Registry alterations, use the Disconnect Network Registry command to terminate the remote connection and return to viewing the local Registry.
Edit: New To add new Registry keys, String values, Binary values, DWORD values, Multi-String values, and Expandable String values, choose Edit, New from the menu.
Edit: Permissions The Permissions command is used to add or change permissions for all or parts of the Registry.You can also use this command to configure auditing on the Registry (to monitor access to the Registry) and to set the owner of hives or keys in the Registry.The Permissions command for the Registry functions in exactly the same manner as permissions for files and folders.
Working with Existing Keys and Values There are five Registry hives: HKEY_CLASSES_ROOT, HKEY_CURRENT_ CONFIG, HKEY_USERS, HKEY_CURRENT_USER, and HKEY_LOCAL_ MACHINE.These hives are covered in more detail in the following sections.
The HKEY_CLASSES_ROOT Key HKEY_CLASSES_ROOT is really a subkey of HKEY_LOCAL_MACHINE\Software. It’s used for object linking and embedding (OLE) functions, and it ensures that an application’s associations are correctly invoked when a file type is selected and opened. HKEY_CLASSES_ROOT also includes the names of all drivers, strings used as pointing devices to the actual application text they represent, class ID numbers, dynamic data exchange (DDE) and OLE information, and the icons used for applications and related documents.
203
204
Chapter 10
Editing the Windows XP Registry
The HKEY_CURRENT_CONFIG Key HKEY_CURRENT_CONFIG contains hardware profile information used during system startup and was added to Windows NT 4.0 to ensure compatibility with Windows 95.This compatibility enables applications that support HKEY_CURRENT_CONFIG to run on Windows 95,Windows 98,Windows NT, and Windows XP.This key is actually a subtree aliased to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ Hardware\Profiles\Current; therefore, the discussion of HKEY_LOCAL_MACHINE includes the HKEY_CURRENT_CONFIG key.
The HKEY_USERS Key HKEY_USERS is the root for all HKEY_CURRENT_USER profiles on the computer. It contains information related to the logged-on user and the default user settings. The HKEY_USERS key contains configuration information for all users, but makes it available only to the specific user when he or she logs in.This key is located in Documents and Settings\%username% (%username% is the user who is currently logged on).
The HKEY_CURRENT_USER Key HKEY_CURRENT_USER contains information related to the currently logged-on user. HKEY_CURRENT_USER is actually a subkey of HKEY_USERS.Table 10.1 describes the default subkeys for HKEY_CURRENT_USER. Table 10.1 Registry Subkeys and Their Functions Subkey
Function
Console Control Panel Environment Keyboard Layout Identities Printers RemoteAccess Software
Stores window options and command-prompt configurations. Specifies Control Panel applet configuration information. Stores environment variable information for the current user session. Holds information about user keyboard preferences. Defines the user’s identity. Houses printer information for all mapped printers. Stores information about the Routing and Remote Access Service. Houses settings for user-installed software or preference settings for globally available software.
The HKEY_LOCAL_MACHINE Key The HKEY_LOCAL_MACHINE key manages information related to the local computer’s hardware and device drivers.There are several subkeys of importance, which are discussed in the following sections.
Working with Existing Keys and Values
HKEY_LOCAL_MACHINE\Software This subkey contains configuration information for all the software installed on the local machine.The convention for storing this information, according to Microsoft, is \Software\Company Name\Product Name\Version Number. If you use this convention, you can query Registry information on all network computers to check for installed software and version information. HKEY_LOCAL_MACHINE\Software\Classes This subkey contains file type–to–application association information as well as information related to Component Object Model (COM) objects. HKEY_LOCAL_MACHINE\Software\Microsoft This subkey contains information specific to Microsoft software installed on the local machine. HKEY_LOCAL_MACHINE\Hardware This subkey maintains a database of the hardware-specific information on the local machine.You can use it to get a clear picture of the computer’s physical configuration, including configuration data about the processor, network interface card (NIC), memory, bus type, and so on. HKEY_LOCAL_MACHINE\Hardware\Description On an Advanced RISC Computing (ARC)–compliant machine, when the system boots, the firmware is queried and the result is copied to this subkey. On x86-based systems, the NTDETECT.COM process then gathers the system hardware information it recognizes and populates this subkey. Binary component identification information, the component ID, and configuration information (such as CPU type and speed, interrupt request [IRQ] settings, direct memory access [DMA] channels, and input/output [I/O] ports) are gathered during this phase. HKEY_LOCAL_MACHINE\Hardware\DeviceMap This subkey keeps a record of created device driver names and their associated device objects. It cross-references the drivers to the objects organized by device class.Therefore, when a disk array calls the underlying Windows XP subsystem, the appropriate device driver is called to perform the task. HKEY_LOCAL_MACHINE\Hardware\ResourceMap The ResourceMap subkey is dynamically created each time the machine is booted. It maintains a mapping of hardware devices to software drivers.This key detects and reports conflicts from the device drivers’ memory addresses, interrupts, DMA channels, and I/O ports.
205
206
Chapter 10
Editing the Windows XP Registry
HKEY_LOCAL_MACHINE\SAM This subkey, of course, contains the security accounts database for the local system. SAM is the abbreviation for Security Accounts Manager. You can’t actually see or manipulate the SAM from this key. It’s here just for show. HKEY_LOCAL_MACHINE\SYSTEM This subkey maintains information about the Windows XP boot process.Table 10.2 shows the four Control Sets under HKEY_LOCAL_MACHINE\SYSTEM. Table 10.2 Control Sets Under HKEY_LOCAL_MACHINE\SYSTEM Control Set Subkey
Description
ControlSet001 ControlSet002 CurrentControlSet CurrentControlSet\Control
Used to boot Windows XP. Is a backup to ControlSet001 if it fails to load. Mapped to ControlSet001 and is used to boot Windows XP. Contains information such as computer name, file system, session manager, and memory manager settings. Contains a mapping to all mounted devices on the system.
MountedDevices
Data Formats of the Registry Adding data to the Registry is a fairly simple task. However, knowing what type of information to create and where is much more difficult.The following sections discuss the specific data formats used in the Registry. The Registry manages five main value types: Binary, String, DWORD, Multi-String, and Expandable String. Separate editing tools (supplied with Windows XP) are used, depending on the value type selected.
Binary or REG_BINARY The Binary type houses data in a binary format generally used to store hardware component information. Examples include entries under HKEY_LOCAL_MACHINE\ SAM, although these entries in the Registry are relatively rare.
DWORD or REG_DWORD This value, edited with the DWORD editor, represents a 32-bit, 4-byte number used in error control functions. Many entries related to device drivers and Boolean values use
Data Formats of the Registry
the DWORD data format type. DWORD data can be displayed as binary, hexidecimal, or decimal.
Multi-String or REG_MULTI_SZ This value enables you to input multiple strings of data.The Multi-String data format type is often used for contents of list boxes, to list multiple paths, or for other data sets that offer multiple selections or views.Values in a Multi-String entry can be separated by spaces, commas, or other marks.
Expandable String or REG_EXPAND_SZ This value uses the same editor as REG_MULTI_SZ, but indicates that the data has the ability to expand (have information added to it).This data format type is also known as a variable-length text string. It is often used for variables that are resolved when an application or service uses them.
String or REG_SZ The String type is a sequence of characters that represent a Unicode user-readable string. Entries might be names, titles, numbers, paths, or other text items.The SZ in REG_SZ stands for String Zero terminated. Examples of value entries with the REG_SZ data format can be found in the HKEY_LOCAL_MACHINE\ HARDWARE\DESCRIPTION\System key. The other data format types that appear in the Registry are listed in Table 10.3, along with their acceptable content formats. Table 10.3 Registry Value Types and Their Intended Uses Value Type
Description
REG_NONE
The value type does not exist or it is unknown because of the type’s encryption. Binary data in bit or binary form. A 32-bit number expressed in hexadecimal, octal, or decimal format. A 32-bit number with the high byte expressed first. An Expandable String that can include embedded variables, such as %systemroot%. Hardware Resource Description in the \Hardware subkey of HKEY_LOCAL_MACHINE.
REG_BINARY REG_DWORD REG_DWORD_BIG_ENDIAN REG_EXPAND_SZ
REG_FULL_RESOURCE_DESCRIPTOR
207
208
Chapter 10
Editing the Windows XP Registry
Table 10.3 Continued Value Type
Description
REG_LINK REG_MULTI_SZ REG_RESOURCE_LIST
A Unicode-formatted symbolic link. An array containing strings. Hardware Resource Lists found in the \Hardware subkey of HKEY_LOCAL_MACHINE. Resource requirements.
REG+RESOURCE_REQUIREMENTS_LIST
Importing and Exporting Registry Data Backing up the local Registry is an essential part of system backups.The Backup utility, shown previously in Figure 10.1, enables you to back up the local server’s Registry. Other options for performing Registry backups are available to administrators.This section looks at the functions of importing and exporting Registry keys through the Registry Editor itself. .
For more information on the Backup utility and administrator options, see Chapter 20, “Windows XP Backup and More,” p. 437.
Importing Registry Files If you want to back up the Registry without using the built-in Backup utility, the Registry Editor fills the need.You have two options when importing into the Registry. One option is to double-click the exported .reg file, which launches an import action and overwrites existing Registry keys. Because of the possibility of overwriting important Registry information, you should perform this action with great caution. In fact, it’s a good idea to rename your old .reg files to .re so that you don’t import them mistakenly. Another option is to import the .reg file by using the Registry Editor.To do this, choose File, Import from the menu, and then select a .reg file.This process imports an exported Registry or hive. Again, this import option overwrites any existing Registry information with no warning. Import Registries with caution.
Exporting Registry Files To back up the Registry using the Registry Editor, choose File, Export from the menu to open the Export Registry File dialog box shown in Figure 10.3. Select the location for the exported Registry. Using this method, you can export the entire Registry or a selected portion of it.The exported file is saved with a .reg extension.
Avoiding Registry Problems
Figure 10.3 Exporting a Registry file with the Registry Editor.
Avoiding Registry Problems You can avoid Registry problems with careful planning and prevention. Avoiding Registry problems is always better than the alternative. It’s not really the Registry problem you should be worried about, anyway—it’s that call at 2:00 a.m. Sunday morning telling you about the server outage you should be worried about.This section discusses a strategy for minimizing the impact and downtime associated with Registry-related incidents.
Last Known Good Configuration If you’re unable to boot your system after making a change to the Registry, the best escape pod that Microsoft provides is the Last Known Good Configuration (LKGC). When you boot Windows XP, you’re presented with an option to press F8 to enter the Windows XP Advanced Options menu. At this point, you can select the Last Known Good Configuration option to get a menu from which you can choose saved configurations.The Last Known Good Configuration means that, based on the last configuration, your system was able to get to the initial logon screen. It does not mean that your Registry was evaluated against some criteria for goodness, but that your boot appeared to be successful as far as Windows XP was concerned.Take this for what it’s worth.With Last Known Good Configuration, you should be able to log in to the system to repair potential damage. Be careful, though. If you log in to the system and then decide you want to boot the LKGC, it’s too late.The old configuration is overwritten with the new one after the logon process is completed.
209
210
Chapter 10
Editing the Windows XP Registry
Registry Security Like New Technology File System (NTFS), the Registry also has security controlled by Access Control Lists (ACLs). Setting Registry security correctly prevents unauthorized personnel from making direct or indirect changes to your system.There are three primary permissions for Registry keys: Full Control, Read, and Special Permissions. In addition, there are several Advanced permission options: n n n n n
n n n n
n n
.
Full Control. Assigns full control access. Query Value. Assigns the user or group to read the settings of a value entry. Set Value. Assigns the user or group the ability to set the value of an entry. Create Subkey. Assigns the user or group the ability to create a subkey. Enumerate Subkeys. Assigns the user or group the ability to identify all subkeys of the selected key. Notify. Allows the user or group to receive subkey audit notifications. Create Link. Allows a user or group to create a symbolic link to the key. Delete. Allows a user or group to delete a subkey. Write DAC. Allows a user or group to read the Discretionary Access Control list for the selected subkey. Write Owner. Allows a user or group to take subkey ownership. Read Control. Allows a user or group to read the security information associated with a subkey. For a discussion of strategies for maintaining Registry security, see Chapter 9, “Introducing the Windows XP Registry,” p. 179.
Troubleshooting the Registry Let there be no doubt:Troubleshooting the Registry can be rocket science. Methodical investigation, however, generally gets past the symptoms to the root of the problem. Registry problems manifest themselves in several ways. Foremost, you know you have a problem when you receive a BSOD—lovingly known as the Blue Screen of Death. A BSOD, or a STOP message, indicates the cause of the failure. Understanding this hieroglyphic screen in its entirety is not necessary.There are some key indicators that will help your investigation.The second line of the STOP message lists the type of error encountered.The error will read “Unhandled User exception” or “Unhandled Kernel exception” followed by some address information for focusing your troubleshooting search. Unhandled User exceptions involve user-mode operating system software, whereas Unhandled Kernel exceptions relate to the operating system, third-party software drivers, or hardware.The third and fourth lines of the STOP message indicate what
Uninstalling Applications
caused the failure and the associated address or addresses. After the STOP information is evaluated, checking the Event Viewer’s System and Application logs might narrow the problem search. In addition, you can search TechNet at http:// www.microsoft.com\technet for the eight-digit stop code for further information. Generally speaking, the following events are the most likely causes of problems with the Registry: n
Installing and uninstalling software. Software does not always install and uninstall as intended on every system. Always check with the software vendor to make sure it’s compatible with Windows XP.
n
Hardware-specific changes to the Registry. Events such as adding a new NIC might trigger downstream symptoms, such as failure to authenticate to the domain, although the protocol seems to be working and bound properly. One issue that arises occasionally is having no protocols listed in the Network applet, even though TCP/IP is functioning properly.
n
Direct changes to the Registry. Everyone makes mistakes. Incorrect manipulations of the Registry are, unfortunately, common.
Uninstalling Applications Sometimes no Add/Remove Program item exists for an application, the Add/Remove operation doesn’t function correctly, or no uninstall utility was provided with an application. Simply deleting the installation directory doesn’t remove all of a program’s code. Here is one way to ensure the complete removal of a program: 1. In HKEY_LOCAL_MACHINE\Software and HKEY_CURRENT_USER\ Software, locate the entry for the application you intend to remove and delete the program’s entries. 2. Remove any entries for the program from the Start menu under Documents and Settings\All Users\Start Menu\Programs and under Documents and Settings \%username%\Start Menu\Programs.The program could exist in one or both places, so always check both. 3. If the program had a component listed as a service, edit HKEY_LOCAL_ MACHINE\System\CurrentControlSet\Services and delete the associated entry. 4. If the program had an entry in the Add/Remove Programs list, edit HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ Uninstall, locate the entry, and remove it.
211
212
Chapter 10
Editing the Windows XP Registry
5. If no entry existed in the Startup folders, but the program starts automatically, edit HKEY_CURRENT_USER\Software\Microsoft\Windows XP\ CurrentVersion\Windows. Check the load and run value entries to see whether they contain related program information; if so, delete the information. 6. An application can be placed in several locations to have it autostart. Here are the places in which John Savill’s Windows NT/2000 FAQ (http:// www.ntfaq.com) recommends looking: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Current Version\Run HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ RunOnce HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ RunServices HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ RunServicesOnce HKEY_LOCAL_MACHINE\Software\Microsoft\Windows XP\ CurrentVersion\Winlogon\Userinit HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Run HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ RunOnce HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ RunServices HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ RunServicesOnce HKEY_CURRENT_USER\Software\Microsoft\Windows XP\ CurrentVersion\Windows\run HKEY_CURRENT_USER\Software\Microsoft\Windows XP\ CurrentVersion\Windows\load %systemroot%\win.ini 7. Delete the program’s installation folder(s). 8. Reboot the computer.
Third-Party Registry Editing and Management Utilities Several third-party editing and management utilities are available for maintaining the Registry. (“Third-party” refers to anything that doesn’t ship on the Windows XP
Third-Party Registry Editing and Management Utilities
distribution CD.) This section discusses tools from the Windows 2000 Server Resource Kit, the Windows NT Server 4.0 Resource Kit CD (yes, that says “Windows NT”), and the Internet.
REG REG is a command-line manipulation utility provided on the Windows NT Server 4.0
Resource Kit CD.This utility is no longer available on the Windows XP Server Resource Kit, but the previous version will work under Windows XP. REG contains the following commands: REG QUERY, REG ADD, REG UPDATE, REG DELETE, REG COPY, REG SAVE, REG BACKUP, REG RESTORE, REG LOAD, and REG UNLOAD.They replace the Registry commands REGCHG.EXE, REGDEL.EXE, REGDIR.EXE, REGREAD.EXE, REGSEC.EXE, RESTKEY.EXE, RREGCHG.EXE, and SAVEKEY.EXE. Each command enables you to manipulate local and remote Registries.When omitted as a syntactical argument, HKEY_LOCAL_MACHINE is assumed. REG QUERY Use the REG QUERY command for local or remote queries of a Registry.The syntax for REG QUERY is as follows: REG QUERY RegistryPath [\\Machine] [/S] RegistryPath [ROOTKEY\]Key[\ValueName] ROOTKEY [ HKLM | HKCU | HKCR | HKU | HKCC ] Key is the full name of a Registry key under the selected ROOTKEY. ValueName is the value, under the selected Key, to query. When omitted, all keys and values under the Key are listed. Machine is the name of the remote machine. Omitting Machine defaults to the current machine. Only HKLM and HKU are available on remote machines. /S or /s queries all subkeys. Examples: REG QUERY HKLM\Software\Microsoft\ResKit\Setup\InstallDir Displays the value of the InstallDir Registry entry. REG QUERY HKLM\Software\Microsoft\ResKit\Setup /S Displays all keys and values under the Setup subkey.
Tip The information in the following sections is taken directly from the online documentation for the REG utility. At any time, you can type one of the REG commands followed by a slash and question mark—REG QUERY /?, for example—and you’ll be able to view the information in the following sections onscreen.
213
214
Chapter 10
Editing the Windows XP Registry
REG ADD Use the REG ADD command to make additions to a local or remote Registry.The syntax for REG ADD is as follows: REG ADD RegistryPath=Value [DataType] [\\Machine] RegistryPath [ROOTKEY\]Key\ValueName=Value ROOTKEY [ HKLM | HKCU | HKCR | HKU | HKCC ]Optional. When ROOTKEY is omitted, HKLM is assumed. Key is the Registry key’s full name under the selected ROOTKEY. ValueName is the value, under the selected Key, to add. Value is the value to assign to the Registry entry being added. DataType can be one of the following: REG_SZ, REG_DWORD, REG_EXPAND_SZ, or REG_MULTI_SZ. (If omitted, REG_SZ is assumed.) Machine is the name of the remote machine. Omitting Machine defaults to the current machine. Only HKLM and HKU are available on remote machines. Examples: REG ADD HKLM\Software\MyCo\MyApp\Version=1.00 Adds the Registry entry version=1.00 of type REG_SZ. REG ADD HKLM\Software\MyCo\MyApp\Timeout=5 REG_DWORD \\ZODIAC Adds the Registry entry Timeout=5 of type REG_DWORD on machine ZODIAC.
REG UPDATE Use the REG UPDATE command specifically to make changes to existing Registry information on local or remote machines.The syntax for REG UPDATE is as follows: REG UPDATE RegistryPath=Value [\\Machine] RegistryPath [ROOTKEY\]Key\ValueName ROOTKEY [ HKLM | HKCU | HKCR | HKU | HKCC ] Optional. When ROOTKEY is omitted, HKLM is assumed. Key is the full name of the Registry key under the selected ROOTKEY. ValueName is the value, under the selected Key, to update. Value is the value assigned to the Registry variable being updated. Machine is the name of the remote machine. Omitting Machine defaults to the current machine. Only HKLM and HKU are available on remote machines. Examples: REG UPDATE Software\MyCo\MyApp\Timeout=10 Replaces the existing value for Timeout with 10. This setting defaults to HKLM. REG UPDATE HKLM\Software\MyCo\MyApp\Version=2.01 \\ZODIAC Replaces the existing value for Version with 2.01 on machine ZODIAC.
Third-Party Registry Editing and Management Utilities
REG DELETE Use the REG DELETE command to locally or remotely delete Registry keys.The syntax for REG DELETE is as follows: REG DELETE RegistryPath [\\Machine] RegistryPath [ROOTKEY\]Key[\ValueName] ROOTKEY [ HKLM | HKCU | HKCR | HKU | HKCC ]OPTIONAL When ROOTKEY is omitted, HKLM is assumed. Key is the full name of a Registry key under the selected ROOTKEY. ValueName is the value, under the selected Key, to delete. The ValueName is optional. When omitted, ALL keys and values under the Key are DELETED. Machine is the name of the remote machine. Omitting Machine defaults to current machine. Only HKLM and HKU are available on remote machines. /F or /f forces the deletion(s) without questions. Be careful with this one! Examples: REG DELETE HKLM\Software\MyCo\MyApp\Timeout Deletes the Timeout Registry entry. REG DELETE HKLM\Software\MyCo \\ZODIAC /F Deletes the ENTIRE hive MyCo on ZODIAC without asking for confirmation.
REG COPY Use the REG COPY command to locally or remotely copy Registry keys.The syntax for REG COPY is as follows: REG COPY Source [\\Machine] Destination [\\Machine] Where Source and Destination are in the RegistryPath format as follows: RegistryPath [ROOTKEY\]Key[\ValueName] ROOTKEY [ HKLM | HKCU | HKCR | HKU | HKCC ] Optional. When ROOTKEY is omitted, HKLM is assumed. Key is the full name of a Registry key under the selected ROOTKEY. ValueName is the value, under the selected Key, to copy. This setting is optional. When omitted, ALL keys and values under the Key are copied. Machine is the name of the remote machine. Omitting Machine defaults to the current machine. Only HKLM and HKU are available on remote machines. Examples: REG COPY HKLM\Software\MyCo\MyApp HKLM\Software\MyCo\SaveMyApp Copies the key MyApp and all of its entries to SaveMyApp under MyCo. REG COPY Software\MyCo \\SAFARI Software\MyCo \\ZODIAC /F Copies the ENTIRE hive MyCo on SAFARI to MyCo on ZODIAC.
215
216
Chapter 10
Editing the Windows XP Registry
REG SAVE or REG BACKUP REG SAVE and REG BACKUP are identical in function:They are used to save or back up a local or remote Registry. For brevity, only the syntax for the REG SAVE command is given here: REG SAVE RegistryPath FileName [\\Machine] RegistryPath [ROOTKEY\]Key ROOTKEY [ HKLM | HKCU | HKCR | HKU | HKCC ]Optional. When ROOTKEY is omitted, HKLM is assumed. Key is the full name of a Registry key under the selected ROOTKEY. FileName is the name of the disk file to save to without an extension. Machine is the name of the remote machine. Omitting Machine defaults to the current machine. Only HKLM and HKU are available on remote machines. Examples: REG SAVE HKLM\Software\MyCo\MyApp AppBkUp Saves the hive MyApp to the file AppBkUp. REG SAVE HKLM\Software\MyCo MyCoBkUp \\ZODIAC Saves the hive MyCo on ZODIAC to the file MyCoBkUp also on ZODIAC.
REG RESTORE Use the REG RESTORE command to restore Registry information.The source of the Registry information must be created by using the REG BACKUP or REG SAVE command.The syntax for REG RESTORE is as follows: REG RESTORE FileName KeyName [\\Machine] ROOTKEY [ HKLM | HKCU | HKCR | HKU | HKCC ]Optional. When ROOTKEY is omitted, HKLM is assumed. FileName is the name of the hive file without an extension. You must use Save or Backup to create this file. KeyName is equal to [ROOTKEY\]Key. Key is the key name in which to restore the hive file. This setting overwrites the existing key’s values and subkeys. Machine is the name of the remote machine. Omitting Machine defaults to the current machine. Only HKLM and HKU are available on remote machines. Examples: REG RESTORE NTRKBkUp HKLM\Software\Microsoft\ResKit Restores the hive file NTRKBkUp overwriting the subkey ResKit. REG RESTORE NTRKBkUp HKLM\Software\Microsoft\ResKit \\ZODIAC Restores NTRKBkUp, overwriting the subkey ResKit on ZODIAC.
Third-Party Registry Editing and Management Utilities
REG LOAD Use the REG LOAD command to load Registry information.The syntax for REG LOAD is as follows: REG LOAD FileName KeyName [\\Machine] ROOTKEY [ HKLM | HKU ]Optional. When ROOTKEY is omitted, HKLM is assumed. FileName is the name of the hive file without an extension. KeyName is equal to [ROOTKEY\]Key. Key is the key name in which to load the hive file. This setting is able to create a new key. Machine is the name of the remote machine. Omitting Machine defaults to the current machine. Only HKLM and HKU are available on remote machines. Examples: REG LOAD TempHive HKLM\TempHive Loads the hive file TempHive to the Key TempHive under HKLM. REG LOAD TempHive HKLM\TempHive \\ZODIAC Loads the hive file TempHive to the key HKLM\TempHive on ZODIAC.
REG UNLOAD Use the REG UNLOAD command to load Registry information.The syntax for REG UNLOAD is as follows: REG UNLOAD KeyName [\\Machine] ROOTKEY [ HKLM | HKU ]Optional. When ROOTKEY is omitted, HKLM is assumed. KeyName is equal to [ROOTKEY\]Key. Key is the key name of the hive to unload. Machine is the name of the remote machine. Omitting Machine defaults to the current machine. Only HKLM and HKU are available on remote machines. Examples: REG UNLOAD HKLM\TempHive Unloads the hive TempHive from HKLM. REG UNLOAD HKLM\TempHive \\ZODIAC Unloads the hive TempHive from the machine ZODIAC.
REGINI.EXE The REGINI.EXE utility, provided on the Windows 2000 Server Resource Kit CD, uses character-based batch files to add keys to the Windows 2000 or XP Registry by
217
218
Chapter 10
Editing the Windows XP Registry
specifying a Registry script.You can review detailed help information with the REGINI /? command.You can use the Registry Editor to perform similar tasks as an interactive process, but REGINI supports a wider range of data types than the Windows XP built-in Registry Editor. REGINI also provides a quick way to add or modify drivers in the Registry: usage: REGINI [-m \\machinename | -h hivefile hiveroot | -w Win95 Directory] [-i n] [-o outputWidth] [-b] textFiles... where: -m specifies a remote Windows 2000/XP machine whose Registry is to be manipulated. -h specifies a specify local hive to manipulate. -w specifies the paths to Windows 95 SYSTEM.DAT and USER.DAT files. -i n specifies the display indentation multiple. The default is 4. -o outputWidth specifies how wide the output is to be. By default, the outputWidth is set to the width of the console window if standard output has not been redirected to a file. In the latter case, an outputWidth of 240 is used. -b specifies that REGINI should be backward compatible with older versions of REGINI that did not strictly enforce line continuations and quoted strings Specifically, REG_BINARY, REG_RESOURCE_LIST, and REG_RESOURCE_REQUIREMENTS_LIST data types did not need line continuations after the first number that gave the size of the data. textFiles is one or more ANSI or Unicode text files with Registry data. The easiest way to understand the format of the input textFile is to use the REGDMP command with no arguments to dump the current contents of your Windows 2000/XP Registry to standard output. Redirect standard output to a file and this file is acceptable as input to REGINI.
Some general rules are as follows: The semicolon (;) is an end-of-line comment character, provided it is the first non-blank character on a line. n
n n
The backslash (\) is a line-continuation character. All characters from the backslash up to, but not including, the first non-blank character of the next line are ignored. If there’s more than one space before the linecontinuation character, it’s replaced by a single space.
n
Indentation indicates the tree structure of Registry keys.The REGDMP program uses indentation in multiples of four.You can use hard tab characters for indentation, but embedded hard tab characters are converted to a single space regardless of their position.
n
Values should come before child keys because they are associated with the previous key at or above the value’s indentation level.
Third-Party Registry Editing and Management Utilities
n
n
For key names, leading and trailing space characters are ignored and not included in the key name, unless the key name is surrounded by quotes. Embedded spaces are part of a key name. Key names can be followed by an ACL, which is a series of decimal numbers, separated by spaces, set apart by square brackets (that is, [8 4 17]).The valid numbers and their meanings are defined in Table 10.4.
Table 10.4 Valid ACL Numbers and Their Meanings ACL Number
Meaning
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23
Administrators Full Access Administrators Read Access Administrators Read and Write Access Administrators Read,Write, and Delete Access Creator Full Access Creator Read and Write Access World Full Access World Read Access World Read and Write Access World Read,Write, and Delete Access Power Users Full Access Power Users Read and Write Access Power Users Read,Write, and Delete Access System Operators Full Access System Operators Read and Write Access System Operators Read,Write, and Delete Access System Full Access System Read and Write Access System Read Access Administrators Read,Write, and Execute Access Interactive User Full Access Interactive User Read and Write Access Interactive User Read,Write, and Delete Access
If there is an equal sign on the same line as a left square bracket, the equals sign takes precedence, and the line is treated as a Registry value. If the text between the square brackets is the string DELETE with no spaces, REGINI deletes the key and any values and keys under it.
219
220
Chapter 10
Editing the Windows XP Registry
For Registry values, the syntax is as follows: value Name = type data
Leading spaces, spaces on either side of the equal sign, and spaces between the type keyword and data are ignored, unless the value name is surrounded by quotes. If the text to the right of the equal sign is the string DELETE, REGINI deletes the value. The value name can be left off or be specified by an “at” character (@), which means the same thing—namely, the empty value name.Therefore, the following two lines have identical results: = type data @ = type data
This syntax means that you can’t create a value with leading or trailing spaces, an equal sign, or an @ character in the value name, unless you put the name in quotes.Valid value types and format of data are as follows: REG_SZ text REG_EXPAND_SZ text REG_MULTI_SZ “string1” “string2” ... REG_DATE mm/dd/yyyy HH:MM DayOfWeek REG_DWORD numberDWORD REG_BINARY numberOfBytes numberDWORD(s)... REG_NONE (same format as REG_BINARY) REG_RESOURCE_LIST (same format as REG_BINARY) REG_RESOURCE_REQUIREMENTS (same format as REG_BINARY) REG_RESOURCE_REQUIREMENTS_LIST (same format as REG_BINARY) REG_FULL_RESOURCE_DESCRIPTOR (same format as REG_BINARY) REG_MULTISZ_FILE fileName REG_BINARYFILE fileName
If no value type is specified, the default is REG_SZ. For REG_SZ and REG_EXPAND_SZ, if you want leading or trailing spaces in the value text, surround the text with quotes.The value text can contain any number of embedded quotes, and REGINI will ignore them because it looks for quote characters only at the first and last characters of the text string. For REG_MULTI_SZ, each component string is surrounded by quotes. If you want an embedded quote character, use double quotation marks around it, as in string2 in the preceding code. For REG_BINARY, the value data consists of one or more numbers.The default base for numbers is decimal. Hexadecimal can be specified by using the 0x prefix.The first number is the number of data bytes, excluding the first number. After the first number, there must be enough numbers to fill the value. Each number represents one DWORD or four bytes.Therefore, if the first number is 0x5, you need two more numbers after it
Third-Party Registry Editing and Management Utilities
to fill the five bytes.The high-order three bytes of the second DWORD would be ignored. When specifying a Registry path on the command line or in an input file, the following prefix strings can be used: n n n n
HKEY_LOCAL_MACHINE HKEY_USERS HKEY_CURRENT_USER USER
Each string can stand alone as the key name or be followed by a backslash and a subkey path.
REGFIND.EXE You can use REGFIND, a command-line utility provided on the Windows 2000 Server Resource Kit CD, to search the Windows 2000/XP Registry for arbitrary data, key names, or value names, and optionally replace any of them with new values. REGFIND has a special flag for finding malformed REG_SZ strings in the Registry.To access parts of the Registry, you must be a member of the Administrators group. REGFIND is used as follows: REGFIND [-h hivefile hiveroot | -w Win95 Directory | -m \\machinename] [-i n] [-o outputWidth] [-p RegistryKeyPath] [-z | -t DataType] [-b | -B] [-y] [-n] [searchString [-r ReplacementString]] where: -h specifies a specify local hive to manipulate. -w specifies the paths to Windows 95 SYSTEM.DAT and USER.DAT files. -m specifies a remote Windows 2000/XP machine whose Registry is to be manipulated. -i n specifies the display indentation multiple. The default is 4. -o outputWidth specifies how wide the output is to be. By default, the outputWidth is set to the width of the console window if standard output has not been redirected to a file. In the latter case, an outputWidth of 240 is used. -p RegistryPath specifies where to start searching
Valid prefix names for easy access to well-known parts of the Registry are as follows: HKEY_LOCAL_MACHINE -> \Registry\Machine HKEY_USERS -> \Registry\Users HKEY_CURRENT_USER -> \Registry\Users\...
221
222
Chapter 10
Editing the Windows XP Registry
USER:
-> HKEY_CURRENT_USER
where: -t specifies which Registry types to look at: REG_SZ, REG_MULTI_SZ, REG_EXPAND_SZ, REG_DWORD, REG_BINARY, and REG_NONE. The default is any of the _SZ types. -b is valid only with _SZ searches, and specifies that REGFIND should look for occurrences of the searchString inside of REG_BINARY data. This search cannot be specified with a replacementString that is not the same length as the searchString. -B is the same as -b but also looks for the ANSI version of string within REG_BINARY values. -y is only valid with _SZ searches, and specifies that REGFIND should ignore case when searching. -n specifies to include key and value names in the search. May not specify -n with –t. -z specifies to search for REG_SZ and REG_EXPAND_SZ values that are missing a trailing null character and/or have a length that is not a multiple of the size of a Unicode character. If -r is also specified, any replacement string is ignored, and REGFIND will add the missing null character and/or adjust the length up to an even multiple of the size of a Unicode character. searchString is the value to search for. Use quotes if it contains any spaces. If searchString is not specified, just searches based on type. -r replacementString is an optional replacement string to replace any matches with.
The searchString and replacementString values must be of the same type specified in the -t switch. For any of the _SZ types, it is just a string. For REG_DWORD, it is a single number (that is, 0x1000 or 4096). For REG_BINARY, it is a number specifying the number of bytes, optionally followed by the actual bytes, with a separate number for each DWORD (for example, 0x06 0x12345678 0x1234). If just the byte count is specified, REGFIND searches for all REG_BINARY values with that length.You cannot search for length and specify –r. When performing replacements, REGFIND displays the value after the replacement has been made. It’s usually best to run REGFIND once without the -r switch to see what values will be changed before the replacement takes place.
REGBACK.EXE REGBACK is a command-line Registry backup utility provided on the Windows 2000 Server Resource Kit CD. It must be used with REGREST to restore its backup.The following list describes the key points of REGBACK. Microsoft recommends that if you have a tape drive installed, it should be used instead of REGBACK and REGREST. (You can start
Third-Party Registry Editing and Management Utilities
the Backup utility by double-clicking its icon in the Administrative Tools program group.) The following rules apply to the REGBACK and REGREST utilities: n
n
n
REGBACK and REGREST save and reload the entire hive, including ACLs, so it’s
possible to restore a hive and find that you have different ACLs than before. REGBACK does not back up hives that aren’t loaded.You can just copy these files because they are not loaded in the Registry. REGBACK does not automatically back up hives that don’t reside in the CONFIG folder (specifically, some user profiles), but it does so manually to avoid name conflicts.
n
REGBACK stops at the first bug, except when backing up manual hives.
n
REGBACK does not overwrite existing files; instead, it reports an error.
n
REGBACK fails if the hive files don’t all fit on the target, so often it’s best to use REGBACK to back up hives to a hard disk folder.Then use BACKUP.EXE, or use XCOPY.EXE or SCOPY.EXE to save the backed up hives on floppy disks.
n
REGBACK does not copy the files in the CONFIG folder that are not currently kept open by the Registry. Use XCOPY.EXE or SCOPY.EXE to save inactive hives.
The syntax for REGBACK is as follows: regback
This code backs up all the Registry hives whose files reside in the CONFIG folder to the named directory. (This is normally all hives.) It also warns of hives with errors or those that must be backed up manually. Use the following format for a “manual” backup: regback c:\monday.bku if ERRORLEVEL 1 echo Error! regback
The preceding code backs up the named hive to the named file.The backup will fail if hivetype isn’t machine or users, or if hivename isn’t a hive root. The value of hivetype is either machine or users. hivename is the name of an immediate subtree of HKEY_LOCAL_MACHINE or HKEY_LOCAL_USERS. The follow code can be used to perform two types of Registry backups.The first backs up the System subkey from the HKEY_LOCAL_MACHINE key into the specified path and filename.The second backs up the specific user subkey (based on the SID) from HKEY_LOCAL_USERS into the specified path and filename. regback c:\special.sav\system machine system regback c:\savedir\prof users s-1-0000-0000-1234 if ERRORLEVEL 1 echo Error!
223
224
Chapter 10
Editing the Windows XP Registry
REGDMP.EXE REGDMP is a command-line utility on the Windows NT Server 4.0 Resource Kit CD
that writes all or part of the Windows NT/2000/XP Registry to the standard output (STDOUT).The output format is suitable for input to REGINI.The syntax for REGDMP is as follows: usage: REGDMP [-m \\machinename | -h hivefile hiveroot | -w Win95 Directory] [-i n] [-o outputWidth] [-s] [-o outputWidth] RegistryPath where: -m specifies a remote Windows NT/2000/XP machine whose Registry is to be manipulated. -h specifies a local hive to manipulate. -w specifies the paths to Windows 95 SYSTEM.DAT and USER.DAT files. -i n specifies the display indentation multiple. The default is 4. -o outputWidth specifies how wide the output is to be. By default, the outputWidth is set to the width of the console window if standard output has not been redirected to a file. In the latter case, an outputWidth of 240 is used. -s specifies summary output. Summary information includes value names, type, and first line of data. RegistryPath specifies where to start dumping.
COMPREG.EXE Use the COMPREG utility from the Windows NT Server 4.0 Resource Kit CD to compare Registries on two machines.This utility is useful in detecting that a component on one computer fails to function but works perfectly on another computer thought to be configured identically. If REGDMP detects any REG_SZ or REG_EXPAND_SZ value string that is missing the trailing null character, it adds the following text at the beginning of the value string: (*** MISSING TRAILING NULL CHARACTER ***)
The REGFIND tool can be used to clean up missing trailing null characters; this programming error is common. When specifying a Registry path on the command line or in an input file, you can use the following prefix strings: n n n n
HKEY_LOCAL_MACHINE HKEY_USERS HKEY_CURRENT_USER USER
Third-Party Registry Editing and Management Utilities
Each string can stand alone as the key name or be followed by a backslash and a subkey path.The syntax for COMPREG is as follows: ----------------usage: COMPREG [-v] [-r] [-e] [-d] [-q] [-n] [-h] [-?] local or remote keys to compare (default root == HKEY_CURRENT_USER) (e.g., \\HOTDOG\HKEY_LOCAL_MACHINE\Software) The rootkeys can be abbreviated as follows: HKEY_LOCAL_MACHINE--lm HKEY_CURRENT_USER--cu HKEY_CLASSES_ROOT--cr HKEY_USERS--us If the second argument is only a computer name, the key name specified with the first argument will automatically be appended. The subkey path syntax for COMPREG is as follows: -v (verbose)--Prints both differences and matches. -r (recurse)--Recurses into “dead” trees; that is, subkeys that exist in only one key. -e--Sets errorlevel to the last errorcode. By default, errorlevel is set. -d--Doesn’t print the value data (just the keys). -q--Prints only the number of differences. -n--Specifies that no color is to be used in the output (default : use color). -h--Displays additional help. -?--Displays the basic usage screen. Examples: COMPREG “\lm\system\currentcontrolset\control\session manager” \\MOON COMPREG HKEY_CURRENT_USER\Cheech HKEY_CURRENT_USER\Chong
REGREST.EXE The REGREST utility from the Windows 2000 Server Resource Kit CD enables you to recover the Registry from a backup.The recovery is done one hive at a time, and the changes take effect only after the system is rebooted. SetRestorePrivilege is required to make use of this program and is enabled for Backup Operators and Administrators by default. REGREST requires that REGBACK was used to perform the original backup. REGREST works by doing RegReplaceKey calls.The original hive is stored in a .sav
file.You must have enough space for this file, or the restore will fail. A reboot is required
225
226
Chapter 10
Editing the Windows XP Registry
for the changes to take effect. All files must be on the same volume—they are renamed, not copied.The syntax for REGREST is as follows: regrest <save files>
For each active Registry hive whose file resides in the CONFIG folder, this setting attempts to replace its current file with a like-named file in the folder and moves the old file to the <save files> folder. It also warns of errors or hives that must be restored manually. Use the following form for “manual” restoration: regrest c:\monday.bku c:\install.sav if ERRORLEVEL 1 echo Error! regrest <savefilename>
The hivetype is either machine or users. hivename is the name of an immediate subtree of HKEY_LOCAL_MACHINE or HKEY_LOCAL_USERS.This setting renames the specified hive’s file to <savefilename>, and then moves the file specified by to be the backing for the specified hive. (No changes take effect until the next boot.) The following code is used to rename the System subkey of HKEY_LOCAL_MACHINE key to C:\special.sav\system and moves C:\oldsystem.sav to replace the original file. regrest c:\special.sav\system c:\oldsystem.sav machine system if ERRORLEVEL 1 echo Error!
RegMon The Registry Monitor, which can be found at http://www.sysinternals.com, was written by Bryce Cogswell and Mark Russinovich.You can take advantage of the advanced filtering options in this handy utility to track events that don’t show up in Event Viewer.You can filter Registry events based on process, path include, path exclude, and log reads. Registry Monitor displays events based on process, request, path, and result filters.The process filter is the image file of the process that triggered the Registry event, the request filter is the Registry application programming interface (API) requested by the specific key, the path filter is the path to the key selected, and the result filter is the success or failure of the event.
For More Information The following resources will provide you with valuable information on the Windows Registry:
For More Information
n
n n
n n
Cowart, Robert and Knittel, Brian. Special Edition Using Windows XP Professional, Bestseller Edition. Que, 2002. ISBN: 0789728524. Hipson, Peter D. Mastering Windows XP Registry. Sybex, 2002. ISBN: 0782129870. Honeycutt, Jerry. Microsoft Windows XP Registry Guide. Microsoft Press, 2002. ISBN: 0735617880. Microsoft TechNet: http://www.microsoft.com/technet/. Microsoft Windows XP Professional Resource Kit. Microsoft Press, 2001. ISBN: 0735614857.
227
11 Important Registry Keys and Values
T
HIS CHAPTER EXAMINES REGISTRY SETTINGS and configurations as well as shareware and freeware software that add value to Microsoft Windows XP. Resourceful and enterprising administrators have tweaked and modified the operating system beyond what was originally offered out of the box.This chapter explores Registry entries that save time, add functionality, improve security, and enhance the look and feel of Windows XP.
Basic Console Operations You can make most of the changes to the Windows XP console through Control Panel (as discussed in Chapter 8, “Windows XP Control Panel Utilities”). Use the Registry to make these changes directly if you want to change the settings for all domain desktops programmatically.To configure the console using the Registry for the logged in user, edit HKEY_CURRENT_USER\Console; for all users, edit HKEY_USERS\.DEFAULT\ Console.Table 11.1 describes console settings for the Windows XP Registry. Table 11.1 Console Settings for the Windows XP Registry Value
Type
Default
Description
CursorSize
REG_DWORD
25%
FullScreen
REG_DWORD
0
The percentage of the character cell occupied by the cursor.Valid entries are 25% (small), 50% (medium), and 100% (large). Valid entries are 0 (Windowed) and 1 (Full Screen).
230
Chapter 11 Important Registry Keys and Values
Table 11.1 Continued Value
Type
Default
Description
FaceName
REG_SZ
none
FontFamily
REG_DWORD
0
FontSize
REG_DWORD
0x00000000
FontWeight
REG_DWORD
0
HistoryBufferSize
REG_DWORD
50
InsertMode NumberOf HistoryBuffers PopupColors
REG_DWORD REG_DWORD
0
REG_DWORD
0x000000F5
QuickEdit
REG_DWORD
0
ScreenBufferSize
REG_DWORD
0x00190050
ScreenColors
REG_DWORD
0x000000007
WindowSize
REG_DWORD
0x00190050
WindowPosition
REG_DWORD
none
Alternate command-window font name. If blank, a raster font is used. Font type. 0 = raster, and 48 = TrueType. This is an eight-character hex number representing pixel height and pixel width.The default (0x00000000) is 8×12, and an entry of 0x000C0005 is 12×5. 0 is the default weight of the chosen font. The number of commands that can be stored in each command buffer. 0 = Overtype, and 1 = Insert. The number of command buffers. This eight-character hex number represents background color and text color. 0 means the user must use commands to cut and paste; 1 means the user can use the mouse to cut and paste. This eight-character hex number represents lines of text and characters per line.The default is 25 lines of 80 characters. This eight-character hex number represents background color and text color. This eight-character hex number represents lines of text and characters per line.The default is 25 lines of 80 characters. If not present, the system selects a position.This eight-character hex number represents y/x.
4
For each console configuration you save, a subkey is created with the name of the window.This subkey has the same value entries as the console key.You can create the subkey by right-clicking the command window’s title bar and choosing Properties.
Basic Console Operations
Windows XP Logon and Logoff Controls The following sections explore editing the Registry to change logon and logoff controls for Windows XP. Shut Down Windows XP with a Power Off This Registry edit powers off a Windows XP computer while bypassing the It Is Now Safe To Turn Off Your Computer message that follows a Shutdown command.This message will appear only if Windows XP is running on a system that does not support the soft power feature of newer systems.To make this change, select the HKEY_LOCAL_ MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon Registry entry and double-click PowerDownAfterShutdown or add it as REG_SZ. Set it to 1. This works only if your Hardware Abstraction Layer (HAL) supports it. Logon Without Prompting This Registry edit enables a user to log on to Windows XP without going through the logon process.TweakUI (a Microsoft power toy available at http:// www.microsoft.com/windowsxp/pro/downloads/powertoys.asp) can accomplish this change as well.To configure this setting using the Registry, edit HKEY_ LOCAL_MACHINE\Software\Microsoft\Windows NT\Current Version\Winlogon. Set the DefaultDomainName, DefaultPassword (cannot be blank), and DefaultUserName. Set AutoAdminLogon to 1. If you ever want to log on as a different user, hold down the Shift key as you log off. Caution Your password is stored in plain text in the Registry and can be seen by anyone with the authority to view a remote Registry.
Automatically Run Check Disk at Startup To configure Windows XP to automatically run CheckDisk at startup, select the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager key. Change the BootExecute entry from autocheck autochk * /......... to autocheck autochk *. Build an NTFS Boot Disk If your installation of Windows XP on an NTFS partition ever fails to boot, you can jump-start it with an NTFS boot disk. Perform the following steps to create an NTFS boot disk:
231
232
Chapter 11 Important Registry Keys and Values
1. Format a disk in Windows XP Explorer. 2. Copy the following files to the disk: ntdetect.com, boot.ini, and NTLDR. 3. If you want to boot to a non–Windows XP operating system, you need the appropriate BOOTSECT file. (Normally, it is bootsect.dos.) 4. If Windows XP is on an SCSI device being controlled by an SCSI card that does not have an on-board BIOS, copy the ntbootdd.sys file as well. If you don’t need it, it won’t be on your C drive. Add the Shutdown Button to the Welcome Dialog Box To display a Shutdown button at logon, select the HKEY_LOCAL_MACHINE\ SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon key, and then edit the value ShutdownWithoutLogon REG_SZ to 0. When this value is set to 1, you can select Shutdown from the Welcome dialog box. If the value is 0, the Shutdown button does not appear.This setting is particularly useful in a multiboot situation when Windows XP is booted by mistake. Add a Logon Welcome or Legal Notice The Registry value entries that control the logon sequence for starting Windows XP are found under the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon Registry key. The LegalNoticeCaption REG_SZ value specifies a caption for the message that appears in the warning dialog box. Add this value entry if you want a warning to be displayed when a user attempts to log on to a Windows XP system.The user cannot proceed without acknowledgment of this message.To specify text for the message, you must also specify a value for LegalNoticeText.You can use the System Policy Editor to change this value. The LegalNoticeText REG_SZ key specifies the message that appears when the user presses Ctrl+Alt+Delete during logon. Add this value entry if you want a warning to be displayed when a user attempts to log on to a Windows XP system.The user cannot proceed without acknowledging this message.To include a caption for the logon notice, you also must specify a value for LegalNoticeCaption.You can use the System Policy Editor to change this value. The LogonPrompt REG_SZ key’s default is Enter A User Name And Password That Is Valid For This System.The text you enter appears in the Logon Information dialog box, which is designed to display additional legal warnings to users before they log on.This value entry does not appear in the Registry unless you add it. The Welcome REG_SZ key sets welcome message text.The text you enter appears in the caption bar beside the title of the Begin Logon, Logon Information,Workstation
Basic Console Operations
Locked, and Unlock Workstation dialog boxes.This value entry does not appear in the Registry unless you add it. Note that the text you enter here goes immediately next to the text in the title bar, so you’ll probably want to add a space at the beginning of the value. Blank Username in Logon Dialog Box To help deter hackers, you can blank the Username text box from the logon dialog box. This forces a hacker to gather one more piece of information to break into the system. You can also rename the Administrator account to something else.When you know a username, all you need is a password.To blank out the username in the logon dialog box, edit the DontDisplayLastUserName REG_SZ value in the HKEY_LOCAL_ MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon key. By default,Windows XP displays the name of the last person to log on in the Username text box in the Logon Information dialog box. If you add this value entry and set it to 1, the Username text box is always blank when the Logon Information dialog box appears. Activate Screen Saver If Nobody Logs On To activate the screensaver if no one logs on, edit the HKEY_USERS\.DEFAULT\ Control Panel\Desktop key and change the value for ScreenSaveActive to 1. Edit SCRNSAVE.EXE and enter the full path to the screensaver you want to use, such as scrnsave.scr or sstars.scr. Double-click ScreenSaveTimeOut and enter the number of seconds of inactivity before activation.You must reboot for this setting to become effective. Display Your Company Logo During Logon To display your company logo during logon, save a bitmap in the 8.3 file format with a .bmp extension in the %systemroot% folder on your machine.To display the bitmap at logon, edit the HKEY_USERS\.DEFAULT\Control Panel\Desktop key, edit or add the value REG_SZ:Wallpaper, and set it to the full path of your bitmap. In this example, the path would be %systemroot%\BITMAPNAME.BMP. Edit or add the value REG_SZ: TileWallpaper. A setting of 0 means don’t tile; 1 means tile. Edit or add the value REG_SZ:WallpaperStyle. A setting of 0 is normal; 2 means stretch to fill the screen. (This setting is mutually exclusive with TileWallpaper set to 1.) If you use a normal (not tiled) logo, you can position it by adding the following REG_SZ values: n
WallpaperOriginX—Sets the wallpaper to the number of pixels from the left side of the screen.
n
WallpaperOriginY—Sets the wallpaper to the number of pixels from the top of the screen.
233
234
Chapter 11 Important Registry Keys and Values
Configure Service Startup Dependencies If you have a service (such as a Document Management System) that is dependent on a database running, you should try this tip.You can configure the startup of a service based on the completion of one or more services. In the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services entry, scroll to the first service you want to control and highlight it. If the right pane contains a DependOnService, double-click it and add a service. If DependOnService is not present, add the value DependOnService with type REG_MULTI_SZ. If you want to add multiple values, each one should be on a separate line. Run a Job the First Time a User Logs On RunOnce entries, as the name implies, run one time and then are deleted from the Registry.This setting might be helpful in welcoming a new employee or in displaying a special message.To create a RunOnce entry, edit the HKEY_LOCAL_MACHINE\ Software\Microsoft\Windows\CurrentVersion\RunOnce entry and add a value with any name of type REG_SZ. Set the value to the full path of the executable or batch file. A simple example might be to add the Welcome REG_SZ value set to \\ServerName\ %username%\welcome.cmd.Welcome.cmd might contain the following: @echo off pause The Microsoft Corporation is pleased to welcome %UserName% to your first logon to %ComputerName%. Exit
Upon completion, the Welcome value is deleted from the RunOnce subkey. Speed Up Windows Shutdown To speed the Windows XP shutdown process, edit the HKEY_LOCAL_MACHINE\ SYSTEM\CurrentControlSet\Control\WaitToKillServiceTimeout entry or add it as a REG_SZ.This key tells the Service Control Manager how long to wait for services to complete the shutdown request.The default is 20,000 milliseconds.You must wait long enough for the services to complete an orderly shutdown.This time period varies depending on what services you have loaded. Check the documentation for your services before making this change. Allow Logon Script to Finish Before Loading Desktop To allow a logon script to finish before loading desktop settings, edit or add the REG_DWORD value to the HKEY_CURRENT_USER\SOFTWARE\Microsoft \Windows NT\CurrentVersion\Winlogon entry and set the value to RunLogonScriptSync. Settings for this entry are as follows:
Basic Console Operations
n
0—Don’t wait for the logon script to complete before loading the desktop.
n
1—Wait for the logon script to complete before loading the desktop.
By loading the desktop before the logon script is complete, you reduce the time needed to load the Windows interface.You can also add the REG_WORD value to the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ Winlogon entry. Change Logon Background Color You can change the logon background color by altering the RGB values in the HKEY_USERS\.DEFAULT\Control Panel\Colors\Background entry. For example, if you set the RGB value to 0 0 0, you will have a black background; setting it to 255 255 255 produces a white background. Clear the Page File at System Shutdown Because the pagefile.sys file holds cached information about the system, you might want to clear it for security reasons when you shut down the system.To do so, edit the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Memory Management entry and edit the value named ClearPageFileAtShutdown as type REG_DWORD.The default is 0.When you set it to 1, inactive pages in the pagefile.sys file are filled with zeros. Some pages cannot be cleared because they are active during shutdown.
Windows XP Shell Changes to the Windows XP shell are discussed in the following sections. Speed Start Menu Navigation To speed up the response time in Windows XP for displaying fly-out menus from the Start button, edit the HKEY_CURRENT_USER/Control Panel/Desktop key’s MenuShowDelay value to 100.You must reboot for this setting to take effect. Remove Entries from the Start Button Content Menu To remove entries from the Start button content menu, use REGEDT32.EXE to edit the HKEY_LOCAL_MACHINE\Software\Classes\Directory\Shell or HKEY_ CLASSES_ROOT\Directory\Shell. Edit Shell and delete any of these subkeys, such as DOS Here and Find. Navigate to the HKEY_LOCAL_MACHINE\Software\ Classes\Folder\Shell or HKEY_CLASSES_ROOT\Folder\shell entry and then doubleclick Shell to delete any of these subkeys, such as Root Explore, Open, or Explore.
235
236
Chapter 11 Important Registry Keys and Values
Restrict System Features in Windows XP Some restrictions to system features are easier to change with the System Policy Editor. To restrict the use of system features using the Registry, edit the HKEY_CURRENT_ USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer entry and add the System subkey. All the following entries are type REG_DWORD and have a default of 0. If these entries are set to 1, the restriction is enabled. n n n n
n
n n
n
NoDesktop—Hides the desktop icons. NoFileMenu—Removes the File menu from Explorer. NoFind—Removes the Search option from the Start menu. NoNetConnectDisconnect—Removes the Map Network Drive and Disconnect Network Drive menu and right-click options. NoNetHood—Removes the My Network Places icon and prevents network access from Explorer. (It will still work from a command prompt.) NoRun—Removes the Run command from the Start menu. NoSetFolders—Removes Control Panel and Printers and My Computer in Explorer and on the Start menu. NoClose—Removes the ShutDown button from the Start menu.
Remove Shortcut Arrow from Desktop Shortcuts To remove the shortcut arrow from your desktop shortcuts, browse to HKEY_ CLASSES_ROOT\Lnkfile. Select the IsShortcut value name in the right pane and delete it.You must reboot to see the change. Open Explorer and My Computer in Detail View To open Windows XP Explorer and My Computer in Detail view, perform the following steps: 1. Open HKEY_LOCAL_MACHINE\Software\Classes\Folder\Shell\Open and set the REG_BINARY value name of EditFlags to 01000000. 2. Open HKEY_LOCAL_MACHINE\Software\Classes\Folder\Shell\Open\Command and set the unnamed type REG_EXPAND_SZ value to C:\WINNT\ EXPLORER.EXE /idlist,%I,%L %1. 3. Edit HKEY_LOCAL_MACHINE\Software\Classes\Folder\Shell\Open\ddeexec and set the unnamed type REG_SZ value to [ExploreFolder(“%l”, %I, %S)]. 4. Reboot the system.
Basic Console Operations
5. Double-click My Computer and then click Details. 6. Choose Tools, Folder Options from the menu to open the Folder Options dialog box. 7. In the File Types tab, scroll to Folder and select it. 8. Click the Advanced button to open the Edit File Type dialog box. 9. Click Open in the Actions section and click the Set Default button. 10. Click Close. Controlling the Windows Shell To lock down the desktop, replace the Windows XP Explorer or Program Manager shell with your own launcher. Edit HKEY_LOCAL_MACHINE\Software\Microsoft\ WindowsNT\CurrentVersion\Winlogon\Shell and replace the current .exe with your shell (with a .exe extension). See the “For More Information” section at the end of this chapter for more details. Remove Icons from the Desktop To remove the Microsoft Internet Explorer, Inbox, and Recycle Bin icons from the desktop, edit HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\ CurrentVersion\Explorer\Desktop\NameSpace.The NameSpace entry reveals the keys for these three desktop icons. Clicking each one shows you the icon name in the right pane.To remove an icon, select the key and delete it. Point a Mail Client to the User’s Folder Windows XP provides a Personal folder as the default location for saving mail and user files. Even though it makes the profile bigger and slower to load, it is better to centralize user files.To point the mail client to the user’s folder, edit HKEY_USER\<User_SID>\ Software\Microsoft\Windows\Current Version\Explorer\User Shell Folders\Personal while the user is not logged on, and change the path to the user’s home folder (%HOMEDRIVE%\%HOMEPATH%). To modify the directory for new (not yet created) users, select the HKEY_USERS hive and choose Load Hive from the Registry menu. Navigate to the Documents and Settings\Default User\NTUSER.DAT folder and enter a unique name when prompted for a key name. Select the Storage key and edit the Storage\Software\Microsoft\ Windows\Current Version\Explorer\User Shell Folders\Personal entry and change the value to %HOMEDRIVE%\%HOMEPATH%. Select the HKEY_USERS\Storage key and then choose Unload Hive from the Registry menu.
237
238
Chapter 11 Important Registry Keys and Values
Mouse and Keyboard Settings The following sections discuss how to edit mouse and keyboard settings in Windows XP. Configure the Snap To Button Function in the Registry You can configure the Snap To button in the Control Panel’s Mouse applet, and you can also configure it in the Registry.To configure it in the Registry, select HKEY_ CURRENT_USER\Control Panel\Mouse, edit SnapToDefaultButton or add a value of type REG_SZ, and set it to 1. Force Serial Mouse Detection at Startup If you have a serial mouse on the COM1 or COM2 serial port and it fails detection at startup, you can force a connection without rebooting.You can do this by adding the value entry OverrideHardwareBitstring as a type REG_DWORD to the HKEY_ LOCAL_MACHINE\System\CurrentControlSet\Services\Sermouse\Parameters entry. A data value of 1 indicates that the mouse is installed on COM1, and a data value of 2 specifies COM2.This entry causes the driver to load even if the mouse is not detected. Toggle Num Lock Key at Startup To toggle the Num Lock key at startup, edit the HKEY_Current_User\ControlPanel\Keyboard\InitialKeyboardIndicators entry, which is of type REG_SZ. If this value is set to 0, Num Lock is disabled for the current user after logging on. If the value is 2, Num Lock is enabled and will retain the settings from the last shutdown.
Device Keys and Controls The following sections explore how to edit Registry settings for device keys and controls in Windows XP. Turn Off CD AutoRun Some users prefer to turn off the AutoRun feature for a CD-ROM.You can make a Registry change if you prefer to browse when you double-click instead of activating the AutoRun feature. Set the HKEY_LOCAL_MACHINE\SYSTEM\ CurrentControlSet\Services\Cdrom\Autorun key, and type REG_DWORD, to 0. Setting the value to 1 turns on the AutoRun feature. Delete a Device Driver or Service If you want to remove a service or a device driver, open Control Panel, start the Services or Devices applet (depending on what you are editing), locate the object, and stop it (if
Important Registry Miscellany
it is started). If it won’t stop, configure StartUp as Disabled and reboot. Otherwise, you can edit the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services entry, locate the object, highlight it, and delete it. Plug and Play Devices If you begin to install a Plug and Play device but subsequently respond “No” when prompted to install a device, you will never be prompted to install that device again.To enable this prompt, you must delete any occurrences of the device from the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pnpisa and HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\ISAPNP keys. Note that you might not have adequate permissions to change the keys. Use REGEDT32 to set the necessary security. Locate the device subkey by inspecting the Description value in each subkey.When you locate the device, delete its subkey.When you are finished, locate the device driver (mentioned in the subkey) and delete its filename. Reboot the computer for the settings to take effect. Change a Service or Driver Startup To change the startup parameters of a service or driver when it can’t be accessed through Control Panel, edit the HKEY_LOCAL_MACHINE\SYSTEM\ CurrentControlSet\Services entry, navigate to the service or driver, and select it. In the right pane, edit the Start value and change the REG_DWORD value to one of the following settings: n
Boot—Loaded by Kernel loader. Components of the driver stack for the boot
(startup) volume must be loaded by the Kernel loader. n
System—Loaded by I/O subsystem. Specifies that the driver is loaded at kernel
n
Automatic—Loaded by Service Control Manager. Specifies that the service is
initialization. loaded or started automatically. n
Manual—The service does not start until the user starts it manually, such as by
using the Services or Devices applet in Control Panel. n
Disabled—Specifies that the service should not be started.
Important Registry Miscellany The following sections explore some miscellaneous Registry settings that you can configure in Windows XP.
239
240
Chapter 11 Important Registry Keys and Values
Windows XP Filename Completion This Registry change enables filename completion at the command prompt when you press the Tab key. Select the HKEY_CURRENT_USER/Software/Microsoft/ Command Processor key and edit CompletionChar or add the value of REG_DWORD and set it to 9. Reboot the computer for the changes to take effect.
Restore an Explorer-Like Task Manager To enable a Ctrl+Esc Task Manager, go to HKEY_LOCAL_MACHINE\ SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon. Choose Edit, Add Value from the menu.Type TASKMAN for the Value Name setting and click OK.Then type TASKMAN.EXE in the String Editor text box.
Remove Nag Prompt for File Location If Windows XP was installed from a CD but the distribution files live on a share, Windows XP prompts for the location of the files each time it needs them.To remove this prompt, edit HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Current Versions and set the SourcePath to the desired path.This setting points Windows XP to the share where the distribution files reside.
Disable Source Routing Source routing permits the originator of a datagram to designate specific gateways for a packet to follow during routing from source to destination.This is analogous to waypoints on a hiking trip, where each hiker must pass through specific checkpoints from the trip’s beginning to end, as defined before the trip begins. Source routing causes additional overhead on the computers.To disable it, open the HKEY_LOCAL_MACHINE/ SYSTEM/CurrentControlSet/Services/Nwlnkipx/NetConfig/XXXXX entry (XXXXX is the name of the NIC device for which you want to disable source routing). Change the Source Routing value from 1 to 0.
Disable 8.3 Name Creation in NTFS You can increase NTFS performance if you disable 8.3 filename creation. If you make this change, however, some 16-bit programs might have trouble finding long filenames. Don’t set this option if you want to install older versions of Norton Utilities, which truncates filenames. Open the HKEY_LOCAL_MACHINE\SYSTEM\ CurrentControlSet\Control\FileSystem key.The value is NtfsDisable8dot3NameCreation REG_DWORD.The default is 0. Set it to 1 to disable 8.3 filename creation.The change won’t take effect until you reboot the computer.
Important Registry Miscellany
Ghosted Connections Ghosted connections are resource connections, such as network drives, that appear to be constantly connected but are really connected only when an access attempt is made. Unghosted connections are permanent connections. If you want to ghost or unghost persistent connections, edit the HKEY_LOCAL_MACHINE\SYSTEM\ CurrentControlSet \Control\NetworkProvider entry with a value of RestoreConnection REG_DWORD. Change the value to 0 for ghost connections or to 1 for persistent (not ghosted) connections.
Manage the Mapped Network Drive Drop-Down List If you want to remove some of the connections in the Mapped Network Drive dropdown list, edit the HKEY_CURRENT_USER\Software\Microsoft \WindowsNT\CurrentVersion\Network\PersistentConnections key and then highlight and delete unwanted entries. Double-click Order and remove the letters that have been deleted.You can rearrange the letters to change the display order.
Move Shares from One Windows XP Server to Another To move shares from one server to another, navigate to the HKEY_LOCAL_ MACHINE\SYSTEM\CurrentControlSet \Services\LanmanServer\Shares key and then save the key to a filename on a floppy disk. On the new server, navigate to the same key and save its empty Shares key to a floppy disk before restoring it from the first server.This destroys any existing shares on the new server. Next, restore the empty Shares key you saved from the new server to the first server or delete the values manually (also from the Security subkey). Create at least one new share on each server.This is required so that Windows XP Explorer can refresh its shares. In the Services applet in Control Panel, stop and restart the Server service. If you don’t want that new share, unshare it normally.
Change the Default Spool Folder You can change the default printer spool folder for all printers or for specific printers.To change the default printer spool folder for all printers, open the HKEY_LOCAL_ MACHINE \SYSTEM\CurrentControlSet\Control\Print\Printers entry and add a value named DefaultSpoolDirectory with a data type of REG_SZ. Add a full path string to the printer spool folder.To change the default printer spool folder for specific printers, open the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ Control\Print\Printers\ key and add a value named SpoolDirectory with a data type of REG_SZ. Add the full path string to the printer spool folder.You must make sure the specified path actually exists. If it does not,Windows XP uses the default spool folder.
241
242
Chapter 11 Important Registry Keys and Values
Prevent Printer Popups and Event Logging To prevent pop-up messages from appearing after print jobs complete, open the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Providers entry.To prevent pop-up notification, add a value name of NetPopup and set REG_DWORD to 0.To prevent logging, add the EventLog value and set REG_DWORD to 0.You will have to stop and restart the spooler from the Services applet in Control Panel, but you might want to reboot to make sure the changes take effect.
Activate a Screensaver from an Icon To activate a screensaver from an icon, perform the following steps: 1. Open HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows in the Registry Editor. 2. Select the Programs value and then choose Edit, String from the menu. 3. Add the .scr extension to the string as follows: Programs: REG_SZ: EXE COM BAT PIF CMD SCR. 4. Click OK, close the Registry Editor, and log off. 5. Log back on. In Windows XP Explorer, highlight the screensaver you want and right-click to define a shortcut, such as \WINNT\SYSTEM32\SSBEZIER.SCR /s.The /s switch forces the screensaver to start immediately. Remove /s to display a setup screen. Screensavers that use passwords can be used, but password security is not used.
Control Which Errors Pop Up in Windows XP You can control which errors pop up to interrupt you. (Errors are still recorded in the event logs.) To do so, open the HKEY_CURRENT_USER\SOFTWARE\ Microsoft\Windows NT\CurrentVersion\Windows entry and add the NoPopUpsOnBoot value as a REG_DWORD.When set to 1, boot pop-up messages are suppressed.The default is 0. Add a value named ErrorMode as a REG_DWORD. The following settings can be configured for this value: n
0—All system and application errors pop up. (This is the default.)
n
1—Errors from system processes are suppressed.
n
2—All system and application errors are suppressed.
Important Registry Miscellany
Create Separate Processes for the Desktop, the Taskbar, and Windows XP Explorer By default, the shell creates one process with the taskbar and desktop as one thread and each instance of Windows XP Explorer as an additional thread. A failure in any thread affects the entire process. If you have at least 64MB of RAM and a fast Pentium, you can create a separate process for the desktop and taskbar and one for each instance of Windows XP Explorer by editing the HKEY_CURRENT_USER\Software\ Microsoft\Windows\CurrentVersion\Explorer entry and adding the DesktopProcess value (REG_DWORD). Set it to 1 and reboot. On a dual processor, this setting provides increased desktop performance.
Prevent Windows XP from Running an Unknown Job at Logon One indication that Windows XP is running an unknown job at logon is that the %systemroot%\system32 box pops up when you log on.This is caused by a reference to a file that does not exist in one of the Registry entries that follow. If you can’t find it in the startup group, check the HKEY_CURRENT_USER\Software\Microsoft\ Windows XP\CurrentVersion\Windows entry, load REG_SZ, and run REG_SZ. Remove the offending value. Other places where a program can be loaded at startup in Windows XP include the Startup folder for the current user (and all users) and in one of the following Registry entries: n
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\ CurrentVersion\Run
n
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion \RunOnce
n
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion \RunServices
n
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion \RunServicesOnce
n
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion \RunOnce
n
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion \RunServices
n
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion \RunServicesOnce
243
244
Chapter 11 Important Registry Keys and Values
Connect to Microsoft’s FTP Site as a Drive To connect to the Microsoft FTP site as a network drive, you must have Windows XP Professional with the TCP/IP and NetBEUI protocols installed as well as a functional Internet connection.To connect to the FTP site as a drive, perform the following steps: 1. Edit your LMHosts file (in \%systemroot%\system32\drivers\etc) using your choice of text editors and add 198.105.232.1 FTP #PRE at the bottom. 2. Save the file. (Make sure the name is LMHosts with no extension.) 3. Open an MS-DOS window. 4. Issue the command nbtstat –R. (The R must be uppercase.) 5. Type net view \\ftp.You should see what the Microsoft FTP site has to offer. 6. To create the FTP drive (the share is called DATA), go to Windows XP Explorer and choose Tools, Map Network Drive from the menu. 7. For the share name, enter \\ftp\data. For the username, enter anonymous. 8. When the dialog box asks for the password, leave it blank.
Shareware and Freeware Tools The following sections explore some useful shareware and freeware tools to help you configure additional areas in Windows XP.
Hyena The built-in utilities for managing Windows XP networks are generally adequate for administering relatively simple networks with a limited number of users. As larger organizations begin to implement Windows XP networks, however, management and administration of users, groups, shared resources, printers, and the various local versus centralized elements of Windows XP can quickly maximize all available support resources. Hyena, from Adkins Resource, Inc. (http://www.adkins-resource.com/), brings together many of the features of User Manager, Server Manager, File Manager, and Windows XP Explorer into one centralized program. In Hyena, all Windows XP domain objects, such as users, servers, and groups, are hierarchically arranged for easy and logical administration. Here’s a sample of what Hyena can do: n
Create, modify, delete, and view users, groups, and group members
n
Export files of users, groups, printers, computers, and group members Browse server shares and copy and delete files without drive mappings Create new network drives and printer connections
n n
For More Information
n n n n n n
View events, sessions, shares, and open files for any server View and control services and drivers for one or more computers Manage share and file permissions Remotely schedule jobs for multiple computers at the same time Remotely shut down and reboot any server View remaining disk space for multiple computers at the same time
For more information, visit http://www.adkins-resource.com/.
HideIT! HideIT!, from German Salvador, is freeware (http://www.expocenter.com/ hideit/).This small applet enables you to hide windows, taking them off the screen, off the taskbar, and off the Alt+Tab chain.This enables you to hide windows that you want to keep open but don’t need to monitor often, such as an FTP application, Microsoft Exchange, and so on.
WinInfo WinInfo, from SavillTech, Ltd. (http://www.savilltech.com/wininfo.html), is a simple, handy pop-up dialog box that lists the Windows XP version, build, service pack, Plus! version number, processor type, product type, installation type, registered organization, registered owner, install data, source path, and system root.This tool is helpful if you need to verify whether your systems are running full or evaluation copies of Windows XP as well as applied service packs.
For More Information If the information about Windows XP Registry settings in this chapter has piqued your interest, there are several resources for obtaining additional knowledge: n
Cowart, Robert and Knittel, Brian. Special Edition Using Windows XP Professional, Bestseller Edition. Que, 2001. ISBN: 0789728524.
n
Hipson, Peter D. Mastering Windows XP Registry. Sybex, 2002. ISBN: 0782129870. Honeycutt, Jerry. Microsoft Windows XP Registry Guide. Microsoft Press, 2002. ISBN: 0735617880.
n
n n
Microsoft TechNet: http://www.microsoft.com/technet/. Microsoft Windows XP Professional Resource Kit. Microsoft Press, 2001. ISBN: 0735614857.
245
246
Chapter 11 Important Registry Keys and Values
Some helpful Web sites include the following: n n
n
n
The ultimate site for Windows XP information is http://www.ntfaq.com. Jerold Schulman operates JSI, Inc. at http://www.jsiinc.com. It is a definitive source for Windows XP information, hacks, tips, and tricks. Mark Russonivich and Bryce Cogswell run http://www.sysinternals.com. This site is good for must-have Windows XP utilities. A great site for Windows XP utilities is http://winfiles.com. It includes a replacement for the Windows XP Explorer or Program Manager shell and shell enhancements.
III Networking Windows XP 12
Windows XP Networking Explored and Explained
13
Windows XP Networking Models
14
Windows XP and TCP/IP
15
Windows XP and Legacy Protocols
16
Windows XP Meets Unix
17
Remote Access
18
Windows XP and Terminal Services
12 Windows XP Networking Explored and Explained
I
N ITS MOST BASIC FORM, A NETWORK is nothing more than two or more computers attached for the purpose of sharing information and resources.This principle seems basic enough, but as many of us know, theory and practical application are not always the same thing.
Networks require specialized software and hardware, and each piece of the network must function properly, or the rest of the network will go down.This chapter covers advanced Microsoft Windows XP networking and other networking elements that are often misunderstood or poorly implemented in today’s networks. Note that, at least initially, most Windows XP workstations are connected to Windows 2000 servers.
The Redirector A redirector is exactly what it sounds like: a software element that redirects requests for data made on a local PC to the appropriate location.There are many types of redirectors.The ones used most commonly in a Windows XP environment are the Windows Redirector and the NetWare Redirector.The Windows Redirector enables computers to gain entry to other Windows-based computers for file access.The NetWare Redirector enables users on a Windows XP workstation to access files on a NetWare server. A redirector is a file system driver that interacts with lower-level network drivers through transport protocols.This computer-to-computer connection is illustrated in Figure 12.1.
250
Chapter 12
Windows XP Networking Explored and Explained
Application of Subsystem User Mode Kernel Mode I/O Manager
Executive Services
Redirector
Transport Protocols
NDIS Interface
Network Interface Card
Figure 12.1 The Windows XP Redirector is a file system driver that uses a single API to access local and remote resources.
Microsoft implemented the redirector as a file system driver, which means that applications call a single application programming interface (API) to access files on local and remote computers.The redirector runs in Kernel mode, which allows it to call other drivers and Kernel mode components while improving its own performance. It is loaded and unloaded dynamically just like other system drivers and can coexist with other redirectors. Windows XP goes through the following steps when connecting to a remote computer: 1. The User-mode request calls the I/O Manager to open a remote file. 2. The I/O Manager identifies the request as a file access request and passes it to the redirector file system. 3. The redirector forwards the request to the Network layer for remote server processing (refer to the “Protocol Stacks” section later in this chapter). The redirector interacts with lower-level network drivers through the Transport Driver Interface (TDI).The TDI enables software vendors to write new drivers that are independent of the network card and implement a broad set of functions. Also, it is possible to write applications to use the TDI instead of relying on a specific protocol, such as Transmission Control Protocol/Internet Protocol (TCP/IP).
The Workstation Service The Windows Workstation service processes all user-originated requests and consists of two components: the User-mode interface and the redirector.The Workstation service
The Server Service
accepts user requests and passes them to the Kernel-mode redirector.The Workstation service is dependent on both the Multiple Universal Naming Convention Provider (MUP) and an available protocol that enables the Workstation service to start. The Workstation service has several Registry values that you can modify directly.The Registry path to the Workstation service entries is HKEY_LOCAL_MACHINE\ SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters.The Workstation service Registry values and their default settings are shown in Table 12.1. Note For complete definitions of each Registry value discussed in this chapter, consult the TechNet CD or its online version at http://www.microsoft.com/technet, and search by the value’s name. See the “For More Information” section at the end of this chapter for additional references.
Table 12.1 Workstation Registry Values and Defaults Registry Value
Default Setting
EnablePlainTextPassword
False (0) True (1) Blank False (0) %SystemRoot%\System32\wkssvc.dll
EnableSecuritySignature OtherDomains RequireSecuritySignature ServiceDll
The Server Service The Windows Server service processes connections from the client-side redirectors and grants access to requested resources. Similar to the redirector, the Server service resides above the TDI and is implemented as a file system driver. It interacts directly with file system drivers to serve I/O requests, such as file reads and writes.The Server service is made up of two components.The first is the actual Server service, which is not dependent on the MUP services because it does not provide Universal Naming Convention (UNC) connections.The second is SRV.SYS, which is a file system driver that communicates with the lower protocol layers to satisfy command requests. The following activities take place when a Server service receives a client request: 1. 2. 3. 4.
The The The The
network drivers receive and forward the request to the server driver. server forwards the required file to the local file system driver. file system driver calls low-level disk drivers to access the file. requested data is returned to the file system driver.
251
252
Chapter 12
Windows XP Networking Explored and Explained
5. The file system driver returns the requested information to the server. 6. The server forwards the data to the network drivers for relay to the requesting client. The Server service has several Registry values that you can modify directly.The keys associated with the Server service are located in HKEY_LOCAL_MACHINE\ SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters.The Server service Registry values and their default settings are listed in Table 12.2. Table 12.2 Server Registry Values and Settings Registry Value
Default Setting
anndelta
3000 240 15 minutes true (1) false (0)–12% (with a range of 0%–120%) A hexadecimal number created on a PC-by-PC basis false (0) false (0) COMNAP COMNODE SQL\QUERY SPOOLSS LLSPRC EPMAPPER LOCATOR TrkWks TrkSvr COMCFG DFS$ false (0) %SystemRoot%\System32\srvsvc.dll 1 Blank c:\ 10
announce autodisconnect enableforcedlogoff enablesecuritysignature GUID Hidden Lmannounce NullSessionPipes NullSessionShares Requiresecuritysignature ServiceDll Size srvcomment userpath Users
Protocol Stacks Computers on the Internet can communicate because of the TCP/IP protocol stack that resides on each attached computer.The Open Systems Interconnect (OSI) Reference Model illustrates how this protocol stack is created. Common protocol stacks are TCP/IP, NWLink, Internetwork Packet Exchange/Sequential Packet Exchange (IPX/SPX), NetBIOS Enhanced User Interface (NetBEUI), AppleTalk, and Systems Network Architecture (SNA). The OSI Model is a seven-layer representation of how networked computers communicate.The layers are as follows: Physical, Data Link, Network,Transport, Session,
Protocol Stacks
Presentation, and Application. Each layer performs a certain function to a data packet before passing it to the next layer. Protocol stacks are combined with drivers for installed network adapters to permit communication with a network. Each layer, or level, of a protocol performs a different function and communicates with the layer directly above or directly below.The exception to this rule is the Physical layer. At this layer of the stack, a packet is transmitted on the physical network media.The Physical layer is the lowest layer of a stack. Figure 12.2 illustrates a basic protocol stack. As data moves from layer to layer, header information is added to or stripped from each packet. Each layer concerns itself with a certain aspect of the data and, in effect, insulates the packet from the other layers.This is analogous to placing a letter in an envelope, the envelope in a small box, the small box in a larger box, the box in a shipping container, and the shipping container in a truck. Each layer provides services for the adjacent layer, but hides information from the remainder of the layers.When the letter arrives at the destination, each container must be opened in sequence, so it would be impossible to open the envelope without opening the small box first, and so on.With actual data transmission, when the letter is ready to be sent, it is broken down into packets. Individually, each packet follows the preceding process. Application
Application
Transport
Transport
Network
Network
Network
Datalink
Datalink
Datalink
Physical
Physical
Physical
Router
Network B
Network A
Figure 12.2 The protocol stack in action.
Suppose a request is sent from an application on Network A to an application on Network B; each layer adds some information to the packet as it is passed down layer by layer. Likewise, when the packet reaches the receiving network, information is stripped from the packet as it passes up the protocol stack. The Internet is a network with connections between adjacent networks made through routers. Packets pass through routers as they move across the Internet toward the
253
254
Chapter 12
Windows XP Networking Explored and Explained
destination computer. A router operates at the Network layer. A received packet arrives at the Physical layer, passes through the Data Link layer, and arrives at the Network layer. The router determines the correct destination for the packet, repackages (encapsulates) it, and passes it to the Physical layer components. In the OSI Model, Layers 1 and 2 (Physical and Data Link) define a network’s physical media and the signaling characteristics needed to request access to the transmission medium and to send and receive information across the network medium. Layers 3 and 4 (Network and Transport) move information from sender to receiver and handle the data to be sent or received. Layers 5 through 7 (Session, Presentation, and Application) manage ongoing communications across a network and deal with how data is to be represented and interpreted for use in specific applications or for delivery across the network. The Network Driver Interface Specification (NDIS) provides hardware and protocol independence for network drivers; in addition, it enables a host to contain multiple protocol stacks. NDIS 5.0 extends the functionality of NDIS 3.x and 4.0, so the basic requirements, services, terminology, and architecture of the earlier versions also apply to NDIS 5.0.The NDIS 5.0 architecture is included with Windows 98, 2000, and XP.
Multiple Universal Naming Convention Provider When a user or application calls a UNC-compliant path, the request is sent to the Multiple Universal Naming Convention Provider (see Figure 12.3).The syntax of a UNC path starts with a pair of backslashes, followed by the computer name, IP address, or fully qualified domain name, followed by a single backslash and a share name. Examples of valid UNC paths are as follows: n n n
\\server_name\share_name \\199.221.84.12\share_name \\ftp.server_name\share_name\file_name_in_share
The required component in a UNC name is the server name. For example, in Windows XP,Windows 2000,Windows 95, or Windows 98, click Start, Run and type \\server_name; server_name is another computer on your network.The result is a list of resources available on server_name, one of which is for shared printers. One of the design goals of Windows networking is to provide a platform that vendors can use to build networking services.The MUP, which is a driver with paths defined to existing redirectors, permits multiple redirectors to exist on the same computer and does not require applications to maintain UNC provider listings. I/O requests containing UNC names are sent to the MUP. If the MUP has not seen the name within the past 15 minutes, it begins negotiations with each redirector to determine which one can process the request.The selection criteria are based on the highest registered response time for
Administrative Shares
the UNC that each redirector reports.The connection to the redirector is open as long as there is activity and times out after 15 minutes. UNC path I/O Call \\servername\sharename User Mode Kernel Mode
MUP
Windows XP CIFS Redirector
Other Redirectors
TDI
Figure 12.3 The MUP architecture.
Multi-Protocol Router Not all requests are UNC-based, so the Multi-Protocol Router (MPR) exists to process other I/O requests.The MPR works with the MUP to process application requests. Applications also use the Win32 network API to request access to network resources. The actions the MPR takes are similar to the MUP.The application generates the request for resources based on the Win32 API; the MPR determines which redirector can fulfill the request and then sends the request to the appropriate one. Different vendors supply their own redirectors and supply the appropriate DLLs for MPR-toredirector communication.
Administrative Shares A shared resource is one that is made available over a network. An administrative share is created automatically when Windows XP is installed on a computer system. Select Computer Management from the Administrative Tools menu (you will have to change the properties of the Start menu to see the Administrative Tools menu in Windows XP), expand Shared Folders, and then click Shares to show all the shares on a particular computer (see Figure 12.4).There are five shares under the Shared Folder column. Note that three of the shares contain the $ character as the trailing character.When the $ character is appended to a share name, the share becomes a hidden share, adding a level of security known as “out of sight, out of mind.” Hidden shares do not show up in a browse list;
255
256
Chapter 12
Windows XP Networking Explored and Explained
however, users can connect to the share if they are aware of its existence and have appropriate rights.
Figure 12.4 You can view administrative shares via the Shared Folders item in the Computer Management snap-in.
Logical drives, such as the C$ drive, are referred to as administrative shares, even though the shares contain a $ as a hidden share does, because they are created as part of the Windows XP installation process.These shares are enabled for administrative access to information.These administrative shares created during a Windows XP installation are well known and a target for unwanted resource intrusion; therefore, you might consider disabling these shares if security is a big concern in your organization. To permanently delete shares, you must use the Registry. If shares are deleted manually, they are gone for that session; however, they return when Windows is rebooted. To remove shares permanently, perform one of the following actions: n
For Windows XP Professional, edit HKEY_LOCAL_MACHINE\SYSTEM\ CurrentControlSet\Services\LanmanServer\Parameters\AutoShareServer and change the key value to 0.You must add the REG_DWORD value for AutoShareServer and assign a value of 0 to disable (1 to enable).When you’re done, reboot the computer.
Caution Always back up your Registry before modifying it!
Protocols and Network Bindings Binding is the process of linking services and protocols to the lower-layer adapter drivers on a computer. Protocols bound to a network card allow the card to communicate with
Administrative Shares
other clients or services using those protocols. Binding multiple protocols to a single network card is a major benefit of Windows XP. Unlike earlier Windows versions, which had NetBIOS as the binding protocol, the main Windows XP protocol is TCP/IP. Binding several protocols to a network card adds potentially unnecessary overhead to each network communications request and additional traffic on the network. If the most frequently used protocol is listed first in the binding list, average connection time decreases.When a connection request is processed, the local redirector sends a TDI connection request to each transport simultaneously and then waits for a response from the higher priority transports. For example, a network card has NWLink and TCP/IP bound to it. NWLink is first in the binding order.The host then makes a request for a network resource.Typically, NWLink will bind first.TCP/IP, which is the second bound protocol, makes the connection to the resource, and the NWLink connection is dropped. Note The NetBEUI protocol is no longer available from the Install list in the Network Connections window. To install NetBEUI, you must copy the files from the Windows XP CD. NWLink IPX/SPX is easier to configure and maintain than TCP/IP; however, TCP/IP is the most widely used because of the popularity of the Internet and the many Web-based applications it supports.
There are instances in which multiple protocols might exist within a single network. For heightened network security, some companies deploy NWLink (IPX/SPX) within a network and use proxy agents for Internet access because NWLink is more secure than TCP/IP.The proxy computers have TCP/IP and NWLink bound to one network card acting as an interpreter between the protocols.TCP/IP-based tools are useless to a hacker on an NWLink-based network. For the proxy server, both protocols are bound to the internal network interface, and only TCP/IP is bound to the external network interface.
Binding Optimization The first step in binding optimization is to understand the network’s required features. Is Internet connectivity required? Is high security an issue? How large is the network? How is the network laid out? Do you need tools that are a function of a protocol (PING,TRACERT, and so on)? Because networks are often subnetted, evaluating the functions within a subnet is also important. (A subnet is a separate portion of a network that shares a network address with other parts of the network and is distinguishable by its subnet number.) The easiest method for optimizing bindings is to eliminate unnecessary bindings. How do you know which protocols are unnecessary in a network? If the path from a computer to a resource must pass through a router, NetBEUI is out. Unless the network is small and removed from the Internet, NetBEUI is not a good choice. Large-scale NetBEUI networks use available bandwidth with broadcasts, which makes effective network communication difficult.
257
258
Chapter 12
Windows XP Networking Explored and Explained
To remove an unnecessary binding, open Network Connections from the Start menu. Open the connection and click the Properties button. Highlight the name of the protocol you want to remove, and then click the Uninstall button. Click Close, and the Registry information is updated automatically.
Changing the Binding Order Another equally simple optimization is to move the most frequently used bindings to the top of the binding order. Again, it is important to understand the mission of the network. Assume that your binding order has NetBEUI first and TCP/IP last.You need both protocols, but TCP/IP is the most frequently used.To modify the binding order, follow these steps: 1. Click Start, Control Panel (Classic view), and open the Network Connections window. 2. Choose Advanced, Advanced Settings from the menu. 3. In the Advanced Settings dialog box, select the network to be modified (see Figure 12.5). 4. In the Bindings For section, select the protocol to be reordered. 5. Click the up or down arrow button to reorder the protocol sequence.
Figure 12.5 You can reorder protocol bindings in the Advanced Settings dialog box.
For More Information
To add a new binding to a network adapter, follow these steps: 1. Click Start, Control Panel (Classic view), and open the Network Connections window. 2. Open the network connection to be modified and click the Properties button. 3. Click the Install button. 4. Select Protocol from the list, and click the Add button. 5. Select the protocol to be installed, and click OK. 6. Click Close. After the protocol has been added, you can manage protocol bindings for each interface device. Modify the protocol binding per the previous instructions. If you have concerns about bindings in your networking environment and about exactly what is going on behind the scenes, running Network Monitor from a Windows 2000 server is a good starting point for investigation and troubleshooting. Fewer protocols mean less traffic, less exposure to hacks, and less administration.
For More Information If the information about Windows XP networking in this chapter has increased your desire to learn more, here are a few resources you can research: n n n
n
Hipson, Peter D. Mastering Windows XP Registry. Sybex, 2002. ISBN: 0782129870. Microsoft TechNet: http://www.microsoft.com/technet/. Microsoft Windows 2000 Server Resource Kit. Microsoft Press, 2000. ISBN: 1572318058. Microsoft Windows XP Professional Resource Kit. Microsoft Press, 2000. ISBN: 0-73561485-7.
259
13 Windows XP Networking Models
T
HERE ARE MANY DIFFERENT NETWORK CONFIGURATIONS. Each network has to be configured to account for security, information sharing, connectivity, user and resource location, and whether there is an onsite network administrator. Most important, however, the network must enable its users to get their jobs done quickly and easily.
This chapter focuses on how Windows XP functions in different types of environments. Because networks can change as often as the weather, this chapter addresses how Windows XP can adapt to meet your needs. It also provides an overview of the two main network models for which Windows XP is designed.
Workgroup Networks Workgroup networks, or peer-to-peer networks, are network models that offer ease of setup, non-centralized security, and low costs as their key benefits.The workgroup networking model can contain a mixture of operating systems and hardware spread across a large geographic area.Typically, however, workgroups are smaller network installations used when employees have minimal network administrative skills, when money is an issue, when there are few networked computers or users, or when security is not a major concern. The definition of a workgroup is a group of computers on a common network linked by a workgroup name. In Windows XP, you can view the computers that are part of your workgroup in My Network Places.You can easily move a computer from one workgroup to another.
262
Chapter 13
Windows XP Networking Models
Follow these steps to move a computer from one workgroup to another: 1. 2. 3. 4. 5. 6.
Log on to the XP system using an account with administrative permissions. Click Start, Control Panel. Click Switch to Classic View. Double-click the System icon. Select the Computer Name tab. Click the Change button to open the Computer Name Changes dialog box (see Figure 13.1). 7. Enter a new name for the workgroup in the Workgroup text box. 8. Click OK to close the Computer Name Changes dialog box. 9. Click OK to close the System applet.
Figure 13.1 The Computer Name Changes dialog box.
If the workgroup name you enter doesn’t already exist,Windows creates a new workgroup. You can also join a domain, if one exists, from the Computer Name Changes dialog box. Instead of entering a different workgroup name, select the Domain radio button and enter the name of the domain you want to join. For Windows XP Professional machines, you must create a computer account in the domain by supplying a domain administrator ID and password. Assuming that the account and password information are valid, you are welcomed into the domain. Although it’s built on the same code as Windows XP Professional,Windows XP Home is still targeted toward home users. Because Windows 95, 98, or Me could not take part
Domain-Based Networks
in domain security, neither can Windows XP Home. All Windows XP Home computers default to the workgroup MSHOME.You can still access resources on a domain from a Windows XP Home machine; you’ll just be prompted for a domain username and password when you do.Windows XP Professional and 64-bit Edition do not have this limitation. Security in a workgroup model is based on share-level security. In Windows XP, a local Security Accounts Manager (SAM) database contains local account information for user validation on that workstation. Resources can be shared by granting explicit access on a per-user or per-workgroup basis. If security is of even moderate concern, you’re better off using a domain model. As previously mentioned, typical workgroups are small and are used for logical organization of a small group of computers. A network can consist of multiple workgroups. Assuming that your network is organized into workgroups, you can browse the network in My Network Places.The view in My Network Places shows several workgroups rather than many individual computers, but you can find individual computers within their specific workgroups at a lower level in the browser hierarchy.Workgroups do not, however, offer much in the way of centralized administration or user-level security. Domain-based networks were created to address these issues.
Domain-Based Networks A domain-based network differs from a workgroup-based network in that it contains users and computers that share a centralized security model and user account information. In a Windows NT network, a domain is like a medieval kingdom with a central authority or monarch (the primary domain controller, or PDC), members that participate in the monarchy as potential rulers (the backup domain controllers, or BDCs), members that provide services to the kingdom but cannot participate in ruling the kingdom (member servers), and the commoners in that kingdom (ordinary users). A domain consists of users and resources just as a kingdom is made up of people and property. In Windows 2000 or .NET and Active Directory, the domain model has changed. Gone are the PDCs and BDCs. Instead, you deal simply with domain controllers (DCs). Unlike the Windows NT model, in which only the PDC maintained a read/write copy of the SAM, all domain controllers maintain a read/write version of the user and group information. When a computer running Windows XP Professional logs on to a network, the NetLogon service on the client computer creates a secure communications channel with the NetLogon service on a domain controller. A secure communications channel exists when computers at each end of a connection are satisfied that the computer on the other end has correctly identified itself. Computers identify themselves by using their computer accounts.When the secure channel is established, secure communications can take place between the two computers.
263
264
Chapter 13
Windows XP Networking Models
To maintain security during a communications session, internal trust accounts are set up between a workstation and a server, between the domain controllers within a domain, and between domain controllers in trusted domains.Trust relationships and the secure channels they provide enable administrators to remotely manage workstations and member servers.Trusts also affect the relationships between workstations and domain servers.
Understanding Groups Groups are the most frequently mismanaged element in Windows XP or any other network operating system. Understanding group creation and management is essential for minimizing administrative overhead, managing security, and ensuring the maintainability of Windows XP. Without knowledge of default groups and permissions, shares, and the Registry, you could open your Windows XP computer to security risks.This section reviews default groups, built-in groups, default permissions for those groups, and how to apply proper security. Windows XP Home shows another sign of its ancestry when it comes to groups.The previous home user versions of Windows had no concept of users, so there was no need for groups.Windows XP Home does take advantage of its Windows XP heritage and offers the following built-in groups: n n
Owners group Restricted Users group
The Owners group is akin to the Administrators group in Windows XP Professional and 64-bit Edition. Users who log in interactively on Windows XP Home are assumed to be members of this group, which gives them full control over the computer. It is possible to create a user in Windows XP Home who is not a member of the Owners group. The Restricted Users group is for access to your Windows XP Home box from the network.Typically, these accounts are let in with Guest status and allowed only Read access to shared resources. Windows XP Professional and 64-bit Edition are descendants of the mighty corporate Windows operating system, so they have a wider variety of security options.This includes a much larger list of built-in local groups: n n n n n
Administrators Backup Operators Guests HelpServicesGroup IIS_WPG
Understanding Groups
n n n n n
Network Configuration Operators Power Users Remote Desktop Users Replicator Users
Some of these built-in groups contain other groups by default. Being aware of these groups is essential to managing security properly and minimizing administrative overhead. In addition to the default local groups just listed,Windows XP specifies another relationship that exists inherently within the system.The Everyone group is an intrinsic group whose membership consists of all local and network domain users logged in at any time. Known security issues with the Everyone group include shares, New Technology File System (NTFS) drives, and the Registry. By default, when a new share or a new NTFS partition is created, Everyone is granted Full Control. In the Registry, the HKEY_LOCAL_MACHINE root gives the Everyone group Read permissions. Some Registry keys also give the Everyone group Full Control.You must be aware of what the Everyone group is given by default to close up such breaches in security. Windows XP also has some special built-in groups.These groups cannot be modified and their memberships are dynamic. In addition, they do not appear in any of the user/group administration tools. Instead, they appear only in the Access Control Lists (ACLs) for resources and objects.These special groups are the following: n
Anonymous Logon. Any user who is logged on anonymously is automatically added to this group.
n
Authenticated Users. Any user who logs on with a username and password is added to this group.
n
Batch. Any batch file or process running on the system goes in this group. Creator Owner. This group serves as a placeholder in an inheritable access control entry (ACE).
n
n
Creator Group. This group serves as a placeholder in an inheritable access control entry (ACE).
n
Dialup. Any user who accesses the system via a dial-up connection is added to this group.
n
Interactive. This group contains the user who is currently logged on to the computer.
n
Local Service. Services that run on the local computer are added to this group. Network. This group contains any users who access the system across a network.
n
265
266
Chapter 13
n
n
n n n
Windows XP Networking Models
Network Service. Any service that needs authenticated network access is added to this group. Remote Interactive Logon. Any user who accesses the computer via a remote connection is added to this group. Service. Any service running locally is added to this group. System. The operating system operates in this group. Terminal Server User. If the system is running applications in Terminal Server mode, this group contains any user logged on to the system via Terminal Services.
Assigning users to the proper group simplifies user and group management.The following sections explore the groups built into Windows XP.
Administrators The Administrators group has complete control over the computer. Administrators, by default, have Take Ownership permissions. Although you might think NTFS permissions forbid the Administrator to access your files, the Administrator can take ownership of those files and change the NTFS permissions.
Backup Operators By default, Administrators, Backup Operators, and Server Operators have the rights to back up and restore Windows XP volumes, directories, and files. Backup Operators can specifically back up and restore files, even when Read and Write permissions have not been explicitly given to the group’s members. The Backup Operators group is empty by default. It is common practice in an enterprise environment to define a global group named Backup Operators into which the personnel responsible for backups are added. On each domain controller and member server, the global Backup Operators group is added to the local Backup Operators group to promote simplified group management. Backup Operators can shut down servers, but they cannot change security settings on the files they are permitted to back up.
Guests The Guests account is disabled by default. Guests are exactly that—guests. As with someone visiting your home, you don’t have complete knowledge of or confidence in a Guest. Guests must log in to resources over a network and cannot log on locally.Typical installations never use the Guests account, and it is recommended that you leave it disabled.
Understanding the Security ID
HelpServicesGroup The HelpServicesGroup group is for the Help and Support Center.With special applications, the Microsoft Help and Support Center can access your computer from the network and log on to help diagnose problems.
Network Configuration Operators The Network Configuration Operators group is allowed to make administrative changes only to the network settings.This group is a good place to put users who have laptops because it enables them to modify their settings without giving them full Administrator status.
Remote Desktop Users The Remote Desktop Users group has the right to log on to the computer using a remote desktop connection via Terminal Services.
Power Users Power Users have default administrative-like rights that permit user management for the users they create. Power Users can also add users to the Guests, Power Users, and Users groups. Power Users have local machine permissions to share and remove file and printer shares.
Replicator Replicator is a system-level group used only for the Windows XP built-in Directory Replication service.This group has no default members. If you make a Windows XP Professional computer a replication partner, the account associated with the replication service on that machine must be inserted into this group.
Users Who are Users? Unlike the Everyone group, the Users group is permitted to use the Log On Locally right on all Windows XP Professional machines. In Windows XP Professional, members of the Users group can create and delete local groups, shut down and lock the local workstation, and maintain a local profile.
Understanding the Security ID Security IDs (SIDs) are part of the Windows XP security system. A SID is a unique key that identifies objects in a Windows domain. Each user, group, and computer has a
267
268
Chapter 13
Windows XP Networking Models
unique key. A username or computer name can change; therefore, the domain needs some way to track what’s going on in the system. Enter the SID. Say you have a workstation named Matthew, and you decide to rebuild Matthew from the ground up. Even if you name the new workstation Matthew, it really isn’t Matthew—just as a clone isn’t the original, but a close copy. Because the system SID changes based on a new installation of Windows XP—even though the machine name is the same and it is built to be identical to the original—Windows XP is not fooled into letting this machine enter the domain and assume Matthew’s responsibilities.
Troubleshooting Techniques for Networks There are many ways in which domain controllers can become the focus of networking problems.The symptoms and fixes described in the following sections cover the most common problems and their related workarounds.
IP Address Connection Works, but Name Resolution Fails If you encounter a situation in which the IP address connection works but name resolution fails, try the following: 1. Make sure the appropriate Hosts file and DNS setup are configured for the computer. First, check the host name resolution configuration by using the Network and Internet Connections applet in Control Panel. 2. Then right-click Local Area Connection and select Properties. 3. Select Internet Protocol (TCP/IP) and click the Properties button. 4. Click the Advanced button, select the DNS tab in the Advanced TCP/IP Settings dialog box, and make sure the settings are correct (see Figure 13.2). 5. If you are using a Hosts file, make sure the remote computer’s name is correct and is capitalized exactly as it appears in My Network Places, in the file, and in the application that uses the file. 6. If you are using DNS, make sure the IP addresses for all DNS servers are correct and are entered in the proper order. Use the PING command with the remote computer by typing both the hostname and its IP address to determine whether the hostname is being resolved properly. 7. Use the IPCONFIG /all command from the command prompt.Windows XP displays all TCP/IP configuration information (see Figure 13.3). 8. Use the IPCONFIG /displaydns command to verify that the hostname-toIP resolution is correct. If it’s not, use the IPCONFIG /flushdns command to flush your cache.
Troubleshooting Techniques for Networks
Figure 13.2 The DNS tab of the Advanced TCP/IP Settings dialog box.
Figure 13.3 The TCP/IP configuration information that’s displayed by using IPCONFIG /all.
TCP/IP Connection to Remote Host Hangs If a TCP/IP connection to a remote host hangs, you can use the Windows XP NETSTAT command to display protocol statistics and current TCP/IP network connections, which can be helpful in diagnosing problems.The NETSTAT command displays statistics and connections related to NetBIOS connections that run over TCP/IP. Here is the syntax for using the NETSTAT command: NETSTAT [-a] [-e] [-n] [-o][-s] [-p proto] [-r] [interval]
Table 13.1 details the switches used with NETSTAT.
269
270
Chapter 13
Windows XP Networking Models
Table 13.1 NETSTAT Command Switches Switch
Function
-a
Displays all connections and listening ports. (Server-side connections are not usually shown.) Displays Ethernet statistics.This switch can be combined with the -s option. Displays addresses and port numbers in numerical form. Displays the owning process ID for the connection. Shows connections for the protocol specified by proto; proto might be TCP or UDP. If used with the -s option to display per-protocol statistics, proto might be TCP, UDP, or IP. Displays the contents of the routing table. Displays per-protocol statistics. By default, statistics are shown for TCP, UDP, and IP; the -p option can be used to specify a subset of the default. Redisplays selected statistics, pausing the specified interval of seconds between each display. Press Ctrl+C to stop redisplaying statistics. If omitted, NETSTAT prints the current configuration information once.
-e -n -o -p proto
-r -s interval
Note You can obtain a listing of all NETSTAT commands at any time by typing NETSTAT /? at the command prompt.
Use the NETSTAT -a command to show the status of all activity on the local computer’s TCP and UDP ports.The state of a good TCP connection is usually established with 0 bytes in the send and receive queues. If data is blocked in either queue or if the state is irregular, there is likely a problem with the connection. If not, the network or application is probably experiencing delays.
NET Commands The NET commands comprise a NetBIOS-based set of networking commands that cover the full range of network capabilities on a Microsoft network. Several useful commands and utilities are covered in the following sections. Use the command NET /? to see all the NET commands and their usage. NET COMPUTER Use the NET COMPUTER command to add or remove a computer from a Windows domain.The following is the syntax for the NET COMPUTER command: NET COMPUTER \\computername {/ADD | /DEL}
For More Information
In the preceding line, \\computername is the name of the computer, and /ADD or /DEL specify whether the computer is to be added or deleted from a domain. Additional NET Commands Use the NET START command to manage your installed Windows XP services from the command line.The following is the syntax for the NET START command: NET START ServiceName
Using the NET START command and the service’s display name can start nearly every service. For example, to start the Print Spooler, use the following syntax: NET START “Print Spooler”
Notice that if spaces appear in the service’s display name, you need to place double quotation marks around the name. Use the NET STOP command the same way to stop services that are started. Use the NET VIEW command to see the shared resources on a remote computer.The following is the syntax for the NET VIEW command: NET VIEW \\computername
For More Information To find more information about domain models and troubleshooting network problems, access one of the following resources: n
MCSE Training Guide (70-270):Windows XP Professional. Que Certification, 2002. ISBN: 0-7897-2773-0.
n
Microsoft TechNet. Available online at http://www.microsoft.com/ technet/. Microsoft Windows XP Professional Resource Kit. Microsoft Press, 2001. ISBN: 0-73561485-7.
n
271
14 Windows XP and TCP/IP
T
HIS CHAPTER EXPLAINS WINDOWS XP’S relationship with what has to be its most important networking protocol—namely, the suite of protocols collectively known as Transmission Control Protocol/Internet Protocol (TCP/IP). Although Windows XP continues the support for other networking protocols besides TCP/IP, NetBEUI no longer appears by default in the list of installable protocols. If you want to install NetBEUI, you must copy the files from the Windows XP CD-ROM.TCP/IP is clearly the protocol of choice for Windows XP.
As evidence of TCP/IP’s pre-eminence, consider the following observations on Windows XP: n
TCP/IP is now the only protocol that’s selected by default during the Windows XP installation process.
n
Much of the Windows 2000 Server network infrastructure support comes from Active Directory; Active Directory in turn uses the Lightweight Directory Access Protocol (LDAP) to convey directory services requests, responses, updates, replication, and so forth. LDAP is an IP-based protocol, which means that using Active Directory requires that TCP/IP be installed.
n
Most of the sophisticated network services that Windows 2000 Server and XP use and support—including Active Directory, Dynamic Host Configuration Protocol (DHCP), Domain Name System (DNS), connection sharing, automatic network configuration, and so forth—either work best with TCP/IP or require TCP/IP to do their jobs.
Therefore, it’s no exaggeration to say that networking with Windows XP is at its most powerful and usable when TCP/IP provides the underlying protocol stack that services and applications use. In fact, so-called native-mode Windows 2000 networks (that is, Microsoft networks that have only Windows 2000 servers) can use TCP/IP without also using NetBIOS for
274
Chapter 14
Windows XP and TCP/IP
name resolution.Whereas all previous Windows operating systems—including Windows 3.x,Windows 9x, and Windows NT—all required access to NetBIOS to support the browser service, Network Neighborhood, replication services, and much more,Windows 2000 networks running Active Directory (and hence,TCP/IP) can do without NetBIOS completely as long as your software applications do not require NetBIOS support. Unfortunately, most networks these days contain a mix of older Windows versions alongside Windows 2000 and XP.They are called mixed-mode networks (in which machines include Windows servers other than Windows 2000). Mixed-mode networks do require NetBIOS services, however, so networks that use only TCP/IP require some method for resolving NetBIOS names to be supported.That’s why this chapter includes a section covering the Windows Internet Naming Service (WINS) and a file-based equivalent. Other topics covered here consist of mainstream TCP/IP activities and services, including the following: n n n n n n n n n
Domain names and IP addressing Managing Windows XP IP configurations Routing TCP/IP Managing the Internet periphery: firewalls and proxy services Name resolution services: DNS and WINS IP-based e-mail Managing Web access and security Working with FTP Troubleshooting IP services and connectivity
TCP/IP Explored and Explained Although the collection of protocols and services known as TCP/IP is named after its two most important members—the Transmission Control Protocol (TCP) that provides reliable, end-to-end transport services and the Internet Protocol (IP) that provides basic network packet delivery services—TCP/IP actually covers many hundreds of named protocols and services from Layer 2 (Data Link) through Layer 7 (Application) of the Open Systems Interconnect (OSI) Reference Model. .
For more information on the OSI Model, see Chapter 12, “Windows XP Networking Explored and Explained,” p. 249.
Because TCP/IP provides the underpinnings for the Internet and the foundation for Active Directory in Windows 2000 and XP, neither users nor administrators can avoid using TCP/IP these days. However, intimate knowledge of TCP/IP’s individual protocols
TCP/IP Explored and Explained
and services and their implementation details isn’t really necessary, either. For that reason, this chapter forgoes the usual history and functionality review that begins most forays into TCP/IP and instead concentrates on the details that you must understand. If you’re interested in learning more about detailed TCP/IP specifications, capabilities, and history, please consult the “For More Information” section at the end of this chapter. Because TCP/IP includes a great many individual protocols that operate at Layers 2, 3, and 4 of the OSI Reference Model and includes a great many services (each with one or more of its own attendant protocols) at Layers 5 through 7,TCP/IP is a big, bulky protocol stack. It typically consumes more system resources than other protocol stacks because of the number of constituent protocols and the sizeable buffer allocations for incoming and outgoing traffic. Particularly for Windows 2000 servers, but also for high-end Windows XP Professional machines, these characteristics make it important to purchase fast, powerful network interface cards (NICs).This means you should be glad to pay for advanced features that include the following capabilities when you buy high-end NICs to ensure the best possible network performance: n
Bus mastering. Permits the NIC to manage memory transfers without involving the CPU (so no waiting for CPU service is required). Most modern Peripheral Component Interconnect (PCI) NICs support this characteristic; this is particularly true for higher-end NICs.
n
Direct memory access (DMA). Permits memory buffers on the NIC and memory regions in RAM to be mapped to one another for faster data transfers between the two.This feature often occurs in tandem with memory-sharing configurations so that writing to outgoing memory buffers in RAM triggers automatic transfers to NIC buffers, and writing to incoming memory buffers on the NIC triggers automatic transfers to RAM.
n
NIC memory buffers. Installing as much RAM as possible on the NIC itself means it can handle larger amounts of incoming and outgoing data faster, thereby increasing overall network throughput.
n
Onboard coprocessors. These “mini-CPUs” become part of the NIC and can handle packet processing for incoming and outgoing traffic, thereby relieving the CPU of this burden. (Usually, the NIC packaging indicates whether the card has an onboard coprocessor.)
Windows XP systems are usually configured with more than 128MB of RAM (for Professional, the minimum recommendation is 64MB) or 256MB of RAM or more (for Windows 2000 Server), so TCP/IP’s resource footprint is no longer a big concern for such systems. Nevertheless, it makes sense to install the most powerful NICs you can afford, particularly when you’re operating at 100Mbps or higher network speeds using TCP/IP.
275
276
Chapter 14
Windows XP and TCP/IP
Any useful discussion of TCP/IP must cover topics germane to its configuration and to the operation of higher-level services that use TCP/IP for transport.Therefore, the topics involved in this chapter include the following: n
n
n
Use of IP domain names for unique identification of network clients and servers and other devices Proper configuration of key IP network addresses to manage traffic from any local subnet to the rest of the network Client IP address management techniques, including dynamic address management services
n
The domain name to IP address resolution process; likewise, resolving NetBIOS names to IP addresses
n
Managing Internet access via dial-up (analog telephone) or digital technologies (ISDN, cable modem, DSL, and so on)
n
Delivering common Internet services, such as Web, file transfer, e-mail, and so on
TCP/IP’s inherent characteristics can explain its enduring popularity—not only is TCP/IP a reliable and robust protocol suite, but it also provides an entrance into the Internet. Although TCP/IP can be more difficult to configure and consumes more system resources than other protocols, it remains the best protocol in networking environments of just about any size, particularly where Internet access is required (as it is in the vast majority of modern networks). TCP/IP is a packet-switched protocol suite.This characteristic means that individual chunks of information find their way through the network from a sender to a receiver without each chunk having to follow the same path. In other words,TCP/IP does not have to rely on any single logical pathway between sender and receiver; each chunk of data—called a packet or a frame—can make its own way from one point to the other. When packets arrive at their destination,TCP/IP handles their resequencing so that incoming packets get arranged in the correct order. In this way, packet-switching reduces the importance of any single link in the pathway between sender and receiver—as long as at least one valid pathway between the two can be identified, data is transferred properly. For this reason,TCP/IP helps ensure delivery from sender to receiver, even when links fail or are otherwise unavailable between a sender and a receiver.TCP’s added error-checking and retransmission request capabilities help ensure reliable, robust delivery of data between senders and receivers. TCP/IP’s biggest benefit stems from one of its original primary design goals—to permit heterogeneous computers to exchange information across a network link of some kind. In other words,TCP/IP was designed from the ground up to permit dissimilar types of computer systems to exchange information with one another. Government funding for early TCP/IP research, in fact, stemmed in large part from frustration with the difficulties in getting early Sperry-Rand computers to exchange data with IBM machines.
Understanding IP Addressing, Subnet Masks, and Domain Names
Today, some kind of TCP/IP implementation is available for just about every kind of computer in use, which virtually guarantees that computers can communicate with one another. If you do come across a computer that cannot handle TCP/IP, it won’t be able to access the Internet. So it might be time to think about its retirement! Windows XP continues to build on the newly designed implementation of TCP/IP introduced in Windows 2000. Microsoft has provided a set of redesigned, user-friendly GUIs to simplify the process of configuring the many TCP/IP protocols, including DHCP, DNS, IGMP (Internet Group Management Protocol), and SNMP (Simple Network Management Protocol), to name a few.The goal is to enable access to an entire TCP/IP network, including components that can be reached across the Internet. To understand the configuration requirements of using this protocol correctly, you must understand what’s involved in working with numeric IP addresses and symbolic IP domain names.These items are covered in the next section, after which specific requirements for configuring TCP/IP on Windows machines are tackled.
Understanding IP Addressing, Subnet Masks, and Domain Names On a TCP/IP network, each network interface that handles TCP/IP traffic must have its own unique identifier, known as an IP address. (Because these addresses take the form of four sets of numbers separated by three periods, they are sometimes called numeric IP addresses or numeric addresses.) In TCP/IP terminology, every network device that can send or receive IP traffic is called an IP host, or host for short. Because some devices might have more than one network interface installed (for example, a router or a multihomed server), a single host can have more than one IP address—in fact, it should have a unique IP address for every interface. In addition, a single NIC can have multiple IP addresses assigned to it. Each IP address consists of two parts: the leading part identifies a particular network and is known as the network portion of the address; the trailing part identifies some particular host (interface) and is known as the host portion of the address.The network portion, also known as the network ID, identifies the network segment to which the host’s network interface is attached. Likewise, the host portion, also known as the host ID, identifies a specific network interface (which must be attached to a specific network segment). IP routers use the network portion of an IP address to determine how to deliver information from a sender to a receiver. If both parties share a common network ID, no routing is necessary because both parties are on the same network segment. If each party has a different network ID, a router must forward the packet from the sending network to some other network (and possibly another router) to reach the network where the receiver resides.When a router attached to the same network segment as the receiver is
277
278
Chapter 14
Windows XP and TCP/IP
reached, it manages a local transfer directly from the router to the recipient, using the host portion of the address. If sender and receiver are on the same network segment, this local transfer can occur directly from sender to receiver, so no router needs to get involved. The Internet actually consists of thousands, if not millions, of network segments interconnected by routers. Each network segment must possess its own unique network ID, and every device on that network segment shares the same network portion of its IP address to signify that it is part of that network segment. IP addresses consist of a 32-bit binary number divided into four 8-bit sequences called octets in TCP/IP lingo. For easier reading, each octet is usually represented as a decimal number, so IP addresses take the form of 10.1.156.12, 172.16.10.10, or 192.24.24.5, for example.Therefore, the binary IP address 1100111 0010110 10000011 10001001 can be represented as 207.46.131.137.To create a decimal equivalent to a binary IP address, convert each 8-bit sequence to a decimal number, and separate the four resulting digits by periods (which explains why this way of representing IP addresses is called dotteddecimal notation). Computers operate on IP addresses in their binary forms; humans do better reading such addresses in decimal forms. But some familiarity with the binary equivalents of decimal numbers is important because certain bit patterns are significant when managing IP addresses, as you’ll learn in the following sections of this chapter. On the other hand, because humans remember symbolic names, such as www.microsoft.com or www.quepublishing.com, better than they do even dotted-decimal addresses, such as 207.46.230.218 or 63.69.110.220, IP provides for name-to-address translations to make identifying Internet resources a bit easier for humans. Domain names (and NetBIOS names) are discussed later in this chapter in the section “DNS,WINS, Active Directory, and Other IP Matters.”
IP Address Classes The current version of IP in use is called IPv4, and it uses the 32-bit numeric addresses described in the previous section.This design supports nearly 4.3 billion network hosts altogether. Instead of permitting individuals or organizations to choose their own IP addresses, however, address distribution falls under the aegis of the Internet Corporation for Assigned Names and Numbers (ICANN), which is available online at http://www.icann.org. ICANN, in turn, designates various high-level name registries and service providers to manage domain names and IP addresses so that a single centralized database for this information can be maintained. “Why is this necessary?” you might ask. Centralized controls are essential because of the requirement that all numeric IP addresses and domain names be unique. Because no
Understanding IP Addressing, Subnet Masks, and Domain Names
duplicates are allowed, a central authority to manage the distribution of names and numbers is needed—hence the existence of ICANN and its delegates. Using an address class scheme, ICANN assigns blocks of IP addresses through its delegates to networks based on their size and purpose. IP addresses come in five classes, labeled alphabetically as Classes A through E. Classes A, B, and C are used for conventional networks and, therefore, are the ones of concern in this chapter. Classes D and E have special uses and don’t follow the same rules as those set for Classes A through C (although all five fall into unique numerical ranges, as you’d expect, based on the requirement that all IP addresses be unique). Class D addresses are used for multicasting, in which a single receiver can address an entire community of recipients with a single destination address. Class E addresses are reserved for experimental use and are usually encountered only in development environments. The first three address classes—A through C—differ in the number of octets they use for the network and host portions of each address. Class A uses a single octet for the network portion, Class B uses two octets for the network portion, and Class C uses three octets. By logical extension, this also means that Class A uses three octets, Class B uses two octets, and Class C uses one octet for the host portion of IP addresses. The number of octets in the network portion of each IP address determines its default subnet mask. A subnet mask is simply a bit pattern that puts a 1 in each bit position for the network ID and a 0 in each bit position for the host portion. Routers and IP clients use the subnet mask to select the network ID from an address when routing is required; pairs of IP hosts use the subnet mask to block off the network portion when transferring a packet from one host to another on the same network segment (also known as a subnet, for obvious reasons). Table 14.1 identifies the default subnet masks for address classes A, B, and C.You can recognize the class associated with any IP address by inspecting its first octet in binary form. Here’s how the identification process works: n n n n n
Class A addresses always have a 0 in the first bit position. Class B addresses always begin with 10 in the first two bit positions. Class C addresses always begin with 110 in the first three bit positions. Class D addresses always begin with 1110 in the first four bit positions. Class E addresses always begin with 11110 in the first five bit positions.
The reason this method of identification is used is because routers and other networking devices can examine the initial bits of IP addresses at the hardware level very quickly. This helps keep IP packets moving, even when address calculations involving subnet masks must be applied to determine whether and how IP packets are to be routed (or not, as is the case when routing is not required for purely local transfers).
279
280
Chapter 14
Windows XP and TCP/IP
Table 14.1 Address Classes with Corresponding Network and Host IDs Address Class
IP Address
Network ID
Host ID
A B C
w.x.y.z w.x.y.z w.x.y.z
w w.x w.x.y
x.y.z y.z z
Because of the bit patterns used to identify address classes A through C, each falls into a specific numeric range related to the restrictions on its initial bits.This information is captured in Table 14.2 for address classes A through C, along with information about the number of network and host IDs consequently available for each address class. Table 14.2 IP Address Components and Counts by Class Address Class
High-Order Bits
Octet 1 (Decimal)
Number of Networks
Number of Hosts
A B C
0xxxxxxx 10xxxxxx 110xxxxx
0.0.0.0–127.255.255.255 128–191.x.y.z 291–223.x.y.z
128 16,384 2,097,152
16,777,214 65,534 254
IP Address Restrictions Several additional restrictions on addresses apply to each IP address class. For any given network address, the address with a host portion consisting of all zeros identifies the network as a whole and cannot be used to identify a particular host. Likewise, the address with the host portion consisting of all ones is a broadcast address, which is meant to be read by all hosts on any particular subnet. When calculating the total number of host addresses for any subnet, be sure to subtract 2 from the number of addresses that binary arithmetic produces. (When that number represents 2n, n is the number of bits in the host address; therefore, the actual number of hosts is 2n–2 for any host address range.) Other restrictions on IP addresses include reserving Class A address 127 for testing purposes. (It’s the address associated with the symbolic names loopback and localhost, which can be used to test IP accessibility strictly on a single machine at a time.) Another restriction is reserving addresses within each class (1 Class A, 16 Class Bs, and 256 Class Cs) as private IP addresses. Private IP addresses can be allocated for use on any local networks, but because these addresses cannot be guaranteed to be unique, they cannot be routed over the public Internet.
IP Subnets and Subnet Masks On a TCP/IP network, a subnet represents a particular cable segment or an address range that defines a community of interest (such as the members of a department or workgroup). All hosts within a subnet can communicate directly with one another, but they cannot communicate directly with hosts outside the subnet. Subnets help reduce traffic congestion by isolating local communication to a specific group of local hosts.
Understanding IP Addressing, Subnet Masks, and Domain Names
Subnets can represent individual cable segments for some network topologies. On switched networks, for instance, the notion of a cable segment doesn’t really apply, however. So switches define virtual subnets that represent logical aggregations of individual hosts that are treated like the logical equivalent of a cable segment. When designing IP subnets, it’s best to include hosts that routinely exchange information with each other and to exclude hosts that seldom communicate. (They should be on separate subnets.) Sometimes subnets are dictated by network topology—especially on Ethernet networks that use coaxial cable or twisted pair hubs—in other cases, subnets can be created by affinity rather than proximity. To send data from one IP subnet to another, however, the data must pass through one or more routers that ultimately tie the two subnets together.That helps explain why routers are called IP gateways in TCP/IP terminology:These devices provide a way to reach external networks from any single subnet and, therefore, act as a gateway to the outside networking world. Subdividing a single IP network ID into multiple smaller segments or affinity groups is called subnetting. A subnet mask helps define the process of subdivision that’s used. Basically, a subnet mask “steals” bits from the host portion of an IP address to create logical subdivisions of the network address, thereby creating multiple smaller subnetworks within a single larger network address. This works much like a telephone number, in which it’s normally necessary to include the area code in the dial string when calling from one area code to another, but no area code is required when the calling and called numbers share an area code. In this analogy, the area code represents the network address portion and the seven-digit phone number represents the host address portion. Continuing the analogy to subnets, the first three digits of a seven-digit number (known as the local exchange) identify a common subnet, but different local exchanges identify different subnets. A subnet mask is a 32-bit IP address that defines which bits fall into the network portion of the address by filling those bits with ones and leaving zeros for the host portion of the address.Table 14.3 identifies the default subnet masks for the primary IP address classes. Table 14.3 Class A, B, and C Default Subnet Masks Address
Decimal Mask
Binary Mask
A B C
255.0.0.0 255.255.0.0 255.255.255.0
11111111.00000000.00000000.00000000 11111111.11111111.00000000.00000000 11111111.11111111.11111111.00000000
Subnet masks that exceed these defaults are used to divide the normal host portion of the address into a subnetwork ID portion (leftmost bits) and a host portion (rightmost bits).Therefore, a Class B subnetwork mask with a value of 255.255.224.0 shows its
281
282
Chapter 14
Windows XP and TCP/IP
capabilities by expressing the third octet (the first octet of the host portion, in other words) in binary: 11100000.The first three bits in this subnet mask are ones; therefore, the number of subnets that this mask enables is equal to 22–2 (the same exclusion on all ones and all zeros addresses for hosts also applies to subnetworks), or six subnetworks. Likewise, the number of host addresses on each subnetwork can be calculated by counting the number of zeros remaining in the subnet mask. (For 255.255.224.0, the lowerorder two bytes in binary are 11100000.00000000, producing a total of 13 zeros.) Therefore, the number of hosts on each subnet is equal to 212–2, or 8,190.Table 14.4 shows the possible subnet masks and the results for each address class from A to C. Table 14.4 Subnet Masks with Resulting Networks and Hosts Binary Mask
Decimal Equivalent
New Subnets
Hosts
00000000
A: 255.0.0.0 B: 255.255.0.0 C: 255.255.255.0 A: 255.128.0.0 B: 255.255.128.0 C: 255.255.255.128 A: 255.192.0.0 B: 255.255.192.0 C: 255.255.255.192 A: 255.224.0.0 B: 255.255.224.0 C: 255.255.255.224 A: 255.240.0.0 B: 255.255.240.0 C: 255.255.255.240 A: 255.248.0.0 B: 255.255.248.0 C: 255.255.248.0 A: 255.252.0.0 B: 255.255.252.0 C: 255.255.252 A: 255.254.0.0 B: 255.255.254.0 C: 255.255.254.0 A: 255.255.0.0 B: 255.255.255.0 C: 255.255.255.255
Default Default Default Invalid Invalid Invalid 2 2 2 6 6 6 14 14 14 30 30 30 62 62 62 126 126 126 254 254 254
A: 16,777,214 B: 65,534 C: 254 Invalid Invalid Invalid 4,194,302 16,382 62 2,097,150 8,190 30 1,048,574 4,094 14 524,286 2,046 6 262,142 1,022 2 131,070 510 Not valid 65,534 254 Not valid
10000000
11000000
11100000
11110000
11111000
11111100
11111110
11111111
Understanding IP Addressing, Subnet Masks, and Domain Names
IP Addresses on Your Network When you implement TCP/IP on a network, you can elect to obtain public IP addresses from your service provider or use private IP addresses instead. If you want to connect your private network to the Internet, you need at least one public IP address for the Internet connection, or you can deploy public IP addresses obtained from an ISP or some other source. It doesn’t matter where you get them, as long as they’re valid and unique. If you elect to use private IP addressing, check out the private IP address ranges defined in Internet RFC 1918. (RFC stands for Request For Comments and identifies the collection of public documents that govern TCP/IP protocols, services, best practices, and more; to inspect 1918’s contents, please visit http://www.ietf.org/rfc/ rfc1918.txt.)
Working with Network Address Translation (NAT) If you use public IP addresses, your network hosts can access the Internet directly. For hosts that use private IP addresses, however, they must go through an address translation service called Network Address Translation (NAT) to access the Internet. Because anyone can use private IP addresses, they cannot be routed across the public Internet.This confers a beneficial security side effect because would-be hackers cannot pretend to use private IP addresses in packets they attempt to introduce into the private side of your network. Usually, all hosts that use the same NAT server map into a single public IP address associated with that server, which is why you must always have at least one public IP address if you want your users to access the Internet.That public IP address, of course, will be the public address that the NAT server uses to identify the source address for outgoing network packets after it’s translated them into public form.The NAT server maintains a table of active connections for clients accessing the Internet so that it knows where to direct replies to outgoing traffic, even though all that traffic appears to originate at the same public Internet address. In this way, NAT greatly reduces the number of public IP addresses that a network must obtain to access the Internet. Because most organizations must pay a monthly fee for the block of public IP addresses they use, this can help contain related costs (and improve security at the same time). NAT has its disadvantages, however. It is subject to numerous service conflicts and other special considerations, as follows: n
Application access. To run applications across the Internet where NAT is operating, you must configure NAT to recognize and use such applications. Because not all applications work with NAT, this can cause problems.The only way to be sure is to implement a test configuration and check networked applications to make sure they work properly.
283
284
Chapter 14
n
n
Windows XP and TCP/IP
DHCP. Both NAT and DHCP provide addressing components that identify subnet masks, default gateways, and DNS and WINS servers. Because of potential conflicts, NAT cannot be used on private networks where DHCP is already deployed. Likewise, DHCP relay agents cannot be used on private networks where NAT assigns addresses because NAT could forward DHCP traffic to a DHCP server on the wrong (other) network. Inbound connections. NAT requires that a set of static mappings be defined for local network resources when clients need access to local IP-based services as well as external (usually Internet-based) services. For large intranets or in-house networks, this can involve more work than is worth doing.
n
Name resolution services. If NAT provides name resolution services, neither WINS nor DNS servers can operate on the same private network where the NAT server is running.
n
NAT editors. NAT cannot translate protocols containing source or destination addresses in the data payload or packets that do not use User Datagram Protocol (UDP) or TCP headers. For these protocols, NAT editors must be defined; Windows 2000 includes NAT editors for File Transfer Protocol (FTP), Internet Control Message Protocol (ICMP), and Point-to-Point Tunneling Protocol (PPTP); but other services, such as Simple Mail Transfer Protocol (SMTP) or LDAP, might need to have editors defined. Again, only experimentation can determine conclusively whether NAT will work on your network.
n
Protocol restrictions. Protocols such as Internet Protocol Security (IPSec) and H.323, which require public Internet connections from end to end, cannot work with private IP addresses (and, therefore, do not work with NAT).This means you must choose between NAT and the services (such as NetMeeting or IPSec) that require public IP connections end-to-end.
n
VPN links. NAT works with some virtual private network (VPN) connections, but services that depend on secure end-to-end connections, such as Layer 2 Tunneling Protocol (L2TP) with IPSec, will not work.
NAT support is included as part of the Windows 2000 Server Routing and Remote Access Service (RRAS) and as part of Internet Connection Sharing in Windows XP Professional.There are also plenty of low-cost “network appliances” that combine NAT with other network services and act as DSL or cable modem routers for small office/home office use.
Routers, Proxies, and Firewalls Purely from an abstract perspective, routing simply requires a network device with two or more network interfaces.This device must be able to forward traffic from one interface to another, as dictated by the destination address on outgoing traffic from any single
Routers, Proxies, and Firewalls
interface. Likewise, each interface on a network device must be attached to a different subnet so that the device can route traffic from one subnet to another. Because routers offer a pathway from one subnet to another (often to permit access to the Internet), the TCP/IP name for such a device is a gateway, also known as a default gateway. (The latter name is what appears in the Microsoft TCP/IP Properties dialog box.)
Static and Dynamic Routers Windows XP can act as a router when multiple network interfaces are present.Windows XP Professional adds support for dynamic routing with the new Routing Information Protocol (RIP) Listener service that collects RIP ver.1 subnet-level broadcasts and adds new routes automatically to the routing table.Windows 2000 Server offers a variety of dynamic routing protocols through the RRAS. A static router does not exchange routing information with other routers to figure out where to forward packets; it simply consults a configuration table that defines what routes it knows about. (Because this table must be changed manually by using the route command, it represents a static data structure and explains the reason for its designation.) Note Even on Windows XP machines that are not configured for routing, you can inspect the contents of their local routing tables (which contain all known routes) by typing route print at the Windows command prompt.
Windows 2000 Server supports the two most important IP-based interior routing protocols: the Routing Information Protocol (RIP) and Open Shortest Path First (OSPF). Both protocols are dynamic routing protocols, in that they can exchange routing information and routing table updates with other routers, but OSPF is newer and more sophisticated than RIP. For more information on these routing protocols and how they’re implemented in the Windows 2000 environment, please consult the “For More Information” section at the end of this chapter. For the purposes of this discussion, all you need to know about dynamic routing is the following: n
A dynamic router is a networking device that uses a dynamic routing protocol, such as RIP or OSPF.
n
Interior routing protocols, such as RIP and OSPF, operate within the confines of autonomous networks and are completely under the control of local network administrators.
n
Exterior routing protocols, such as the Border Gateway Protocol (BGP), operate on backbone connections managed by and between communications carriers. Because they define the high-speed topology for the Internet, they are managed by the carriers who control them and are linked at special points of presence managed by consensus among the parties involved. Most network administrators do
285
286
Chapter 14
n
Windows XP and TCP/IP
not manage exterior routing protocols unless they work for a service provider or a communications carrier. The routing capabilities of Windows 2000 Server include basic packet-screening capabilities, so it’s possible to define packet filters that can include or exclude IP traffic based on source and destination address, protocol, or service.
Proxies and Firewalls Proxies and firewalls are basically special-purpose networking devices with more advanced screening capabilities. A firewall is usually an isolated device sitting on the boundary between the Internet and a private network (in other words, it has one interface connected to each world); it inspects the traffic flowing between the “inside” and “outside” networks. Firewalls can restrict incoming and outgoing traffic based on a packet’s source or destination address, the protocol it uses, the port address involved, or the specific packet contents. A proxy is a software service that mediates between internal and external hosts (so external hosts see only the address for the proxy server, and internal hosts need know about the proxy server only when they attempt to make external network access). On many modern networks, firewall devices also support proxy services. In fact, it should be obvious by this definition that NAT is a special kind of proxy service. A proxy stands between the client and the server in a network connection. Here, either the client or the server is outside the firewall, and the other party is inside the firewall with the proxy in between.Therefore, the proxy has the opportunity to perform address masking (replacing internal network addresses with its address on outgoing traffic, and replacing its address with its intended recipient’s address on incoming traffic). Proxies can also examine content in the traffic that passes through them across the network boundary. Proxies also provide caching services—that is, they store local copies of remote resources (such as Web pages or FTP files). Repeated requests for access to the same materials can then be satisfied much more quickly because a copy resides in the proxy server’s local cache. Cache entries include timestamps and expiration periods so that the cache is refreshed from the source before it has a chance to change or go stale. Working from Windows XP, you will probably deal with routers, firewalls, and proxies primarily as a client. As a client, you are assigned a gateway address (to access external networks) as part of your IP configuration, and you might be assigned a proxy address for specific information services, such as e-mail,Web browsing, or FTP. Because Windows XP is limited to 10 simultaneous user connections, most router, firewall, and proxy products—including Microsoft’s own RRAS (its Proxy Server 2.0) and its Internet Security and Acceleration (ISA) Server (the Windows 2000–based replacement for Proxy Server)—are designed to run on Windows 2000 Server machines. If
DNS, WINS, Active Directory, and Other IP Matters
you’re looking for further details on routers, proxies, and firewalls, please see the “For More Information” section at the end of this chapter. As a proxy client on a Microsoft network, be sure to check your local documentation, or ask a network administrator to obtain the configuration details necessary to establish an Internet connection.You should also be aware that for protocols or services for which proxy services are not available, you might have to ask your administrator to create special configuration information to bypass the proxy server for these protocols or services—and that assumes that the local security policy permits such exceptions to exist. (It might not; in which case, you’re out of luck!) About Port Addresses When IP connections are made between a client and a server, they use one or two TCP or UDP port addresses to handle inbound and outbound communications; most IP services are associated with well-known port addresses and use temporary port addresses to serve transient connections as long as they last. Well-known port addresses define listening posts, where servers wait to service client requests by spawning transient connections to handle individual requests. Port addresses are 16-bit numbers; numbers 0 through 1,023 are reserved for well-known ports, and numbers 1,024 through 65,535 are used for transient ports. These numbers are also increasingly reserved for well-known or alternative service ports, given the large number of IP services now available on modern networks.
If you’re working with Microsoft Proxy Server 2.0, client configuration is automated. All you need to do is access a special-purpose local URL where client software installation routines are available. For most Microsoft networks, this page typically resides at http://<www.server.com>/MSProxy/.You must replace <www.server.com> with a valid local server name, IP address, or NetBIOS name to establish a working connection.When accessed, this page loads a welcome page with a download link for the client configuration software. After the software is installed, you access all available IP services through the proxy server.
DNS, WINS, Active Directory, and Other IP Matters Windows XP supports two forms of name resolution to convert symbolic names into numeric addresses: DNS for domain names and WINS for NetBIOS names. Before you can explore these two name services, you must understand the names that are specific to each service. DNS requires a specially formatted version of a domain name called a fully qualified domain name (FQDN). For NetBIOS names, this consists of a name that can be up to 15 characters long, subject to certain illegal character restrictions. Both types of names are explored in the following sections.
287
288
Chapter 14
Windows XP and TCP/IP
Fully Qualified Domain Names (FQDNs) and DNS FQDNs are more complex and structured than NetBIOS names because they include a notion of hierarchical structure that’s absent with NetBIOS names. In fact, an FQDN is designed to supply a unique name for every host on the Internet. It also situates that name within an overall name hierarchy.To that end, FQDNs consist of multiple names, with each name separated by a period and the final name followed by a closing period. The rightmost element in any domain name is the top-level domain (TLD) name.You’re probably already familiar with the best-known TLDs.Today, they include two- and three-letter country codes for every country recognized by the United Nations.They are fully documented in ISO standard 3166; please visit ftp://ftp.ripe.net/iso3166countrycodes.txt for a complete list that’s maintained by the ISO 3166 Maintenance Agency. Also, the following TLDs are primarily used in the United States: .com
Designates commercial, for-profit Web sites
.edu
Designates educational institutions or agencies
.gov .net
Designates U.S. federal government sites Designates network service companies or ISPs
.mil .org
Designates U.S. military sites Designates not-for-profit organizations
Newly approved TLDs are as follows: .aero .biz .coop .info .museum .name .pro
Societe Internationale de Telecommunications Aeronautiques SC (SITA) JVTeam, LLC National Cooperative Business Association (NCBA) Afilias, LLC Museum Domain Management Association (MDMA) Global Name Registry, LTD RegistryPro, LTD
Refer to the ICANN Web site for a current list of top-level domains: http://www.icann.org. An FQDN must end with a period in the rightmost character position. By convention, all DNS names coalesce at the top, or root, of the hierarchy, represented by a collection of 13 root-level servers worldwide.The name immediately to the left of the TLD name is called the first-level domain name. Starting at this level and moving to the left in any FQDN, all such names are under the administrative control of whichever company or organization owns the first-level domain name. Such names are unique and must be formally assigned by some name registry working under ICANN’s supervision. For
DNS, WINS, Active Directory, and Other IP Matters
example, Microsoft’s first-level FQDN is microsoft.com, so the company can create as much hierarchy beneath that domain name as it likes. Common extensions to domain names include service labels such as www, ftp, secure, mail, and so forth. Many organizations extend their domain names to indicate site locations and functions, so a name such as publicpi.partner.boulder.ibm.com designates a public partner information source in the business partner’s group at IBM’s location in Boulder, Colorado. It’s uncommon to see domain names with more than five parts, but there’s nothing in the DNS specification that prevents names with more than five parts.There is a string limitation of 128 or 256 characters for such names, depending on the type of operating system you’re using; for Windows 2000, input lines are limited to 256 characters. So domain names must typically be somewhat shorter than that. DNS is a TCP/IP service that’s available on Windows XP,Windows 2000,Windows NT, and numerous Unix versions; it translates from an FQDN to an equivalent IP address. One unique feature of DNS on Windows 2000 is that it can be integrated with Active Directory in a way that permits Active Directory to dynamically update the DNS records that store name-to-address (and address-to-name) translation data.This implementation is called Dynamic DNS (DDNS). Dynamic DNS allows DNS servers to get dynamic updates for the DNS server database. In addition, when integrated with Active Directory, Dynamic DNS is integrated securely. For more information on Dynamic DNS and Active Directory, refer to http://www.microsoft.com/WINDOWS2000/ techinfo/reskit/deploymentscenarios/scenarios/dhcp02_use_ dynupdate_secdynupdate.asp.
For any FQDN to resolve into the proper IP address, the necessary translation must be defined in an address record in some DNS server’s database. Usually, that information is stored on the server that’s authoritative for the collection of names (called a database zone or, more simply, a zone) and in the databases of secondary servers for that zone.When name requests are resolved, local DNS servers retain that information in their caches so that subsequent requests for that information do not have to be resolved remotely. As with proxy caches, DNS cache entries use associated timestamps and expiration dates to decide when aging entries must be refreshed or purged. In the final analysis, the power and beauty of DNS is that any client anywhere on the Internet can request translation of any DNS name into an equivalent IP address and expect to get the desired response in a reasonable amount of time. For more details about DNS, please consult the “For More Information” section at the end of this chapter.
NetBIOS Names and WINS As mentioned previously, NetBIOS name resolution is required on networks to provide backward-compatibility with older versions of Windows and to support applications that use NetBIOS for communications. Because this still represents the vast majority of
289
290
Chapter 14
Windows XP and TCP/IP
Microsoft networks, it’s important to understand how NetBIOS names work and how to resolve them into IP addresses when other protocols (such as NetBEUI or NWLink) aren’t available to handle the job.Therefore, it’s important to understand NetBIOS name structures and their limitations, which are as follows: n
NetBIOS names must be between 1 and 15 characters long (the names themselves are up to 16 characters, but the last character is reserved as a special character indicating the type of resource being named). If you are still using DOS or Windows 3.x machines on your network—that is, those machines that can recognize only old-style 8.3 filenames—these machines cannot recognize NetBIOS names that are more than eight characters long.
n
NetBIOS names cannot include any of the following special characters: double quote (“), right slash (/), left slash (\), left square bracket ([), right square bracket (]), colon (:), semicolon (;), vertical slash (|), equals sign (=), plus sign (+), asterisk (*), question mark (?), less than sign (). NetBIOS names that end in a dollar sign are called hidden names because they do not appear in browser lists or My Network Places.
Because some clients might have problems with embedded spaces, or require quotation marks for these names to be recognized, it’s wise to avoid them in NetBIOS names. When creating NetBIOS names, be concise and descriptive. If users come and go regularly, avoid using their names or initials; likewise, it’s wise to avoid location designations for machines that move around a lot. Operating system designations, IP host address numbers, and user initials are included in the NetBIOS names used in this book because our machines and users stay put. (For example,W2P-21-JD designates John Doe’s Windows 2000 Professional machine, which has an IP host address of 172.16.1.21.) WINS is to NetBIOS names what DNS is to domain names—that is, it resolves NetBIOS names to equivalent IP addresses.Windows XP supports neither WINS nor DNS as a server; for that purpose, you must install some variety of Windows 2000 Server (plain, Advanced, or Datacenter). n
n
Unlike DNS,WINS is truly dynamic—that is, all WINS clients register with WINS during boot-up and supply their name and IP addresses for subsequent translation. As names and addresses change, the WINS database changes with them the next time a changed machine boots up and registers with WINS anew.This makes WINS capable of handling DHCP clients and clients or servers with static IP address assignments with equal facility. Unless you’re using Dynamic DNS, an administrator must apply all DNS database updates manually.WINS can also update DNS, if you select the Enable WINS Lookup check box in the DNS Administrator tool. Selecting this option permits Windows-based DNS servers to query a WINS server for names it cannot otherwise resolve. (Links between Active Directory and DNS provide a similar capability, even when dynamic updates are not enabled.)
Using the Dynamic Host Configuration Protocol (DHCP)
Static Name Resolution Techniques On smaller networks, where it might be neither feasible nor desirable to operate WINS or DNS servers, you can use alternative file-based methods to support domain name and NetBIOS name resolution. In either case—and in fact, the alternative to WINS is a simple variation on the alternative to DNS—clients access local files to resolve names, instead of calling a special-purpose server to do the same job. Because Microsoft’s implementation of both files supports a file #include capability (which requires you to designate only the names and addresses for key servers on your network and then access common name resolution files stored on those servers), the job of maintaining this static environment need not be onerous. The Hosts and LMHosts files are plain text files that contain name-to-address mappings for domain names and NetBIOS names, respectively. A Hosts file maps FQDNs to IP addresses, whereas an LMHosts file maps NetBIOS names to IP addresses.You can copy sample files of each type from the \systemroot\system32\Drivers\etc directory on the Windows XP computer. By using a text editor such as Notepad, you can inspect or alter the contents of these files to match your local environment, if this approach seems appropriate for your network. Although the sample files do include some helpful comments, we recommend that you consult TechNet for more specific documentation on editing these files. If you don’t have your own copy of TechNet, search Microsoft’s online version through http://www.microsoft.com/technet/. Remember that you must maintain Hosts and LMHosts files manually. For that reason, you should place only minimal Hosts and LMHosts files on clients, and use file #include statements to maintain a single copy of more extensive data on a server somewhere. Also, if you connect to the Internet, you must obtain access to a DNS server to get proper name resolution. It’s just not practical to maintain a Hosts file for the whole Internet—in fact, that’s why DNS was invented in the first place.That’s also why eschewing WINS and using LMHosts files usually makes more sense than trying to replace DNS with Hosts files on most modern networks, simply because invariably there are fewer NetBIOS names that you will want to resolve, compared to domain names on the Internet.
Using the Dynamic Host Configuration Protocol (DHCP) To understand the allure of DHCP, all you need to do is look at the Internet Protocol (TCP/IP) Properties dialog box where TCP/IP is configured, as shown in Figure 14.1. You can select the Obtain an IP Address Automatically radio button, or you can work your way through four more tabs of input data and enter seven or more IP addresses for the local machine, subnet mask, default gateway, one or two DNS servers, one or two WINS servers, and possibly even configure IP security and IP filter settings.
291
292
Chapter 14
Windows XP and TCP/IP
Figure 14.1 If DHCP supplies an IP address and configuration data, you need select only a single radio button.
Because it’s so much easier for users not to have to enter all that data, they usually prefer using DHCP when faced with configuring TCP/IP on a computer. Administrators tend to like DHCP even more because aside from its convenience to users, DHCP permits TCP/IP addresses to be managed with ease for an entire internetwork from a single location. For those administrators who had to manually allocate IP addresses on a permachine basis, DHCP is a godsend; for those who never had to handle addresses manually, DHCP is a vital element in their administrative toolkit. In fact, DHCP is an enhanced version of the Bootstrap Protocol (BOOTP), originally designed to permit diskless workstations to log on to a network and then download an operating system and configure themselves to be ready to work. DHCP takes advantage of BOOTP’s capabilities to provide network access and configuration data to a machine that has no such intelligence. If DHCP boots up on the network and discovers that it has no current or valid IP address, it can provide machines with an IP address, subnet mask, default gateway address, DNS and WINS addresses, and so forth. DHCP manages groups of IP addresses called address pools and assigns available members of its address pool to computers when they request an IP address. Most modern networks use DHCP to provide IP addresses to network clients, as do the vast majority of ISPs.Traditionally, DHCP has not been used to manage IP addresses for routers or servers because these addresses are typically tied to (static) DNS databases, so such an address should not change without a corresponding change to relevant DNS records. However, creating an automatic address assignment is possible in DHCP, which allocates an address permanently to an interface and can be reset only manually by an administrator. For these reasons, DHCP is increasingly being used to manage all IP addresses—even those that normally do not change very often, if at all.
Using the Dynamic Host Configuration Protocol (DHCP)
For ordinary clients, DHCP provides a dynamic address assignment based on a leasing process for individual addresses—that is, when a client requests an IP address from a DHCP server, the address that is delivered comes with an expiration time that defines the lease period for the address. Depending on the circumstances, leases can be as short as two to three hours (which is typical for ISPs, where users come and go quickly and often) or as long as two weeks (which is more typical on corporate networks, where users tend to show up five days or more per week). When an address lease period is half used, the client automatically requests a lease extension. If granted, the lease goes back to its original period. If the request is denied or no reply is received, the client attempts to renew its lease again when three fourths of the period expires and again when seven eighths of the period expires. At either point, the lease can be renewed. If a lease period expires without a renewal, however, the DHCP client must repeat its original request for an IP address because it no longer possesses a valid IP address. The Windows ipconfig command, which displays the current local TCP/IP configuration on any Windows NT–based computer, can also manage DHCP leases by using the /renew or /release parameters. (/renew requests a lease renewal manually; /release relinquishes the current address lease manually.) To view any Windows NT or 2000 machine’s current IP configuration, including DHCP lease information, use the ipconfig /all command, which produces output that looks like this: Windows XP IP Configuration Host Name . . . . . . . . . . . . : w2kp-21-et Primary DNS Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Broadcast IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : 3Com EtherLink III ISA (3C509/3C509b) in Legacy mode Physical Address. . . . . . . . . : 00-60-97-1B-7B-01 DHCP Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : 172.16.1.21 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : DNS Servers . . . . . . . . . . . :
The ipconfig command is a useful diagnostic tool when checking for configuration problems or DHCP address leases. For complete information on this command, enter ipconfig /? at the Windows XP command line.
293
294
Chapter 14
Windows XP and TCP/IP
Installing and Configuring TCP/IP Normally,TCP/IP is installed and configured during the Windows installation process, but if not, you can add it using the Install button in the Local Area Connection Properties dialog box. (To get there, click Start, Control Panel, Network and Internet Connections, Network Connections. Right-click Local Area Connection, and then select Properties.) After you click the Install button, the Select Network Component Type dialog box opens. Select Protocol from the list of available components, and then click the Add button to open the Select Network Protocol dialog box. Select the protocol you want in the list, and click OK.The new protocol will be installed on your XP computer. Figure 14.1 shows the General tab, which is the primary TCP/IP configuration tab. A quick refresher shows that it provides fields to accommodate the following values, if manual IP address assignment is selected rather than DHCP: n n n
IP address. The static IP address to be assigned to this machine. Subnet mask. The subnet mask that corresponds to the local subnet design. Default gateway. The IP address for a device on the same subnet as the current machine’s address that can forward IP traffic to other subnetworks.
Likewise, you can use this tab to indicate whether you will obtain your DNS addresses. Normally, DHCP supplies this information along with other IP configuration data. If manual entry is selected, you can supply both a preferred DNS server address and an alternate DNS server address.Your computer tries to access the preferred server first and then the alternate server if the preferred server does not respond before a timeout occurs. Note also the Advanced button at the bottom of this tab. Clicking this button opens the Advanced TCP/IP Settings dialog box. It features four tabs at the top, labeled IP Settings (the default tab), DNS,WINS, and Options (from left to right). The following sections discuss the controls available in each tab.
IP Settings Use the IP Settings tab shown in Figure 14.2 to edit an interface’s static IP address, subnet mask, or default gateway entries. Microsoft has made one change in this tab: adding an automatic metric for the gateway IP address. If this feature is enabled,Windows XP chooses from the list of gateway IP addresses based on the interface’s speed.Windows XP determines the metric by collecting RIP data with the RIP Listener.When the Automatic Metric check box is cleared, the administrator assigns the metric manually and the gateway is chosen based on metric and availability.
Installing and Configuring TCP/IP
Figure 14.2 Detailed IP configuration controls appear as tabs in the Advanced TCP/IP Settings dialog box.
Windows XP can also automatically locate and configure gateways by using ICMP Router Discovery.This feature was new in Windows 2000 and enabled by default. In Windows XP, it is disabled by default but can be enabled manually by using the Registry or by setting the Perform Router Discovery DHCP option.These options enable the Windows XP computer to send ICMP Router Discovery Solicitation messages. Routers must be RFC 1256 compliant to send the corresponding ICMP Router Advertisements. Windows 2000 servers with RRAS installed support ICMP Router Discovery. For more information, see Chapter 19, “Configuring TCP/IP,” in the Microsoft Windows XP Professional documentation.
DNS Use the DNS tab shown in Figure 14.3 to specify more than two DNS servers to access for lookups and to manage their search order. (DNS servers are accessed by the order in which they appear in the list of DNS server addresses at the top of this tab.) You can also use this tab to handle unqualified names (which means possibly incomplete domain name specifications). A suffix supplies information that would appear to the right of the supplied name (so you could add .com, .net, and so forth to try known TLDs with otherwise unqualified domain names).You can also use the domain name for the current machine’s parent domain to supply this information, or supply a specific suffix. Finally, you can even register this machine’s address with DNS (but this requires access to a DNS server).
295
296
Chapter 14
Windows XP and TCP/IP
Figure 14.3 You configure DNS information in the DNS tab of the Advanced TCP/IP Settings dialog box.
WINS Use the WINS tab shown in Figure 14.4 to input IP addresses for one or more WINS servers. Again, the order of appearance in the WINS address list also defines their search order.You can also use this tab to enable use of LMHosts files as a WINS alternative or supplement and to explicitly enable or disable NetBIOS over TCP/IP or obtain that setting from a local DHCP server.
Figure 14.4 You configure WINS information in the WINS tab of the Advanced TCP/IP Settings dialog box.
Managing Internet Connections
Options In the Options tab (see Figure 14.5), you can filter TCP/IP traffic by including or excluding traffic on the basis of TCP or UDP port address or IP name. Although permachine filtering can be valid in small office/home office settings, on larger networks with firewalls and proxies, filtering is better applied at the network periphery according to a specific security policy.
Figure 14.5 You configure additional TCP/IP options in the Options tab of the Advanced TCP/IP Settings dialog box.
A new feature of TCP/IP configuration is the addition of the Alternate Configuration tab in the main Internet Protocol (TCP/IP) Properties dialog box.You can use the options in this tab to enable Windows XP to support two different TCP/IP configurations. Normally, this option is needed on a notebook computer that has one configuration for the office and a second configuration for working from home or away from the regular network.This new feature helps mobile users by not requiring them to select an alternative hardware configuration on startup to accommodate the second or alternative set of TCP/IP settings.
Managing Internet Connections These days, Internet connections come in three forms: dial-up telephone connections, digital connections (such as DSL and cable modem), or network connections (where a router manages the Internet link, and you simply send packets through that device to reach the Internet).
297
298
Chapter 14
Windows XP and TCP/IP
For standalone users, only the first two methods for creating Internet connections are applicable, so that’s all we cover here. For the record, however, the techniques discussed for both these connection types can apply to any router or firewall that manages an Internet connection for a network. However, these connections might also involve other digital link types, such as frame relay,T1, and T3.
Creating and Managing a Dial-Up Connection This technique applies to any form of telephony (including analog phone lines and ISDN) in which some kind of dial-up is necessary to initiate an active online connection.The Windows XP Network Connections applet in Control Panel includes the Create a New Connection Wizard. Use this wizard to define what kind of Internet connection you want to create. (This means select the Dial-Up to the Internet or Connect to a Private Network Through the Internet option, depending on whether you use a VPN or just make a direct connection.) Next, you go through the process of configuring your modem (if you haven’t done so already).Then you walk through the process of creating a connection object to dial up your ISP. To create the necessary TCP/IP settings for a connection object, click Properties (when the connection object is selected), select the Networking tab, and then open the Internet Protocol (TCP/IP) Properties dialog box. In this dialog box, you can leave the default settings of Obtain an IP Address Automatically and Obtain DNS Server Address Automatically if you are using DHCP and your ISP is assigning your IP configuration upon connection. If you have dedicated settings for these options, select the other radio button and fill in the necessary details.
Creating and Managing an Always-On Connection When you sign up for an always-on service, such as a cable modem or DSL, connecting to the Internet means attaching a special-purpose access device to your computer (usually through a 10BaseT Ethernet NIC attached to the access device via a 10BaseT modular cable). Setup and configuration details for these devices are beyond the scope of this book; however, most vendors of such equipment provide setup instructions for their devices.These instructions can range from installing drivers (such as adding a modem or a NIC), running a proprietary installation tool, or just connecting the device to a NIC in your system configured to use DHCP. After the connection has been set up, only rarely are changes necessary. Nevertheless, you’ll want to contact your service provider’s technical support staff and obtain the following information; you’ll need it to configure other IP services, and it will come in handy should troubleshooting become necessary: n
The domain name for your local Simple Mail Transfer Protocol (SMTP) server. Even if you get your e-mail somewhere else, you need to send outgoing mail through your provider’s SMTP server. Because this information is necessary for e-mail configuration, be sure to ask for it!
Managing IP Information Services
n
n
n
The IP addresses for your provider’s primary and secondary DNS servers. You might not need to enter this information yourself, but it can come in handy if you have name resolution problems down the road. The domain name for the ISP’s Post Office Protocol (POP) or Internet Message Access Protocol (IMAP) server. If you get your e-mail through the same service provider that gives you an always-on connection, be sure to get the domain name for its POP or IMAP server.This information is also necessary for configuring your e-mail. The domain name for the ISP’s Network News Transfer Protocol (NNTP) server. If your provider offers network news services, you want to get the domain name of its NNTP server to configure your newsreader (or to supply as a URL to Internet Explorer, which then starts the Outlook Express Newsreader).
With this information in hand, you can begin to take advantage of the increased bandwidth that always-on connections have to offer. If you want to see just how fast you’re going, visit MSN’s Bandwidth Speed Test page at http://tech.msn.com/Internet/ speedtest.asp. To protect your PC from unwanted intrusions through your always-on service,Windows XP now includes an Internet Connection Firewall (ICF).The firewall works by monitoring incoming and outgoing packets and permitting incoming packets only if they originate from an outgoing request by the firewall or other internal IP address.This service, available in Windows XP Home Edition and Windows XP Professional, is enabled by default for Internet connections. To check your system’s security (or lack thereof, if you haven’t changed any default settings), visit the Gibson Research Web site at http://grc.com/ and use the ShieldsUp and LeakTest utilities. If those tests turn up any potential security exposures, visit Gibson’s personal firewalls-rating page and obtain one of the products reviewed there (http://grc.com/su-firewalls.htm).
Managing IP Information Services TCP/IP enables access to an astonishing array of information services for Windows XP computers.The following sections cover some of the most important services—including e-mail,Web, and FTP access—so that you can make the most of TCP/IP’s capabilities.
Managing IP-Based E-mail E-mail remains one of the most widely used and important applications on modern networks.Windows XP does not support e-mail directly, but Internet Explorer is included with the operating system (and available as a free download from http:// www.microsoft.com/windows/ie/), and it offers the Outlook Express e-mail client.
299
300
Chapter 14
Windows XP and TCP/IP
Outlook Express is a reduced version of Outlook. (Outlook is included as part of the Microsoft Office product suite). Both Outlook and Outlook Express are perfectly usable e-mail clients with numerous advanced features and capabilities. For more information, visit http://www.microsoft.com/office/outlook/ and refer to Chapter 28, “Windows XP as an E-mail Client.” Internet e-mail typically relies on one of two sets of common e-mail protocols.The most common set uses two e-mail protocols to do its job. POP version 3 (POP3) permits clients to download e-mail messages from a server to a local e-mail client. SMTP lets clients upload e-mail to their local e-mail server, but also handles e-mail routing from the sender’s e-mail server to any designated recipient’s e-mail server.Together, POP3 and SMTP let clients send and receive e-mail. Another more advanced e-mail protocol, called IMAP, is currently available in version 4 and is often abbreviated as IMAPv4.Whereas POP3 forces clients to download e-mail messages from a server and manage them locally, IMAP enables clients to keep their messages on the server, yet still organize them into named folders or directories.This means IMAP users don’t have to log on to any particular machine to manage their e-mail archives. It also means that servers need to allocate lots of disk space for e-mail archives, which is one reason that IMAP e-mail access is not very common. Today, most e-mail servers impose a variety of security restrictions to protect user confidentiality and avoid incidents of unsolicited commercial e-mail (often called spam).That means users must log in to the e-mail server with an account and password to download or view their messages, but it also means that outgoing distribution lists (messages addressed to named collections of individuals) must often be limited to 50 usernames or fewer. Nowadays, many e-mail servers limit the number of addressees in a single message to block users’ abilities to create spam. When it comes to configuring your Windows XP e-mail client, ask your ISP to supply the necessary configuration data, including domain names for POP3, SMTP, or IMAP servers.
Managing Your Web Browser Although Netscape Navigator (http://www.netscape.com) and Opera (http://www.opera.com) offer reasonable alternatives to Internet Explorer, the latter program’s tight integration with Windows XP makes it attractive on any machine. Microsoft has released important security updates, so Internet Explorer 6.0 is a very stable product. Given the many frequent security exploits against Web browsers, regular browser updates are an essential maintenance activity. Fortunately, Microsoft has released an automatic Critical Update Notification facility as part of its IE upgrades. Log on to your system as an administrator, and choose Tools,Windows Update from the IE menu to go to the
Managing IP Information Services
Window Update site; it will inform you about any updates you’ve missed and enable you to update and install them with ease. Note For information about alternatives to Internet Explorer, please visit http://browsers.com.
Serving the Web from Windows XP Professional Windows XP Professional supports Internet Information Services (IIS) version 5.1, which includes a Web server and an FTP server, both fully integrated into the security of Windows XP. IIS is not installed on XP by default, but it can be easily added through the Add/Remove Windows Components section of the Add/Remove Programs applet. Be sure to view the details of the IIS service to select FTP and other optional components. (FTP is not installed as part of IIS by default; you must specifically select it to host FTP sites on your system.) Installation is a simple wizard, which prompts mainly for pathnames for various items, and in most cases the defaults are acceptable. IIS 5.1 functions in much the same way as IIS 5.0. You’ll be able to leverage all your existing knowledge and content directly into IIS 5.1. IIS 5.1 does not include many of the enhanced features of IIS 5.0 for Windows 2000 Server. Plus, there is a real limitation caused by Windows XP Client Access Licensing (CAL) allowing a maximum of only 10 simultaneous client connections.This makes Windows XP an unlikely candidate for a production intranet or even an Internet Web server. However, it can often be deployed as a test or development platform for small- to modest-sized Web sites that do not use distributed Web applications.
FTP Utilities Windows XP includes a command-line FTP program that offers complete but userunfriendly access to all the capabilities FTP has to offer.This utility works the same way as the traditional Unix ftp utility. Online FTP help is available by typing ftp at the command line and then typing help at the ensuing ftp> prompt; to get help on an FTP command, type help at the ftp> prompt; is one of the commands produced in response to the help command with no qualifiers. You can also access FTP through most Web browsers, including IE, by using a properly formatted URL, such as ftp://ftp.microsoft.com, in the Address box. Anonymous sites are easy to access this way, but password-protected sites sometimes require you to construct a URL that embeds a username and password before the domain name to enable access.This takes the form ftp://username:
[email protected]/ and can be tricky or painful to use. Many people prefer GUI-based FTP utilities and use them regularly to manage Web sites.We recommend tools such as Ipswitch’s WS_FTP Pro or Globalscape’s CuteFTP,
301
302
Chapter 14
Windows XP and TCP/IP
which make it much easier to manage file transfers in any direction and maintain a list of visited sites and passwords on your behalf. Check out http://www.ipswitch.com/ products/WS_FTP/ or http://www.globalscape.com/products/cuteftp/ index.asp/ for more information.
Troubleshooting IP Although there are innumerable potential causes for trouble with TCP/IP, the most common causes arise from configuration errors.That’s why the ipconfig /all command, which you can use to check all your current IP configuration data, should be your first step in troubleshooting apparent IP problems (after checking the physical connections, of course). If you’ve connected to the Internet and cannot resolve or locate problems locally, you might have to contact your service provider for assistance. Windows XP includes lots of tools and utilities that can be helpful when troubleshooting TCP/IP problems. In addition to ipconfig, you should learn to use the following IP-related command-line tools: n
PING. PING tests the reachability of whatever domain name, NetBIOS name, or IP address you supply as its primary argument. By default, PING sends four ICMP echo packets to the target host and measures the round-trip time until each ensuing reply from the target is received. PING is a vital tool when checking IP connectivity issues, as explained in “The IP Connectivity Drill,” later in this chapter.
n
TRACERT. TRACERT (short for trace route) displays the intermediate hosts that a packet travels through on its way from a sender to a receiver.You can use a domain name or an IP address to designate a target host for TRACERT. As a series of test packets are sent to the target host, the average response time for each intermediate host is displayed. Each step in the path is called a hop (to reflect the transition from one router to the next router in a path). Each hop lists three response times or an asterisk when a timeout occurs or the router doesn’t respond to TRACERT requests—some do not, especially heavily loaded backbone routers. TRACERT is useful when trying to isolate where access is breaking down or when trying to identify sources of network performance delays.
n
NETSTAT. NETSTAT (short for network statistics) displays TCP/IP protocol statistics and current TCP/IP connections. Use netstat -a to view all current TCP/IP connections and listening TCP and UDP ports.This gives you an accurate snapshot of what TCP/IP services you’ve been using and which ports have been (or are being) used. NETSTAT is useful when trying to identify servicerelated problems or to discover when illicit services might be active on a machine (as evidence of a break-in, for instance).
Troubleshooting IP
n
NBTSTAT. NBTSTAT (short for NetBIOS over TCP/IP statistics) displays protocol statistics and current connections related to NetBIOS over TCP/IP. NBTSTAT offers lots of interesting functionality; be sure to type nbstat with no arguments to inspect this command’s help information.You must supply a numeric IP address or a symbolic name as the target for this command. (This is where ipconfig starts to come in handy—you’ll appreciate the Windows XP built-in scroll buffers when you have to start scrolling back through your command window.) The -a, -A, -c, -n, and -s switches are quite useful when troubleshooting NetBIOS name resolution problems.
The IP Connectivity Drill When you cannot reach a host using TCP/IP, or when your computer appears to be cut off from the network as a whole, there’s a sequence of PING commands that can help you isolate where problems might be occurring. Follow this list of checks exactly (unless you can eliminate steps because of knowledge you’ve gained by using a protocol analyzer or cable tester—do not rely on intuition here): 1. Open a command window and type ipconfig /all to double-check your IP configuration. If your network address is nonexistent or shows up as 127.0.0.1 (the special-purpose loopback test address), you need to examine and fix your configuration before proceeding any further. Although other problems might be present, this repair often restores a working network connection. 2. At the command line, type ping localhost.This sends a message to the protocol stack to a special-purpose test address. It basically checks to make sure your IP stack is working properly. If this test fails for any reason, go back to step 1—you probably still have a configuration problem to fix. 3. At the command line, type ping ; use your machine’s current IP address as displayed in the ipconfig output. For example, ping 172.16.1.21 tests the network interface on the machine on which this book is being written. This test actually checks your NIC as well as your IP stack. If it shows a problem, make sure the network cable is properly seated in your NIC, and try again. Again, this fixes most problems, but if not, you might have a bad NIC or a bad network cable to contend with. If you have a cable tester, use it; if not, switch your NIC or your network cable with a known working component (whichever is easier). If that doesn’t work, switch the other component.That nearly always solves problems at this level. 4. At the command line, type ping ; use the numeric gateway address defined in the ipconfig output. If this doesn’t work, you’re cut off from the outside world. Providing a correct gateway address nearly always fixes this problem. If not, there’s a network connectivity problem between your machine and the gateway. Chances are this problem is affecting other users as well, and somebody’s probably working on it. If not, you’ll have to apply basic networking
303
304
Chapter 14
Windows XP and TCP/IP
troubleshooting skills to replace or repair whatever’s causing the problem—again, the most likely culprit is a loose cable or connection somewhere. 5. At the command line, type ping ; use some valid IP address at your server provider’s location as your test address.This helps you determine whether the problem is between your gateway and the ISP. If so, you might need to call the phone company or your cable company to see if there are known connectivity problems afoot or to report the problem if not.You must usually wait for repairs to be completed to get back in action when this happens. 6. At the command line, type ping ; use some Internet resource you’re trying to access as your target. If this doesn’t work (you get a Host Unreachable error message) and TRACERT confirms a breakdown in communications between you and your target, you might want to call your ISP and ask for assistance.This usually indicates a reasonably serious communications breakdown somewhere on the Internet, and they probably already know about it, too. By following this recipe, you can identify most IP connectivity problems and fix most of the local ones yourself.When it comes to remote problems, however, sometimes the only solution is to wait for necessary repairs to be finished. Be patient! You can obtain a lot of great third-party IP troubleshooting tools to augment what’s built into Windows XP. Here’s a list of some of our favorites, with a little explanation as to why: n
n
n
WS_Ping ProPack. This enhanced collection of IP diagnostic and analysis tools is available from Ipswitch for about $40. It includes enhanced connectivity testing and route tracing tools, network scanning tools, SNMP and NetBIOS monitoring facilities, and LDAP lookup capabilities (when Active Directory or some other LDAP-based directory service is available).This helpful collection of tools is available through http://www.ipswitch.com/products/WS_PING/. NetTools. Another collection of IP networking utilities and diagnostics, available free under the GNU Public License. It includes standard lookup and connectivity tests, but also an IP gateway search tool, a port scanner, and port access tools.This handy collection of tools is available through http://cs.wheatonma.edu/ nbuggia/NetOrion/. WildPackets, Inc. Offers several useful shareware and commercial IP-centric networking tools. Its Network Calculator page offers an excellent, free subnet calculator. Its $50 iNetTools package is available for both Windows and Macintosh operating systems, and includes graphical implementations of DNS lookup, finger, name lookup, name scan, PING, ping scan, port scan, service scan, trace route, and more. For more information, visit http://www.wildpackets.com/ and check out its online product listings. (Free demo versions are available for most products, including those mentioned here.)
For More Information
For More Information For more information about Windows 2000 and TCP/IP, please consult the following resources: n
n
n
n
n
n
n
n
Lee,Thomas and Davies, Joseph. Microsoft Windows 2000 TCP/IP Protocols and Services Technical Reference. Microsoft Press, 2000. ISBN: 0-7356-0556-4.This is probably the most comprehensive and useful resource on this subject available anywhere. Microsoft KnowledgeBase: A compilation of questions to and answers from the Microsoft technical support operation. It is available online at http:// support.microsoft.com/, but is also included on CD with a TechNet subscription. Microsoft Windows 2000 Web site: http://www.microsoft.com/ Windows2000. Shanmugam, Padmini, Nivedita, and NIIT. Special Edition Using TCP/IP, Second Edition. Que, 2002. ISBN: 0-7897-2709-9. Siyan, Karanjit. Windows 2000 TCP/IP. New Riders, 2000. ISBN: 0-7357-0992-0. An excellent resource on the TCP/IP implementation, protocol stack, and related tools, utilities, and services. Stevens,W. Richard. TCP/IP Illustrated, volumes 1, 2, and 3. Addison-Wesley, 1993, 1994, and 1995. ISBNs: 0-201-63346-9, 0-201-63354-X, and 0-201-63495-3. Probably the best and most appreciated detailed references on TCP/IP available in print. TechNet: A monthly, CD-based technical subscription service from Microsoft that includes most Resource Kits and related software, service packs, a KnowledgeBase, and a great deal more useful information. For information about obtaining a subscription and access to online information, register for the TechNet Subscription CD online at http://technet.microsoft.com/. Windows 2000 Server Resource Kit. Microsoft Press, 2000. ISBN: 1572318058.
Following is a list of firewall information sites that have links to product sites and a few proxy product sites: n n n n n n
4 Firewalls: http://www.4firewalls.4anything.com/. Aventail VPN: http://www.aventail.com/. Microsoft’s Proxy Server 2.0: http://www.microsoft.com/proxy/. Netscape’s Proxy Server: http://www.netscape.com/. Ositis Software’s WinProxy: http://www.ositis.com/. Zeuros Firewall Resource: http://www.zeuros.co.uk/.
305
306
Chapter 14
Windows XP and TCP/IP
The following list provides information about applications you can use to configure Hosts and LMHosts files: n
CIP is a Hosts file update system located at http://www.radsoft.net/ gallery/cip/.
n
n
NBScan from Essential NetTools provides a GUI management tool for LMHosts. It is located at http://www.tamos.com/products/nettools. TweakDUN 2.2 enables you to edit the Hosts file in addition to many other functions. It is located at http://www.pattersondesigns.com/TweakDUN/.
If you want to check out other tools, you can find them on any of the following shareware/software distribution sites by searching on the type of tool you’re looking for (such as FTP, browser,TCP/IP, IP tools, Internet utilities,Windows NT tools, and so on): n
http://shareware.cnet.com/
n
http://www.tucows.com/
n
http://www.slaughterhouse.com/
n
http://www.32bit.com/
n
http://download.com.com/
15 Windows XP and Legacy Protocols
W
INDOWS XP SUPPORTS TCP/IP as the primary protocol for an Active Directory–based network. However,TCP/IP was not used as the primary protocol in previous versions of Windows. In Windows NT, three native protocols could be used in different situations:TCP/IP, NetBEUI, and NWLink (Microsoft’s implementation of Novell’s IPX/SPX protocol suite). Although most networks have moved to using TCP/IP as the protocol of choice, you might still encounter these other protocols in certain situations.
In this chapter, you look at NetBEUI and NWLink and see how they are deployed on Windows XP when connecting to a Windows 2000 server. In addition, you explore how to integrate Windows 2000 networks with networks that use protocols other than TCP/IP. Finally, the chapter concludes with a discussion of troubleshooting and performance-monitoring integrated systems.
NetBEUI and Windows XP The NetBIOS Extended User Interface (NetBEUI) protocol was originally introduced in the mid-1980s for use with small, PC-DOS–based local area networks (LANs). NetBEUI is a small, fast, and efficient protocol and provides the following advantages: n n n n n n
Small memory footprint Self-configuring Self-tuning Low protocol overhead Automatic flow control Built-in error protection
308
Chapter 15
Windows XP and Legacy Protocols
In addition, NetBEUI can also be used as a connection-oriented or a connectionless protocol. Because of the features built into NetBEUI, it is a simple protocol to implement on a LAN. Those are the good points of NetBEUI. Unfortunately, in the network environments of today, its disadvantages far outweigh the advantages:
n
Not routable Not scalable Limited to 254 simultaneous NetBIOS sessions
n
Broadcast-based
n n
NetBEUI is so fast and efficient because it does not include routing and network address information in the frame header.The only identification in a NetBEUI frame is the Media Access Control (MAC) list address. In addition, NetBEUI uses broadcasts to identify nodes on a network. Because there is no routing information, NetBEUI cannot be routed; instead, it must be bridged. A bridge dispatches the broadcast traffic, whereas most routers do not. Generally, bridged networks do not scale well. NetBEUI’s lack of scalability, along with the broadcast traffic it generates, prevents it from being used as the protocol of choice in larger networks. A key point to note here, however, is that NetBEUI is no longer available by default in the General tab of the Network Connections Properties dialog box. If you want to install NetBEUI on your Windows XP PC, you must install it directly from the following location on the XP CD: \VALUEADD\MSFT\NET\NETBEUI.This indicates that Microsoft might be close to retiring NetBEUI support altogether.With the tremendous reliance on the Internet in today’s business environment, most organizations support TCP/IP anyway, so NetBEUI no longer plays the important role it previously held in the small network environment.
NetBIOS Versus NetBEUI Many people confuse the usage of NetBIOS and NetBEUI and use the terms interchangeably. Network Basic Input/Output System (NetBIOS) is not a protocol, but an application interface and naming convention.Windows operating systems can use the NetBIOS naming scheme and programming interface for system communications, both internally and with other networked systems. An important point is that you can install NetBIOS over TCP/IP without NetBEUI ever being installed. NetBIOS governs the naming of objects in the Windows environment.The NetBIOS namespace is flat, so all names in each domain and on each system must be unique. NetBIOS names can be up to 16 characters, but because the 16th character is reserved for special use, only 15 characters can actually be used in an object’s name.
NetBEUI and Windows XP
Each time a computer boots, its NetBIOS names are registered into the local NetBIOS cache.When attempting to access resources using a NetBIOS name, whether locally or remotely, the following resolution resources can be used:
n
NetBIOS name cache NetBIOS name server (WINS) IP subnet broadcasts Static LMHosts files Static Hosts files
n
DNS servers
n n n n
Previously,Windows NT used NetBIOS as its primary means of communicating with internal core services and other networked systems. In Windows NT 4.0, the Workstation, Server, Browser, Messenger, and NetLogon services were all NetBIOS clients.To allow networks to scale, Microsoft attached the NetBIOS application programming interface (API) to every protocol Windows NT used. NBT is NetBIOS over TCP/IP, NWLink is NetBIOS over IPX/SPX, and NBF is NetBIOS Frame or NetBIOS over NetBEUI. Providing the NetBIOS interface on other protocols allowed Windows NT networks to use a routable, more scalable protocol while still providing backward-compatibility.This has changed since the introduction of Windows 2000, in which TCP/IP became the protocol used for nearly all network services.This continues to be true in Windows XP and Server 2003. As implemented by Windows XP, NetBEUI is actually a NetBIOS Frame (NBF) implementation. Microsoft documentation and applications consider the terms NBF and NetBEUI to be equivalent.There is a slight difference in how each protocol interacts with NetBIOS, but this difference is negligible because operation and packet construction are exactly the same in both.With the use of NBF,Windows XP is not limited to 254 simultaneous NetBEUI sessions. Like NetBEUI, NBF is different from NetBIOS, however. NBF is a protocol; NetBIOS is a programming interface. NBF/NetBEUI is used to provide communications between computers on a non-routing network. .
If you want further details on NetBIOS name resolution and Windows Internet Naming Service (WINS), see Chapter 14, “Windows XP and TCP/IP,” p. 273.
When to Use NetBEUI You can use NetBEUI on small Windows XP networks with 200 or fewer users in which routing and Internet access are not required. In a network of this size, the ease of setup and the performance gains from using NetBEUI far outweigh the disadvantages.
309
310
Chapter 15
Windows XP and Legacy Protocols
However, if you ever plan to create subnets, add gateways, or connect to the Internet, you should use TCP/IP. If your Windows XP network will support older clients and applications that require the NetBIOS API, it is best to use NBT instead of the native NetBEUI protocol.This enables you to provide backward-compatibility to your legacy clients and applications, while enjoying the benefits of using TCP/IP for routing and Internet access. In Windows XP, settings from the DHCP server, by default, control NBT implementation.Typically, this means that NBT is still enabled by default so that any time a connection is made, both NetBIOS and TCP are tried.This creates some additional network overhead. If you are sure that you no longer have any clients or applications on your network that require NetBIOS support, you can disable NetBIOS by following these steps or by changing the settings on the DHCP server: 1. 2. 3. 4.
Click Start, Control Panel. Click the Network and Internet Connections link. Click the Network Connections link. Right-click your preferred local area connection, and then click Properties on the shortcut menu. 5. Select Internet Protocol (TCP/IP) from the list, and click the Properties button. 6. Click the Advanced button to open the Advanced TCP/IP Settings dialog box. 7. Click the WINS tab and then select the Disable NetBIOS over TCP/IP radio button (see Figure 15.1).
Figure 15.1 The Advanced TCP/IP Settings dialog box showing NetBIOS over TCP/IP disabled.
NetBEUI and Windows XP
Caution Before you disable support for NetBIOS, make sure you no longer have any clients or applications that depend on NetBIOS because they will no longer function. If these clients are not using Active Directory, they probably still require NetBIOS support.
NetBEUI is a great protocol for temporary network connections, such as transferring data between two computers. It is included with Windows XP as a small, non-routing protocol solution as well as for communication over a Systems Network Architecture (SNA) gateway. NetBEUI offers small networks an elegant alternative when routing and Internet access are not required.
Managing NetBEUI NetBEUI is self-tuning, so there is little you need to do to manage the protocol. If you must fine-tune NetBEUI, there are several Registry entries you can adjust; however, changing their default values can cause unexpected problems. Microsoft highly recommends that you do not alter the default settings. For those brave enough to venture into the Registry despite this warning, the NetBEUI parameters are located in the HKEY_LOCAL_MACHINE\System\CurrentControlSet\ Services\NBF\Parameters key. An exhaustive detailed list of the Registry entries, their effects, and valid values are contained in the regentry.hlp file from the Windows NT Server 4.0 Resource Kit. Microsoft has limited the amount of Registry information included with the Windows 2000 and XP Resource Kits, but most of the Registry information is the same. However, the standard cautions still apply. Caution Before making any changes to the Registry, be sure to back it up and take note of the default values.
The following list contains a few settings you can change to fine-tune NetBEUI: n
n
LLCMaxWindowSize—This setting has a default value of 10. It determines the
window size (how many packets are transmitted before an acknowledgement is required). By increasing this value, you can improve performance, but you also increase the chance of retransmissions. DefaultT1Timeout—This setting has a default value of 600ms. It determines how long to wait for a Logical Link Control (LLC) poll packet acknowledgment before resending it.The default value is used only upon link establishment; from there, it is dynamically adjusted based on performance. Increasing the default value can improve performance over slow links.
311
312
Chapter 15
n
Windows XP and Legacy Protocols
LLCRetries—This setting has a default value of 8. It determines how many
times the LLC poll packet is sent without receiving a response before the NBF link is closed. On high-traffic networks, this value can be increased to improve performance.
Mixing and Matching Protocols NetBEUI can be installed on a network where NWLink (IPX/SPX) and/or TCP/IP are installed.This type of configuration offers improved performance on internal network communications. Binding NetBEUI with priority over other network protocols allows internal traffic to be completed quickly, although external traffic (that is, over routers or to the Internet) is delayed slightly. However, you should test the response times and network traffic load for your particular network. In some cases, using only TCP/IP (for Internet-connected networks) or NWLink (for routed networks not using the Internet) results in faster performance than a hybrid protocol network. Keep in mind that maintaining multiple protocols increases administration, installation, and troubleshooting time as well as system performance overhead.
Keeping NetBEUI Secure NetBEUI is not one of the more secure protocols. By design, it is an unauthenticated protocol, so it is subject to a number of hacks, including spoofing (one computer posing as another to gain access to a system). Generally, this type of attack occurs when an attacker sends a Name Conflict datagram to a server.The server thinks that its NetBIOS name is in error, so it stops responding to requests.This is a classic example of a Denial of Service attack. Therefore, any Windows XP system that is directly connected to the Internet must have the bindings for NetBIOS on the external interface removed. Blocking the NetBIOS ports 137–139 for TCP and UDP on the firewall can also achieve this protection.
Troubleshooting NetBEUI NetBEUI problems typically occur only in the following two situations: n
The first situation occurs if the drivers for the protocol are corrupted because of viruses, read/write I/O errors, or hardware failures. In this case, removing and reinstalling NetBEUI solves the problem.
n
A second situation involves the Registry control values, which an administrator can change to a non-viable configuration.This situation requires resetting the Registry entries to their default values or removing and reinstalling the protocol.
In both cases, the system (or systems) involved must be rebooted.
NetBEUI and Windows XP
A more common problem in a Windows XP network is when pre–Windows XP computers cannot browse, locate, or create file and print share connections.Typically, this problem is caused when NetBIOS is disabled on the target Windows XP computer.
Performance Monitoring and NetBEUI Installing NetBEUI adds two new objects to Performance Monitor.These objects— NetBEUI and NetBEUI Resource—offer insight into NetBEUI activity. Exhaustive details of the counters from both of these objects are contained in the counters.hlp file from the Windows 2000 Server Resource Kit. .
For more details on Performance Monitor, see Chapter 22, “Tuning and Optimizing Windows XP,” p. 485. To learn more about some of the most important Performance Monitor counters, including those related to NetBEUI, see Appendix D, “Windows XP Performance Monitor Objects and Counters,” p. 789.
The NetBEUI object can be used to track various facets of traffic levels. Here are several counters worth watching: n
Bytes Total/sec. This counter measures the total amount of actual data transmitted over the network.
n
Connection Session Timeouts. This counter keeps a running total of the number of sessions terminated because of timeout expiration. A quickly increasing value for this counter can indicate a clogged network or an unresponsive system.
n
Failures Adapter. This counter keeps a running total of the number of sessions terminated because of hardware failures. A quickly increasing value for this counter can indicate a faulty NIC.
n
Window Send Average. This counter tracks the average number of data bytes sent before waiting for an acknowledgement.
The NetBEUI object also includes several datagram, frame, and packet counters for obtaining detailed information about inbound and outbound traffic patterns (see Appendix D). The NetBEUI Resource object tracks the use of NetBEUI buffers. Information about how often all buffers are exhausted, the average use, and the maximum use of system resources (buffers) can be monitored for numerous parameters of the protocol/adapter combination.
313
314
Chapter 15
Windows XP and Legacy Protocols
Integrating Windows XP with Older Versions of NetWare Although the various versions of Microsoft Windows have taken the network operating system market by storm, many copies of Novell’s NetWare are installed and operating. Numerous versions of NetWare are still out in the field, including NetWare 3.12, NetWare 4.11/IntranetWare, NetWare 5.x, and NetWare 6. On many networks, you will deal with both Windows XP and Novell NetWare and need to ensure that the two network operating systems work well together. This section gives you the information you need to successfully integrate Windows XP and NetWare networks.There are several tools available to make this integration as painless as possible. Integrating Windows XP and NetWare is fairly straightforward, thanks to the tools that Microsoft includes with Windows XP. Before you can look at these tools, however, you need to understand the different integration options.These are the three primary methods you can use to access a Novell NetWare server from Windows XP: n n n
Microsoft NWLink protocol Windows XP Client Services for NetWare (CSNW) Windows 2000 Gateway Services for NetWare (GSNW)
The NWLink protocol and when to use it are covered in the following section.The last two items are covered in detail in the “Client Services for NetWare” and “Gateway Services for NetWare” sections later in this chapter.
What Is the NWLink Protocol? Until NetWare 5, Internetwork Packet Exchange/Sequential Packet Exchange (IPX/SPX) was NetWare’s primary networking protocol suite.These two protocols are grouped into a single set of capabilities, not unlike the many protocols and services included under the TCP/IP umbrella. IPX is a connectionless protocol that resides at the Network layer of the OSI model. That means IPX information is simply sent out on the wire in the hopes that it will get to its destination.This is also known as a “best-effort delivery mechanism.” Think of it this way:You have a letter you want to deliver to your Aunt Bessy. She lives in a different state or country than the one in which you live.The easiest, cheapest, and, you hope, fastest way to get the letter delivered is to write Aunt Bessy’s address on the envelope, paste on the correct postage, and drop it in the nearest mailbox.You don’t care how it gets there (the path the letter takes); you care only that it does get there in a reasonable amount of time.The only way you might be informed that the letter did not arrive is if Aunt Bessy calls you and complains that you never write.This protocol can be
Integrating Windows XP with Older Versions of NetWare
compared to the User Datagram Protocol (UDP) or Internet Protocol (IP), both of which offer little in the way of error correction, detection, or recovery services. SPX is connection-oriented and resides at the Transport layer of the OSI model.With SPX, a connection (or session) is created and authenticated, and only then is any information sent. Note As previously mentioned, Microsoft’s implementation of IPX/SPX is called NWLink.
Following the same analogy used for IPX, SPX goes something like this: After you have prepared Aunt Bessy’s letter, you call her and let her know that you are sending her a letter. She informs you that she is home to receive it and when she might be going out. You then take the letter, get into your car, and drive the letter to Aunt Bessy’s house. When you get there, you walk up to the front door and ring the bell. If everything works out properly, Aunt Bessy answers the door, and you can deliver the letter and go home.You are certain she got the letter, and you know there will be no guilt-provoking messages on your answering machine when you get home. SPX can be likened to TCP, both of which offer excellent error detection, correction, and recovery services. SPX sits atop IPX, and the two protocols work together.Together, they offer a fast and efficient protocol suite that can access NetWare systems as well as other Windows XP systems using this protocol suite. In fact, IPX/SPX is faster and easier to configure than the TCP/IP protocol suite used on the Internet today. Novell invented the IPX and SPX protocols for use with its NetWare operating system. Microsoft provides the capability to communicate with these protocols so that its operating systems can coexist with the huge installed base of NetWare networks. Microsoft developed NWLink, its own implementation of IPX/SPX, in a so-called clean room environment. Essentially, Microsoft reverse-engineered the IPX/SPX protocols. NWLink is a protocol suite that is completely compatible with Novell’s IPX/SPX.
Installing NWLink NWLink is included with Microsoft Windows XP but is not installed by default.To install it, follow these steps: 1. Click Start, Control Panel, and then open the Network Connections applet. 2. Right-click the Local Area Connection entry for the network adapter, and click Properties. 3. In the General tab of the Local Area Connections Properties dialog box, click the Install button. 4. In the Select Network Component Type dialog box, select Protocol and then click Add.
315
316
Chapter 15
Windows XP and Legacy Protocols
5. In the Network Protocol list box, select NWLink IPX/SPX/NetBIOS Compatible Transport Protocol, and click OK (see Figure 15.2) to install the NWLink protocol.
Figure 15.2 You must install the NWLink IPX/SPX/NetBIOS compatible Transport Protocol to enable NetWare communications.
NWLink, by itself, is not a connectivity tool that integrates Windows XP and Novell NetWare functionality. Using only NWLink, you cannot access file or printer information on a NetWare server from a Windows XP computer. However, using only NWLink, you can access socket-based applications that use IPX protocols. For example, if you have access to a Novell NetWare server that supports a Structured Query Language (SQL) database, you can access that application using only NWLink. Microsoft provides other services that work with NWLink to integrate NetWare and Windows XP systems.
CSNW Versus GSNW Two other services included with Windows XP and Windows 2000 Server that help integrate Windows XP and NetWare are Client Services for NetWare (CSNW) and Gateway Services for NetWare (GSNW). CSNW is a component of GSNW available on a Windows 2000 server. Client Services for NetWare Client Services for NetWare connects Windows XP clients to NetWare file servers and allows them to operate in that environment.With CSNW installed, a NetWare server can validate a Windows XP client to access files and printers on that server. Remember that these services rely on the NWLink protocol. To install CSNW on a Windows XP machine, perform the following steps: 1. Log on to the system as Administrator. 2. Click Start, right-click My Network Places, and choose Properties from the shortcut menu.
Integrating Windows XP with Older Versions of NetWare
3. Right-click Local Area Connection, and choose Properties from the shortcut menu. 4. In the Local Area Connection Properties dialog box, click the Install button. 5. In the list of available components, select Client, and then click Add. 6. Select Client Services for NetWare, and then click OK. 7. You will be prompted to restart your computer.When the computer restarts, provide the default tree and context as prompted. 8. Click Start, Control Panel, Other Control Panel Options, and then double-click the new CSNW icon that appears. 9. In the Client Service for NetWare dialog box (see Figure 15.3), make any necessary adjustments, and click OK. 10. A system window pops up informing you that changes will take effect the next time you log on to the network; click OK. 11. Close Control Panel.
Figure 15.3 You can configure additional Client Service for NetWare settings from Control Panel.
When you install CSNW, it checks to see whether NWLink is installed. If NWLink is not installed, the installation process automatically installs it and proceeds with the installation. Gateway Services for NetWare CSNW is also a component of GSNW.When you install CSNW, you might notice that the GSNW option is not available.This is because currently GSNW is available only on
317
318
Chapter 15
Windows XP and Legacy Protocols
Windows 2000 Server, whereas CSNW is available only on Windows XP. However, when you install GSNW on a Windows 2000 server, you should notice that the formal name for this service is actually Gateway (and Client) Services for NetWare. So, as you can see, CSNW is a subset of GSNW. GSNW includes the features of CSNW and takes things to the next level. GSNW connects Windows 2000 servers to NetWare servers.This service provides a gateway for Microsoft workstations that require access to NetWare servers but do not have NetWare client software (or IPX/SPX protocols) installed. GSNW also allows workstations that connect using the Remote Access Service (RAS) to access resources on a NetWare server. Note A Windows XP computer with NWLink and CSNW installed can administer a NetWare server running Microsoft Windows 3.x or earlier with utilities such as SYSCON, RCONSOLE, or PCONSOLE. At present, however, you cannot administer a NetWare 4.x or higher server unless you install Novell Client32 for Windows XP. Additional resources and documentation are available on Novell’s Web site at http://www.novell.com/.
The process a Windows 2000 server follows when it acts as a gateway is fairly complex. However, this entire process is completely transparent to the workstations that use the gateway. After the gateway service is installed and configured, all workstations can see whatever file and printer resources the administrator sees fit to share, as though the resources were ordinary file and printer shares on a Microsoft network. Two features make GSNW a powerful and useful network service. First, no extra software is required on workstations that already participate in a Microsoft network environment.This includes not only Windows XP, but also Windows 2000 Professional, Microsoft Windows NT, Microsoft Windows 95, Microsoft Windows 98, and Microsoft Windows for Workgroups. Second, only a single user license on the NetWare server is required for the gateway to operate.To understand why this is so, take a look at how Windows 2000 creates a NetWare gateway using GSNW. After installing GSNW (covered in the next section), you must create a special user account on the Windows 2000 server where it resides.This account is used to log in to the NetWare server on the far side of the gateway. Likewise, the NetWare server must include a valid user account whose name and password match the special user account for the gateway on the Windows 2000 server. Next, you must create a group on the NetWare server.The group must be named NTGATEWAY for GSNW to function properly. After this group is created, you can assign it permissions to file and printer resources on the NetWare server. Microsoft Network clients can then access these NetWare resources in the form of shared folders on the Windows 2000 server.To set this access up, you must decide which resource to
Integrating Windows XP with Older Versions of NetWare
share and then assign appropriate permissions to the NTGATEWAY group so that the user accounts in that group can access those resources. When a workstation attempts to access information stored on the NetWare server, it sends a request for that information to the Windows 2000 server in which GSNW resides.The GSNW software logs in to the NetWare server (using the special gateway access user account) and grabs the requested information. Finally, GSNW sends the requested information back to the client workstation.To the workstation, it appears as though the requested information resides on the Windows 2000 server; the workstation remains unaware of the gateway’s background activity (except, perhaps, for slower-thannormal response times, which are typical when using GSNW or any other gateway software). Using GSNW You should use GSNW for only occasional access to a NetWare server because the gateway’s speed depends on the number of clients that connect through it. Increasing the number of clients for the gateway results in slower access speed for all clients. Windows 2000 servers with GSNW installed can administer a NetWare server by using the same utilities that work with CSNW. Client computers accessing a NetWare server through the gateway cannot administer the NetWare server. Again, a gateway connection works only for administering NetWare 3.x or lower servers; administration of 4.x or higher servers requires that you use Novell Client32 for Windows XP.
Installing GSNW Installing GSNW is similar to installing CSNW.To install GSNW or CSNW, complete the following steps: 1. Open the Network and Dial-Up Connections applet in Control Panel. 2. Right-click the Local Area Connection entry for the network adapter, and click Properties. 3. In the General tab of the Local Area Connections Properties dialog box, click the Install button. 4. In the Select Network Component Type dialog box, select Client, and then click Add. 5. In the Select Network Client list box, select Gateway (and Client) Services for NetWare, and click OK.You will probably be asked to insert the Windows 2000 CD-ROM. The system will reboot.When it resumes operation, GSNW will be available.
319
320
Chapter 15
Windows XP and Legacy Protocols
Note If you have RAS installed, you will receive the following message: Setup has discovered that you have Remote Access Services installed. Do you want to configure RAS to support NWLink protocol? If you do want RAS to support NWLink, click OK; otherwise, click Cancel.
Creating the Gateway User Account You must now create the user account and the gateway group on the NetWare server. Here’s how to go about completing these tasks: 1. Using your favorite NetWare administration utility (SYSCON, NetWare Administrator, ConsoleOne, iManager, NETADMIN, and so on), create a user whose name matches that of the user account that will be logging in to the Windows 2000 machine. For example, you might use NWUSER as the account name. 2. Create a group on the NetWare server (using the same administration tool) called NTGATEWAY. Remember that the group name must be NTGATEWAY. 3. Place the newly created user, NWUSER, into the newly created group, NTGATEWAY. 4. Make sure the password of the user matches that of the Windows XP account with the same name. 5. Assign any necessary permissions (called rights in the NetWare world) to whatever resources you want users to be able to access through the gateway. When you have completed these steps, the NetWare server will be ready to accept service requests from the gateway software on the Windows 2000 server where GSNW resides. Configuring the Gateway Service After the Windows 2000 server reboots, you will notice that it attempts to log in to a NetWare server.You must choose one of two methods for logging in, based on the type of NetWare server to which the gateway connects: n
n
If GSNW logs in to a NetWare 3.x or lower server, you must select the Preferred Server method. GSNW then attempts to log in to whichever NetWare server you designated as the preferred server. If GSNW logs in to a NetWare 3.x or higher server, you must select a Default Tree and Context for GSNW to log in to the proper part of the Novell Directory Services (NDS; referred to as “eDirectory” in NetWare 6) directory tree. If you use only the Client component of GSNW on a Windows 2000 server, you can choose
Integrating Windows XP with Older Versions of NetWare
that option right away. However, if you are configuring a system to act as a gateway for others to use, cancel this window and proceed to configure the gateway itself instead. When you install GSNW, it does not appear on the Start menu. Instead, GSNW creates a Control Panel applet called GSNW, in which you must choose the type of NetWare server to which the gateway will connect.This is also where you must designate the Preferred Server (for NetWare 3.x and lower) or the Default Tree and Context option (for NetWare 4.x and higher). Now that you have selected which server to log in to, you can enable the gateway.To accomplish this, click the Gateway button in the GSNW applet to open the Configure Gateway dialog box.To enable the gateway, follow these steps: 1. Select the Enable Gateway check box. 2. In the Gateway Account text box, enter the name of the user account you created on the NetWare server. 3. Enter the password in the Password text box and confirm it. The gateway is now configured, but you have not yet made any NetWare resources available to your clients.To do this, click the Add button in the Configure Gateway dialog box.When the New Share dialog box opens, follow these steps: 1. In the Share Name text box, enter the name of the share you want to create.This is the name clients will see when they browse for resources available on the Windows 2000 server. Remember, too, that MS-DOS and Windows 3.x clients can access only shares whose names have eight or fewer characters. 2. In the Network Path text box, enter the Universal Naming Convention (UNC) path for the NetWare server and share. 3. Enter a comment that will appear when clients browse for this resource.This field is optional, but can be helpful when you’re searching for resources because it is not subject to the same length restrictions as UNC names. 4. Select the drive letter that should be used when attaching this share to the server. 5. Choose the User Limit to apply to the gateway.You can select Unlimited or select a limit for the number of users who can access the share simultaneously. Be careful when setting it to Unlimited (the default).You might find that your gateway runs unacceptably slowly if too many users try to access it at the same time. 6. Click OK. Immediately thereafter, the Gateway applet attempts to connect to this share and authenticate the user account. If the Gateway applet connects successfully, the open windows disappear, and the newly created share appears in the Configure Gateway dialog box and in My Network Places information obtained from the local browser service (subject to update propagation to local browse masters).
321
322
Chapter 15
Windows XP and Legacy Protocols
Tip The first line of the GSNW applet in Control Panel reads Username:NWUSER. This confirms the name of the user account that GSNW uses to log in to the NetWare server. You should confirm that GSNW logs in as that user by going to the Services applet in Control Panel and double-clicking GSNW. In the Service dialog box that opens, check the entries in the Log On As section.
Note A UNC name takes the form \\servername\sharename. For a server named NWAcctg and a share named Monthly, the resulting UNC name is \\NWAcctg\Monthly. UNC names are not case-sensitive.
Microsoft Clients Versus Novell Clients Novell NetWare is a fairly closed network operating system.To develop applications that are truly compatible with NetWare, you need to follow specific development and deployment guidelines from Novell. Obtaining access to some of Novell’s code has been difficult and expensive, so only a small number of companies have done so. On the other hand, Microsoft has positioned Windows XP as a relatively open operating system, especially for development of client/server applications and server-based services. This strategy is the result of Microsoft’s belief that if developers can find out how to write applications and services for Windows XP easily and cheaply, they will choose to do so. Further, Microsoft feels that the more applications that become available for Windows XP, the more widely the operating system will be used. History appears to have vindicated this position.Today, many more applications are available for Windows NT,Windows 2000, and Windows XP than for NetWare. Microsoft has done a good job of creating client software, services, and applications that interoperate with Novell’s more closed operating system. However, because of NetWare’s closed nature, some of Novell’s newest and most proprietary offerings still work better than their Microsoft counterparts, especially where advanced client capabilities and Novell Directory Services are concerned.When providing advanced client capabilities for its own network operating system is concerned, Novell has an edge, even when the client involved is running Windows XP. Several networking clients are available for use in a mixed Windows XP and NetWare environment.They include the following: n n n n
Microsoft Client for NetWare Networks (protected-mode client) Novell Client32 for Windows XP (protected-mode client) NETX (the NetWare shell, a real-mode Novell network client) VLM (Virtual Loadable Module, a real-mode Novell network client)
Integrating Windows XP with Older Versions of NetWare
Although Windows XP supports networking clients that operate in real mode, this practice is not recommended. In real mode, all the CPU’s protection options are disabled, as are memory paging and multitasking features. Protected mode is recommended because it is more advanced than real mode and offers support for multitasking, virtual memory, and data security. Using a protected-mode client instead of a real-mode client provides more stability and faster data transfers across the network. To help you decide which protected-mode networking client best fits your needs, the following sections offer some reasons not to use a particular networking client. Known Issues with Microsoft NetWare Clients Microsoft had to build and design its NetWare utilities and tools blindly because it did not have access to proprietary Novell NetWare applications and components. In fact, Microsoft itself recommends against using the Microsoft NetWare client if any of the following conditions apply: n
n
n
n
n
If you need to use some of the proprietary NetWare utilities, including the Novell Application Launcher (NAL), Novell IP Gateway, Remote Access Dialer, Novell Distributed Print Services (NDPS), ZENworks, or Novell Storage Services—NAL enables an administrator to configure applications so that they appear as icons to users.To run the application, the user simply double-clicks the corresponding icon. The Novell IP Gateway allows dissimilar networks to communicate using TCP/IP externally, but IPX/SPX internally. Remote Access Dialer is a utility for connecting clients using Windows, Mac OS, and MS-DOS operating systems to the network so they can access network resources. Finally, NDPS eases the task of creating printers for users by installing print drivers on client computers automatically. None of these utilities work with the native Microsoft Client for NetWare Networks. If the NetWare Core Protocol (NCP) packet signature is required—The NCP packet signature is an enhanced security feature that allows packets to be digitally signed to protect their recipients from spoofing or forgeries. Only Novell Client32 for Windows XP and VLM support this capability. If your network requires NetWare IP for NetWare 4.x—Microsoft TCP/IP does not communicate with NetWare IP for NetWare 4.x.To use this functionality, you must use Novell Client32 for Windows XP, its VLM client, or its NETX client software. If 3270 emulators are required—If you use 3270 emulators that need MS-DOS terminate-and-stay-resident (TSR) programs or need to run applications in MSDOS using a 3270 emulator, you need to use the VLM client or the NETX client. If you use custom VLM components—Because custom VLM components do not work with the Microsoft NetWare client, you should use the Novell VLM client instead.
323
324
Chapter 15
Windows XP and Legacy Protocols
Novell Client32 You can download the Novell Client32 for Windows XP by going to http://www.novell.com/ download/index.html and selecting the appropriate link. For more information about limitations of Microsoft Client for NetWare Networks, consult the Microsoft Windows 2000 Server Resource Kit or the Windows XP Professional Resource Kit documentation.
Known Issues with Novell NetWare Clients You should use Microsoft Client for NetWare Networks if you encounter any problems running the Setup program with the Microsoft unattended installation facilities. Microsoft Client for NetWare Networks is available by clicking the Install button in the Local Area Connection Properties dialog box. Several other tools and utilities are also available for Windows 2000 Server that support integration of NetWare and Windows XP and permit information to migrate from Novell NetWare to Windows XP, including File and Print Services for NetWare and NetWare migration tools.These tools and others are discussed in the next sections.
Windows Services for NetWare Version 5 Both Microsoft and Novell offer tools to help administrators migrate their servers from one network operating system to another. Microsoft has continued its tradition of making it easy to migrate from NetWare to the Windows platform by supplying a new set of coexistence and migration tools to assist organizations in their move to Windows 2000 Server.The Windows Services for NetWare Version 5 add-on includes these three tools, which are discussed in the following sections: n n n
File Migration Utility Microsoft Directory Synchronization Services (MSDSS) File and Print Services for NetWare Version 5 (FPNW)
In addition to the new tools, the following two tools from the previous NetWare tools package are included: n
n
Directory Service Manager for NetWare. This utility is used to provide interoperability with Windows NT 4.0 domains. It was included just for backwardcompatibility and is not discussed here. File and Print Services for NetWare Version 4. This package allows a Windows 2000 server to emulate a NetWare 3.x. server.
File Migration Utility (FMU) The File Migration Utility is used to move files from NetWare file and print servers to Windows 2000 Server.The utility preserves most access permissions by mapping the
The Realities of Integrating NetWare and Windows 2000
original NetWare rights to the applicable Windows 2000 permissions.The differences in file permissions are covered later in this chapter in the section “The Realities of Integrating NetWare and Windows 2000.”
Microsoft Directory Synchronization Services (MSDSS) The Microsoft Directory Synchronization Services (MSDSS) tool is capable of handling two-way directory synchronization between Active Directory and NDS. It can also read and migrate information from the NetWare 3.x bindery services.The MSDSS tool enables you to manage a joined directory structure from either directory and to gradually migrate objects from NDS to Active Directory.You can also use MSDSS to transfer user and group accounts, files, directories, and even a complete NDS directory tree from one or more NetWare servers to at least one Windows 2000 domain controller.
File and Print Services for NetWare (FPNW) Until now, you have learned about only those NetWare-related client and server tools that are bundled with Windows XP and Windows 2000 Server. All those tools offer certain capabilities to connect Windows XP clients to Novell NetWare servers.You will find that most networks in the real world require connections in reverse as well, so NetWare clients will need to connect to resources on a Windows 2000/XP system. To solve this problem, Microsoft developed File and Print Services for NetWare (FPNW).This tool is not built into Windows 2000 Server; it must be purchased as an add-on component. Like GSNW, FPNW is available only for Microsoft Windows 2000 Server and does not work on Windows XP. FPNW works the same as CSNW, except in reverse. Essentially, FPNW makes a Windows 2000 server appear to NetWare clients as a NetWare 3.x server. FPNW clients can access any information about file and print shares and services that the system administrator chooses to share with them. There are two versions of FPNW included with the Windows Services for NetWare version 5 package.The 4.0 version of FPNW emulates a NetWare server or lower, whereas version 5 is used to emulate a 4.x or higher version of NetWare.
The Realities of Integrating NetWare and Windows 2000 Because Windows 2000 and NetWare are so different, you must make some choices and decisions before you start any migration process.These choices vary depending on which migration tools you have selected. Some of these choices are covered in the sections that follow.
325
326
Chapter 15
Windows XP and Legacy Protocols
Dealing with Duplicate Names When you run two distinct network operating systems, there are often duplicate accounts or group names on the two networks.This is normal because a user might need access to both systems before a migration occurs, and often the only way to accomplish this is to create two separate accounts, one for each network.When you plan a migration, you must be aware of duplicate names and what you can do with them. Here are some possible solutions for duplicate name problems: n
n
Overwrite the existing account. Replace the current Windows 2000 account with a NetWare-derived alternative. Log the duplicate name. Simply note the presence of a duplicate name in the NetWare space, but make no changes to the Windows 2000 environment.
n
Ignore the duplicate name. Do nothing at all for NetWare account information if a NetWare account name duplicates an existing Windows 2000 account.
n
Migrate the name from NetWare to Windows 2000. Be sure to add a prefix to any duplicate usernames. For example, add the prefix nw to all duplicate accounts.This creates multiple accounts whenever duplicates are encountered, so information can be transferred from the NetWare-derived account to the existing account, or both accounts can be maintained in parallel.
Dealing with Supervisor Rights Both network operating systems have their own administration accounts. Some migration tools do not, by default, transfer users with Supervisor rights into the Domain Administrators group in the receiving domain.This means that a user who is a supervisor on the NetWare network does not automatically become an administrator on the Windows 2000 Server.
Dealing with File Migration When migrating files from NetWare to a Windows 2000 domain, you can choose from a variety of file options, as outlined in the following list: n
You can select which files are to be copied from NetWare to Windows 2000 Server. If you are transferring the selected NetWare files to an NTFS partition, all copied directories and files retain their effective permissions.
n
You can choose the resource share names. You can choose whether hidden and system files are transferred. By default, they are not.
n
By default, all files with the proper settings are migrated except for files stored in NetWare administrative directories, including \ETC, \LOGIN, \MAIL, and \SYSTEM.
The Realities of Integrating NetWare and Windows 2000
This is because these files and directories are specific to NetWare and cannot be used on a Windows 2000 Server system. The differences between Windows 2000 and NetWare mean that certain file and directory properties might not translate perfectly from NetWare to Windows 2000.The following three tables show how file and folder properties migrate.Table 15.1 illustrates how NetWare file rights map to Windows 2000 file permissions;Table 15.2 illustrates how file attributes migrate; and Table 15.3 illustrates the relationship between NetWare directory rights and Windows 2000 folder permissions. Table 15.1 Comparing NetWare File Rights and Windows 2000 File Permissions NetWare File Rights
Windows 2000 File Permissions
Access Control (A) Create (C) Erase (E) File Scan (F) Modify (M) Read (R) Supervisor (S) Write (W)
Change Permissions (P) Write (W) Delete (X) Read (RX) Read/Write (RW) Read (RX) Full Control (ALL) Write (W)
Table 15.2 Comparing NetWare and Windows 2000 File Attributes NetWare File Attributes
Windows 2000 File Attributes
Archive Needed (A) Copy Inhibit (C) Delete Inhibit (D) Execute Only (X) Hidden (H) Index (I) Purge (P) Read Only (Ro) Read Write (Rw)
Archive (A) Ignored and not transferred Ignored and not transferred Ignored and not transferred Hidden (H) Ignored and not transferred Ignored and not transferred Read Only (R) None; files without the Read attribute can be read and written to Ignored and not transferred Ignored and not transferred System (S) Ignored and not transferred Ignored and not transferred
Rename Inhibit (R) Shareable (Sh) System (Sy) Transactional (T) Write Audit (Wa)
327
328
Chapter 15
Windows XP and Legacy Protocols
Table 15.3 Comparing NetWare Directory Rights and Windows 2000 Folder Permissions NetWare Directory Rights
Windows 2000 Folder Permissions
Access Control (A) Create (C) Erase (E) File Scan (F) Modify (M) Read (R) Supervisor (S) Write (W)
Change Permissions (P) Add (WX) (not specified) Change (RWXD) (RWXD) List (RX) (not specified) Change (RWXD) (RWXD) Read (RX) (RX) Full Control (All) (All) Change (RWXD) (RWXD)
Best Practices for Migration Before you perform any migration from NetWare to Windows 2000 Server, it is best to select the list of servers and related migration options, and perform a trial migration. When the trial migration starts, the server goes through the motions of performing the specified migration, but does not commit any of the changes. A trial migration enables you to observe any changes that the migration tool makes and take corrective action to deal with any problems or conflicts the migration might encounter when it’s underway.You can perform as many trial migrations as you want, making minor or major configuration changes for each one, until the results match your needs and your expectations. Tip There are third-party utilities that can capture and preserve some of the information the Microsoft migration tools for NetWare cannot handle. If you’re considering any large-scale or wholesale migrations, you might want to investigate products and services from companies such as BindView Development Corporation (http://www.bindview.com).
Mechanics of NDS Versus Active Directory With a few exceptions, there is usually no direct correlation between NDS and Active Directory partitions that map to a DNS namespace.There is an excellent white paper that contrasts the concepts and mechanics of NDS and Active Directory at http://www.microsoft.com/windows2000/server/evaluation/compare/ adndsv8.asp.
Performance Tuning When Using Multiple Protocols
Troubleshooting NetWare-to-Windows XP Connections (and Vice Versa) Some of the toughest tasks you will ever be required to handle involve troubleshooting computer systems. Even when problems appear to be the same from one instance to the next, the same solution almost never works more than once. One of the most common problems you will run into with Windows XP-to-NetWare integration involves IPX frame types. Ethernet uses frame types to send information across a network.You can configure Ethernet to use one of several IPX frame types; the most common frame types are the IEEE 802.2 and IEEE 802.3 frame formats. Although their names look similar, these two frame formats are not at all the same. As an analogy, take the coins you deal with every day. Some vending machines take only certain coins; others take nearly all denominations. Frame types work the same way. A protocol usually accepts only one frame format, although you can configure it to accept multiple types. If you are communicating with a NetWare 3.x or earlier server, that frame format usually uses 802.3. However, NetWare 4.x and higher-numbered versions usually use 802.2. If a client attempts to communicate with a NetWare server using an unrecognized frame format, the communication will fail.
Performance Tuning When Using Multiple Protocols When you are using multiple protocols on a network, network traffic increases.The reason is that when client PCs are communicating with each other, they send their information to another PC, once for each protocol installed on the sending PC. For example, if a PC has TCP/IP, NetBEUI, and IPX/SPX loaded, it sends the same piece of information three times, once for each protocol. On a small network, this probably doesn’t have much of an impact. However, on larger networks, it can create a lot of unnecessary traffic. If your situation allows, we recommend using only TCP/IP for the following reasons: n n n n
It’s the protocol used for communicating on the Internet. It is compatible with virtually everything. With the release of Windows 2000, the usefulness of NetBEUI has ended. With the release of NetWare 5.0, the usefulness of IPX/SPX has ended.
However, if you cannot eliminate the additional protocols, there are some things you can do to reduce the excess traffic: n
If you need to use NetBIOS, use the Windows XP implementation of NetBIOS over TCP/IP (NBT). NBT adds a little more overhead than using TCP/IP alone, but it is far less than using both TCP/IP and NetBEUI.
329
330
Chapter 15
n
n
n
Windows XP and Legacy Protocols
When using NetBIOS over TCP/IP, set up a WINS server and configure the clients to use H-node (hybrid) name resolution. Using hybrid name resolution, the client first tries to resolve the name by querying the WINS server. If the WINS server cannot resolve the name, it uses a broadcast. Using the WINS server as the default method of name resolution can reduce broadcast traffic on the network. Change the binding order on the server NICs to place the most commonly used protocol at the top.This change reduces the connection time between the client and the servers. It doesn’t directly reduce the amount of network traffic, but it decreases latency because the client does not have to wait for the first protocol in the binding order to time out before the second protocol is tried. If the number of clients is about equal and you are using TCP/IP and NetBEUI, put NetBEUI first in the binding order.This is because NetBEUI times out more quickly than TCP/IP, thereby decreasing latency.
Another, more involved way to cut down on traffic is to segment the network and group machines by protocol.Then add a NIC to the servers for each protocol and unbind the protocols that are not being used on that segment for each NIC.
For More Information For more information about using legacy protocols with Windows XP, please consult the following resources: n
Microsoft KnowledgeBase: http://support.microsoft.com. Check out the following articles: Q187789, Q177601, Q104024, and Q121394.
n
Microsoft TechNet: http://www.microsoft.com/technet. Microsoft Windows 2000 Server Resource Kit. Microsoft Press, 2000. ISBN: 1572318058.
n
n
Microsoft Windows XP Professional Resource Kit Documentation. Microsoft Press, 2001. ISBN: 0735614857.
n
Search the Web using the following keywords: IPX/SPX, NWLink, CSNW, GSNW, and FPNW.
16 Windows XP Meets Unix
A
LTHOUGH MICROSOFT WOULD LIKE ALL ORGANIZATIONS to use Windows XP and Windows 2000 Server as their only operating systems, it is a fact of corporate life that many business networks are hybrid or multi-platform environments.This could be the result of natural evolution or of a business decision. One of the more common hybrid networks is one running Microsoft Windows operating systems alongside Unix operating systems. Each operating system has its respective strengths and weaknesses.This chapter discusses how to integrate these two systems on the same network.
When discussing Unix, we are generalizing about the many available Unix flavors— including Sun’s Solaris, IBM’s AIX, Hewlett-Packard’s HP-UX, and the many versions of Linux, which are divided into two broad categories or families: System V and BSD. In the same way that Unix generalizes all the versions of Unix, Linux generalizes all the versions of Linux—including Red Hat Linux, Corel Linux, SuSE Linux, and TurboLinux, to name a few.This chapter deals with the communication between Windows XP/Windows 2000 and Unix systems, not the differences in performing tasks on the different flavors of Unix.
Windows XP Strengths and Weaknesses This section examines the strengths and weaknesses of the Windows XP operating system.The points presented in this section might be contested by some.The whole Windows/Unix debate has become a heated one and is almost at a “battle stations” level in certain circles. Because Windows XP is fairly new in its evolution and Unix is much more mature, some weaknesses may disappear in future service pack or operating system releases, and other weaknesses could be uncovered.
332
Chapter 16
Windows XP Meets Unix
Windows XP has a number of strengths that it builds on as well as a number of new features, including the following: n
n
n
n
The Windows NT family (including Windows XP) is not a patch or an upgrade; it is a complete rewrite of the earlier Windows DOS-based operating systems, such as Windows 95,Windows 98, and Windows Me. Windows XP runs DOS-based,Win16, POSIX, and Win32 applications and retains some backward-compatibility with earlier software.Windows XP runs DOS-based and Win16 applications in such a way that an application failure has no impact on the server, thus protecting Windows XP from subsystem failure. Microsoft designed Windows XP with security in mind, to prevent attacks from the outside and to make the system user-proof.Windows XP uses New Technology File System (NTFS) and share-level security.Windows 2000 Server now uses the industry-standard Kerberos security protocol for its domain-level security.This makes Windows XP and 2000 clients considerably more secure than Windows NT. For workgroup security,Windows XP still uses NT LAN Manager (NTLM) for authentication. Windows XP has a completely revised user interface that makes for a cleanerlooking desktop and better organization.Windows 2000 and earlier versions of Windows have a similar graphical user interface (GUI), which eases the learning curve for previous Windows users.There is also less maintenance overhead because the operating system provides administration wizards and GUI tools.The Microsoft Management Console (MMC), for example, is a single administration tool that can be used to manage nearly all Windows XP administrative tasks.
n
Windows XP also supports the Microsoft BackOffice product line. BackOffice is a collection of products you would have to purchase from third-party companies if you ran Unix. Exchange Server, Proxy Server, Systems Management Server (SMS), Systems Network Architecture (SNA) Server, and Site Server all are BackOffice components.With Unix solutions, you must manage vendor relationships with multiple companies.
n
A large number of new services are now included. Among them are the Remote Installation Service, Remote Storage, and IntelliMirror.
n
Windows 2000 Server has several free server components.They include a scalable Web server called Internet Information Server (IIS), a File Transfer Protocol (FTP) server, a Network News Transfer Protocol (NNTP) server, a Telnet server, and a Simple Mail Transfer Protocol (SMTP) e-mail server.
Six years ago, Linux was the poor man’s operating system. College students used it because it was free, and anyone could code to it.The source is still free. Now, large IT organizations are embracing Linux. Compaq developed RAID software drivers for it, IBM provides service agreements for it, Oracle has a database for it, and Caldera and Red Hat have books and Linux certification programs. Major companies are looking at
Windows XP Strengths and Weaknesses
Linux because of its large and still growing installed user base and because it is a free operating system (or almost free, depending on the vendor). Microsoft has an even larger installed base and support systems for Unix, which implies safety for corporate users and developers alike. One of the major faults of Windows NT in the past, according to Unix administrators, is that compared to Unix,Windows NT was less reliable. It was not an uncommon practice on Windows NT networks to reboot Windows NT servers on a scheduled basis to stave off an attack of blue screens, whereas Unix could run for months or years without O/S failure. Scalability is a common requirement in large-scale companies and on e-commerce Web sites. Until recently,Windows NT was not very scalable; Unix has always done this better. All this changed starting with Windows 2000 Server. Microsoft has designed Windows XP and Windows 2000 Server with stability and scalability in mind.The frequent reboots in Windows NT are a thing of the past (although you should still reboot the system after major changes have been performed). In fact, with Windows XP installed on a laptop, you can remove the network card, install a new card (from the same or a different manufacturer), install the network card drivers, and reconfigure the network without being prompted for a reboot. (This process would have required at least two reboots with Windows NT.) .
To learn about the various flavors of Windows server and clients, see Chapter 1, “Introducing Windows XP,” p. 7.
Clustering of systems has now become somewhat mainstream with hardware costs dropping.Windows 2000 Advanced Server has built-in clustering features. A cluster is a group of computers that the end user sees as a single machine, even when computers are added to it. Clusters provide fault tolerance and distributed processing. A failure of a single server in a cluster—without any performance degradation or service outage from the end standpoint—will be noticed only by an administrator. Microsoft Cluster Service (MCS) provides the following benefits: n
Availability. MCS can automatically detect application or server failure and can quickly restart services on a surviving server. Users experience only a momentary pause in service.
n
Manageability. MCS enables administrators to quickly inspect the status of all cluster resources and easily move the workload around onto different servers within the cluster.This feature is useful for manual load balancing and for performing rolling updates on the servers without taking important data and applications offline.
n
Scalability. Cluster-aware applications can use the MCS services through the MCS application programming interface (API) to perform dynamic load balancing and to scale across multiple servers within a cluster.
333
334
Chapter 16
Windows XP Meets Unix
Although we would love to tell you that Windows 2000 has no faults, we would be lying.The major issue with Windows 2000 Server is also one of its strengths: Active Directory. Although Active Directory is a necessity, the version that ships with Windows 2000 Server is the first version and still has some limitations when compared to Novell Directory Services (NDS), for example, which has been around for many years. Some of these limitations include the lack of supported applications that rely on Active Directory, unproven scalability in the real world, and uncharted security issues. A number of these limitations have been addressed in the Windows 2000 service packs; however, although Active Directory is considerably more secure than NTLM, it could have security issues of its own. The weaknesses don’t stop there. For starters, replication latency on a local area network (LAN) is 52 minutes, and forced replications do not always work properly.Thus far, the main weaknesses in Windows are in the areas of performance, security, stability, and networking. Remote administration is one area in which Unix provides better capabilities than Windows 2000 Server, although Windows 2000 Server ships with Terminal and Telnet services to help narrow the gap. In addition, programs such as Symantec’s pcANYWHERE and Compaq’s Carbon Copy enable remote administration of Windows NT/2000 and Windows 95/98/Me computers.Windows XP has addressed this issue head-on by introducing the Remote Desktop. Using the Remote Desktop, users can access a Windows XP computer from another location and use applications, files, and other network resources as though they were sitting in front of the Windows XP computer. A connection to a Windows XP computer can be made directly across a network from another computer running the Remote Desktop Connection software (can be a non-XP computer) or can be made across the Internet.To enable Internet connectivity, Remote Desktop Connection (RDC) must be installed on a Web server running IIS that also has Active Server Pages (ASP) enabled.
Unix Strengths and Weaknesses Unix is stable. System crashes are possible with any computer, but on the whole, Unix runs longer without a crash. Historically, companies with large, mission-critical enterprise applications have run Unix. If you asked the CEOs of Fortune 500 companies which operating system their companies use, you would get more Unix answers than Windows (although this number is shifting). Compaq, for example, advertises that the “Integrity SA-series will provide continued improvements in fault-tolerant system availability, with availability in the range of 99.999 to 99.9999 percent.”This statistic screams stability. Luckily, with Windows 2000 improved scalability and availability services (especially with Datacenter Server), numbers like these should start being reported for Windows, too.
Hybrid Environments
As previously mentioned, Unix provides better scalability than Windows 2000 Server. Unix servers have higher limits on maximum processors, maximum memory, and maximum drive space.The higher-end versions of Windows 2000 (such as Windows 2000 Datacenter Server), however, shatter these limits with huge amounts of memory and processor capabilities. In the Unix world, coding a great tool and then releasing the source code into the public domain is common.This is not a Windows practice, however. Unix has been around a lot longer than Windows and has more administration tools and utilities.There also are an extraordinary number of available news, e-mail, FTP, and Web servers for Unix, many of which are freeware or shareware and, therefore, seem more cost-effective than Windows 2000 and XP, although this is debatable.The problem is that there are so many different versions of Unix, many of which run on dedicated hardware—such as IBM’s AIX and Sun’s Solaris—thereby requiring a huge outlay of cash for these hardware platforms. With all this free stuff and years of public release, what could possibly be wrong with Unix? If you have never stared down the throat of the Unix monster, you are missing the intimidation factor.The proliferation of command prompts is a bit unnerving for most, at least in the beginning.When the only point of contact with the Unix OS is a # sign or a $ sign, that scares people. (Although graphical interfaces are becoming a mainstream component of Unix systems, the command line is still the preferred method of configuring the OS.) Unix is harder to administer.Take a seasoned Unix administrator and throw him into a Windows 2000 or Windows XP environment; at the same time, toss a Windows 2000 Server administrator over to Unix. Guess who quits and goes home? It does not take a lot of expertise to poke around Windows 2000 Server and find Active Directory Users and Groups, play with the menus, and figure out how to add a group.The difference between local and global groups is also relatively obvious. Now imagine doing the same thing on Unix. Unless you know the keyboard commands and what the prompts mean, you’ll become hopelessly lost in no time. The other big Unix negative is the diversity of the operating system. Even with small differences among Unix flavors, developers have to code their Unix applications for each version of Unix, in contrast to coding for a single platform on Windows 2000 Server. It is difficult for vendors to support a lot of varying platforms. For this reason, corporate decision makers consider vendor support for Unix weak or incomplete.
Hybrid Environments Few companies operate in a single computing environment. As companies and networks expand, the networks tend toward heterogeneity rather than homogeneity. How do you manage a hybrid network? Both Unix and Windows 2000 Server have strengths and
335
336
Chapter 16
Windows XP Meets Unix
weaknesses, so exploit their respective strengths and avoid their weaknesses.The key to this is integration. Networks grow out of necessity and are difficult to redesign after they are constructed. Unix and Windows 2000 Server can live amiably together.Your long-term integration strategy should include avoiding excessive costs through standardization. Minimize differences in hardware and software wherever possible.Windows 2000 Server can run on Intel, so consider running everything on the x86 platform. If this is not cost-effective for you, at least consider minimizing the diversity of the Unix systems; choose one version of Unix and stick with it. There has been a lot of work in the areas of standardization to simplify communication in hybrid environments. Most notably, the Open Systems Interconnect (OSI) Reference Model and the Institute of Electrical and Electronic Engineers (IEEE) specifications offer standards that aim to bridge the gap between disparate systems; these specifications are discussed in the following sections.
The OSI Model Over the years, different networking models have been introduced to illustrate the theory of physical networking. Of the proposed standards, the most widely used is the OSI Reference Model.The OSI Model characterizes how data flows between the network connection and an application. Several other models closely resemble the OSI model, but few match its openness. Each OSI Model layer has certain explicit responsibilities (see Table 16.1). .
For a detailed discussion of the OSI model, see Chapter 12, “Windows XP Networking Explored and Explained,” p. 249.
Table 16.1 OSI Layers and Functions OSI Layer
Function
Application Presentation Session Transport Network Data Link Physical
Transfers information from program to program. Handles text formatting and displays code conversion. Establishes, maintains, and coordinates communication. Ensures accurate delivery of data. Determines transport routes and handles the transfer of information. Codes, addresses, and transmits information. Manages hardware connections.
IEEE 802 Networking Specifications In the late 1970s, the IEEE proposed defining standards for LANs to ensure that networking components, specifically network interface cards (NICs) and cabling, would be
Hybrid Environments
compatible.This endeavor, called the IEEE 802 model, is the basis of that effort.The number 802 stands for the year and month (February 1980) of its origin.This specification has formed the basis of modern networking environments. The IEEE 802 model predates the OSI Model.The OSI Model was not widely used until 1984, although both OSI and IEEE coexisted.The key difference between the two is that the IEEE 802 specification focuses on the physical network components, specifically NICs, cables, connections, media access controls, and signaling methods. All these elements reside within the two lowest layers of the OSI Model, the Physical and Data Link layers.These layers are further divided into 12 standard categories (see Table 16.2). Additional information is available at http://www.ieee.org. Table 16.2 IEEE 802 Categories Standard Number
Standard Name
Description
802.1
Internetworking
802.2
Logical link control
802.3 802.4 802.5
Ethernet local area networks Token bus local area networks Token ring local area network
802.6
Municipal area networks (MANs)
802.7
Broadband
802.8
Fiber-optic
802.9
Integrated voice/data networks
802.10
Network security
802.11
Wireless networks
801.12
High-speed networks
Routing, bridging, and internetwork communications Error control and flow control over data frames Ethernet media and interfaces Token bus media and interfaces Token ring media and interfaces MAN technologies, addressing, and services Broadband networking media, interfaces, and equipment Fiber-optic media, interfaces, and equipment Integration of voice and data over a single network medium Network access controls, encryption, and certification Standards and components for wireless networks 100+Mbps technologies
The IEEE 802 specification expands the OSI Model’s Physical and Data Link layers by dividing the Data Link layer into two sublayers: the Logical Link Control (LLC) sublayer and Media Access Control (MAC) sublayer.The LLC sublayer is for error correction and flow control, and the MAC sublayer addresses access control.
337
338
Chapter 16
Windows XP Meets Unix
The LLC sublayer defines Service Access Points (SAPs), giving other computers an access point for direct upper-layer communication.The MAC sublayer enables multihomed (multiple NICs) access to the Physical layer within a single computer. It is also responsible for error avoidance and correction in computer-to-computer transmissions.The MAC sublayer supports Carrier Sense Multiple Access with Collision Detection (CSMA/CD), token bus, token ring, and 802.12’s Demand Priority.
Name Resolution Name resolution was devised to make network communications a little easier for human beings. People don’t do as well with numbers as they do with recognized patterns and names. Name resolution is a computing system’s attempt to make network identification easier for users to manage. In the early days of networking, when the number of hosts was manageable, host-to-IP name resolution tables were managed on each host in a static file, the Hosts file.This file contained static mappings of names to IP addresses. Although static mapping works well with a small number of hosts, it becomes a maintenance nightmare as new hosts are added. In a strict Unix environment, the Domain Name System (DNS) is the standard for name resolution, although you also might see the anachronistic Berkley Internet Name Domain (BIND) pop up. BIND is an RFC-compliant implementation of DNS. In a strict Windows 2000/XP environment, there is the Microsoft implementation of DNS, which is BIND compliant, and the Windows Internet Naming Service (WINS). There can also be two static files: Hosts and LMHosts.The Hosts file is similar to a static, local DNS file. It provides fully qualified domain name (FQDN)–to-IP address resolution.The LMHosts file is a static WINS database.WINS services NetBIOS (host) name–to-IP address resolution in a Windows environment. In a hybrid environment, you usually use DNS and WINS and possibly Hosts and LMHosts. Windows 2000 introduced a new version of DNS, known as Dynamic Domain Name Service (DDNS). DDNS differs from DNS in that it allows systems using the addresses to dynamically update records stored within the domain. If a mail server’s IP address is modified, for example, it notifies the DDNS server of the change and is still accessible using its name. You might have heard that WINS NetBIOS over TCP/IP (NBT) is dead in a Windows 2000/XP environment.This is true, but if, and only if, you have no applications that require NetBIOS support. In a Windows NT environment, NBT binds to TCP/IP, allowing hostname resolution over TCP/IP.When a computer attempts to join a network, it broadcasts a request on the local subnet using User Datagram Protocol (UDP) or, if available, to a NetBIOS server.The purpose of the broadcast is to make sure the hostname is not currently in use and to register the host. If the hostname is not in use, the host registers with a name server, such as a WINS server.The name server dynamically manages the host-to-IP resolution information for the host machine.
Hybrid Environments
Suppose you want to resolve an IP address of a computer on your network with a NetBIOS name of MAGNACARTA.Table 16.3 lists the resolution order of precedence. Table 16.3 Name Resolution by Type Resolving NetBIOS Name (LAN Manager, Windows, Windows NT)
Resolving Host Name (Unix)
Cache WINS Broadcast LMHosts Hosts DNS
Hosts DNS Cache WINS Broadcast LMHosts
Tip A simple way to remember the order for NetBIOS name resolution is to use the following mnemonic device: Can We Buy Large Hard Drives (cache, WINS, broadcast, LMHosts, Hosts, DNS).
Because you are trying to resolve a NetBIOS name, use the left column in Table 16.3. First, the NetBIOS cache is checked. Issuing the nbtstat -c command shows what names are in cache: D:\>nbtstat -c No names in cache
The result of this command indicates that no names are currently in cache, so WINS is queried next. NetBIOS names can be automatically registered with a WINS server (if the client is a Windows machine), or you can manually enter names for non-WINS computers by using the Add Static Mappings option. If WINS fails to respond or is not aware of the name, a broadcast is issued to the local network in an attempt to locate the host. If the host acknowledges the broadcast, a connection is made; otherwise, the static LMHosts file is examined.The LMHosts file, located in the %systemroot%\system32\ drivers\etc subfolder, is similar to a static WINS database. If there is a failure, the Hosts file, also located in the %systemroot%\system32\drivers\etc subfolder, is examined. If the host still cannot be located, DNS is queried, and the NetBIOS name is potentially matched against a DNS entry. Assuming that the host still cannot be found, the message Bad IP Address MAGNACARTA is returned. If at any time during this process the NetBIOS name is resolved, the nbtstat -c command returns the following:
339
340
Chapter 16
Windows XP Meets Unix
D:\>nbtstat -c Node IpAddress: [0.0.0.0] Scope Id: [] NetBIOS Remote Cache Name Table Name Type Host Address Life [sec] -----------------------------------------------------------MAGNACARTA UNIQUE 10.0.0.12 660
This response indicates that MAGNACARTA was found at IP address 10.0.0.12.The Life [sec] column indicates the length of time in seconds that the entry remains in cache. If another attempt to locate the host MAGNACARTA is made within 660 seconds (11 minutes), it will be returned from NetBIOS name cache instead of repeating this process. Remember that although NetBIOS names are not case-sensitive in Windows, Unix hostnames are. Magnacarta and MAGNACARTA are considered the same in Windows, but they are different in Unix. If the host MAGNACARTA is frequently accessed, a WINS server is not available, and the time it takes to find MAGNACARTA is excessive, MAGNACARTA can be preloaded into the NetBIOS name cache.The LMHosts file uses associated tags, listed in Table 16.4, to perform cache and name-resolution management. Table 16.4 LMHosts Tags Tag Name
Description
#PRE
Preloads the name into cache. Specifies a domain master browser in another domain. Must be preceded by the #PRE tag. Permits parsing an LMHosts file on another computer as though it were local. Must precede multiple #INCLUDE statements. Marks the end of multiple #INCLUDE statements. Keeps Windows NT from sending a directed name query to the remote server instead of a name query broadcast to the local subnet. Adds multihomed static WINS mappings.
#DOM:domain_name #INCLUDE:\\servername\ sharename\lmhosts #BEGIN_ALTERNATE #END_ALTERNATE #NOFNR
#MH
DHCP As you might recall, one of the key benefits of Windows 2000 Server is easy administration, and the Dynamic Host Configuration Protocol (DHCP) is one of the administrative tools Windows 2000 Server provides. If you have ever manually configured a network client for TCP/IP access, you will learn to love DHCP Manager.
Windows 2000 Server and Unix Integration
The following are some benefits of DHCP: n
n
n
n
The administrator can specify global and subnet-specific TCP/IP parameters for the entire internetwork centrally. Client computers do not require manual TCP/IP configuration.The clients must only be DHCP-client capable to reap the benefits of DHCP. When a client computer moves between subnets, the old IP address is freed for reuse, and the client is reconfigured for TCP/IP automatically when the computer is started. Most routers can forward DHCP configuration requests, so DHCP servers are not required on every subnet on the network. (This is true only if BOOTP forwarding is enabled on the routers.)
The following are some drawbacks of DHCP: n
There is no guarantee of a specific IP address. DHCP is arbitrary in assigning IP addresses—what you get is what you get, unless you manually reserve every address by using the workstation’s MAC address.
n
DHCP does not autodetect IP addresses in use. If a DHCP scope overlaps existing static IP addresses, you might have duplicate IP addresses on your network. However, Service Pack 3 added a feature to DHCP Manager that enables you to select whether you want the DHCP service to ping the address it was trying to assign, alleviating this very problem.
n
DHCP servers do not communicate with other DHCP servers, which makes it possible to have duplicate or overlapping scopes on two servers. It also makes administration more difficult.
n
If the client has manually entered IP address information, DHCP does not overwrite it.The manually assigned address information is used.
n
In a hybrid TCP/IP environment, you must exclude non-DHCP clients from the scope to prevent assigning an existing address.
In a homogenous Windows XP environment with DHCP clients, DHCP saves time in the client network configuration process. In a hybrid Unix/Windows XP environment, the benefit of DHCP should be weighed carefully against the administrative issues previously covered. Generally speaking, DHCP is a good choice if you have to manage 100+ clients that are DHCP capable.
Windows 2000 Server and Unix Integration Unix and Windows 2000 Server share the problem of providing access to local resources to a client with a different operating system. Although not impossible, hybrid environments present complex issues for administrators. A common problem is password
341
342
Chapter 16
Windows XP Meets Unix
synchronization. Do you require users to have a different logon ID and password for every operating system to which they connect? This section examines some of the available tools for easing Unix and Windows 2000 Server integration.
The Realities of Integrating Unix and Windows 2000 Integrating two or more network operating systems is never simple. Most hybrid environments simply become that way instead of being planned that way. Both Windows 2000 Server and Unix have significant strengths and weaknesses, as illustrated in this chapter. So what are the realities of integrating the two? Instead of attempting a lengthy answer to this question, a training outline from a major training corporation offers a good overview. A quick Internet search reveals that Unix/Windows 2000 integration is a big business, and many resources exist to train you and answer important questions.The following are key elements covered in a Windows 2000/Unix integration course: n n n n n n
n
Integrate Windows 2000 and Unix networks to access enterprise-wide resources Identify appropriate platforms for common network services Build a heterogeneous network architecture using DNS, DHCP, and WINS Administer an integrated environment Configure platform-independent access to Unix and Windows 2000 applications Establish cross-platform file and print connectivity using Windows 2000 Services for Unix Enable uniform Web and e-mail access
Choose your operating systems with careful consideration of their strengths and the ongoing maintenance requirements to maintain your choices.
Microsoft Windows 2000 Services for Unix Microsoft Windows 2000 Services for Unix (SFU) version 3.0 provides a full range of supported and fully integrated interoperability components that make it easy for customers to integrate Windows into their existing Unix environments. SFU version 3.0 leverages existing Unix network resources and expertise within organizations, and it simplifies network administration and account management across both platforms. In a nutshell, SFU offers a suite of tools to make system interoperability easier. On the Microsoft Web site in the Services for Unix (SFU) section (http://www.microsoft.com/windows/sfu/default.asp), you will find more information. SFU is an add-on component for Windows 2000 and has an estimated price of $99, plus a $30 client license for each authenticated user on the Windows 2000 machine.The following are its key benefits:
Windows 2000 Server and Unix Integration
n
n
n
n
Resource sharing. Windows XP users can access files on Unix systems, and Unix workstation users can access resources on Windows 2000 Server. Remote administration. Remote administration through a Telnet client and server gives remote users the ability to remotely log in to and issue commands on Windows 2000– or Unix-based systems. Password synchronization. One-way password synchronization enables customers to maintain a common password between their Windows 2000– and Unixbased machines. Password changes made on Windows 2000 Professional or Windows 2000 Server automatically synchronize on Unix systems, which reduces the burden of maintaining separate passwords for multiple systems. Unix shell and commands. SFU enables users to use common Unix commands and utilities in a Windows 2000 environment.These services are provided by the addition of the Interix subsystem.This feature is probably the most significant change between SFU versions 2.0 and 3.0. Interix is a fully integrated POSIX subsystem that allows compiling and running Unix applications in Windows.
Server Message Block (SMB) Server Message Block (SMB) is a protocol for sharing files, printers, serial ports, and server communications, such as named pipes and mail slots. SMB is a client/server, request-response protocol that makes file systems and other resources available to clients on the network. SMB was first defined in the Microsoft/Intel document “Microsoft Networks/OpenNET-FILE SHARING PROTOCOL” in 1987 and was subsequently developed further by Microsoft and others. Clients connect to servers using TCP/IP, NetBEUI, or NWLink. After they have established a connection, clients can send commands using the SMB protocol to the server that enables them to access shares, open files, read and write files, and perform file system operations over the network.
Common Internet File System (CIFS) The Common Internet File System (CIFS) is the generation beyond SMB. CIFS provides platform-independent collaboration over the Internet. It is a remote file-system access protocol that enables clients to collaborate over a network by using native filesharing protocols built into operating systems such as Windows XP and Unix. CIFS is unique in that no additional client-side software is necessary to use it. CIFS is comparable to Hypertext Transfer Protocol (HTTP). HTTP enables crossplatform independence for serving up HTML content, regardless of what OS the client is running. A Web server can run on Unix,Windows XP, Mac OS, or NetWare and can service clients using any Web browser. In much the same way, file-system content can be handled independently of any platform using CIFS. Applications from any OS can now share data that was previously unavailable to them.
343
344
Chapter 16
Windows XP Meets Unix
CIFS incorporates multiuser read and write operations, file record locking, and file sharing. Other CIFS features include the following:
n
Global filename support Unicode-compatible file-naming conventions Scalability Performance Optimization for slow network links Fault-tolerant connections
n
File integrity checking and concurrency checking
n n n n n
Samba Samba, a program suite developed by Andrew Tridgell from Australia, permits a Unix server to offer Windows XP–native file and print sharing support. Samba enables a PC client to access remote Unix file system and printer resources.The Samba service handles client connections and NetBIOS name server requests. It can run on demand in inetd mode or as a daemon (service). Samba uses the SMB protocol, enabling clients to communicate without additional software.The only restriction is that each user who accesses resources via Samba must be a registered Unix user granted appropriate Samba permissions. Samba is freeware available under public license from http://www.samba.org. Many flavors of Unix today (especially the Linux family) offer Samba built in, allowing out-of-the-box interoperability between the two operating systems.
Other SMB/CIFS Implementations FacetWIN from FacetCorp offers Transparent File Services, Bidirectional Print Services, terminal emulation, graphical administration, a POP3 e-mail server, and Simple Sign-On (SSO). For more information, go to http://www.facetcorp.com. Sharity from Objective Development is a client for the CIFS protocol currently used by Windows 2000,Windows NT,Windows 95/98,Windows Me,Windows for Workgroups, OS/2, Samba, and others. Sharity enables you to mount directories exported by these systems as though they were Network File System (NFS) directories. For more information, go to http://www.obdev.at/Products/Sharity.html. TotalNET Advanced Server (TAS) software from LSilogic, Inc. is the only network solution that is ready to tackle any client-to-server connection right out of the box.TAS enables Unix computers to operate as powerful file, print, and application servers, sharing resources among Windows (XP, 2000, 3.x, NT, 95, 98), DOS, OS/2, NetWare, Macintosh, and other Unix computers. No client changes are required. For additional information, go to http://www.lsilogicstorage.com/externals/pdf/ TAS/tas70features.pdf.
Windows 2000 Server and Unix Integration
Unix File Services Running on Windows XP The Network File System (NFS) mounts remote file systems across both homogenous and heterogeneous systems. NFS consists of both client and server systems. An NFS server can export local directories for remote NFS clients to use. NFS most commonly runs over IP using UDP, but there are NFS implementations that work using TCP as the network transport service. NFS originally was developed by Sun Microsystems Computer Corporation and is now part of its Open Network Computing (ONC) initiative. NFS has been accepted by the Internet Engineering Task Force (IETF) in certain RFCs as a standard for file services on TCP/IP networks on the Internet. NFS is based on the Remote Procedure Call (RPC) protocol, is client/server based, and is fast. An NFS server has mount points to one or more file systems and makes those file systems available to clients through the NFS server.Windows 2000 can act as an NFS server or client, and NFS enables Unix clients to access Windows NT file systems (and vice versa) as though the file systems were native to the client. NFS server software maps Windows XP to Unix security. Although Windows XP NTFS security is stronger than Unix security, a typical NFS server maps the permissions relative to Unix security, enabling a similar permission structure to Windows XP. NFS Security Access to a file or directory is determined by examining the following three pieces of information: n n n
User and group information File and directory ownership File and directory permissions
If a client does not meet these standards, it is not given access to the file or directory. Users and Groups Each user account on a Unix host computer has a unique username and primary group name.To identify your username and primary group name, connect to a Unix host using Telnet and type id at the prompt. Unix uses User Identifications (UIDs) and Group Identifications (GIDs) to track individuals and group members.The operating system supplies user and group names to simplify administration. UIDs and GIDs and their corresponding names are maintained in the /etc/passwd file on the Unix host. Files and Directories File and directory security in Unix is not as robust as in Windows XP. Permissions are granted based on the OGW model: Owner, Group, and World (sometimes referred to as Other).The following is an example of a file listing from a Telnet session: $ -rwxrwxrwx 1 gary admin 763 Feb 22 22:08 INDEX.TXT
345
346
Chapter 16
Windows XP Meets Unix
Following the prompt is a d, an l, or a - character (a hyphen).The d indicates a directory, the l indicates a link, and the - indicates a file.The next nine letters are really three groups of three letters; r means Read permission, w means Write, and x means Execute. These three sets represent the Owner, Group, and World (Other) permissions.The individual letters (r, w, and x) designate the permissions assigned to the object.The owner of the file is gary, and gary’s primary group is the admin group. Based on the letters in each three-letter set, the Owner, Group, and World all have Read,Write, and Execute permissions to the index.txt file. Each letter is assigned a value; Read=1,Write=2, and Execute=4, for a total of 7.The numeric equivalent for rwx, therefore, equals 7.The numeric value for the index.txt permissions is 777. Exporting File Systems Exporting a Unix file system makes it available to others.To export a file system, it must be added to the host’s /etc/exports file.The exports file controls which file systems are available to users, which users have access to which file system, and the user access limitations to the exported file system.The reference to the /etc/exports file is generic because not all Unix systems use the exports file for NFS exports. Windows XP uses share-level and NTFS security combinations, whereas Unix uses NFS permissions and /etc/exports permission combinations. In Windows, share-level permissions and NTFS permissions are evaluated separately first and then evaluated against each other.The most restrictive combination then applies. Unix is no different. By evaluating NFS and /etc/exports, Unix applies the most restrictive permission to the user accessing the resource.
The Domain Name System DNS is implemented differently in Windows XP and Unix.This section explains DNS, and subsequent sections explore its Unix and Windows XP implementations. Note Throughout this book, DNS and DDNS are used interchangeably when dealing with the Windows XP side of things. Although there is a version of BIND (version 8) that allows for dynamic updates, currently it is not widely used and is not 100% compatible with the Windows XP version.
The primary use of DNS is to translate, or resolve, the IP address from the FQDN.This is important because an IP address is required to initiate a connection to a remote system. DNS defines a hierarchical namespace for hosts, provides a host table that is implemented as a distributed database, and delivers a protocol for exchanging naming information.
The Domain Name System
The DNS namespace is a tree of domains with ascending authority. Each domain represents a distinct part of the namespace and is maintained by a single administrative body. The root of the tree is recognized by “.” (referred to as “dot”). Beneath it are top-level domains that are relatively fixed.There are two types of top-level domain names. In the United States, top-level domains describe organizational and political structure.They usually are identified by three-letter words. Domains outside the United States have twoletter International Organization for Standardization (ISO) country codes. Both conventions coexist within the same global space. Each host using DNS is either a client of the system or a client and a server simultaneously. Programs use the gethostbyname method to map hostnames to IP addresses. When a host is configured to use the DNS gethostbyname method, it uses the DNS resolver to query a name server for the address. Name servers are recursive or nonrecursive. Recursive servers use answers from a previous query that resides in cache, or they return a referral to authoritative servers of another domain that are more likely to know the answer.The client must be the one to accept and act on the given referrals. A nonrecursive server returns only real answers and error messages for queries. It follows up on referrals by itself.The procedure for resolving a query is still the same, except the name server rather than the client handles the referrals. Low-level name servers are usually recursive, whereas high-level servers (top-level and some second-level) are not.Why does caching increase efficiency? Caching increases the efficiency of lookups; a cached answer is almost free and is usually correct because mappings do not frequently change. Most queries are for local hosts and can be answered quickly. Users also inadvertently help with efficiency because many queries are repeated. Caching is usually applied to positive answers. If a hostname or address cannot be found, that information is not saved. Each organization with a network maintains at least one DNS that contains a list of all the IP addresses in the organization. Each computer on a network needs to know the location of only one DNS.When a request is made for an IP address outside that particular organization, one of three things happens: n
If the system is registered locally, the local DNS server responds with an IP address.
n
If the system is not registered locally but someone within your local organization recently requested the IP address, the DNS server retrieves the information you need from its cache.
n
If the system you are asking about is not local and you are the first person to request information about this system in a certain period of time (meaning the address is not in cache), the local DNS server performs a search on behalf of your workstation.This search might involve contacting two or more other DNS servers at potentially remote locations.These queries can take anywhere from a second or two to up to a minute, depending on how well connected you are to the remote network and how many intermediate servers must be contacted. Sometimes,
347
348
Chapter 16
Windows XP Meets Unix
because of the lightweight protocol used for DNS, you might not receive a response. In these cases, your workstation or client software might continue to repeat the query until a response is received, or you might receive an error.
Unix DNS This section discusses DNS running under Unix.The discussions here do not map directly to all versions of Unix. Rather, this section should be used as a guide to understanding the differences between Unix DNS and Windows XP DNS. Under Unix, DNS runs from the named daemon. Configuration information is gathered at boot time from the named.boot file or the named.conf file in the /etc directory. After the named daemon is running, it responds to system DNS requests as a name server.The named.boot file can contain a listing of the primary, secondary, and cache DNS servers. It also lists the storage directory for DNS zone filters and specifies whether the DNS server should forward failed DNS requests to another server or act merely as a slave, only redirecting requests to forwarders. Primary name servers get host configuration information from zone files, which specify information related to the primary name server’s zone of authority. A typical zone file might contain resource record information.Table 16.5 lists the resource record types found in a zone file. Table 16.5 Resource Record Types Record Type
Description
A (address)
Maps a hostname (computer or other network device) to an IP address in a DNS zone. Maps a hostname (computer or other network device) to an IPv6 address. Gives the location of an Andrew File System (AFS) cell database server or a Distributed Computing Environment (DCE) cell’s authenticated name server. Creates an alias (synonymous name) for the specified hostname (computer or other network device). Identifies a host’s (computer or other network device) hardware type and operating system. Is a variation of the A (address) resource record.
AAAA (address) AFSDB
CNAME (canonical name) HINFO (host information) ISDN (Integrated Services Digital Network) MB (mailbox)
Is an experimental record that specifies a DNS host (computer or other network device) with the specified mailbox. MG (mail group) Is an experimental record that specifies a mailbox that is a member of the mail group (mailing list) specified by the DNS domain name. MINFO (mailbox information) Is an experimental record that specifies a mailbox that is responsible for the specified mailing list or mailbox.
The Domain Name System
Table 16.5 Continued Record Type
Description
MR (mailbox rename)
Is an experimental record that specifies a mailbox that is the proper rename of the other specified mailbox. Specifies a mail exchange server for a DNS domain name. Identifies the DNS name server(s) for the DNS domain. Maps an IP address to a hostname (computer or other network device) in a DNS reverse zone (those in the Inaddr.arpa DNS domain). Indicates who is responsible for the specified DNS domain or host (computer or other network device). Specifies an intermediate host (computer or other network device) that routes packets to a destination host. Indicates that this DNS name server is the best source of information for data in this DNS domain. Associates general textual information with an item in the DNS database. Describes the services provided by a particular protocol on a particular interface.The protocol is usually UDP or TCP. Is a variation of the A (address) resource record.
MX (mail exchanger) NS (name server) PTR (pointer)
RP (responsible person) RT (route through) SOA (start of authority) TXT (text) WKS (well-known service) X25
Secondary DNS servers receive updates from primary DNS servers. Secondary DNS servers do not control IP address information; the primary DNS servers do that instead. The strengths and weaknesses of Unix and Windows XP discussed earlier in this chapter apply to DNS and Unix, too. If Unix expertise is available and DNS is currently running on a Unix platform, by all means keep DNS on Unix because Unix is more reliable and scalable. If you have only Windows XP expertise, however, consider Windows XP DNS.Windows XP DNS offers GUI-based administration (some Unix GUI interfaces do as well).This advantage should not be overlooked because the majority of DNS errors are a result of text file manipulation. It is not the purpose of this book to teach DNS. Rather, it attempts to explain the basic files and processes DNS takes when running under Unix.
Windows 2000 Server DDNS Why choose Microsoft? As previously mentioned, DNS on Windows 2000 Server is GUI based.Windows 2000 Server DNS maintains the same file format as Unix to remain RFC compliant, although it usually stores information in the Registry. On Windows 2000 Server, DNS runs as a service. If DNS is not installed on your server, it can be installed from the Network applet in Control Panel; after it’s installed, a DNS
349
350
Chapter 16
Windows XP Meets Unix
Console is created in the Administrative Tools area of Control Panel.Windows DNS also offers benefits that Unix DNS does not. For Windows clients, DNS offers the capability to link to WINS for IP address resolution.Therefore, DHCP-capable clients using DHCP can be located by using DNS.This resolution is set for each zone in the Zone Properties dialog box in the DNS Console. The Microsoft DNS implementation supports integration of DNS and WINS within the same architecture. In a hybrid environment, a method exists for Unix computers to resolve NetBIOS names. Assuming you are using Microsoft DNS integrated with WINS, the process from a Unix client would be similar to the following: 1. A Unix client pings a NetBIOS name, such as COMPUTER1. 2. Microsoft DNS attempts to resolve COMPUTER1 from its zone file. 3. If name resolution fails, the DNS server looks to see whether it has a WINS resource record. If a record is found, the DNS server queries the WINS server for resolution. 4. If found,WINS passes the information back to the DNS server, where it is cached and then returned to the Unix client.
Troubleshooting Windows XP-to-Unix Connections (and Vice Versa) In any computing environment, there are two ways to resolve network-related problems: preemptive troubleshooting (trouble avoidance) or post-problem troubleshooting (trouble already found you).This section covers issues that are independent of the computing environment, plus some Unix and Windows XP tools that will help along the way. DNS One of the most common trouble areas of Windows XP–to-Unix connections is DNS. Human error is the most likely candidate for problems in name resolution.The following are some guidelines for implementing DNS successfully: n
SOA, CNAME, and A records with misspelled names. These records contain both computer names and IP addresses. Spelling errors and errors in numeric data entry are the most likely causes of failure. Keep backup copies of changed zone files just in case.
n
SOA serial numbers not incremented on a zone file change. When zone files are modified, the SOA serial number must be changed so that the secondary DNS servers properly reload the files.
n
Absolute hostnames lack a trailing period. Absolute hostnames require a trailing period.That pesky little dot is easy to miss and can cause quite a migraine until discovered.
The Domain Name System
n
Reverse resolution entry doesn’t match primary zone file information. Make sure reverse entries in the reverse resolution zone file match the primary zone file’s entry. Again, this error is caused by lack of attention to detail during data entry.
To troubleshoot DNS, use nslookup. Nslookup is both a Windows 2000 Server tool and a Unix tool, with the following commonly used options: n
[no]recurse. Sets the query type to recursive.When toggled to norecurse,
nslookup performs iterative queries. n
Querytype=type. Sets the query type to the DNS data type specified. Common types include a (address), any (any data type), mx (mail exchanger), and ns (name server).
n
Retry=n. Resends the query the specified number of times before giving up.
n
root=root server. Sets the root server to the server you enter.
n
timeout=n.The period of time nslookup waits for a response after the query is
sent.This period doubles between each retry. Printing Troubleshooting printing problems from either operating system requires similar knowledge and techniques.The following are key points to monitor: n
Remember the basics. Make sure the cable is plugged in, the paper isn’t jammed, the printer is on, and paper is available. If a user cannot print to a specific printer, try printing to another. Also, have another user print to the suspect printer.
n
Wrong printer driver. Windows and Unix handle printer drivers differently. Make sure the correct driver is available and loaded.
n
TCP/IP printing services not running or not installed. This problem is on the Windows 2000 Server side.The server grants the ability to use networked printing devices and enables TCP/IP applications to directly communicate with a network-attached printer.
n
Incorrect printer privileges. In Windows 2000/XP, a printer is shared, and permissions apply to the share. Make sure the user has sufficient permissions to use the print device. In Windows 2000 Server, verify that a policy is not restricting printer availability. Users and groups can be locked out of a printer during certain hours.
n
Use LPQ to investigate the print queue. In Unix, the LPQ command displays the jobs in the print queue. A very large job could be pending or hung. Also, remember to check printer status with the LPC command.
n
Verify that LPSCHED is running. The LPSCHED daemon manages print jobs and controls where a print job is sent.
351
352
Chapter 16
Windows XP Meets Unix
For More Information For more information about using Unix with Windows XP, please consult the following resources: n
n
n
Albitz, Paul, Liu, Cricket, and Loukides, Mike. Bind and DNS. O’Reilly & Associates, 1998. ISBN: 1565925122.This is the current authoritative resource on DNS and BIND. Harvel, Lonnie et al. Unix and Windows 2000 Handbook: Planning, Integration, and Administration. Book News, Inc., 2000. ISBN: 0130254932. Shah, Rawn and Duff,Thomas. Unix and Windows 2000 Integration Toolkit: A Complete Guide for System Administrators and Developers. John Wiley and Sons, 2000. ISBN: 0471293547.
17 Remote Access
T
HE PREVIOUS VERSIONS OF MICROSOFT Windows have been designed to provide access to file, print, and application services for a variety of clients in various environments. Now that networks are so indispensable to most businesses and organizations, access to network-based resources can no longer be limited by geography or network bandwidth. As sales of laptop and notebook computers rapidly approach those of desktops—and with the explosive growth of telecommuting—reliable, efficient, remote local area network (LAN) access is not only a necessity, in many organizations; it is regarded as mission critical.
With Windows XP, Microsoft has provided support in the operating system for dial-up, virtual private networks (VPNs), and remote control via the new Remote Desktop Connection feature.There are also new wizards and a simplified interface to make some of the previously difficult remote access configuration tasks relatively easy. This chapter examines the remote access components built into Windows XP, covers their installation, setup, and fine-tuning, and diagnoses some common problems with remote access.This chapter also discusses other software utilities from Microsoft and third parties for enhancing the remote access capabilities of Windows XP.
Connecting to Remote Systems With the explosive growth of the Internet and the emergence of telecommuting, remote access has become more complicated but also more commonly used.The versions of remote access included in some older versions of Windows were designed only to dial in to a computer and access the resources on that computer or on a corporate network. The Windows XP remote access features are designed to be far more flexible, supporting a variety of LAN access and remote access protocols. With Windows XP, Microsoft has created a flexible platform for remote communications. It doesn’t matter whether you are connecting to your company’s network to telecommute from home or surfing the Web via your ISP.
354
Chapter 17
Remote Access
The version of remote access included in Windows XP is so well integrated into the operating system that a computer accessing a network remotely uses essentially the same network client as a LAN-connected machine. It simply substitutes a modem, an Integrated Services Digital Network (ISDN) link, or an X.25 PAD for a network interface card.The remote access components function as a gateway between the client and the remote network. In Windows XP, you use the New Connection Wizard to create and configure dial-up connections.This wizard is part of the Network Connections applet in Control Panel and is also available by clicking Start, All Programs, Accessories, Communications. The Windows XP New Connection Wizard enables you to configure a connection to any remote server that supports Point-to-Point Protocol (PPP) or Serial Line Internet Protocol (SLIP). After the XP client has connected to the remote network, which could even involve the same Windows XP logon information a local user might supply, the user interface functions no differently than it would with a user’s local logon.This single, consistent interface enables remote users to access files and printers and operate client/server applications.
Working with Modems, ISDN, Cable Modems, and More Remote access has been included in Windows NT since its initial 3.1 release. Since Windows NT 4.0,Windows versions have included the 32-bit Telephony Application Programming Interface (TAPI) and the Unimodem driver previously supported only in Windows 9x.The 32-bit TAPI is a framework that provides a standard way for communication applications and drivers to control hardware functions for applications such as data, fax, voice, video, and even full-blown Private Branch Exchange (PBX)–like call centers.TAPI can also manage quality of service (QoS) negotiation.TAPI is a Microsoft Component Object Module (COM) application, so it supports COM-compatible programming languages, including scripting. The TAPI layer is responsible for managing all signaling between the computer and the associated hardware.TAPI supports 32-bit applications as well as older 16-bit applications through a thunking layer that converts 16-bit addresses to the 32-bit addresses required to access Windows XP system services.The TAPI interface supports Microsoft XP’s implementation of remote access connections. Introducing TAPI and the associated Unimodem standards to Windows NT 4.0 put that operating system on common ground with Windows 9x, which was already using these interfaces. In most cases, therefore, hardware designed for use with Windows 9x and Me also works with Windows XP. In addition,Windows XP has built-in support for a wide variety of modems and connection types, including Integrated Services Digital Network (ISDN), X.25, and cable and DSL modems. A warning is in order, however: It is still best to check your modem’s packaging or its manufacturer’s Web site to make sure Windows
Working with Modems, ISDN, Cable Modems, and More
XP drivers are available.You can also check the current version of the Microsoft Hardware Compatibility List (HCL) at http://www.microsoft.com/hcl//. Having so many remote access options is a bonus for users of Windows XP.Windows XP supports the following types of remote access: n n n n n n
Analog modems ISDN Cable modems DSL Satellite Wireless
The last four items in the preceding list are collectively called broadband technologies.The term “broadband” was originally used for cable modems but is now used to refer to any form of high-speed Internet access. According to a white paper Jupiter Research published in the fall of 2002, there are approximately 13 million broadband connections in U.S. households, with an estimated 15 million by the beginning of 2003. Of these 13 million connections, approximately 5 million were using DSL, with the remainder using cable modems. No numbers are available yet for satellite or wireless users. Does this mean the end for older technologies, such as analog modems and ISDN? Yes and no. Although analog modem technology has been outpaced by the various forms of broadband technology, it is still alive and well for a couple of good reasons: It is cheap and widely available. Even though the availability of other technologies is improving, the newer technologies still are not available in many areas and will not be for several years. Although most of the large nationwide ISPs, such as MSN and AOL, charge $22 to $25 a month, a number of local and regional ISPs charge $9 to $12 a month. For the occasional Web surfers or e-mail users, a dial-up line easily satisfies their needs. The same cannot be said for ISDN. Although ISDN service is extremely reliable and widely available, it’s living on borrowed time for consumer use. It has always been difficult for the end user to set up and configure, and the pricing has been ridiculously expensive for anyone other than telecommuters, small office/home office (SOHO) users, or hardcore technical users. The following sections discuss the remote access options supported in Windows XP.The advantages and disadvantages of each option are covered, along with setup and troubleshooting information.
Working with Analog Modems The ubiquitous analog modem has been with us for a while and comes in a variety of models, the latest being the 56K v.92. Most modems manufactured in the past several
355
356
Chapter 17
Remote Access
years can connect with each other with few problems. If you have control over modem purchasing at all the sites to which you plan to connect, however, buying similar modems is best to help prevent connection problems. Also, some modems are more efficient in terms of speed, hardware compression, and errors when connecting to a similar model. If you do not have purchasing control over all the connection sites, purchase a mainstream model to minimize problems. The highest-speed analog modem currently available is the 56K v.92.These modems do not actually reach the full 56K because of the poor quality of most telephone lines and because of an obscure FCC regulation that limits the top speed of analog telephone lines to 53K to prevent crosstalk.The 56K speeds are attainable with the proper voltage, but with the FCC-mandated voltage, the modems are limited to 53K. In addition, 56K modems attain high-speed mode only in the downstream direction, so you can receive at high speed, but send back at a lower speed, usually 33.6K. If you are setting up a client to communicate with an ISP that supports 56K, this isn’t a bad deal. If you are setting up a communications server, however, you can’t just buy a stack of 56K modems off the shelf and expect to give your users fast access.The reason is that to support 56K, the link between the server and the telephone switching office has to be digital.This line can be a T1, a T3, or an ISDN line.This digital line is then fed into a commercial-grade, rack-mounted modem chassis configured for digital support. Some of the better ones manufactured by 3Com/U.S. Robotics and Ascend allow incoming calls from ISDN or 56K on the same line.
WinModems If you are concerned about performance, there is a type of internal analog modem that you should avoid using with Windows XP.This is the so-called WinModem, which you might see advertised at a lower cost than the average modem.The cost of these modems is reduced because they use your PC’s CPU to do the call processing by moving all the modem protocols, error correction, and data compression into software.These modems are offered only as internal models because they need to directly use your computer’s resources. With this architecture, modem makers can develop a much cheaper model that does not need the RAM or processing chips of traditional modems.This saves a significant amount of money per unit, but it also uses up your PC’s resources.WinModems use anywhere from 4% to 10% of your CPU, depending on your machine, and a small amount of RAM. Even though this might seem like a negligible amount considering the speed and memory capacity of computers being sold these days, a WinModem will never perform as efficiently or give as high a throughput as a hardware modem. About the only situation in which a WinModem might be used is a small home network. If you put the WinModem in a machine used as a dial-up gateway to the Internet, that machine takes the performance hit, and the other machines have Internet access without the overhead of modem processing.
Working with Modems, ISDN, Cable Modems, and More
Using Unsupported Modems with Windows XP If the modem you want to use is not on the HCL or is an older non–Plug and Play (PnP) internal modem, you might be able to use it with Windows XP anyway. Some of the more exotic features, however, might not be supported. To make a non-PnP modem work with Windows XP, you must first understand how PnP works.When installing legacy devices, you must manually set switches or jumpers to assign interrupt requests (IRQs), ports, and Direct Memory Access (DMA).You also have to keep track of what is in use so that you don’t try to assign the same resource to multiple devices.The purpose of PnP is to do all this for you.When a new device is installed on the machine, PnP senses it automatically, assigns resources that are not in use, and automatically installs the drivers. Plug and Play requires that both the operating system and the system BIOS be PnP aware. .
For more information about the implementation of PnP in Windows XP, see the “Plug and Play in Windows XP” section in Chapter 4, “Windows XP and Hardware,” p. 77.
To make a non-HCL or legacy modem work with Windows XP, you first need to verify that the COM port the modem is connected to has been detected. Start the System applet in Control Panel, select the Hardware tab, and then click Device Manager. Select entries in Device Manager to see whether the COM port the modem is connected to is listed. If it is listed,Windows XP recognizes the COM port. If the COM port is not listed, there could be a configuration problem. Use the following steps to troubleshoot the problem: 1. Check the System Log in Event Viewer for I/O or IRQ conflict errors. 2. Power down and remove the new modem from the system. 3. Restart Windows XP, go to the Resources tab of the port in Device Manager, and verify that the IRQ settings and I/O addresses are correct. If possible, always use these standard settings for COM ports: n
SERIAL 1 COM1: I/O Address = 3F8h IRQ = 4
n
SERIAL 2 COM2: I/O Address = 2F8h IRQ = 3 SERIAL 3 COM3: I/O Address = 3E8h, IRQ = 4 SERIAL 4 COM4: I/O Address = 2E8h, IRQ = 3
n n
Note If your machine is using an Advanced Configuration and Power Interface (ACPI) BIOS, with a corresponding Hardware Abstraction Layer (HAL) in Windows XP, you will be unable to configure resource settings in Device Manager. For more information, consult the Microsoft KnowledgeBase article Q315278, “Unable to Change Resource Settings in Windows XP Device Manager.”
357
358
Chapter 17
Remote Access
4. If you are using an external modem, make sure the COM port you want to use is not disabled in the BIOS, and it is configured with the previous settings.You will also want to confirm that no conflicts are shown in the Conflicting Device list. 5. If there are conflicts listed, you can verify the I/O addresses and IRQs in the Windows XP System Information dialog box. Click All Programs, Accessories, System Tools, System Information. Expand the Hardware Resources item, and click IRQs, as shown in Figure 17.1. 6. If you are installing an internal modem, it needs its own COM port. If the modem is configured for a port assigned to the motherboard, you can set the modem to use a different COM port not in use, or you can disable the COM port on the motherboard using the system BIOS. 7. After all conflicts are resolved, power down the machine and reinstall the modem. Restart the machine, and then open Control Panel and select the Add/Remove Hardware applet to start the Install New Hardware Wizard. Make sure to select the Don’t Detect My Modem, I Will Select It from a List option.
Figure 17.1 The System Information dialog box, showing information on IRQs.
Note It’s generally a good idea to run through the steps described in this section to verify the configuration of your COM ports before installing modems, even if they are listed on the HCL. If the modem is not on the HCL, it’s sometimes better to allow Windows XP to try to detect and configure it. The PnP code has been improved over previous versions, so it should provide the proper configuration, even for some older non-PnP modems.
In the Install New Hardware dialog box, you have the option of selecting a listed modem or loading drivers from a disk. If your modem has drivers only for Windows 9x
Working with Modems, ISDN, Cable Modems, and More
or Windows 2000, you should be able to use those drivers with Windows XP. Just select the Have Disk option and insert the disk with the older drivers. Remember that not all older drivers work properly with Windows XP.You do run the risk of installing a device that could end up being inoperable if the driver doesn’t work.You can always use the Roll Back Driver or Uninstall Driver options in Windows XP, however, if the driver doesn’t work properly. .
For information on using the driver rollback feature, see Chapter 5, “Keeping Windows XP Current,” p. 99.
If you do not have the correct drivers for your modem, other options are available.You can select the Standard Modem Types option and select a generic driver.The downside is that any extra functionality the modem has will not be used.You can also select a modem that is similar in features to the one you are trying to install.This method usually works fairly well, but it still is not a perfect solution. The best way to circumnavigate an incorrect driver for your modem is to edit the Modem.inf file to support your modem.The Modem.inf file is the configuration file containing all the initialization commands your modem processes whenever it is reset. This file is usually located on the disk that came with your modem.You can add a custom section to this file with the necessary initialization commands for your modem.The easiest way is to copy one of the existing sections to use as a template and rename it for your modem. It would probably be best to use one of the generic sections or one from the same manufacturer with similar features to get started. Consult your modem documentation as a reference to add or remove commands to customize the file for your modem.The following is an example of a section in the Modem.inf file: [US Robotics Courier V.32bis] CALLBACKTIME=10 DEFAULTOFF=compression MAXCARRIERBPS=19200 MAXCONNECTBPS=38400 <speaker_on>=M1 <speaker_off>=M0 =&R2&H1 =&R1&H0 =&K1 =&K0 <protocol_on>=&M4 <protocol_off>=&M0 =ATDT =ATD DETECT_STRING=ATI4 DETECT_RESPONSE=USRobotics Courier V.32
359
360
Chapter 17
Remote Access
COMMAND_INIT=ATE1&F&C1 &D2 &A1 &B1 V1 Q0 S0=0 S2=128 S7=55 COMMAND_INIT=AT<protocol><speaker> COMMAND_DIAL= CONNECT=CONNECT CONNECT_EC=CONNECT /ARQ COMMAND_LISTEN=ATS0=1 CONNECT=CONNECT CONNECT_EC=CONNECT /ARQ
Because modems are not a critical part of Windows XP, feel free to experiment. Nothing you do to this file can crash Windows XP. Caution After everything is configured properly, make sure to save a copy of the customized Modem.inf file.
Working with ISDN ISDN is a switched telephone service first introduced as a standard in 1984 by the International Telephone and Telegraph Consultative Committee (CCITT), now known as the International Telecommunications Union (ITU).The ITU is a United Nations organization that coordinates and standardizes international telecommunications. It was widely predicted at that time that ISDN would eventually replace all existing analog telephone lines. Even though ISDN provides digital connections that are faster, more reliable, and more flexible than existing analog lines, it wasn’t until 1996 or so that it became commonly available in most areas. ISDN is available in two forms, Basic Rate Interface (BRI) and Primary Rate Interface (PRI), with BRI being the most common. Each ISDN line consists of three separate digital channels, a 16KB data channel (D-channel), and two 64KB bearer channels (B-channels).The D-channel is used for signaling information such as ring signals, caller ID data, and dialing instructions. Each B-channel provides 64Kbps of dial-up bandwidth. The three channels, combined, are usually referred to as 2B+D. Most telephone companies also offer what is referred to as 1B+D, which is the signaling channel with only one bearer channel. The BRI installation, monthly charge, and usage charges vary widely among the different Regional Bell Operating Companies (RBOCs). Some RBOCs bill for ISDN by the call, some by the minute, and some use both methods. Other providers charge a flat rate for unlimited use.Typical monthly charges for an ISDN line can vary from $75 to $295, depending on the RBOC and the number of minutes used. For example, an RBOC in the Midwest currently charges $125 a month for 200 minutes of use, and a West Coast RBOC charges $80 for unlimited use.
Working with Modems, ISDN, Cable Modems, and More
PRI is a bundle of 24 BRI lines (23B+D) that can handle up to 1.544Mbps, the same as a T1 line. Like BRI, PRI pricing varies widely. Generally, if there is a need for the capacity of a PRI line, using a T1 line is usually cheaper and less complicated. With the proper equipment, B-channels can be used for voice calls or data. Each B-channel has a separate telephone number, enabling you to place voice calls on one channel while sending or receiving data over the other.They can also be bonded together using Multilink Point-to-Point Protocol (MPPP) to provide a full 128Kbps of data flow. Unlike 56K modems, ISDN channels deliver that bandwidth in both directions. With the channels bonded together, ISDN provides roughly two and a half times the throughput of a typical 56K modem. ISDN calls also have an extremely fast call setup time—typically under half a second, compared to the 30 seconds or more for high-speed modems. Most users do not notice a delay when they try to access a remote resource. This last point is especially important because most ISDN devices are configured to dial and disconnect on an as-needed basis, and can incur per-minute charges when connected. ISDN devices also support the Bandwidth Allocation Control Protocol (BACP), a protocol that lets ISDN devices add or drop the second channel to a connection, depending on the data traffic. BACP can also be configured to drop the second channel to answer an incoming call, all of which is transparent to the user. There are currently two common types of ISDN interfaces: terminal adapters and ISDN routers. Note that using the term “modems” is not really accurate because modems are analog devices, whereas ISDN is purely digital. A lot of ISDN products, however, are advertised as modems. ISDN terminal adapters are available in external and internal models.The external adapters emulate modems and plug into the serial port just like an analog modem. Terminal adapters are usually the easiest ISDN devices to install and configure because they look just like another modem to the Windows XP Remote Access Service (RAS). Unfortunately, connections with external terminal adapters are slower because they have to use the asynchronous serial protocol, which adds the overhead of start and stop bits. A high-speed serial port adapter card should be added to support an external ISDN adapter because ISDN’s 128Kbps throughput is so fast that it overruns the 115Kbps speed of standard serial ports. If compression is being used, the bottleneck is even more pronounced. Internal ISDN terminal adapters can provide connections at the maximum ISDN data rate because they interface directly with the PC’s bus. The second type of ISDN interface is the ISDN router. ISDN routers can be connected via an Ethernet crossover cable to one machine or to a hub in a small network. Some of the higher-end models have a built-in hub, with an integrated Dynamic Host Configuration Protocol (DHCP) server. ISDN routers are usually overkill for a single user. Most ISDN routers can handle an unlimited number of users and are used when a large volume of ISDN traffic is expected. Most models can also handle Internet Protocol (IP) or Internetwork Packet Exchange (IPX) routing and many other options. However,
361
362
Chapter 17
Remote Access
some models advertised as “personal” ISDN routers are available for less than $500.They are economical for small to medium networks. Most ISDN adapters also come equipped with analog telephone jacks so that one or both sides of the ISDN line can be used with a standard telephone or fax machine.
Setting Up ISDN A lot of horror stories are floating around about the problems of getting an ISDN connection to work. Unfortunately, most of them are true. Installing an ISDN line in your home or office is a complicated process that requires cooperation between the ISP, the router vendor, and the local telephone company.The following are the major steps: 1. 2. 3. 4. 5. 6.
Set up an ISDN account with an ISP. Order ISDN from the telephone company. Select an ISDN device. Configure the ISDN device. Configure Windows XP to support the device. Test the installation.
Although this overview seems easy, there are a lot of potential problems. However, several shortcuts are available. Before you purchase anything, check with your ISDN device vendor or ISP; some companies offer a line-provisioning service.This service makes arrangements with your local phone company to set up and configure the ISDN line for you. Some ISPs will sell you an ISDN device configured for their service.This can save a lot of time and frustration, especially with ISDN routers. If you have never configured a router before, this is probably not the time to start.Too many variables have to be set correctly for proper operation. If you insist on configuring your own router, make sure it is one the ISP supports.Your ISP usually faxes or mails instructions on how to configure it. If your ISDN device vendor doesn’t offer line provisioning, you need to order ISDN service directly from your telephone company.When the telephone company installs your line, make sure you record your two ISDN phone numbers, the Service Profile Identifiers (SPIDs), and the switch type.You need this information to configure your ISDN device. Here’s a word of warning:The telephone company business office is supposed to give you this information, but it usually forgets.The installer that comes out to set up your line has it if you just ask.Without these three pieces of information, configuring your ISDN device can be difficult. Now that you have been forewarned, there are ways to guess this information.The telephone installer usually writes down the telephone number on the punch down block at
Working with Modems, ISDN, Cable Modems, and More
the demarcation point.This is the point at which the telephone company line ends and yours begins. Even if the installer wrote down just one number, the two numbers are usually sequential.The SPIDs are usually just the telephone numbers with the area codes + 0101 (for example, 88855512120101 and 88855512130101).The switch type is usually NI-1, the most common type in North America right now. Some of the newer ISDN devices can sense the SPIDs and switch type automatically. This information should get the line set up, but device configuration varies by manufacturer and device type. Most ISDN devices have installation wizards, so you only have to enter the line configuration information and configure Transmission Control Protocol/Internet Protocol (TCP/IP) support. Remember, to assist you in troubleshooting, you can use the IPCONFIG command in Windows XP to check your IP configuration. After you have installed the ISDN device, try to connect to your ISP. If you don’t seem to have a connection, go back to the DOS prompt and try PINGing the ISP’s IP address. If you get a successful PING reply, the problem most likely is with the ISP’s ISDN support, and you should call its technical support line. If the PING reply fails, double-check your network connections and configuration and try again. After you have connected, the ISDN device should give you a way to check whether it is using both B-channels, either through LED indicators on the case or a softwaremonitoring window. Because the second B-channel might kick in only when traffic is high, try downloading a large file from the Internet. If the second B-channel doesn’t kick in, you are getting only half the speed for which you are paying. Recheck your configuration. If you cannot find any problems, call your router company’s technical support. Note Modems that use the Universal Serial Bus (USB) interface instead of the old standard serial port are becoming more common. In theory, this interface should improve the throughput of analog modems and ISDN devices that attach via a serial port because the USB 1.1 interface runs at 1.5Mbps and the USB 2.0 interface at 480Mbps versus the typical 115Kbps speed of legacy serial ports.
Multilink PPP (MPPP) Windows XP supports MPPP connections.This protocol enables you to combine the bandwidth of two or more physical communications links to increase your remote access bandwidth and throughput.You can use remote access with MPPP to combine analog modem paths, ISDN paths, and even mixed analog and digital communications links on both client and server PCs. When used with two or more modems or ISDN B-channels, MPPP supports simultaneous data transfer across multiple connections.This speeds up your access to the Internet or your remote server and reduces the time you have to be remotely connected. It can
363
364
Chapter 17
Remote Access
potentially reduce your costs for remote access and effectively improve transfer rates by two, three, or even four times. A Windows XP client with two 33.6Kbps modems, for example, can connect to a remote server with multiple modems and maintain a sustained transfer rate of 67,200Kbps.The speeds of the modems and ISDN lines can vary, but MPPP coordinates traffic across the links to achieve performance equal to the combined speed of the devices. Unlike the previous restrictions in Windows 2000 Professional, with Windows XP you can accept incoming MPPP calls even though Windows XP has a limitation of allowing only one dial-in connection. However, MPPP cannot be used with the callback security feature because only one telephone number can be specified for callback. Both the client and the server must support multilink RAS or MPPP. All ISPs already offer dual-channel ISDN service, but not many support multilink service via analog lines.Those that do typically price multilink analog service at approximately 50% more than the price of standard modem access. Even with the minor difficulties, MPPP is a good solution for users who need a faster dial-up connection to a remote server; as long as two telephone lines are available, the remote server supports it. MPPP does not require special hardware or software, is cheaper than ISDN, and competes well with ISDN speeds, especially if the modems at both ends are 56Kbps models. Note When inquiring about this multilink service from your ISP, you might need to specify it as “MP” instead of “MPPP.” Microsoft seems to be the only organization that refers to it as MPPP.
Implementing multilink dial-up in Windows XP is not difficult.To use multiple devices to dial a remote connection, follow these steps: 1. In the Network Connections applet, use the New Connection Wizard to configure a dial-up connection. 2. Right-click the connection in the Network Connections applet and select Properties. 3. In the General tab, select the devices you want to use. 4. Enter the additional telephone number. 5. Select the Networking tab. 6. Under Type of Dial-up Server I Am Calling, click the Settings button. 7. In the PPP Settings dialog box, select the Negotiate Multi-link for Single Link Connections check box. 8. Click OK twice to save.
Working with Modems, ISDN, Cable Modems, and More
When you make a multilink dial-up connection,Windows XP automatically bundles the lines into one logical connection.
Troubleshooting Remote Access Problems with Modems Troubleshooting remote access problems with analog or ISDN modems is not rocket science; mostly, it just means applying common sense. For remote access problems, start with the following simple questions. If you’re using a modem, check the following: n n n n
Is Is Is Is
the modem turned on? there noise on the telephone line? there a dial tone? the telephone line connected?
Although modems and terminal adapters that connect via the USB interface have been around for a while, they do not always install or work properly. Although the SP1 release of Windows XP has corrected many of the problems, some of the third-party drivers still cause problems. If you are still having problems with your USB device after upgrading to SP1, make sure you check Microsoft Web site for hotfixes and the device manufacturer’s Web site for updated drivers. Failure to connect to a remote host is the most common problem with remote access in Windows XP. Connection problems can be caused by a variety of factors, such as improper hardware configuration, incorrect modem initialization strings, poor-quality telephone lines, or problems on the ISP’s end. Most problems in new installations are the result of improper hardware or software configuration at your end or the ISP’s, whereas telephone line or authentication issues are the most likely problems in existing configurations. To check an analog line, plug an analog telephone into the line and see if you have a dial tone. Consider the following questions: n n n
Can you dial out? Can you receive calls on this line? Is the line noisy?
If you hear static or crosstalk or the dial tone is weak, chances are it is your problem. If you have trouble hearing, the modem will have trouble getting a clean signal. You can detect many problems by listening to the call progress, the sounds the modem makes while dialing, and the sounds you hear when it is trying to connect. After a little experience, most people can tell the connection speed by listening to the tones.The default for most modems is to turn the volume of the speaker down.To increase the volume:
365
366
Chapter 17
Remote Access
1. Open Control Panel and select the Phone and Modem Options applet. 2. In the Phone and Modem Options dialog box, select the Modem tab. 3. Select the modem, and then click the Properties button. In the Modem tab, you should be able to adjust the speaker volume. Some modem drivers—for example, generic modem drivers—do not support changing the speaker volume in the Properties dialog box. It can still be done, however; just go to the Modem Properties dialog box and select the Advanced tab. In the Extra Settings section, you can insert a modem command. For most modems, you can use the M1 command to turn the speaker on, and you can adjust the volume by using L1 for low, L2 for medium, and L3 for high. Note Because ISDN lines are digital, there is no dial tone. If you have an ISDN terminal adapter with an analog telephone jack, however, you can still try to dial in or out by using an analog telephone plugged into the terminal adapter.
Using HyperTerminal to Test Modem Connections A quick way to test the telephone line and verify that Windows XP recognizes your modem is using the HyperTerminal program to make a test call.To do so, follow these steps: 1. 2. 3. 4. 5. 6. 7. 8. 9.
10.
Make sure you are not using any remote access connections. Click Start, All Programs, Accessories, Communications, HyperTerminal. When the New Connection Wizard opens, click the Cancel button. Choose File, Properties from the menu, and then select the modem or port you want to test in the Connect Using list box. Click Configure, and then select the Advanced tab. Click the Bring Up Terminal Window Before Dialing check box, and then click OK twice. From the menu bar, click Call, and then click the Call item. Type AT in the Phone Number text box, and then click the OK button. In the Connect window, click the Dial button. If OK is displayed in the Pre-Dial Terminal Screen, HyperTerminal recognizes the modem properly. If OK is not displayed after you press Enter, review the “Working with Analog Modems” section of this chapter to verify that your modem is installed correctly in Windows XP. To verify that your modem can dial out, type ATDTxxxxxxx and press Enter (xxxxxxx represents the telephone number).You should hear a dial tone and the sound of the modem dialing the telephone number. If it does not seem to dial, see the previous section, “Troubleshooting Remote Access Problems with Modems.”
Working with Modems, ISDN, Cable Modems, and More
11. To test whether your modem can connect with a remote system, click File, Open and select one of the preconfigured HyperTerminal profiles. 12. Click the Dial button and listen to make sure the number is dialed.Watch the screen to see whether you get the login window for that service. If this procedure works, you can be sure the modem and telephone line are working and are properly configured. In Windows XP, you can view the modem log file to see the commands and result strings sent to the modem. Unlike previous versions of Windows, this file is created by default. Start the Phone and Modems applet in Control Panel, click the Modem tab, click the Properties button, and then select the Diagnostics tab. Next, click View Log (see Figure 17.2). Some of the information you will find in the file includes the following: n n n
The command string sent to the device The echo of the command string The response from the device
Figure 17.2 The modem log file, showing proper initialization.
This file is a helpful troubleshooting aid for bad connections. It should give you plenty of information with which to work. However, at the start of each remote access session, existing information in the log is overwritten.To prevent this, select Append to Log in the Diagnostics tab. Another log file that you can use is Ppp.log, used only for PPP connections. It records the complete PPP handshaking process between your machine and the remote machine.
367
368
Chapter 17
Remote Access
This information can assist you in determining whether you have a protocol or an authentication problem.This file is created in %systemroot%\SYSTEM32\RAS. To turn on logging to the Ppp.log file, use the netsh command from the command prompt: Netsh set ras tracing * enabled
To turn off logging, type: Netsh set ras tracing * disabled
When you have successfully diagnosed the problem, remember to turn logging off.These files grow quickly and consume a lot of hard drive space.
Special Information for Business Users If you are working in an office, your telephone system is most likely digital.You cannot connect an analog modem to a digital telephone line and expect it to work.There are two ways around this problem, however.The first is to have the telephone company install an analog line to use for your modem connection.The other option is to have the vendor of your telephone system install a digital-to-analog converter for every line you need. Either option works fine; just pick the one that is most economical for your situation. Make sure your telephone system vendor knows that you need the converter to support a modem. Usually, several different converters are available, and the older models support modem call speeds up to about 9,600Kbps.
Working with Cable Modems One of the latest technologies available for remote access are cable modems. Although the cable “modem” technically still qualifies as a modem because it modulates and demodulates signals like its dial-up predecessors, all similarities end there. A cable modem is far more complicated than the typical analog modem. In fact, it has more in common with the technology used in network routers and hubs.The cable modem uses a digital signal brought in through coaxial cable to a box similar to a router.The signal is then sent to your computer via a standard Ethernet connection. In fact, it is installed and configured similarly to a router, and it doesn’t use the Windows XP Remote Access Service. The connection to the Internet is full-time, so no call setup is required.Your cable modem is assigned an IP address and treated like a node on the cable system’s network. The cable modem is connected to your PC or network through a 10BaseT or 100BaseT Ethernet connection or via a USB port.
Working with Modems, ISDN, Cable Modems, and More
Note Although symmetrical cable modems (with the same data rate in both directions) are available in some areas, they are not as common for home and small business users as the asymmetrical type.
There are currently two major types of cable modems: the standard cable modem and the telco-return cable modem. Both types are asymmetrical, in that the downstream channel has a much higher data rate than the upstream (similar to 56K modems). The telco-return cable modem uses cable lines for fast downstream transmission, and a telephone modem handles upstream communication over the public telephone network. This type is most commonly used when the cable operator has not yet upgraded the cable infrastructure to the full digital, fiber-optic–based backbone needed to support two-way operation.The telco-return cable modem is fine for home use and might be adequate for a small business network of fewer than 10 users. Because the upstream link is usually limited to about 28.8K, however, it should be avoided for serious business use or when there is a significant amount of upstream traffic. The standard cable modem uses cable lines for data transfer in both directions.The signal is transferred over high-speed lines, usually fiber to each ring. Each neighborhood has a ring that supports the coaxial cable drop to each customer. The maximum downstream rate is generally 28 to 36Mbps, with the upstream rate being about 10Mbps.This is the aggregate rate for the ring to which you will be assigned, so you will be sharing this capacity with other users on your ring.Typically, you have a maximum downstream rate of 1.5Mbps, with an upstream rate of no more than 384Kbps.The number of users on the ring varies depending on how many users have subscribed to the service or how broad an area the cable company has decided to service on one ring. Cable modem technology is finally starting to mature. As recently as early 1999, Cable Datacomm News estimated the number of North American subscribers at less than 400,000, but that number has increased more than tenfold and is still growing rapidly. Some cable systems are offering access to small businesses; others are concentrating strictly on home users. Some of the business offerings are attractive pricewise, and some providers are offering to set up a virtual private network (VPN) for small companies. The monthly cost for a basic cable modem rental with unlimited access ranges from $45 to $60, which is comparable to the monthly cost for a telephone line and Internet access from an ISP (but at a higher access speed).This is a good deal for home users and an even better deal for a business with telecommuters.
DSL and ADSL Digital Subscriber Line (DSL) is the latest high-speed technology that telephone companies are offering for remote access. DSL is generically known as xDSL because it is a
369
370
Chapter 17
Remote Access
collection of various technologies. Of the various flavors of xDSL, Asymmetric Digital Subscriber Line (ADSL) seems to be more advantageous than many other upcoming bandwidth solutions because it doesn’t require a whole new infrastructure. ADSL promises super-fast Internet access, up to 8Mbps downstream (and up to 384Kbps upstream). Because ADSL works with existing copper telephone wires, it requires less upgrading of telephone companies’ networks than other broadband solutions. ADSLbased services are always connected, just like a LAN or a cable modem.The ADSL modem operates simultaneously with the telephone so that regular telephone service can continue unaffected by the modem. Because each ADSL customer has his own dedicated copper line, throughput is unaffected by neighboring users. It does not suffer the disadvantage of a cable modem, which has multiple users sharing a common coaxial cable network, reducing the speed available to each user. With DSL you have a completely digital signal brought in over your telephone line.The signal is then sent to your computer via a standard Ethernet connection.The connection to the Internet is full-time, so no call setup is required.Your ISP assigns an IP address to your DSL router, and it is treated like a node on the telephone company’s network.The DSL router is connected to your PC or network through a 10BaseT or 100BaseT Ethernet connection or via a USB port. Initially, several PCI card DSL modems were available, but they are being phased out in favor of external DSL routers.The external models provide more flexibility because you can insert a switch or an external firewall between the router and your PC. The telephone company will have to come to your location and install a splitter that separates the voice line from the ADSL line.The ADSL line plugs into a box that is similar to a cable modem or an ISDN router, and it can be connected to your PC or your network with an Ethernet cable. Some of the telephone companies are offering a do-ityourself installation kit for DSL.This kit includes an external or a PCI card DSL modem and the line splitter. Note G.Lite, also known as Universal ADSL, is a newer technology that allows telephone companies to offer DSL over standard phone lines at the same transmission speeds, without using a splitter. By eliminating the service call and the cost of a splitter, DSL is becoming more cost competitive with cable modems, both in terms of installation costs and monthly pricing. The upload and download speeds are comparable to the existing consumer-grade DSL.
Like cable modems, the service is asymmetrical, meaning that the upstream speed is lower than the downstream.The consumer ADSL service is rapidly becoming available in most areas, averaging around $45 to $60 per month for an upstream rate between 64 and 384Kbps and a downstream rate between 384 and 1.5Mbps. Business-grade ADSL services are available with up to an 8Mbps downstream rate.
Working with Modems, ISDN, Cable Modems, and More
Synchronous DSL (SDSL), available in some areas, provides the same speed both upstream and downstream, so it is more of a direct competitor to T1 and frame relay lines. Currently, SDSL’s pricing structure makes it appropriate only for business use.
Looking to the Future: Satellite Technology After years of being a second-rank technology, satellite-based Internet access is finally becoming competitive.The first versions of satellite-based access were download only. You could get a good download speed, but like some of the older cable systems, these versions relied on return via telephone lines, usually no faster than 28.8Kbps. It was better than nothing, but only if you lived in a rural area where other broadband technologies were not available. The dominant satellite television providers are now offering a two-way technology that offers fast download and upload via the satellite.They are finally becoming competitive with cable companies in both content and Internet access. Similar to the other broadband offerings, satellite Internet access is asymmetrical.The download speed for a basic package is 384Kbps, with up to 4Mbps available for an additional charge.The upload speed varies by vendor, typically 32Kbps–64Kbps, with a burst mode of 128Kbps. For example, the DirecTV satellite television vendor offers the DirecWay Internet access system. It is available as a standalone system, or existing users of the DirecTV satellite service can buy an upgrade package to receive both television and the Internet. Unlike the basic DirecTV service that allows users to install their dish, the DirecWay service must be professionally installed because an FCC regulation requires a trained professional to install all two-way satellite systems. Several of the DirecTV resellers are offering DirecWay for $100 a month for the first year, then $60 to $70 a month after that.This basic package includes unlimited access at a download speed of 384Kbps, with an upload speed of 64Kbps.The installation fee ranges from $100 to $300, depending on what options you select.There are always price promotions going on, so be sure to shop around for the best deal. A couple of vendors for the DirecWay service are BlastSurf at http://www.blastsurf.com/ satellitepc.htm or Nationwide Satellite at http:// www.nationwidesatellite.com/highspeed.htm. The major competitor to DirecWay for the residential market is Starband, an offshoot of the DISH network.Their plans and pricing are virtually identical to DirecWay’s. Just like DirecWay, DISH satellite TV users can buy a satellite dish that enables them to have both television and Internet access. For more information about the Starband service, see its Web site at http://www.starband.com/index.htm. The advantage of satellite technology is that it is available just about anywhere. For example, both DirecWay and Starband are available in the continental United States,
371
372
Chapter 17
Remote Access
Hawaii, Puerto Rico, and the Virgin Islands.The only requirements are that you have a place to mount the satellite dish that has clear view of the southern sky and that there is an installer who is willing to come to your location. However, there are some drawbacks. For example, the current consumer-grade satellite technology doesn’t officially support VPNs.This is because of the nature of satellite technology and some of the workarounds in place to make TCP/IP transmit efficiently over a satellite link. Satellite transmission introduces a high amount of latency, caused by the extra milliseconds needed to transmit the approximately 46,000 miles of earth-to-spaceto-earth connection.To reduce some of the latency issues in satellite transmission, the main site or a relay site uses some form of IP spoofing, basically impersonating the remote site and sending a false acknowledgement.This decreases the latency because the sending site receives a speedy acknowledgement and keeps the packets flowing. Unfortunately, in a VPN session the packets are encrypted and cannot be read by the spoofing site; they can be acknowledged only by the receiving site.This exposes VPN traffic to the inherent latency issues of satellite technology. In most cases, a VPN will work, but you will not have the throughput or reliability you would expect from a broadband connection. In addition, interactive games and Voice over IP (VOIP) are not supported because of the same latency issues. Another problem is that satellite transmissions are susceptible to problems during heavy rain and high winds.
The Dark Horse Entry: Wireless A broadband technology that is not getting much media attention is wireless.Wireless access technology has a lot of advantages for service providers because they don’t have to create or rebuild their current infrastructure. Stringing wire or fiber over a large area is prohibitively expensive. Wireless providers just have to maintain a high-speed connection to the Internet at their central location, and relay to remote transceivers strategically located around their market area. Consumers lease wireless modems that connect to their computers via an Ethernet or a USB connection, just like other broadband technologies. Typically, most of the wireless technologies use the 2.4GHz frequency for transmission, which means that unlike satellite technology, wireless is usually not affected by rain or high winds. In addition, because it is operating over a shorter distance, the latency is comparable to cable or DSL, so VPNs and VoIP are possible. The downside is that because wireless is a very new technology, there are no standards. It seems that every vendor is using a different form of wireless technology. Currently, prices range from $60 to $120 a month for speeds equivalent to DSL. Standards should be available soon that result in wider availability and lower prices.
Working with Modems, ISDN, Cable Modems, and More
Broadband: Which One Should You Choose? Now that cable modems, DSL, and satellite are starting to become widely available, which one is best? Well, it depends. Cable modems generally promise the highest throughput on paper. However, remember that all customers in a neighborhood share bandwidth on a common ring.This is fine if you have a lot of neighbors who couldn’t care less about the Internet, but if your neighbor’s teenagers are constantly downloading MP3s or movies, you could have a problem. DSL seems like a better solution; however, there are specific distance limitations. Most DSL providers don’t support customers who are more than 17,500 wire feet (not a straight line) from the switching office. In addition, it’s important to note that as you get farther than about 10,000 feet, the odds of getting a 1.5Mbps download speed decrease rapidly. Some new alternative DSL offerings increase the distance to about 20,000 to 25,000 wire feet, but they are generally using ISDN lines and top out at a speed of approximately 500Kbps. Satellite technology is the new kid on the block. As a broadband technology, it is not as mature as DSL or cable modem; however, it has the advantage that you can get it virtually anywhere.Table 17.1 compares some of the features associated with each technology. Table 17.1 Broadband Feature Comparison Cable Modem
DSL
Satellite
Must be less than 17,500 wire feet from a switching office $45–$60/month
Just about anywhere in North America
Price
Available in most areas that have cable TV $45–$60/month
Download speed
1.5Mbps–2Mbps
Upload speed
Typically 384Kbps
Static IPs available? VPN support VoIP support
From some ISPs Yes Yes
Varies by distance, typically 384Kbps–1.5Mbps Varies by distance, typically 64Kbps–384Kbps Yes Yes Yes
Availability
$100/month first year; $60–$70/month after that 384Kbps
32Kbps–64Kbps with a burst of 128Kbps No No No
Security Issues for Always-On Connections A common characteristic of all forms of broadband is the full-time connection to the Internet. Any machine permanently connected to the Internet needs to be secured against unauthorized access. Most providers are now including utilities in their setup
373
374
Chapter 17
Remote Access
programs that disable file and print sharing on your machine. However, you should also disable NetBEUI on any external interfaces to the Internet. A better strategy is installing some sort of firewall between your machine and the Internet. A firewall is a hardware device or software product that enables you to configure which people or applications have access to your machine. Most intruders know which blocks of IP addresses are assigned to broadband ISPs.They can use a port scanner program to work through this list of IP addresses and check each address that responds to see which ports are open. A port is a software-based connection on your computer used to pass data in and out. Some ports are designated for specific types of functions—for example, port 119 is used for Network News Transfer Protocol (NNTP), and port 25 is used for Simple Mail Transfer Protocol (SMTP). A clever intruder can use some of these ports to access and control your computer. However, you can configure a firewall to close these ports or limit access to them from the outside world. Note In addition to the security warnings covered here, be sure to review the material in other chapters about securing your machine.
Microsoft has included a basic firewall package in Windows XP, called the Internet Connection Firewall (ICF). ICF is a fairly basic firewall and may or may not be suitable for all users.The “Third-Party DUN, RAS, and VPN Utilities and Hardware” section later in this chapter lists other available firewall hardware and software. For those users with DSL lines, some of the routers that the RBOCs are supplying have a basic firewall built in. For example, Southwestern Bell, Pacific Bell, and BellSouth use Cayman or Netopia routers for some of their DSL installations. Some models of these routers enable you to configure the inbound access and close unnecessary ports to reduce your vulnerability to external intrusions. Information on Cayman and Netopia routers is available at http://www.dslreports.com/faq/cayman or http://www.cayman.com. .
For more information on ICF, see Chapter 16, “Windows XP Meets Unix,” p. 331.
Connecting Broadband to Your Computer Despite their major technological differences, all three broadband technologies connect to your computer in a similar fashion: using the standard 10BaseT Ethernet interface. Although some of the newer adapters come equipped with both Ethernet and USB interfaces, it’s a tossup whether broadband adapters should be attached via the standard Ethernet interface running at 10Mbps or via USB because the throughput of these broadband devices rarely approaches even the old USB 1.1 maximum of 1.5Mbps. It’s probably more a matter of which method is easier for the user to configure.
Connecting Broadband to Your Computer
Certain caveats exist, however. If multiple high-traffic devices, such as a hard drive or CD-ROM, are connected to the same USB 1.1 hub or interface, performance could suffer. A USB 2.0 interface does not have this problem. In addition, because some devices receive their power from a USB hub or interface, you might not want to share these devices on a non-powered hub or laptop with a USB broadband device. Note To use USB 2.0 devices with Windows XP requires Service Pack 1 or USB 2.0–specific drivers from the manufacturer.
To set up a broadband connection using an Ethernet connection, follow these steps: 1. Connect the broadband device to the incoming cable, if the installer hasn’t already done it for you. 2. Power on the broadband device and make sure that all indicator lights (if present) show the correct status.This might take a while the first time the device is turned on, as it usually has to synchronize with the upstream controller. 3. Install and configure an Ethernet card (if it’s not already present) in your computer using the manufacturer’s instructions. 4. Connect the broadband device to your PC using an Ethernet cable. 5. Power on and start your PC. 6. Configure the IP addressing information supplied by your broadband vendor.This information will be a static IP address and DNS information, or the vendor might specify that you use DHCP to obtain an IP address. .
For instructions on how to configure an IP address in Windows XP, see Chapter 14, “Windows XP and TCP/IP,” p. 273.
7. Load any broadband vendor–supplied software.This software usually has utilities that register the Media Access Control (MAC) address of your Ethernet card on the vendor’s system.You might have to enter a user ID and password assigned by the vendor to complete this process. 8. Reboot your PC if necessary, and then open your Web browser and try to access a Web site. To set up a broadband connection using a USB connection, follow these steps: 1. Connect the broadband device to the incoming cable, if the installer hasn’t already done it for you. 2. Power on the broadband device and make sure that all indicator lights (if present) show the correct status.This might take a while the first time the device is turned on, as it usually has to synchronize with the upstream controller.
375
376
Chapter 17
Remote Access
3. Install and configure a USB controller card in your computer using the manufacturer’s instructions (if a USB port is not already present). 4. Connect the broadband device to your PC using the proper USB cable. 5. Power on and start your PC. 6. The Found New Hardware Wizard should start and prompt you for the CD containing the drivers for the broadband device. Insert the CD and click the Next button. 7. Follow the prompts to install the drivers. 8. Reboot your PC. 9. After your PC has restarted, open Device Manager and verify that the modem has been installed as a USB device. A new network adapter should also be listed under Network Adapters in Device Manager. 10. Configure the IP addressing information supplied by your broadband vendor.This information will be a static IP address and DNS information, or the vendor might specify that you use DHCP to obtain an IP address. .
For instructions on how to configure an IP address in Windows XP, see Chapter 14, “Windows XP and TCP/IP,” p. 273.
11. Load any broadband vendor–supplied software.You might have to enter a user ID and password assigned by the vendor to complete this process. 12. Reboot your PC if necessary, and then open your Web browser and try to access a Web site. This was just a generic overview, as this process varies among vendors. For example, although some vendors require the MAC address of your Ethernet card to be registered in their system, others control your service based on the MAC address in the broadband device.
Troubleshooting Broadband Connections Broadband connections are wonderful when they’re working, but they can be difficult to diagnose when they’re not. Because broadband connections rely on TCP/IP, you can use all the TCP/IP troubleshooting utilities discussed in previous sections in this chapter and in Chapter 14. Specifically, the PING and TRACERT utilities are invaluable in determining whether you have connectivity to a remote site. Although most DSL modems/routers have a single indicator light to indicate the presence of a signal, most cable and satellite modems have multiple indicator lights to indicate whether they have synced with their upstream controller.These indicator lights can be a valuable troubleshooting aid because most user manuals for these devices have a section on how to interpret them.Typically, the data and sync lights should be on solid; if one or both are blinking, you probably have a signal problem.
Remote Access Versus Remote Control
Another advantage that cable and satellite users have is that they can check the quality of their signal by checking their television reception. If the television picture is poor, you can’t expect the broadband connection to work because broadband devices are generally more sensitive to a poor signal. Cable and satellite modems are especially sensitive to low signal strength.You should always make sure you keep the coaxial cable lengths to a minimum, and use as few line splitters as possible. Line splitters split the coaxial cable into multiple outlets so that you can hook up more TV sets. If you have to use a long cable run with multiple splitters, you might want to invest in an active splitter or an amplifier. An active splitter is a powered splitter that either boosts the signal slightly or results in no signal loss. Make sure that any splitter you use on a coaxial line feeding a cable or satellite modem is rated to 1GHz. If your cable lengths are excessive and you need to share your connection with multiple TVs, you might want to invest in a signal amplifier. An amplifier increases the signal strength to compensate for the losses. Make sure you buy only an amplifier listed as “Cable Modem Compatible” or “5MHz–42MHz passive return.” Some other models actually block the modem signal. Generally, DSL lines are not quite as sensitive to line quality as cable and satellite modems. However, it’s still best to feed your DSL router via a direct line (preferably CAT5) from the telephone company box. Unfortunately, although DSL lines aren’t as sensitive to variations in signal strength, they are more sensitive to radio frequency (RF) interference. If you are having strange problems, they could be caused by interference from the following: n n n n
Light dimmers High-current electrical devices. such as heaters, air conditioners, dryers, or stoves RF transmitters Power transformers
Always make sure the DSL line is not routed close to these types of devices. If you suspect you are having an RF interference problem, you can use a cheap portable AM radio as an RF sniffer. Just tune it to the top of the band and listen for noise variations as you follow the path of the DSL cable. A loud buzzing sound indicates a potential source of RF interference.
Remote Access Versus Remote Control Remote access and remote control represent two basic types of remote LAN access. Both types have strong points, and both provide access to network resources.The main differences between these two methods relate to the type of traffic that passes over the connection between a remote computer and a computer on the network where application processing occurs.
377
378
Chapter 17
Remote Access
Programs such as PC Anywhere, Reach Out, and NetOp provide remote control over network computers.These programs require two pieces of software to work.The first is a client piece on the remote workstation that enables users to reach across the connection to operate the network-attached computer.The second is a server piece on the networkattached computer that responds to user input from the remote client, and then sends screen updates and data from the network-attached computer to the remote machine. These programs connect from a remote location, usually through a dial-up connection to a computer on the LAN that permits the remote computer to take control of a LANattached computer.The remote user takes over the local computer’s keyboard, screen, and mouse so that whatever keys are typed on the remote computer are processed on the local machine.When the screen is updated on the local computer, it is also updated on the remote computer. Remote users have the same access to programs and resources they would if they were sitting at a LAN-attached computer.The LAN applications that the remote user runs actually run on the locally attached computer, with only screen images and mouse and keyboard commands passing across the communications link back to the remote computer. Remote control generally works well, especially over slow communication links, as long as the applications running remotely do not require constant updates to high-resolution displays. Remote control is also subject to several limitations; the most serious limitation is the requirement for a dedicated computer on the LAN for each concurrent remote connection.When a local computer is servicing a remote user, it can’t be used for anything else. For a smaller LAN, in which only a couple of concurrent remote sessions might be needed, it should not be a problem to dedicate a computer for each remote session. On larger LANs that require many concurrent remote sessions, however, a network-attached computer for each remote user is neither cost-effective nor manageable. There are other derivatives of remote control software.The most popular are Windows NT Terminal Server, a modified version of Windows NT Server 4.0; Citrix WinFrame, originally built only for Windows NT Server 3.51; and Windows 2000 and .NET Terminal Services.These alternatives are server products that support multiple concurrent remote control sessions on one server.This reduces the need for dedicated computers and is far more manageable because all remote sessions run on the same machine. These products, however, require high-end servers to deliver the processing power necessary to support multiple remote concurrent sessions.When organizations must support applications that need access to numerous files or voluminous data across slow communication links, server-based remote control products can be quite effective. The other type of software that provides remote access to LAN resources is remote access software.Windows XP remote access enables a remote computer to access a network from a remote location.The remote computer has the same access to network resources it would have if it were locally connected. In effect,Windows XP makes a modem act like a network interface card. Because modems generally provide much
Remote Desktop
lower bandwidth than direct network attachments, remote access runs more slowly. Unlike remote control, remote access requires all data being processed on the machine to be transmitted between the computers. When applications are built to conform to a client/server computing model, however, they operate on remote computers in a way that minimizes network traffic and maximizes data delivery. In fact, perceived performance can often exceed the kind of performance that remote control software delivers for similar applications. Remote access is also more scalable and provides remote access at a lower cost per remote workstation than remote control software running on dedicated machines. Instead of adding computers to a LAN, you merely need to add communication ports, and possibly more memory, or take advantage of the capability to provide remote access across the Internet. Although Microsoft has included the remote access feature in the various workstation versions of Windows for some time, remote control has been available only from third parties.With Windows XP, Microsoft has finally included remote control technology in the base operating system through the Remote Desktop and Remote Assistance features.
Remote Desktop The Remote Desktop feature has been advertised as a new technology in Windows XP, but this remote control technology has actually been available for some time from other vendors, such as Citrix, NetOp, and even Microsoft.The difference is that now it is included with the operating system. Note The Remote Desktop feature is available only in Windows XP Professional; it is not included in Windows XP Home Edition.
Like the applications discussed in the previous section, Remote Desktop enables you to open a session on a remote Windows XP Professional machine and run applications as though you were physically sitting at the console of the remote machine.With this feature, you can connect to your work computer from home or a hotel room and have full access to all your applications, files, and other network resources. To use Remote Desktop, you must enable it on your workstation and grant access to the appropriate users and groups by following these steps: 1. Log on to Windows XP as a member of the local Administrators group. 2. Open Control Panel and select the System applet. 3. In the System Properties dialog box, select the Remote tab.
379
380
Chapter 17
Remote Access
4. Click the Allow Users to Connect Remotely to This Computer check box. 5. Click the Select Remote Users button. By default, members of the local Administrators group have been granted access. 6. Click the Add button. In the Select Users or Groups dialog box (see Figure 17.3), you are given the opportunity to select the users and/or groups that will be granted access to your machine via Remote Desktop.The terminology is somewhat confusing because it isn’t used anywhere else in Windows XP;Table 17.2 defines the terms used in this interface.
Figure 17.3 Controlling Remote Desktop Protocol access using the Select Users or Groups dialog box.
Table 17.2 Object Type Definitions Prompt
Meaning
Object Types Locations
Users or groups. This can show users or groups from an individual machine. If you’re connected to a domain, you can select the domain directory. User or group names.
Object Names
After making your other selections, if you click the Advanced button, a search dialog box opens where you can search for the users or groups you want to add. Click OK three times to save. These steps configure Windows XP Professional to accept incoming connections.The Windows XP Remote Desktop Connection (RDC) client can be installed on any version of Windows from Windows 95 on up.To install the client, insert the Windows XP CD into the client machine’s CD-ROM drive.When the Welcome page appears, click Perform Additional Tasks, and then click Set Up Remote Desktop Connection.
Remote Desktop
Note Windows XP also supports connections from the older Windows Terminal Services clients, so you can use the 16-bit client from a Windows 3.1 machine, if you still have one. Citrix clients are not supported because they use the Independent Computing Architecture (ICA) protocol instead of the Remote Desktop Protocol (RDP) used with the RDC client.
To connect to your Windows XP computer remotely, start the RDC client on the remote computer.This computer must have a connection of some kind to the other computer—for example, LAN,WAN,VPN, or dial-up. Enter the IP address or the name of the remote computer, and then click the Connect button. Enter the username and password, and you’re in! Because Windows XP Professional is a desktop operating system, it allows only one user to be active at a time. If the XP computer is not a member of a domain, when another user accesses it through the RDC client, it uses Fast User Switching to suspend the session of the user who is currently logged on. However, if the Windows XP computer is a member of a domain, the current user is logged off, unless the same user is attempting a connection via the RDC client; then he or she will join the existing session.Table 17.3 describes what happens in such scenarios. Table 17.3 RDC Without Fast User Switching User Attempting to Connect Member of Administrators or Remote Desktop Users group Member of Remote Desktop Users group
User Currently Logged on to the Console
Result
No one
Connection established.
Remote Desktop User
Message: Only the current user or an administrator can log on to this computer. Message: Only the current user or an administrator can log on to this computer. Message: If you continue, this user’s Windows session will end and any unsaved data will be lost.
Member of Remote Desktop Users group
Member of Administrators group
Member of Administrators group
Administrator 1
If the Windows XP computer is not a member of the domain, by default, Fast User Switching is enabled and the behavior shown in Table 17.4 occurs; the logged-on user will be able to continue the session later.
381
382
Chapter 17
Remote Access
Table 17.4 RDC with Fast User Switching User Attempting to Connect Member of Administrators or Remote Desktop Users group Member of Administrators or Remote Desktop Users group
User Currently Logged on to the Console
Result
No one
Connection established.
Member of Administrators or Remote Desktop Users group
Message:The user is currently logged on. If you continue, the user has to disconnect from this computer. Do you want to continue?
If a user is logged on, he or she sees this prompt: “Username is trying to connect to this computer. If you allow, you will be disconnected, but you can resume later. Do you want to allow this connection?” If the user selects Yes or does nothing, the remote user automatically connects, and the current session is suspended. If the user selects No, the user attempting to connect sees this message: “Username is currently logged on this computer and did not allow you to connect.” .
For a more in-depth look at the Remote Desktop feature, see Chapter 18, “Windows XP and Terminal Services,” p. 393.
Remote Assistance Diagnosing a computer problem can be difficult if you are not sitting in front of the computer.The Windows XP Remote Assistance feature enables you to grant a friend or a help desk operator permission to connect to your computer and assist you with a problem.Your computer must have a connection of some kind to the other computer, such as LAN,WAN,VPN, or dial-up. The Remote Assistance function is similar to the Remote Desktop function in that it allows a remote user to connect to your Windows XP computer. Remote Desktop, however, is designed to allow you to run applications remotely on your computer, and Remote Assistance is designed to allow a remote user to log in to your running session and assist you in determining a problem with a currently running session. In a Remote Assistance session, you can grant the remote user the ability to observe your desktop as you are working.You can exchange messages via a chat session, or you can talk to each other if you both have the required sound cards and microphones.You can even grant a remote user the ability to take over your desktop to make changes and run programs. Remote Assistance is available in both Windows XP Professional and XP Home Edition. It is enabled by default; however, you must issue an invitation before anyone can connect
Remote Assistance
to your machine.This invitation can be sent to the other user via one of the following methods: n n n
Windows Messenger (the preferred method) E-mail Disk
The invitation is an encrypted ticket used to grant the remote user access to the Windows XP machine.The remote user must have the ticket and a password to be permitted access.You can send the password separately by e-mail (not recommended), instant messaging, or telephone. By default, the invitation is good for 30 days, but you should probably change it to 24 hours or less.To change the invitation time, perform the following steps: 1. In Control Panel, open the System applet. 2. In the System Properties dialog box, select the Remote tab. 3. In the Remote tab, click the Advanced button to open the Remote Assistance Settings dialog box. 4. Set the invitation time (see Figure 17.4). 5. Click OK twice to save.
Figure 17.4 Setting the duration of invitations in the Remote Assistance Settings dialog box.
To create an invitation, perform the following steps: 1. Click Start, All Programs, Remote Assistance. 2. Click the Invite Someone To Help You button. 3. In this window, you can elect to send the invitation via Instant Messenger (IM) or e-mail, or save it as a file. 4. Select Save Invitation as a File. 5. Enter your name (see Figure 17.5). Note that the default invitation duration for a file is much shorter than for e-mail or IM.
383
384
Chapter 17
Remote Access
6. Set the invitation time, and then click the Continue button. 7. Enter a password, if you like. 8. Click the Save Invitation button.
Figure 17.5 Configuring the invitation in Remote Assistance.
The invitation has been saved to a file.This file can be e-mailed, saved to a disk and carried to a remote user, or copied to a network share.The user from whom you have requested assistance must be running a version of Windows XP, either Home Edition or Professional. To respond to an invitation, perform the following steps: 1. On the remote machine, the assisting user must locate the invitation and doubleclick it. 2. The Remote Assistance dialog box opens, and you see this message: “Do you want to connect to user’s computer now?” Click Yes. 3. On the computer requesting assistance, a dialog box appears asking whether you want to accept the connection. Click Yes.The remote user is able to see your desktop, and communicate with you via chat. If the remote user needs to take over your machine, he can click the Take Control icon on his toolbar.You will be prompted as to whether you want this to happen.You can both share control of the desktop until you press the Esc key.When finished, just click Disconnect at the top of the screen.
Working Across Virtual Private Networks
Of course, allowing someone to take over your machine requires a great amount of trust. Don’t open this feature to anyone you don’t know! Make sure your invitations always require a password that you don’t send with the invitation, and keep your invitation durations as short as possible.
Problems with Remote Assistance If you are accessing a Remote Assistance computer that is behind a firewall, port 3389 must be open. However, it should work if you use Windows Messenger to establish the connection.Table 17.5 lists some common connection scenarios. Table 17.5 Remote Assistance Connection Scenarios Assistant
Client
Result
Behind NAT device Behind NAT device Normal
Behind NAT device Normal Behind NAT device
Behind proxy server Behind proxy server Normal
Behind proxy server Normal Behind proxy server
Doesn’t work Works Works with Windows Messenger, but not with file or e-mail invitations Doesn’t work Must install proxy software on assistant Doesn’t work
For more information, consult the Microsoft KnowledgeBase article “Q301529: Supported Connection Scenarios for Remote Assistance.”
Working Across Virtual Private Networks Windows XP includes two VPN protocols: the Point-to-Point Tunneling Protocol (PPTP) and the Layer 2 Tunneling Protocol (L2TP). PPTP and L2TP are WAN protocols that enable a client and server to establish a secure point-to-point connection over a TCP/IP connection, such as the Internet.These protocols enable you to set up virtual private networks economically. A VPN is a WAN link that uses the Internet rather than a dedicated telephone line or a dial-up connection as its transport medium. VPNs can be used to connect a single remote computer to another computer, a computer to a network, or a network to another network. Significant cost savings are possible if you can use a VPN through a local connection to your ISP, versus dialing a long distance number or paying a monthly rate for a dedicated circuit.
Point-to-Point Tunneling Protocol (PPTP) PPTP is aptly named because it can set up a point-to-point secure connection over an unsecured network. It is referred to as tunneling because PPTP works by encapsulating
385
386
Chapter 17
Remote Access
network packets, which can be IP, IPX, or NetBEUI, within IP packets routed directly from one point to another over a public medium, the Internet. As an added precaution, the packets can also be encrypted.The packet is encrypted with Microsoft Point-toPoint Encryption (MPPE) by using encryption keys generated from the Microsoft Challenge Handshake Authentication Protocol (MS-CHAP) or Extensible Authentication Protocol–Transport Layer Security (EAP-TLS) authentication process. Because the packets are encapsulated and encrypted, the communication is very secure. Encapsulation also enables the transport of packets, such as IPX and NetBEUI, that otherwise would not be routable over the Internet. To use PPTP, you can use an existing network connection, or you can dial an ISP to get to the Internet. Once connected to the Internet, you use a Network Connections entry to connect to a remote PPTP server. Connecting to the remote server is just like using a regular Network Connections entry to make a telephone connection, except that you specify an IP address instead of a telephone number and a VPN adapter instead of a modem. One of the improvements to PPTP in Windows XP is the capability to click just one entry to make the connection to the ISP and the remote server.This is done through the Network Connection Wizard.When you are creating your VPN connection, the wizard asks if you want to dial an initial connection. Just specify the initial connection to your ISP, and then configure the connection to your remote server.When you select the object created by the Network Connection Wizard, it automatically makes both connections for you.
Layer 2 Tunneling Protocol (L2TP) L2TP works in a similar manner to PPTP. However, instead of using MPPE encryption, L2TP uses the industry-standard Internet Protocol Security (IPSec) to encrypt its packets. L2TP is more complicated to install because you are required to use a machine certificate from a certificate authority or a previously shared key. .
For more information about IPSec and installing security certificates, see Chapter 25, “Managing System Security,” p. 565.
By default, the remote access client supports both PPTP and L2TP and automatically selects the correct protocol when connecting to a remote VPN server. However, occasionally forcing a particular type of connection is necessary.To configure a connection to use a specific VPN protocol, perform the following steps: 1. Set up the connection using the New Connection Wizard. 2. After the initial configuration is completed, right-click the VPN connection name in the Network and Dial-Up Connections window and select Properties.
Working Across Virtual Private Networks
3. In the Properties dialog box, click the Networking tab. 4. In the Type of VPN drop-down list, select the protocol (see Figure 17.6).
Figure 17.6 The list of available VPN protocols in the Properties dialog box.
5. Click OK to save.
Which VPN Protocol Should You Use? There are, of course, advantages and disadvantages to each of the available VPN protocols. PPTP has been around the longest, is an industry standard, and is supported by other manufacturers, such as Cisco and Altiga. In addition, it is easier to configure than L2TP and has less overhead. On the other hand, L2TP provides far better security than PPTP and supports the common Public Key Infrastructure (PKI) technology.The major disadvantage is that it cannot be used if Network Address Translation (NAT) is in use on some routers. It also incurs more performance overhead than PPTP, and you must have security certificates in place. L2TP is currently a draft RFC with the Internet Engineering Task Force (IETF), but will probably become a standard in the near future. A third option is to use IPSec in Tunnel Mode. Unfortunately, the current implementations of IPSec tunneling from various manufacturers do not interoperate. It is also limited to IP only and cannot be used with NAT, and some routers do not handle it properly. No matter which VPN protocol is used, power users or small organizations can use the Internet as an economical WAN backbone for secure remote network connections.
387
388
Chapter 17
Remote Access
Tools for Diagnosing VPN Problems VPN problems can be difficult to diagnose because there is the potential for problems in so many areas.Typical possibilities include the following: n n n n n
No connection to remote computer. Remote computer goes into hibernate or standby mode. Poor-quality connection (latency). The proper ports are not open on the firewall. Necessary ports are closed on the firewall.
You can use the command-line PING utility to test whether you can reach the remote computer via your connection. Just ping the remote computer by name or IP address to find out if you can reach the remote computer. Another possibility is that the remote computer might have gone into hibernate or standby mode. In the past when you could use only a VPN connection into a server, this wasn’t a problem. However, now that Microsoft supports XP-to-XP VPN connections, this is another factor to consider. In addition, you can check the amount of latency present on the connection by looking at the average round-trip time and watching to see if there were any timeouts. As discussed in the section on satellite technology,VPNs do not work well over connections with a high amount of latency. A ping that shows an average round-trip time of more than one second and multiple timeouts probably indicates that you won’t be able to connect or sustain a reliable VPN connection. .
For more detail on the PING command, see Chapter 14, “Windows XP and TCP/IP,” p. 273.
Just because you can ping the remote server does not mean that you can establish a PPTP connection to it.The PING command uses the Internet Control Message Protocol (ICMP), which uses different ports than the ones required for a PPTP connection. PPTP requires TCP port 1723 and protocol type 47. (L2TP requires UDP port 1701.) Any routers or firewalls between the two machines must be configured to allow this traffic. For those who have not worked with routers or firewalls before, knowing which ports are open is difficult, unless you did the configuration yourself. To test the connectivity needed for PPTP to operate, Microsoft has provided a PPTP PING tool with Windows XP.This tool enables you to ping a remote server to see whether it can receive traffic over the ports that PPTP requires.This tool consists of two executables: n n
Pptpclnt.exe—The client version Pptpsrv.exe—The server version
These tools are located in the Support.cab file, which is in the Support\Tools folder on the Windows XP CD-ROM.
Third-Party DUN, RAS, and VPN Utilities and Hardware
Unlike the normal PING utility, you must have one of these executables running on the server and one on the client.This requires that you work with someone who has access to the remote server. To use the utilities, copy Pptpsrv.exe to the PPTP server and start it. Next, copy Pptpclnt.exe to the client and start it with the server name or IP address on the command line: Pptpclnt <servername>
Nothing will be displayed on the client.You have to go to the server and watch for the following response: Total GRE packets received = 1 Total GRE packets received = 2 Total GRE packets received = 3
If the ping fails, the server displays an error message that you can use to diagnose the problem. For more information on troubleshooting VPN problems, see the following article in the Microsoft KnowledgeBase: “Q314831: Basic L2TP/IPSec Troubleshooting in Windows XP.”
Third-Party DUN, RAS, and VPN Utilities and Hardware Because of the popularity of Windows XP, quite a few add-on products are available for remote access and VPN. Some of our favorites are described in the following sections. n
n
n
RAS-Costs. This small freeware program automatically tracks your online time. For more information, visit Timo Engelke’s site at http://people. frankfurt.netsurf.de/Timo.Engelke/rcosts/. Point B Remote Net-Accelerator. This client/server solution from Traveling Software speeds up remote access to an office network. It reduces transfer times by caching network files locally, by sending only changes to a file rather than the whole file, and by compressing data to send it more efficiently. It can be used with dial-up connections and VPNs to reduce the amount of information transmitted through the network, and it can improve network performance on slow WAN links. For more information, visit http://www.travsoft.com. BlackICE Defender. This software-based firewall utility is suitable for the home/small office market. It not only protects your computer from intrusions, but also has a backtrace utility for tracking down the source of intrusion attempts. For more information, see the Network ICE Web site at http://netice.com.
389
390
Chapter 17
n
n
n
n
n
Remote Access
Norton Personal Firewall. This software-based firewall utility for your desktop offers basic protection from Internet intruders and is easy to install and configure. Symantec also offers other software-based firewall products—Norton Internet Security and Norton Internet Security Family Edition—with more features, including integrated virus checking and firewall customization for each user. For more information, see http://symantec.com. ZoneAlarm. You can load this personal firewall utility on your Internet-connected computer to protect it from unwanted intruders. ZoneAlarm enables you to control access to both incoming and outgoing ports on your computer, so you can spot any Trojan horse programs that have been installed on your machine. It also tracks access to these ports by IP address.The personal version of ZoneAlarm is free for home use. A more sophisticated version, ZoneAlarm Pro (available for a small fee), is capable of supporting a home network or a small business. For more information, visit http://www.zonealarm.com. D-Link Residential Gateway. This hardware device provides basic firewall capabilities, mostly through the use of NAT. It provides up to 32 DHCP addresses if you attach it to a hub or switch. For more information, visit http://www.dlink.com. LinkSys EtherFast Cable/DSL Router. This hardware device provides routing, NAT, DHCP, and firewall services. Several models are available with a varying number of 10/100 Ethernet switch ports.You can use the EtherFast device to share your Internet connection with multiple users. For more information, visit http://www.linksys.com. NetGear DSL/Cable Modem Internet Gateway Router. This product provides Internet connection sharing, NAT, DHCP, and firewall capabilities.The unit is equipped with a four-port 100MB switch, and the firewall provides log files of activity. For more information, visit http://netgear.com.
For More Information Web Resources For a directory of xDSL and cable services and ISPs in your area (including performance reports), check out www.dslreports.com. n
n
For a directory of ISDN services and ISPs in your area and for more ISDN information, check out www.isdnzone.com.
n
To check the current version of the Microsoft Hardware Compatibility List (HCL), see http://www.microsoft.com/hcl/.
n
For more information about USB support in Windows XP, consult the following articles in the Microsoft KnowledgeBase: “Q310575: General USB Troubleshooting in Windows XP” and “Q314634:Windows XP Does Not Detect Your USB Device.”
For More Information
Books Dhawan, Chander. Remote Access Networks: PSTN, ISDN, ADSL, Internet, and Wireless Computing. McGraw-Hill, 1998. ISBN: 0070167745. Microsoft Windows XP Resource Kit Documentation. Microsoft Press, 2001. ISBN: 0735614857. Perlmutter, Bruce. Virtual Private Networking: A View from the Trenches. Prentice Hall, 2000. ISBN: 0130203351. Robichaux, Paul. Remote Access 24Seven. Sybex, 1999. ISBN: 078212531X. n
n
n
n n
Wilson, Casey and Doak, Peter. Creating and Implementing Virtual Private Networks. The Coriolis Group, 2000. ISBN: 1576104303.
391
18 Windows XP and Terminal Services
I
N CHAPTER 17, “REMOTE ACCESS,” YOU examined the various ways you can configure inbound and outbound remote access connections to your Windows XP computer. In that chapter, you saw how to use the Remote Desktop feature to connect to your Windows XP Professional computer so that you can access your applications and files when you are out of the office.
Although it’s new to desktop operating systems, the technology that enables the Remote Desktop feature is derived from an existing server technology called Terminal Services. With Terminal Services (TS), you can remotely connect to a server and run applications installed on that server as though you were sitting at the server console. In this chapter, you will examine this technology and learn how to use Windows XP to connect to Terminal Services. In addition, you will examine some of the common problems you might encounter with Terminal Services.
Terminal Services History and Overview Terminal Services, an optional service in Windows 2000 and Server 2003, is customized to provide a multiuser environment.This makes it possible for several users to connect to a server and run applications concurrently.Terminal Services is a result of the collaboration between Microsoft and Citrix Systems, Inc. (http://www.citrix.com/). Citrix created the MultiWin technology that allows Windows 2000 and Server 2003 to support multiple user connections and share processor time, memory, and I/O resources.
394
Chapter 18
Windows XP and Terminal Services
Terminal Services consists of three major components: n
n
n
Multiuser server core. This modified version of the Windows NT/2000/.NET Kernel allows the operating system to support multiple concurrent users and share resources. Client software. This software provides the user interface. It can be installed on a PC or a Windows terminal and offers the look and feel of the standard Windows interface. Remote Desktop Protocol (RDP). This protocol provides communication between the server and the client software. It runs only on TCP/IP.
What is now Windows Terminal Services started as a modified version of IBM OS/2 version 1.3 in 1989. Several IBM employees started their own company to market a modified command window version of OS/2 called Citrix Multi-User OS/2. MultiUser OS/2 enabled users to run non-GUI OS/2 applications on dumb terminals attached to a server. In 1992, Citrix licensed the Windows NT Server source code from Microsoft and used it to develop the WinFrame product, a multiuser version of Windows NT 3.51. With the release of WinFrame in 1995, Citrix supported users accessing server sessions via a PC client or using a Windows-based terminal (WBT).The WBT, sometimes known as a thin client, was a dumb terminal with a limited operating system in read-only memory (ROM) that was responsible for controlling the screen display and handling user input. Unlike a typical dumb terminal that was limited to a simple character-based display, these devices provided the standard Windows GUI for the Windows applications running on the server.The first of these terminals used a proprietary operating system in ROM, but later models used the Microsoft Windows CE operating system. Current models use the latest version of Windows CE, an embedded version of Windows 2000, or Linux.These terminals are referred to as thin clients because the software needed to operate them is very small, typically less than 1.5MB. In addition to the WBTs, Citrix supplied the software to run a WinFrame session on various clients, including all versions of Windows (including 3.0), DOS, Macintosh, Java, OS/2, and various versions of Unix. In 1997, Citrix and Microsoft agreed to use Citrix’s MultiWin technology to create a multiuser version of Windows NT 4.0 named Windows NT Terminal Server 4.0.The Microsoft product was very similar to the previous WinFrame product, but did not support all the Citrix features. Most notable was the client support from Microsoft that was limited to Windows 3.11 and later. With the release of Windows NT Terminal Server, Citrix shipped an add-on product called MetaFrame. MetaFrame added several features to the Microsoft product that had not been carried over from WinFrame, such as session shadowing and the Web client. The MetaFrame product also included the Independent Computing Architecture (ICA) protocol, the same protocol that Citrix included with its WinFrame product.This is the
Terminal Services History and Overview
protocol Citrix uses to communicate between the server and the client. Microsoft used its own protocol, the Remote Desktop Protocol (RDP), which was previously used in NetMeeting.The major difference between the two protocols is that RDP requires a TCP/IP environment, whereas ICA can be used with TCP/IP, NetBEUI, IPX/SPX, or over asynchronous lines. In addition, most of the features that differentiate MetaFrame from the base Windows Terminal Server product were tied in to the ICA protocol. With the release of Windows 2000, Microsoft included Terminal Services as part of the base product. In addition, several features that were formerly available only with the Citrix MetaFrame add-on have been integrated into the product, such as session shadowing (also called Remote Control) and automatic printer and drive mapping. In the meantime, Citrix has released a new version of its add-on software, MetaFrame XP, with more features. Of course, Microsoft responded by adding more features to its Server 2003 version of Terminal Services.
What Is Terminal Services Good For? Windows Terminal Services is designed to distribute the Windows 32-bit desktop to clients that are usually not able to run it. Although at the client it appears that the application is running locally, all processing is actually occurring on the server.The only processing that occurs at the client is to display the user interface and to accept input from the keyboard and mouse. Although the application is run on the server, the information needed to control the user interface, such as keystrokes or mouse clicks, is sent over the connection to the client.The amount of data sent over the connection is very small, generally less than 16KB per session.This makes Terminal Services well suited for low-bandwidth connections, such as low-speed dial-up lines. The Remote Desktop Connection (RDC) clients supplied with Windows Terminal Services can be used on most Windows PCs and Windows terminals. A 32-bit client is used with Windows 9x and Windows NT/2000/XP.There is also a 16-bit client that supports Windows for Workgroups 3.11. The RDC client provides the standard Win32 desktop for users. It is a Windows-based application and runs only on Windows platforms. However, it is a small application, generally less than 2MB, and it can run on machines with very limited processor and memory resources. With Terminal Services, each user is assigned his or her own session of 2GB of virtual memory on the server. Performance depends on the capacity of the server, how many users are logged on, and what applications are running.
395
396
Chapter 18
Windows XP and Terminal Services
This client offers some additional benefits over a standard Windows client: n
n
n
Roaming disconnect support. This feature enables users to connect to the server from anywhere and retain their customized desktops and applications. Multiple login support. This feature enables users to be connected to multiple sessions simultaneously. Automatic session reconnection. If users are disconnected from the server because of a local problem, such as a power outage, PC crash, or communications line failure, they can reconnect to the server.They can do this from the same PC or terminal or from any other PC or terminal, and their sessions will resume just where they left them, without any loss of data.
Terminal Services Advantages and Disadvantages There are many advantages to using Terminal Services; here are a few of them: n
Windows Terminal Services runs Windows applications. Most Windows and DOS applications run on Terminal Services without any modifications.
n
The client is very small, which means it can run on low-powered terminals or PCs.
n
Terminal Services can be used with older technology. Because the client is very small, it can run on a 386, so older machines that would normally be sent to the scrap heap can be used as clients.
n
It puts the responsibility for processing in the server room.The system administrator in the server room directly controls everything to do with support of the server and applications. Users have fewer opportunities to “help” the administrator, which results in fewer problems. In addition, because just about everything is controlled from a centralized location, expensive, time-consuming visits to the desktop are rare.
There are also a couple of disadvantages to using Terminal Services, as follows: n
Hardware. The system running Terminal Services requires much more hardware, such as more RAM and a powerful CPU, than the typical file and print server.You can use lower-end systems for the client, but you have to spend more money on the server.
n
Security. You must be aware of the security weaknesses introduced with Terminal Services, and make sure you limit access for all users. Any time you open a remote connection to your network, you’re taking a risk that unauthorized users might attempt to access your network.Therefore, making sure your network is secure is imperative. .
For details on security, see Chapter 25, “Managing System Security,” p. 565.
Terminal Services History and Overview
When to Use Terminal Services Terminal Services is recommended for use in a variety of environments. Following are some examples: n
n
n
n
Harsh environments. Terminal Services is good for harsh environments, such as production facilities where lots of dust and debris are found.With Terminal Services clients, you can use a low-cost Windows terminal with no moving parts that would normally be susceptible to damage or contamination. Remote access. Because of the low-bandwidth requirements, a remote Terminal Services user usually has the same apparent performance as a local user. In addition, the remote user doesn’t need to have frequent software updates because all updates are performed on the server. Public access terminals. A Windows terminal used as a kiosk is very secure because administrators can lock down applications and system access in Terminal Services. In addition,Windows terminals have little street resale value, so they are not attractive to thieves. Customer service. Users running a single or a few task-based applications are ideal candidates for Terminal Services because they can be supplied with a lowcost Windows terminal for far less money than a PC, which would likely be overkill for their needs.
When Not to Use Terminal Services Here are some applications for which Windows Terminal Services is not recommended: n
n
n
Applications requiring heavy calculations. Typical examples are spreadsheet applications. Applications using animation. Passing screen updates for large detailed bitmaps uses a lot of bandwidth. Publishing and/or drawing programs. Although the newer versions of Terminal Services clients can support more than 256 colors, the excess color depth requires more processing and network bandwidth. In addition, all graphics screen updates must be passed over the connection, which can get slow.
Note The information in this section is based on Microsoft recommendations. However, several companies are running multiple versions of AutoCAD on Terminal Services. NCD/Neoware manufactures a Windows terminal specifically for this type of application.
397
398
Chapter 18
Windows XP and Terminal Services
Working with Terminal Services Terminal Services is available in two modes: Remote Administration mode and Application Server mode. Application Server mode configures the Windows 2000 or Server 2003 to operate similarly to Windows NT Terminal Server 4.0. Remote Administration mode is used to provide remote server management.You can install either mode during the initial installation, or after installation through the Configure Your Server tool or the Add or Remove Programs applet in the Control Panel.
Terminal Services in Application Mode The purpose of Application Server mode in Windows Terminal Services is to allow applications to be shared and managed from a central location. Although Remote Administration mode makes few changes to the Windows server, Application Server mode completely changes the server’s characteristics. Normally, a server is tuned to give the best performance to processes running in the background so that server-type applications, such as databases and mail servers, perform better. However, when Windows is configured for TS Application Server mode, the server is tuned to give the best performance to foreground processes.This is similar to the way a workstation operating system is tuned because the operating system is now handling those types of foreground tasks. In Application Server mode, the system administrator can load common applications to be shared by multiple users. Users can be granted the ability to connect to a specific application or a complete desktop environment.Typically, when users receive a PC, they have the opportunity to load their own software and reconfigure the PC however they like.With a TS server, however, the system administrator controls the applications.The system administrator can use a combination of permissions and Group Policies to control exactly what each user can see and what changes, if any, users can make to their desktops.Terminal Services enables the system administrator to have tighter control over the applications and the desktop. This increased control can greatly decrease support costs for an organization because there are fewer visits to the end user.There is no need for upgrade visits, and there are fewer visits for application problems because everything is centrally located and controlled. Unlike Remote Administration mode, in which only two concurrent connections are allowed, Application Server mode enables you to have an unlimited number of concurrent connections, subject to server capacity.The number of users that can be supported varies widely, depending on the type of applications being used.Typically, you can support far more users who are running customer service–type applications than users who are recalculating spreadsheets. .
For more information on Group Policies and securing the Windows XP desktop, see Chapter 9, “Introducing the Windows XP Registry,” p. 179.
Using Windows XP as a Terminal Services Client
Terminal Services in Remote Administration Mode The TS Remote Administration mode was first available in Windows 2000. Previous versions of Citrix WinFrame/MetaFrame and Windows Terminal Server did not have this feature. When you install Windows Terminal Services in Remote Administration mode, you are allowed two concurrent connections to the Windows server.These sessions can be used to remotely access any programs or data on the server. Using the TS client is just like working on the server console. Remote Administration mode allows you to have two concurrent TS sessions without any additional Client Access Licenses required.The beauty of Remote Administration mode is that you can manage your server from just about anywhere and from just about any computer. Because the TS client is supported on a variety of Windows clients, including Windows CE, you can load the client on any available Windows box and manage your server. Imagine managing your server from your Pocket PC! In addition, because the RDP connection between the server and the client requires minimum bandwidth, you are not limited to having a high-speed local area network (LAN) connection.The TS client can access servers via a direct dial-up, an Internet, or even a wireless connection. Again, think about managing your servers from your Pocket PC while sitting on a warm, sandy beach. Note After the initial installation of Terminal Services, it is possible to switch from one mode to another or remove Terminal Services completely. However, after these changes, you must reinstall all applications.
Using Windows XP as a Terminal Services Client Chapter 17 explained the Remote Desktop Connection (RDC) feature in Windows XP Professional, which enables you to connect to your Windows XP Professional machine remotely and run applications.The RDC feature is just another implementation of the Terminal Services technology. Because it is on a desktop-class operating system, however, you are limited to a single incoming remote session. Note Unlike Windows XP Professional, Windows XP Home does not support incoming Remote Desktop sessions. However, the RDC client is included in Windows XP Home, so you can use Windows XP Home to connect to a Windows XP Professional or a Terminal Services computer.
399
400
Chapter 18
Windows XP and Terminal Services
Using the Remote Desktop Connection Client The RDC client is installed by default on both versions of Windows XP.You can open an RDC session (and the RDC client) by clicking Start, All Programs, Accessories, Communications, Remote Desktop Connection.The Remote Desktop Connection window is shown in Figure 18.1. In the Computer text box, you can enter the IP address or the name of the remote computer you want to connect to. If you have previously connected to this computer, click the drop-down arrow to see a list of the computers to which you have made connections.
Figure 18.1 You can connect to another computer by typing its IP address or name in the Computer text box of the Remote Desktop Connection window.
If you do not see the name or IP address listed, and you cannot remember it, click the Browse for More item in the list.This opens the Browse for Computers dialog box, shown in Figure 18.2. All the Terminal Servers you can connect to are shown in the Available Computers list.
Figure 18.2 You can select a computer for the remote connection from the Available Computers list.
Using Windows XP as a Terminal Services Client
Windows XP Doesn’t Advertise By default, only Windows 2000 or Server 2003 running Terminal Services in Remote Administration or Application Server mode advertise their presence to the browse list. For a Windows XP Professional computer to be displayed as a TS server in the Available Computers browse list, change the value of the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server\TSADVERTISE Registry key from 0 to 1.
After you select a connection, click the Connect button, and the logon prompt for the remote server appears. Enter the proper credentials to log on to a desktop from the remote server.The Remote Desktop opens, as shown in Figure 18.3.
Remote desktop
Local desktop
Figure 18.3 The Remote Desktop looks just like the desktop of the computer on the other end of the remote connection.
From this window, you can run programs on the remote server, just as though you were sitting in front of the server console. If you prefer to see the Remote Desktop in full screen mode, just click the Maximize button in the upper-right corner of the window. When running RDC in full screen mode (as shown in Figure 18.4), it is hard to tell that it’s a virtual session.
401
402
Chapter 18
Windows XP and Terminal Services
Figure 18.4 When you run Remote Desktop in full screen mode, it looks as though you were sitting at the computer on the other end of the remote connection.
When it’s time to end your session, you can either log off or disconnect the session.To log off the session, click Start, Shut Down.When the Windows Security dialog box opens, select Logoff.To disconnect the session, select Disconnect in the Security dialog box, or just click the Close button in the upper-right corner. If you log off a session, any currently running programs are automatically shut down for you, just as though you were using your own computer. However, if you disconnect a session, any programs that are running remain running.The next time you log on to the server, the session will be just as you left it. Tip The default configuration of a Terminal Services server is to maintain disconnected sessions indefinitely. However, even when a session is disconnected, it still uses resources on the server. Unless you have a good reason for leaving a session running, such as running a batch job or a long-running database function, logging off when you are finished is usually best.
Remote Desktop Client Configuration Options The previous section discussed logging on to a TS session with the default settings. However, the RDC client has many options available so that you can configure it for optimum performance in many different situations.
Using Windows XP as a Terminal Services Client
To access these settings, open the RDC client, and click the Options button. Use the settings in the General tab (shown in Figure 18.5) to configure the server, username, password, and domain to connect to. Note that even though a Windows XP Home computer cannot be a member of a domain, it can still log on to any TS servers in the domain via the RDC client.
Figure 18.5 You configure your connection settings in the General tab of the Remote Desktop Connection dialog box.
You can also use the RDC client to export your client configuration settings to a file that can be used on other machines. Just click the Save As button in the Connection Settings section. The display settings are available in the Display tab, shown in Figure 18.6. In this example, the screen display can be configured in the following resolutions (although resolution settings can vary depending on the system): n n n
640×480 800×600 1024×768
You can also set the color resolution; however, the higher the resolution, the more data must go over the link between the client and the remote server.You will probably want to keep this setting as low as possible over low-speed links. It’s important to remember that the settings on the remote server always override the RDC client settings.
403
404
Chapter 18
Windows XP and Terminal Services
Figure 18.6 You configure your display settings in the Display tab of the Remote Desktop Connection dialog box.
There is also an option to display the connection bar when you are in full screen mode. You can use the icons on the connection bar to quickly minimize or maximize your session.The connection bar appears when you move your mouse to the top of the screen. To always display the connection bar, click the check box. Display Characteristics The maximum values for the display resolution are equal to the settings on your client computer. For example, if the client is configured for 800×600 with 256 colors, you won’t be able to configure the RDC session to 1024×768 with 16-bit resolution. The client must have a desktop resolution equal to or higher than the RDC session.
You use the Local Resources tab, shown in Figure 18.7, to configure the session’s interface characteristics, such as sound, keyboard, and device mapping.To hear the sounds generated by the remote server session through your local computer, you can enable the sound option. Although this option is useful for applications that use sounds as prompts, it’s not a good idea to play MP3s over a low-speed connection because they use a significant amount of bandwidth. For slow connections, setting this option to Leave at Remote Computer is recommended. In the Local Devices section, you can specify which of the devices attached to your local computer will be available in your RDC session.This option enables you to access your local drives, printers, or any devices attached to your serial port.
Using Windows XP as a Terminal Services Client
Figure 18.7 You configure interface characteristics, such as sound, in the Local Resources tab of the Remote Desktop Connection dialog box.
In the Keyboard section, you can specify how the standard Windows key combinations are handled while you are in a remote session. For example, if you are running a remote session and you press the Alt+Tab key combination, the local computer will respond to the keystrokes.You can choose to have the Windows keys assigned n n n
.
To the local computer To the remote computer To the remote computer, only when the session is in full screen mode For a comprehensive listing of keyboard shortcuts, see Appendix E, “Windows XP Keyboard Commands and Shortcuts,” p. 819.
In the Programs tab, you specify the name and location of a program to run when you connect to the remote session.You will have access only to the program and will not get the Windows desktop. You can use the Experience tab, shown in Figure 18.8, to tailor the performance of your RDC session to the speed of your connection. For example, on a slow dial-up connection, you should turn off all the options except Bitmap Caching.The Bitmap Caching feature improves performance by using your local disk to cache frequently used bitmaps, which reduces RDC traffic.The visual features listed here greatly affect the amount of data that has to be carried over the link between the server and the client.
405
406
Chapter 18
Windows XP and Terminal Services
Figure 18.8 You configure performance-enhancing settings in the Experience tab of the Remote Desktop Connection dialog box.
You’ll notice that as you select the different connection speeds, different options are selected.These options are Microsoft recommendations for each link speed.You can create your own configuration by selecting Custom in the drop-down list. Unless you are connecting locally via a LAN, it’s usually best to turn off all the options except Bitmap Caching.
Setting Up Windows XP as a Remote Management Workstation The Windows XP Remote Desktop Connection feature can be used to remotely manage your network. A typical scenario is loading all the systems and network management applications on a Windows XP Professional workstation, which is designated as your remote management console. Access to this workstation through an RDC session can be assigned to selected network administrators.This access is limited, by default, to members of the Administrators group. To use Remote Desktop, you must enable it on your workstation and grant access to the desired users and groups by following these steps: 1. 2. 3. 4.
Log on to Windows XP as a member of the local Administrators group. Go to the Control Panel and select the System applet (via the Classic view). In the System Properties dialog box, select the Remote tab. Click the Allow Users to Connect Remotely to This Computer check box (see Figure 18.9). 5. By default, members of the local Administrators group, which include the Domain Administrators group, have been granted access. If this is sufficient, click OK to save.
Using Windows XP as a Terminal Services Client
6. To add more users, click the Select Remote Users button. 7. Click the Add button.
Figure 18.9 You must configure Windows XP to allow remote connections via the Remote tab in the System Properties dialog box.
In the Select Users or Groups dialog box shown in Figure 18.10, you can select the users and/or groups that will be granted access to this machine via the Remote Desktop feature.The terminology is somewhat confusing:
n
Object Types. Users or groups. Locations. This can show users or groups from an individual machine, or if you’re connected to a domain, you can select the domain directory.
n
Object Names. User or group names.
n
After making your other selections, if you click the Advanced button, a search dialog box opens where you can search for users or groups. Alternatively, you can click the Find Now button to have Windows XP display a list for you to choose from. Click OK three times to save.This allows only specifically designated users and groups to access the workstation remotely through an RDC session. To provide secure remote access to this server from remote locations, you can attach a modem to it, so administrators can dial in to do their system management chores. On the other hand, a somewhat less secure way is to open RDP port 3389 on your firewall for the management server’s specific IP address.This method allows an administrator with the RDC client loaded on his or her computer to access the management server over the Internet.
407
408
Chapter 18
Windows XP and Terminal Services
Figure 18.10 You can select the users and/or groups that will be granted access to this machine via the Select Users or Groups dialog box.
Troubleshooting Terminal Services Windows Terminal Services is dependent on the common services on the network, such as TCP/IP and domain services. If you’re having problems with Terminal Services, make sure that no other functions on the network are failing. A common problem with Terminal Services is connecting to the server with the older RDP 4.0 client instead of the RDP 5.0 client included with Windows 2000 or the RDP 5.1 client included with Windows XP or Server 2003.The clients appear and function in a similar manner; however, the advanced functionality enabled in RDP 5.1, such as audio support and keyboard mapping, is not available with the older RDP clients. The multiple-monitor support in Windows XP can cause problems when connecting to one of these machines. If the application you want to work with was last displayed, or is currently displayed, on the secondary monitor, you will not be able to see it. To move the application to your RDC session, follow these steps: 1. Click the application’s icon on the taskbar. 2. Hold down the Alt key and press the spacebar to open the Window menu. (You won’t be able to see it.) 3. Press the M key (for “move”), and use the arrow keys to move the application window into your RDC session. 4. After the application window has been moved into your session window, press the Enter key to lock it down. When trying to diagnose a possible Terminal Services problem, sometimes you need to know what mode the server is in.To determine which mode a Terminal Services server is using, follow these steps: 1. Click Start, Programs, Administrative Tools,Terminal Services Configuration. 2. Select Server Settings in the left pane of the window.
Third-Party Terminal Services and Related Utilities
3. Locate the Terminal Server Mode row in the right pane.The mode is listed in the Attributes column. There are many applications, including some from Microsoft, that you cannot install on the Terminal Services computer from a Terminal Services session.You have to install these programs from the physical server console.These programs include SQL and most of the service packs for Windows. When running Terminal Services on a domain controller, non-administrative users cannot log on to a TS session.This is because, unlike member servers, a domain controller does not automatically give the Users and Authenticated Users groups Log On Locally rights by default.This permission setting has to be changed in the Group Policy object for the domain controller. Note, however, that if you enable it correctly, users have the Log On Locally right to all domain controllers. For this reason, having a dedicated, standalone server for running Terminal Services is recommended. To give a user or group the Log On Locally right on a domain controller, follow these steps: 1. 2. 3. 4. 5. 6.
Click Start, Programs, Administrative Tools, Domain Controller Security Policy. Double-click the Security Settings folder. Double-click Local Policies and then click User Rights Assignment. Under the Policy column, click Log On Locally, and then click Add. Click Browse, select the appropriate group, and then click Add. Click OK three times to save.
Third-Party Terminal Services and Related Utilities Although the basic functionality of Windows Terminal Services is sufficient for most uses, a number of companies offer additional products to enhance it. In addition to the Citrix MetaFrame and WinFrame products already discussed, Citrix offers other associated products for use with Windows Terminal Services.These products include application and management utilities and a video-on-demand module for use with MetaFrame. For more information, see the Citrix Web site at http://www. citrix.com. Network Computing Devices (NCD) offers a full line of Windows-based terminals and software for use with Windows Terminal Services. For more information, see NCD’s Web site at http://www.ncd.com. Integrated Data Processing, Inc. offers the ServerBoss product, a server utility used to limit the number of concurrent Windows TS sessions or MetaFrame ICA Sessions by
409
410
Chapter 18
Windows XP and Terminal Services
user account.This utility is useful when you don’t want users to have multiple sessions open, thereby using additional system resources.The utility is also useful when you are providing billable access and need to prevent users from accessing more sessions than they have paid for. ServerBoss enables you to select which users and servers are subject to the login limitations. More information is available from the Web site at http://www.serverboss.com/.
For More Information Unfortunately, only so much information can be covered in a single chapter. For more information on Microsoft Windows Terminal Services and related technologies, please consult some of the following references: n
n
n
n
n
For more information on Windows Terminal Services, consult the Microsoft Windows Web site at http://www.microsoft.com/windows2000/ default.asp. For Microsoft white papers on Windows Terminal Services, see the Terminal Services home page at http://www.microsoft.com/windows2000/ library/technologies/terminal/default.asp. Microsoft has a public newsgroup that discusses issues dealing with the Microsoft Remote Desktop feature at http://www.microsoft.com/windows2000/ community/newsgroups/windowsxp_work_remotely.asp. For more information about thin clients as they relate to Windows and other platforms, go to the Thin Planet Web site at http://www.thinworld.com. Kanter, Joel P. Understanding Thin-Client/Server Computing. Microsoft Press, 1998. ISBN: 1572317442.
n
Kaplan, Steve, et al. Citrix MetaFrame for Windows Terminal Services:The Official Guide. Osborne McGraw-Hill, 2000. ISBN: 0072124431.
n
Mathers,Todd W. Windows NT/2000 Thin Client Solutions: Implementing Terminal Services and Citrix MetaFrame. New Riders, 2000. ISBN: 1578702399.
n
Seltzer, Larry. Admin911:Windows 2000 Terminal Services. McGraw-Hill Professional Publishing, 2000. ISBN: 0072129913.
n
Sinclair, Joseph T., et al. Thin Clients Clearly Explained. Morgan Kaufmann Publishers, 1999. ISBN: 012645535x.
n
Syngress Media. Configuring Citrix MetaFrame for Windows 2000 Terminal Services. Syngress Media, 2000. ISBN: 1928994180.
IV Managing Your Windows XP System(s) 19
Windows XP and Storage
20
Windows XP Backup and More
21
Scripting and Automation
22
Tuning and Optimizing Windows XP
23
Managing Applications
24
Printing with Windows XP
25
Managing System Security
26
Managing System Recovery
19 Windows XP and Storage
M
ANAGING DATA AND STORAGE WITH WINDOWS XP ensures that your system runs more effectively and efficiently.The built-in Windows XP tools and operating system controls enable network administrators to make the most of available disk space.
Windows XP carries over useful utilities from NT as well as the additions introduced with Windows 2000. Support for dynamic disks, offline file cache, removable storage, and data compression are just a few of the storage options available in Windows XP. Disk quotas enable you to maintain control over how much disk space users can have. Windows XP also introduced a few new features of its own. New to Windows is built-in support for burning CDs and encrypting files that are cached offline. Before you can dive in and begin using these new tools and features, however, you must understand the nuts and bolts of the operating system and how to configure it, which is the focus of this chapter.
FAT and NTFS Microsoft operating systems, from MS-DOS to Windows 9x to Windows XP, have supported two primary file systems: the file allocation table (FAT) for MS-DOS and Windows 9x and the New Technology File System (NTFS), which was introduced with Windows NT.The original file system used by MS-DOS was the 16-bit FAT, which is limited to eight-character filenames and three-character file extensions (called an 8.3 filename).This simple table structure is read from beginning to end, one entry at a time, to find a file. Windows 95 introduced Virtual FAT (VFAT), an improvement to the original FAT. Windows 95 OSR2 came with FAT32, which foreshadowed the Windows 98 FAT32. FAT32 is a native 32-bit file system that uses space much more efficiently than any previous version of FAT.Windows 98 offered support for FAT,VFAT, and FAT32. However, other Microsoft operating systems, such as Windows 95 (first release), MS-DOS, and
414
Chapter 19
Windows XP and Storage
Windows NT, could not use FAT32 running on a Windows 98 machine in a multi-boot configuration.Table 19.1 compares all these file systems. Table 19.1 Comparison of Microsoft File Systems Feature
NTFS
FAT32
VFAT
FAT16
Maximum size Long filename support File-level security Self-repairing File-level compression POSIX support
16EB Yes Yes Yes Yes Yes*
4TB Yes No Yes No No
4GB Yes No No No No
2GB No No No No No
*
Windows XP does not support POSIX (Portable Operating System for Unix). However, NTFS does support it.
When you use NTFS, you gain the advantage of a recoverable file system. NTFS uses transaction logging and recovery techniques that allow it to check its log file to restore the file system in the event of a failure. NTFS does not restrict the number of entries in the root folder, can handle up to 16 exabytes (EB) of storage space, and uses smaller clusters than FAT, which speeds access. Table 19.2 details the cluster size differences. Note The High Performance File System (HPFS) is not supported by Windows XP. You must convert HPFS volumes to NTFS to install Windows XP.
Table 19.2 Comparison of Cluster Size Differences Volume Size
FAT16
FAT32
NTFS
7MB–16MB 17MB–32MB 33MB–64MB 65MB–128MB 129MB–256MB 257MB–512MB 513MB–1,024MB 1,025MB–2GB 2GB–4GB 4GB–8GB
2KB 512 bytes 1KB 2KB 4KB 8KB 16KB 32KB 64KB Not supported
Not supported Not supported 512 bytes 1KB 2KB 4KB 4KB 4KB 4KB 4KB
512 bytes 512 bytes 512 bytes 512 bytes 512 bytes 512 bytes 1KB 2KB 4KB 4KB
Installing, Configuring, and Partitioning Disks
Table 19.2 Continued Volume Size
FAT16
FAT32
NTFS
8GB–16GB 16GB–32GB 32GB–2TB
Not supported Not supported Not supported
8KB 16KB Not supported
4KB 4KB 4KB
Windows 2000 was the first OS to alleviate the problem of operating systems not being able to recognize a particular file system by offering full support for FAT16, FAT32, and NTFS (see Table 19.3).Windows XP follows in its footsteps. Table 19.3 Comparison of Operating Systems and Supported File Systems Operating System
File System Compatibility
Windows XP Windows 2000 Windows NT 4.0 Windows 98 Windows 95 (OSR2) Windows 95 MS-DOS
NTFS, FAT32, FAT16 NTFS, FAT32, FAT16 NTFS, FAT16 FAT32, FAT16 FAT32, FAT16 FAT16 FAT16
Windows XP works best with NTFS because it is the native Windows XP file system. Windows XP is built on a new version of NTFS, version 5.1. It has all the features you have grown to love in previous NTFS versions, such as encryption, disk quotas, reparse points, volume mount points, and sparse files, and offers increased security over its predecessor. From a user’s point of view, files are organized into directories, but there is no special treatment of root directories or limitations set by underlying hardware.The Windows XP file system also increases file system and data availability through features such as Dynamic Volume Management and client support for the distributed file system (DFS), which was available as an add-on service to Windows NT. Windows XP supports two types of CD-ROM and DVD file systems: Compact Disc File System (CDFS) and Universal Disk Format (UDF).These file systems have limitations, and each organizes its data in a different manner. Using CDFS, you have the ability to boot from the CD-ROM.
Installing, Configuring, and Partitioning Disks All Windows XP installations go through the same basic steps to prepare a computer for the setup process. After checking that all hardware is on the Hardware Compatibility List
415
416
Chapter 19
Windows XP and Storage
and the computer has adequate RAM, processor, and hard disk space, you are ready to insert the Windows XP CD. Next, you should read the Readme.txt file located on the CD to get pertinent information on installing the operating system. Note There has been no major change in partitioning your hard drive since Windows NT and Windows 2000. You can format and partition your hard drive during the Windows XP setup.
For the most part, the Setup Wizard walks you through the rest of the process. It asks for the usual assortment of information: licensing agreement, regional settings, computer name, date/time, and network settings. After this information is gathered, the actual installation begins.The system then verifies the hardware and configures the operating system. After this process is completed, you log on to Windows XP and finish configuring your installation.
Basic and Dynamic Disks Windows XP uses two types of disk configurations: basic disks and dynamic disks. A basic disk is similar to the disk structure used with Windows NT and Windows 9x. A dynamic disk, first introduced in Windows 2000, gives you more flexibility and power than the standard basic disk. A basic disk is limited to only four partitions per hard disk, but dynamic disks (also called dynamic volumes) are not limited by these restrictions, and you can configure volumes without having to reboot the system. However, only Windows 2000,Windows XP Professional, and Windows .NET can access dynamic disks. Another benefit is that dynamic disks can also be administered remotely over the network.These volumes also increase the reliability of Windows XP. .
For a detailed discussion of remote access in Windows XP, see Chapter 17, “Remote Access,” p. 353.
The Disk Management console has replaced Disk Administrator in Windows XP. Disk Management is a snap-in for the Microsoft Management Console (MMC) and enables you to work with both basic and dynamic disks. Figure 19.1 shows the Disk Management window. A dynamic disk is one that has been upgraded by Disk Management and does not use partitions or logical drives. In place of partitions and logical drives, there are dynamic volumes, which can be accessed only by Windows 2000,Windows XP Professional, or Windows .NET, and they are not supported on laptops or removable media. Dynamic volumes can support simple, spanned, and striped volume types as well as RAID 5.The only limitation is that the system volume and the boot volume cannot be part of a spanned or extended volume.
Installing, Configuring, and Partitioning Disks
Figure 19.1 You can access information about basic and dynamic disks from the Disk Management console.
Basic disks are the default configuration for Windows XP.They can be used with any combination of FAT, FAT32, and NTFS.The only mandatory parameter is that if the basic disk setting is used, it must be used on the entire volume.Table 19.4 compares dynamic and basic disks. Note When talking about basic and dynamic disks, the terms used to refer to logical separation of storage space are “partition” and “logical drives” for basic disks and “volumes” for dynamic disks. Both types of disks cannot reside on the same physical device. When a disk is upgraded to dynamic, the entire spindle is upgraded, including all partitions and logical drives that disk might contain. Also, there is no way to convert dynamic to basic and retain the data on the device.
Table 19.4 Comparison of Dynamic and Basic Disks Dynamic Disk
Basic Disk
Only Windows 2000 or later can access Simple volume System and boot volumes Volume partition Volume and unallocated space Simple volume Spanned volume Striped volume
Any OS can access Primary partition System and boot partitions Active partition Extended partition Logical drive Volume set Striped set
417
418
Chapter 19
Windows XP and Storage
The basic disk structure is familiar to most administrators. Basic disks are arranged in volumes, which include a primary partition, logical drives, and extended partitions, and have not changed since MS-DOS. In fact,Windows 9x,Windows NT, and MS-DOS systems can all access basic disks. You can use many of the same tools in Windows XP for working with a basic disk that you used in Windows NT.Windows XP sets up a basic disk as the default so that users can use tools, methods, and troubleshooting techniques with which they are already familiar. An improvement in Windows XP is that you no longer need to reboot the computer for changes to take effect.Windows XP makes the changes right away and, for better or worse, gives no form of confirmation. Settings created with Windows NT are still supported by Windows XP and the Disk Management tool. For example, striped sets created with Windows NT on a basic disk are supported, even though you cannot create new ones.This is because multiple disk storage systems need to use the fuller functionality of dynamic disks. Note Mirrored sets, spanned volumes, striped sets, and striped sets with parity are supported on Windows XP only by using dynamic disks.
You can upgrade a basic disk to a dynamic disk, but you cannot extend it.The reason is that after conversion, the basic disk is still linked to the partition table and must conform to the listings on the partition table. Following are the similarities that dynamic and basic disks share: n n n n
Disk sharing and security Drive letters, partitions, CD-ROM drives Ability to view size, label, type, and file system Ability to check capacity, free space, and status
File Management Utilities Windows XP provides a broad range of tools that can help administrators and users manage and work with the operating system’s configuration and data.The MMC is the standard Windows XP utility. It offers a consistent user interface for various plug-ins that add functionality.To manage files, you must be able to assign rights to folders and files. Windows XP uses the NTFS file system, and only with NTFS can you assign access rights to files and folders.Table 19.5 describes the levels of permissions in NTFS.
File Management Utilities
Table 19.5 NTFS File and Folder Permissions Permission
Description
Read Write List Read and Execute
View files and folders and their ownership, attributes, and permissions. Create new files and folders, change attributes, and view ownership. View files and folders.This permission is given only with folders. Open folders, read, and list permissions. If applied to an application, you have permission to run the application. Delete, write, read, and execute permissions. Perform all actions, take ownership, change permissions, and delete. Deny access.
Modify Full Control Deny
When users try to open a file or folder that has permissions set, their ID and group membership are first compared to the file or folder’s Access Control List (ACL).The ACL on a file or folder determines who can access the file or folder and what level of access is allowed.The ACL is made up of multiple access control entries (ACEs), which correspond to the access permissions of a user or group. After Windows XP compares users’ permissions and the file or folder’s ACL, users can then access the resource with whatever permission level they have. In NTFS and Windows XP, permissions are cumulative, and it is their total weight that defines access in the ACL. For example, if a user’s account allows Read access to a particular folder, but the user belongs to a group that has Full Control access, the user ends up with Full Control to the folder. In other words, the least-restrictive permission applies. One tricky point is that file permissions override folder permissions, so if a user has Full Control access to a file within a folder the same user has no access to, the user can still access the file with Full Control. However, this requires knowing the path to the file because the folder does not appear in a browse window, as in Windows Explorer. Finally, the Deny permission takes precedence over all other permissions, regardless of the type.This has been true since Windows NT, and users/administrators with experience setting permissions in Windows NT know that the Deny permission means no access. Even if a user belongs to a group that has Full Control access to a resource, the user cannot access it if he or she has the Deny permission set for the resource. Planning and documenting how your users and groups access resources and what permissions are assigned to them are essential administration tasks. Following are some hints: n n n
Assign permissions to folders instead of files Create groups, assign permissions to groups, and then add the users to the groups Centralize and separate common folders and data from the operating system and create home directories for users
419
420
Chapter 19
Windows XP and Storage
Disk Quotas Windows XP also supports disk quotas, which enable you to assign a certain amount of disk space to each user.These quotas also warn you if the user comes close to the allotted space or tries to exceed it. Two variables need to be set for disk quotas: disk quota limit and quota warning level. The disk quota limit tells Windows XP how much space a user can have. For example, if you want to set the maximum amount of space for each user to 45MB, you would set the disk quota limit to 45MB. The second variable is the quota warning level.When users come close to their allotted amount of space, this setting enables the system to issue warnings to those users.To enable disk quotas, simply right-click the drive where you want to enable the feature, and choose Properties. Next, select the Quota tab (see Figure 19.2).
Figure 19.2 You can limit a user’s disk space in the Quota tab of a hard disk’s Properties dialog box.
After a disk quota limit has been set, users cannot exceed the defined space (unless you permit it). If they try to, they receive an “Insufficient disk space” error onscreen.They cannot write data to the drive until space is freed up to do so, just as when you are trying to save a file to a floppy disk that does not have the necessary amount of space available.You have no other choice but to move some items off the floppy disk to make room for the new file.
Data Management
In the preceding example of 45MB per user, you can set a quota warning at 40MB. When users arrive at that plateau, a message box appears, notifying them that their disk space quota is nearly full, and they should either remove files or move some files to another location. You can, if needed, allow users to exceed their allotted disk quotas.You might want to do this if, for example, you are tracking a user’s disk space usage but have not necessarily assigned a certain amount of space to use.To do this, select the Log Event When a User Exceeds Their Quota Limit check box so that it is written to the Windows XP System log.The Event log can notify you that a user has exceeded the assigned disk quota, but the user can continue working without even knowing that a disk quota has been assigned.This option is valuable for tracking people who might be abusing use of the network and server. For disk quotas to work in Windows XP, all volumes must be formatted with NTFS. They can be set on local or networked volumes and can also be set for remote users.To do so, the remote machine must be formatted with NTFS and shared.You then enable disk quotas on the remote computer, and it becomes part of your disk quota scheme. If a Windows 2000 computer with NTFS has been upgraded to Windows XP, disk quotas can be supported. If disk quotas are enabled on a system that already has users and files,Windows XP calculates the disk space utilized by users who have copied, saved, moved, or taken ownership of a file up to that point.The disk quota limit and warning settings are then applied, and tracking begins. If users have not copied, moved, saved, or taken ownership of any file before disk quotas are enabled, they start with a clean slate. Disk quotas store usage information in the user’s security ID (SID), not the user’s account name. To remove a user from the volume where disk quotas are enabled, you must first move the files that user owns off the volume (or change his or her ownership), and then you can delete the user’s quota limits and warnings.The built-in quotas are quite limited. Several third-party utilities (described in “Third-Party Storage Management Utilities” later in this chapter) are on the market for production environments.
Data Management Managing data on a PC is a task that, if not properly maintained and controlled, can quickly turn into a massive headache. Part of having an effective storage plan is knowing how folders are to be categorized and where they should be located within the system.
Cleaning Up Files and Folders Windows XP offers various methods for working with files and folders in Windows Explorer.The Offline Files and Folders utility enables users to work on files stored on
421
422
Chapter 19
Windows XP and Storage
the network if the network resource is not available. Files and folders are also indexed, meaning you can search for them based on their content, author, size, and other factors. At times you need to remove some files and folders to make space for new ones and to simply clean up a PC’s hard disk.The easiest way to do this is to open Windows Explorer, map to the drive containing the folders and files, and delete them. However, sometimes a file or folder is deleted by accident, either by you or a careless user.What happens next, and how do you recover the deleted file or folder if needed? The deleted files and folders are transferred to the Recycle Bin.They are held there until you empty the Recycle Bin or until the Recycle Bin automatically deletes them, based on the disk quota settings and how long the file or folder has been held there. When a file or folder is removed from the Recycle Bin, or if it has been deleted at the command prompt or by another application’s delete function, it can no longer be retrieved from the Recycle Bin. It’s not actually deleted from the hard drive, however. That’s the good news. Getting at it is the hard part.The first letter of the file or folder name is changed to a tilde (~), which hides the file. It is stored in its original location on the hard drive until the hard drive needs to free up space, at which point it is permanently deleted from the hard disk. Tip There are third-party tools you can use to assist in recovering deleted files and folders. For example, Undelete 3.0 from Executive Software looks for files with a tilde as the first letter of the filename, so if you use Undelete immediately after a file has been deleted, you have a good chance of recovering it because the operating system might not have overwritten the space the deleted file was occupying. (The Web site for this product, as well as others, can be found in “Third-Party Storage Management Utilities” later in this chapter.) Also note that having deleted files on the hard drive could raise security concerns. If you want deleted files to be permanently deleted, you can use a file-scrubbing utility to permanently delete such items.
Compressing Files and Folders Another way to work around cleaning up a hard drive is to compress the existing files and folders.Windows XP supports compression on individual files and folders and NTFS volumes.You can have compressed files in folders that are not compressed, and you can have compressed folders containing files that are not compressed.The files and folders compressed on an NTFS volume can be accessed and read by a Windows application in its current state, meaning that you do not have to use a program that would decompress the file or folder first. Data compression frees up space for more data or files, but does slow access to that data. Compressing or decompressing a file or folder is relatively easy.You can use My Computer,Windows Explorer, or a command-line utility called Compact.You can set
Data Management
the compression state for a folder and the files it contains, meaning you can choose which files are compressed.You can also compress the volume with the Data Compression feature.To do so, open My Computer and right-click the drive. Select the General tab in the Properties dialog box, and then select the Compress Drive to Save Disk Space check box to compress the entire drive. Windows XP Data Compression works with NTFS to compress and decompress files or folders. If the file or folder is transferred to a FAT volume, however, it loses its compression and security settings.
Defragmenting Disks FAT, FAT32, and NTFS file systems become fragmented over time. Fragmentation occurs when the operating system saves a file to the first available space on the hard disk, regardless of where it should be placed for maximum efficiency. Imagine your hard disk as a large, flat piece of paper with blocks drawn from side to side and top to bottom—much like a blank Excel spreadsheet. Each block represents a section of the hard drive (for simplicity’s sake, say that each block equals 1MB). If an application needs 5MB of hard disk space, you would color in the first five blocks, starting at the upper-left side of the paper, filling them in from left to right.The next application you install requires 15MB, so you would color in the next 15 blocks. In a perfect world, this is how a hard disk’s space should be filled up. In the real world, the hard disk’s space is not organized as well. Applying the preceding example to a real-world disk, data is probably already stored in the first available block, so the first 5MB might be placed in the middle of the paper.The next 15MB might be scattered throughout the paper, with a few at the bottom right, a few in the middle, and a few at the top. Blocks are filled in haphazardly all over the paper.This is fragmentation. As this process continues with other applications on the hard drive, disk fragmentation occurs, which can slow down or degrade disk performance. Windows XP includes the Disk Defragmenter tool to defragment a hard drive.You might remember this tool from your Windows 9x days. It consolidates the files spread out over the disk and groups them more efficiently, much like placing the colored blocks in consecutive order on the “paper” disk.This reorganization of files enables the disk to work more rapidly because the disk head does not need to jump back and forth across the disk area while reading a file. By being able to find files quickly in one location, the operating system can respond more efficiently. To use Disk Defragmenter, log on as the Administrator (or an account that has administrative rights).Then click Start, Programs, Accessories, System Tools, Disk Defragmenter to open the Disk Defragmenter window (see Figure 19.3).
423
424
Chapter 19
Windows XP and Storage
Figure 19.3 You can use Disk Defragmenter to defragment your disks.
Disk Defragmenter can defragment NTFS, FAT, and FAT32 volumes.To start defragmenting your drive, select the drive and click the Analyze button. After Disk Defragmenter analyzes your drive, a message box tells you whether you should defragment your drive (see Figure 19.4).
Figure 19.4 After analyzing your drive, Disk Defragmenter tells you whether you should defragment the drive and offers options to view the report, defragment, or close the message box.
This message box also gives you the option of viewing the analysis report; to view this information, click the View Report button. If defragmentation is necessary and you proceed with the process, Disk Defragmenter displays a graphical representation of the process on the hard disk.When the defragmentation is finished, a message box appears, stating that defragmentation is complete and offering to display the defragmentation report. Click Yes to see the report. It is best to use Disk Defragmenter when there is minimal or no activity on the computer because when files are accessed during defragmentation, the hard drive suffers performance degradation (making a tough job tougher). Applications should be closed, and if you’re using a server, users should be notified to log off and work locally.
Data Management
Tip Before installing an application that requires a large amount of disk space, run Disk Defragmenter so that larger blocks of free space are available for storing the new application.
You can also defragment your disk from the command prompt.Windows XP introduces a command-line interface to Defrag.exe, the defragmentation utility. Passing Defrag.exe the /? parameter displays all available options. It has the same limitations as the MMC version of Disk Defragmenter. It has one big advantage, however: It can be scheduled with Task Scheduler.
Repairing, Replacing, or Moving Data Repairing data in Windows XP is similar to earlier versions of Windows that used ScanDisk.Windows XP, however, uses a scaled-down version of ScanDisk, called CheckDisk, which is a repair program that can scan files, folders, or the disk surface for errors.You run CheckDisk from the command prompt by entering the Chkdsk command. Again, you can see all available parameters for this command by issuing the chkdsk /? command. CheckDisk requires exclusive use of the file system to ensure that another application is not writing data to the hard drive at the same time, thus risking data corruption. CheckDisk can correct problems related to long filenames, lost clusters, cross-linked files, directory tree structures, and bad disk sectors on the drive. When your data cannot be repaired, there is nothing left to do but replace it, which is why having backups is so important. Replacing data with a backup copy is covered in detail in Chapter 20, “Windows XP Backup and More.” When moving data, keep in mind that the move might affect its assigned permissions. If you are copying data from an NTFS-formatted drive with permissions assigned, these permissions are retained as long as the destination drive is also formatted with NTFS. If the destination drive is formatted in a version of FAT, the permissions to the file/folder are lost. A compressed file that’s moved locally or across the network to a file or folder on an NTFS volume maintains its compression state regardless of the destination file/folder’s state, so the compressed file remains compressed. Copying a file or folder, either locally or across the network, can change its compression state, depending on the file system in use.The compression attribute controls the state of each file or folder.
Working with Removable Media Windows XP uses the Removable Storage feature to deal with removable media, which includes 8mm tapes, magnetic disks, optical disks, and CD-ROMs.This feature simplifies configuring backup programs because support is built into the OS.
425
426
Chapter 19
Windows XP and Storage
Before Windows 2000, it was the responsibility of the backup program’s vendor to include access to drivers and programming methods for the many types of backup media available—for example, 8mm tape drives, DAT, DLT, DVD, and so on.Vendors that produced backup devices generally included the software needed to work with the device. However, Removable Storage has taken over functions that were previously the responsibility of device manufacturers or software vendors, so providers of storage applications can now concentrate on user features rather than hardware issues. Plug and Play (PnP) is a key component for Removable Storage because it is PnP that tells Removable Storage where devices have been attached to the system.This is why it is vital that equipment used with Windows XP is on the HCL and is PnP-compliant. If a device is not on the HCL or its relationship with Windows XP is somewhat unclear, you might not be able to use the full features of Removable Storage, or, worse yet, you might end up with the dreaded Blue Screen of Death. Removable Storage assigns each storage medium a unique ID called a logical identifier. When an application needs to store data on a specific medium, it notifies Removable Storage of the medium’s ID, and Removable Storage retrieves the device’s driver.When applications make requests to Removable Storage, it provides the low-level services that act on those requests. Removable Storage mounts and dismounts media, and applications can use Removable Storage to identify and keep track of the tapes they use. Removable Storage provides a fail-safe mechanism: If the medium storing data begins to fail, Removable Storage can replace it with another medium so that data is not stored on a faulty drive. It also cleans drives, adds and removes media, and keeps a library inventory with its attributes. Media Pools Removable Storage eliminates the complex configuration of storage device software by organizing the various media into a pool. A media pool refers to the system’s collection of storage devices. Media pools are used to control access to the media, to share media across applications, and to group them by usage. There are two classes of media pools: system and application. System pools hold media that no applications are currently using and are divided into the following categories: n
Free pools. Devices that can be freely shared among applications, but contain no data. An application can draw media from the free pool if required and can return it when no longer needed.
n
Unrecognized pools. Media that Removable Storage cannot recognize. If data is written on a device that is in the unrecognized pool, Removable Storage cannot catalog or read it, although the application using the device might be able to do so.
n
Import pools. New media that have been added to a library.
Data Management
The application pool, created by applications or the Removable Storage snap-in, is used to group media. Numerous applications can be used with backup media, so if more than one application is sharing a storage medium, grouping is used to facilitate assigning permissions for sharing the medium. Tip If an application is a Removable Storage–aware client application, it can perform its configuration and setup during its installation and be assigned to the free pool. Most applications draw media from the free pool. Be sure that Windows XP supports the application.
Data Libraries Removable Storage goes through the system’s attached media and detects which ones are attached and which ones are standalone. For the most part, Removable Storage can do this process on its own. At times, however, manual configuration is required. Media can be in one of two locations: a library or an offline location. Removable Storage supports both media location types. A library is simply the media device or devices. A CD-ROM drive used to write data to a CD is considered a type of library. All libraries have some common features, such as a slot. Slots can be organized into a collection, which is called a magazine. Another common feature of a library is the drive, which is a device that can read and write to the tape or cartridge, such as an Iomega Zip drive. Libraries also have transports, which move the tape from its slot to the drive and then back again. Bar code readers, insert/eject ports, and doors are also part of libraries. If the media are not in the library physically—meaning they could be in a desk drawer or on a shelf—Removable Storage defines them as being in an offline location. Media taken offline are also classified as offline, and when they are brought back online, Removable Storage reclassifies them as online. Removable Storage Database Removable Storage keeps track of all media components with the Removable Storage Database.The database contains the status of system components and maintains the media inventories. It stores all properties of the objects being managed, such as the library and pool configuration.This database is used only by Removable Storage and cannot be accessed by applications or administrators. Although you cannot access the database, backing it up regularly is important. Even if the storage media do not change, it is important to back up the Removable Storage Database because it not only lists devices and libraries, but also contains information on installed applications and the methods they use.The default location of the Removable Storage Database is at %systemroot%\System32\ntmsdata. Although Removable Storage
427
428
Chapter 19
Windows XP and Storage
does not let you access its internal database, it does provide an MMC snap-in for adding, viewing, and modifying objects.This snap-in also enables you to insert, eject, mount, and dismount media; check status information; and perform inventories.Type the following at the command prompt to run this snap-in: Ntmsmgr.msc
You can also find it under the Storage node in the Computer Management snap-in. CD Burning Support Windows XP supports CD-R and CD-RW drives right out of the box.The Image Mastering Application Programming Interface (IMAPI) enables you to write files directly to a blank CD without the need for third-party software.To write files to a CD, insert a blank CD into your CD-R or CD-RW drive and simply copy the files you want written to the CD.Windows caches a copy of these files until you’re ready to write the CD. After you’ve collected all the files you want to put on the CD, double-click the CD drive icon in My Computer. Under CD Writing Tasks, click Write These Files to CD. The CD Writing Wizard steps you through the process of writing files to your CD.
Encrypting File System (EFS) Data security is a growing concern for businesses with sensitive data on their networks. Workers who carry laptops as they travel might be carrying important data that can disappear in a moment during a lapse of concentration.These days, laptop thieves might not be stealing them for their resell value; they could be gunning for the information stored on the laptop. Windows XP uses NTFS, which enables the system administrator to enforce policies placed on a system. Even with NTFS securing folders, files, and the operating system, there are ways around it to get at the data. One way is during the initial boot sequence. In a standard boot sequence procedure, the computer reads the floppy disk before the hard disk. If you insert a specialized floppy disk, the computer boots off the floppy, and you have access to the file system by using a tool that bypasses system security and reads Windows NTFS disk structures. At this point,Windows XP and the Encrypting File System (EFS) step in. EFS is basically data encryption, based on symmetric key encryption used with public key encryption. That means two keys are issued to users: a private key and public key. Each file is encrypted with a randomly generated key, independent of the public/private key pair. This encryption makes it more difficult to use attacks that try to determine a key, so the environment has improved security. EFS uses the expanded Data Encryption Standard (DESX) encryption algorithm for key generation and file-encryption operations.
Encrypting File System (EFS)
The EFS key is used to encrypt the file and is then itself encrypted and stored in the Data Decryption Field (DDF). A recovery key is created and stored in the Data Recovery Field (DRF).The DRF can be stored on an independent medium, such as a removable disk, for additional security because it is not accessed from the operating system.To do so, you need to use the Certificate Export Wizard, which exports the information to the removable media.You have the option to delete the key from the operating system if the transfer is successful. EFS has four components, listed in Table 19.6. Table 19.6 Four Components of EFS Component
Description
EFS driver
Communicates with EFS to request encryption keys, DDFs, DRFs, or other management services. Handles operations such as read, write, open, encrypt, decrypt, time library, recover, and append. Part of the operating system’s security subsystem, it uses the local procedure call (LPC) communication port to communicate with the EFS driver. It interfaces with CryptoAPI* to provide encryption keys and create DDFs and DRFs. Provides programming connections for encrypting, decrypting, or recovering files.
EFS file system EFS service
Win32 APIs *
CryptoAPI, the interface for cryptographic operations in Windows XP, is used to generate keys.
Encrypting Files and Folders Although you can encrypt individual files, it is better to encrypt the folder instead. If a folder is encrypted, the files are automatically encrypted.This guarantees that the files remain encrypted, even after you make changes to them. Encrypting a folder is even better.This method is useful when you want to specify an entire folder as encrypted and copy encrypted files to it. Although you can still view and work with the folder list, you cannot open the files unless you have the appropriate key. Now for the tricky part: moving and copying files. Copying a file from an encrypted folder to a non-encrypted folder removes the file’s encryption. Likewise, copying a nonencrypted file to an encrypted folder results in the file being encrypted. Moving a file, on the other hand, does not change its attributes. In other words, a non-encrypted file moved to an encrypted folder remains non-encrypted.
429
430
Chapter 19
Windows XP and Storage
Note An important security item to remember is that while you are working on a file, it might be loaded into the Temp folder. This happens when an application you’re using, such as Word, copies files you are working on to the Temp folder. If the Temp folder is not encrypted, your file could be exposed. By encrypting your folders, you secure your work even if an application temporarily transfers a file to another location.
Encryption works only with NTFS volumes. If you are using a mixed system (meaning computers using FAT32, FAT, and NTFS), you must use the Export Encrypted File and Import Encrypted File features to keep files encrypted.These features ensure that the encrypted file remains encrypted, even if sent to non-NTFS volumes. Note Here is an interesting tidbit: When an encrypted file is sent to the destination, EFS decrypts the file and sends it as plain text. When it reaches the destination, it can then be re-encrypted if the target drive supports EFS. If the file can be accessed during the transfer, however, it can be read.
To encrypt files, use Windows Explorer, My Computer, or the command prompt. Select the file or folder to encrypt, right-click on it, select Properties, and click the Advanced button. Select the Encrypt Contents to Secure Data check box, and then click OK.The Encryption Warning message box opens (see Figure 19.5). Select whether to encrypt the file and parent folder or the file only, and then click OK to encrypt the file or folder.
Figure 19.5 After you choose to encrypt a file, Windows XP confirms the action it should take.
With EFS, users can start encrypting files without any additional configuration. EFS automatically sets up the key pair for the file encryption.The file encryption (and decryption) is supported through the entire folder or on a per-file basis.When encrypting a folder, all files and subfolders that are marked are automatically encrypted, with each file having a unique key.
Encrypting File System (EFS)
Following are the available tools Windows provides via EFS: n
n
n
Encryption. You can encrypt the currently selected file or folder. If a folder is selected, all files and subfolders are encrypted. Decryption. You can decrypt the file or folder that is selected. Again, if a folder is selected, all files and subfolders are decrypted. Configuration. You can generate, import, export, and manage public keys. Keys are generated automatically, so this tool is used for advanced settings.
You can also encrypt files from the command prompt by using the CIPHER command, which provides a rich set of features to choose from (see Table 19.7).The CIPHER command is used as follows: CIPHER CIPHER CIPHER CIPHER CIPHER
[/E | /D] [/S:folder] [/A] [/I] [/F] [/Q] [/H] [pathname [...]] /K /R:filename /U [/N] /W:directory
Table 19.7 CIPHER Command-Line Options Command
Description
/A
Operates on files and folders.The encrypted file could become decrypted when it is modified if the parent folder is not encrypted. Encrypting both the file and the parent folder is recommended. Decrypts the specified folders. Folders are marked so that files added later will not be encrypted. Encrypts the specified folders. Folders are marked so that files added later will be encrypted. Already encrypted objects are skipped by default during encryption.This option forces encryption on all specified objects, even those that are already encrypted. Displays files with the Hidden or System attribute.These files are not shown by default. Continues performing the specified operation even after errors have occurred. By default, CIPHER stops when an error is encountered. Creates a new file-encryption key for the user running CIPHER. If this option is chosen, all other options are ignored. Prevents keys from being updated and works only with /U.This option is used to find all encrypted files on local drives. Reports only the most essential information.
/D /E /F
/H /I /K /N /Q
431
432
Chapter 19
Windows XP and Storage
Table 19.7 Continued Command
Description
/R
Generates an EFS recovery agent key and certificate, and then writes them to a .pfx file (containing certificate and private key) and a .cer file (containing only the certificate). An administrator can add the contents of the .cer file to the EFS recovery policy to create the recovery agent for users and import the .pfx file to recover individual files. Performs the specified operation on all subfolders in the specified folders. Tries to list all encrypted files on local drives.This option updates a user’s file encryption key or recovery agent’s key to the current ones if they are changed.This option works only with /N. Removes data from available unused disk space on the entire volume. If this option is chosen, all other options are ignored.The specified folder can be anywhere on a local volume. If it is a mount point or points to a folder in another volume, you can get all available parameters by typing CIPHER /? at a command prompt.
/S /U
/W
To see whether a file is encrypted, simply check its properties and look for the encrypted attribute in Windows Explorer.The names of encrypted files and folders also show up in green text in Windows Explorer. Because users who have enabled encryption can see the encryption attribute, they simply work with encrypted files as usual—opening, closing, editing, and saving them. If another user tries to open the file, he or she doesn’t own the key needed to do so and receives an “Access Denied” message.
Recovery Agents EFS uses a recovery agent.When a key is created for encryption, a recovery key is also created. If a recovery key cannot be created because of an error, the encryption fails. There is no need to manually set or work with recovery keys because they are generated automatically.When a file is recovered, it is first sent to a recovery agent, which is set up with the Administrator account. You can encrypt just about any file or folder, but not the system root folder, which is normally c:\winnt\.Windows XP needs certain files in the system root folder during startup, and it cannot decrypt the files during startup. Caution You should not encrypt files when logged in as an Administrator because the Administrator account is the default recovery agent. Because the recovery key is assigned to this account, you have both the encryption and decryption keys if you encrypt files. Therefore, the recovery of a file is compromised in this situation.
Troubleshooting Disk Drives/Storage Subsystems
Third-Party Storage Management Utilities You can review and sometimes download trial versions of software for recovering data, cleaning a hard drive, and managing storage from these Web sites: n
n
n
n
n
Executive Software Undelete 3.0 for Windows NT/2000/XP (http://www.execsoft.com) is a utility that can help recover deleted data. DiskProbe is a Windows 2000 utility that searches a hard drive, sector by sector, for deleted text.The utility is on the Windows 2000 Server Resource Kit. DiskView is part of the Extreme Power Tools 2001 application developed by Radsoft (http://www.radsoft.net). It has a function similar to DiskProbe, but with a more user-friendly interface. LC Technology International (http://www.lc-tech.com) offers RecoverNT, a recovery application that supports local and remote systems. It works with Windows XP as well as Windows 2000, NT, and 9x. It uses FDISK (or dynamic disks in Windows XP) to recover from accidental reformats, and it can rebuild files from damage caused by viruses, power failure, or deletion. StorageCeNTral SRM (http://www.sunbelt-software.com) is a unique product that identifies, blocks, and removes unwanted, redundant, and non-critical files from taking up server space.You can select unwanted file types (such as MP3s, Outlook PSTs, or games) to prevent them from being added to your server’s backup and storage, thus saving backup time. Among other features, it also uses a quota filter driver that alerts you when disk limits are exceeded in real time.
Troubleshooting Disk Drives/Storage Subsystems Disk drive and storage subsystem troubleshooting can be separated into two key areas: data recovery and problem devices. Users can inadvertently delete or lose files, and data stored on a hard disk is susceptible to several forms of damage, including user deletion, management utility corruption, virus infection, disk platter defects, and read-head bounces. No matter what form of damage you are dealing with, there is only one guaranteed method of protecting your data: regular backups. If you don’t have a backup, your options for recovery are limited, to say the least. When files are lost, damaged, or corrupted, you need to recover the data from a backup or some other recovery system. If no backup is available, you can try the following options to restore data: n n
Restore from the Recycle Bin. Use CHKDSK to recover .chk files.
433
434
Chapter 19
n n n
n
Windows XP and Storage
Recover the file’s .tmp file. Use a third-party drive repair application, such as Norton Utilities by Symantec. Use a third-party undelete utility (discussed in “Cleaning Up Files and Folders” earlier in this chapter). Locate a vendor specializing in data recovery.
None of these options guarantees that you will recover lost or damaged data, however. Regular backups are the best solution. .
For more on the need for backups and methods for creating duplicate copies of your important data, see Chapter 20, “Windows XP Backup and More,” p. 437.
CHKDSK is a drive error detection and data recovery tool originally introduced in MSDOS.This simple tool inspects the file structure, directory structure, and surface of an entire physical drive.When it finds errors, it can attempt a repair; if a repair is not possible, it can extract data into text files and mark the disk sector as bad.The Windows XP disk subsystem does not use bad sectors; in fact, it keeps track of them and uses the disk space around them. To access the Windows version of CHKDSK, open a drive’s Properties dialog box from Windows Explorer or My Computer.The Tools tab lists three drive tools: ErrorChecking, Backup, and Defragmentation. Click the Check Now button to open the Check Disk dialog box.This simple dialog box has two check boxes: Automatically Fix File System Errors and Scan for and Attempt Recovery of Bad Sectors. Any data recovered from bad sectors is stored in that drive’s root directory with a filename of fileXXXX.chk (XXXX is a number equal to or greater than 0001). Most text editors can read these files. If these options fail to restore your system or recover your lost data, your last resort is to take the drive to a professional recovery service.These services dissect the drive and reassemble the data in an attempt to read it from the original platters (metal disks inside a hard drive, where data is actually recorded). Usually, they provide a backup tape or another hard drive with the recovered data.This service is quite expensive, so we recommend using this solution only when in dire need. If a hard drive or a drive controller proves to be defective, replace the device. Attempting to operate any system with defective devices is asking for trouble. In most cases, the replacement device will be of higher quality and store more data than the defective device; it might even cost less.
For More Information
For More Information If the information about Windows XP and storage issues in this chapter has increased your desire to learn more, here are a few resources you can research: Books n
n
n
Bott, Ed et. al. Microsoft Windows XP Inside Out. Microsoft Press, 2001. ISBN: 0735-61382-6. Cowart, Robert and Knittel, Brian. Special Edition Using Windows XP Professional. Que, 2001. ISBN: 0-789-72628-9. Ford,Warwick et al. Secure Electronic Commerce: Building the Infrastructure for Digital Signatures and Encryption. (This book covers cryptography and public key infrastructure.) Prentice Hall, 2000. ISBN: 0-130-27276-0.
Magazines Microsoft Certified Professional Magazine. December 1999–October 2000. Windows & .NET Magazine (formerly Windows 2000 Magazine). n n
Other Sunbelt Software has several tools available for storage management: n
http://www.sunbelt-software.com. n
TechNet CD (also available on the Microsoft Web site at http://www.microsoft.com/technet/).
435
20 Windows XP Backup and More
N
OW THAT YOU HAVE A GOOD UNDERSTANDING of the way Windows XP stores and handles data, it’s time to protect all that data from failure.This chapter introduces the backup solution that comes with Windows XP and explains some of the different types of hardware you can use with the Backup utility.There are also some backup strategies you can use to protect your data. If you outgrow Backup’s built-in offerings, there are some third-party solutions that pick up where it leaves off.You’ll learn about some common problems power users see with backups.
The Windows XP Built-in Backup Utility Every version of Windows, starting with NT 3.51 and continuing through Windows XP, comes with a light version of Backup Exec. It’s called the Backup utility, and its executable file, ntbackup.exe, can be found in C:\Windows\System32. Backup Exec has been shuffled around a bit, but today it is sold by Veritas (http://www.veritas.com). As with all good software, each version has gotten better, culminating with the version in Windows XP. Although it may not boast all the pluses of some third-party backup solutions, the Windows XP version might cover all your backup needs. One of the biggest changes in moving from the Windows NT Backup utility to the Windows XP version is the power that the Removable Storage Management (RSM) subsystem gives it.The RSM was added to Windows 2000 and is included with Windows XP to provide support for items such as robotic tape libraries and CD jukeboxes, but it can also deal with any type of removable media you throw at it. The Backup utility is a standalone program that supports command-line parameters.You can find its shortcut by clicking Start, All Programs, Accessories, System Tools, Backup. By default, the Backup utility launches in wizard mode.You can run through the wizard’s steps to select which elements to back up, or click the Advanced Mode link to configure the backup manually (see Figure 20.1).
438
Chapter 20
Windows XP Backup and More
Figure 20.1 You can run the Backup or Restore Wizard to back up your files, or you can switch to Advanced mode to configure the backup manually.
Tip You can also access the Backup utility from Control Panel: Click Start, Control Panel (click the Switch to Category View link), click the Performance and Maintenance link, and finally, click the Back Up Your Data link.
When you start the Backup utility, you’ll notice it has the familiar Explorer look to it, with roots in My Computer, My Documents, and My Network Places (see Figure 20.2). Navigating these three options gets you to any file or machine you want to back up.
Figure 20.2 The Backup utility in Advanced mode offers an Explorer-like interface.
The Windows XP Built-in Backup Utility
As you select an object to be backed up, a blue check mark in the box next to it tells you that it and everything below it (if it’s a folder) will be backed up. A gray check mark indicates that some, but not all, of the objects below are checked. One exception is System State under My Computer.When you select System State, three objects appear in the pane on the right: Boot Files, COM+ Registration Database, and Registry. If you try to back up any of those three separately, you’ll find that you cannot because of their high degree of interdependence. Because all objects in the System State are tied together closely, they must all be backed up at the same time for consistency.The System State includes the following: n
All files associated with Active Directory, including the Active Directory database, NTDS.dit, and all its log and checkpoint files from the \Windows\NTDS folder.
n
All files in the %systemroot% folder, usually \Windows. All files in the %systemroot%\Sysvol folder. All Registry hives from %systemroot%\System32\Config. Operating system-related files from the Program Files folder. The COM+ class registration database. Certificate Services files. The files needed to boot the machine: ntdetect.com, NTLDR, bootsect.dos, boot.ini, and ntbootdd.sys, if present.
n n n n n n
Backup Options As with most backup software, the Backup utility supports different levels of backup. These levels determine which files are written to the backup media based on the file’s archive bit or the date stamp.The Backup utility has five levels: n
Normal. This level is also known as a full backup. Every file that is selected is backed up, regardless of the state of its archive bit. After each file is backed up, the archive bit is reset. Normal backups should be run regularly to ensure that all your data is backed up.
n
Copy. A copy backup is identical to a normal one, except the archive bit is not touched.
n
Incremental. An incremental backup backs up only items that have their archive bit set. After each file is backed up, the archive bit is reset. If you want to restore files from an incremental backup, you must first restore the last full backup and then each incremental backup after that. Incremental backups have the advantage of a short backup time and smaller media footprint, but the disadvantage of a longer restore time.
n
Differential. A differential backup is identical to an incremental backup, except it does not reset the archive bit when it’s done. A differential backup always backs up
439
440
Chapter 20
n
Windows XP Backup and More
everything that has changed since the last full backup.The advantage to this level is quicker restore time because you need less backup media and need only the last normal backup and the last differential backup.The disadvantage is that your nightly backups take longer and longer each night until you run a normal backup. Daily. A daily backup backs up all files containing a modified date that is the same as the backup job run date.This option is handy if you have a program other than your backup program modifying the archive bit. A daily backup completely ignores it.
The “Managing Backup Media” section later in this chapter covers how best to use these backup levels in your organization. In addition to which files are backed up, you have other options available.You can get to these options in the Backup utility by choosing Tools, Options from the menu and selecting the General tab in the Options dialog box (see Figure 20.3).
Figure 20.3 You can configure backup options in the General tab of the Options dialog box.
Here’s a quick breakdown of each option in the General tab: n
Compute Selection Information Before Backup and Restore Operations. This option allows the Backup utility to gather the information it needs to estimate the time and disk space a particular backup will take. Clearing this check box keeps the progress bar from functioning.This option is selected by default.
n
Use the Catalogs on the Media to Speed Up Building Restore Catalogs on Disk. The Backup utility uses the catalog on the backup media to determine which files are there.This option is selected by default.
The Windows XP Built-in Backup Utility
n
n
Verify Data After the Backup Completes. Selecting this check box tells the Backup utility to compare the version of the file on the backup to the version on disk after it has backed it up. As you can imagine, this option makes for reliable backups, but it also more than doubles the backup time.This option is disabled by default. Back Up the Contents of Mounted Drives. A mounted drive functions the same as any other drive, but is assigned a name rather than a drive letter.This option allows you to back up only the directory structure of the drives you select. No files are written to the backup media.This option is selected by default.
n
Show Alert Message When I Start Backup and Removable Storage Is Not Running. If this check box is selected, the Backup utility verifies that Removable Storage Management (RSM) is running before starting up.This is necessary only if you are backing up to a device managed by RSM. If you are backing up to file, you can clear this check box.This option is selected by default.
n
Show Alert Message When I Start Backup and There Is Recognizable Media Available. Selecting this check box tells the Backup utility whether to let you know backup media is available in the Import pool. Again, if you are backing up to file, you can clear this check box.This option is selected by default.
n
Show Alert Message When New Media Is Inserted. By default, the Backup utility notifies you if a compatible medium is inserted while it is running. Clearing this check box turns that feature off.This option is applicable only if you are backing up to tape and is selected by default.
n
Always Allow Use of Recognizable Media Without Prompting. If the Backup utility is the only thing you use tapes for, you can select this check box, and all compatible media will be automatically allocated to backups.This option is disabled by default.
When it comes to restoring data, you have one choice in the Restore tab: what to do when you are trying to restore a file that has the same name as an existing file.The default option is to keep the existing file on your computer.You can also choose to have the file on your computer replaced only if it’s older than the file on the backup media. If you know it’s safe, your third option is to always have the file on disk replaced. If there are filename conflicts, it’s better to create a scratch folder into which you can load the files to restore. If you’re in a situation that warrants file restoration, the last thing you want to do is destroy more files. The options in the Backup Type tab pertain to the types of backups discussed at the beginning of this section.This is where you can choose whether you want a normal, copy, differential, incremental, or daily backup. The Backup Log tab has the options for the log file that is created.The Backup utility places this log in Documents and Settings\%username%\Local Settings\Application Data\Microsoft\Windows NT\ntbackup.exe\Data.Your three choices for log type are
441
442
Chapter 20
Windows XP Backup and More
Detailed, Summary, or None. Normally, you should use the Summary option, which gives you important information about the job in question without clobbering you with unnecessary information. A Detailed log reports each file that is backed up; this usually numbers in the thousands.The Summary option gives job-specific information along with all failures that occur. If you are experiencing problems, temporarily set the log to Detailed to get the information you need to fix the problem, but in general, there is such a thing as too much information. In the Exclude Files tab, you choose which files get excluded from backups.This option is discussed in depth later in this chapter in the section “Rules for Backing Up.”
Backing Up Data After you decide which options you want to use, you’re ready to start backing up data. The Backup utility has some helpful wizards that can guide you through backing up your files. One welcome option in the wizard is scheduling the backup to run at a later time.You can also save a backup session to a file and then just load that file each time you want to do the same backup.This file can be used with the Task Scheduler to schedule backups. Actually, if you use the Backup Wizard to schedule a backup, this is exactly what happens. After you have set the options for a particular job and selected the files you want backed up, choose Job, Save Selections As from the menu to open the standard Save As dialog box.The file you save will have the extension .bks. By default, this file is saved in the same location as the log file. In a later session, you can select Job, Load Selections from the menu to load your settings back up.
Restoring Data We hope you’ll never need the information in this section. If you don’t find yourself that lucky, however, have no fear; restoring data with the Backup utility is painless.You want to be sure before any disaster hits that you have a good naming policy in place for your backups.The Backup utility uses the RSM to keep track of its backup media, and the RSM keeps track of backup media by name. Make sure your backup names make sense to you now so that you can recognize them while you’re in the heat of battle.The section “Managing Backup Media” later in this chapter covers three ways to organize your backups. Having one of them in place before a problem arises can save you a lot of headaches. To restore files using the Backup utility, select the Restore and Manage Media tab. In the left pane, find the backup media with the data you want to restore. If you need to restore from both full backups and differentials or incrementals, do the full backup first and then restore the others to avoid possible confusion. Also, to prevent unintentionally overwriting files on disk, verify your settings in Tools, Options. After you select the files you want to restore, click the Start Restore button, sit back, and watch the show.The Backup utility opens a Restore Progress window to monitor the backup’s progress. After the restore is completed, close the window.
Other Backup Alternatives
Other Backup Alternatives This section covers some of the less expensive, lower-capacity alternatives for backups and looks at the following devices in more detail: n n n n n n
Iomega Zip drives and the like Iomega Jaz drives and similar products CD-Recordable (CD-R) CD-Rewritable (CD-RW) DVD-Recordable Duplicate drives
Iomega Zip Drives and the Like When Iomega released the first Zip drive (http://www.iomega.com/zip), it changed the face of removable media for years to come. Upon release, it wasn’t the largest drive available—it wasn’t even the fastest.What it did have going for it was style. In a world besieged with beige as far as the eye could see, the Zip drive was a blue glimmer of hope. The original Zip drive held 100MB of data and connected to a computer via a SCSI port or parallel port.Today, Zip drives can hold 250MB, and they can connect to your computer by SCSI, parallel, or USB.They can also be mounted internally with an IDE interface. Laptops and Macintosh computers can also have Zip drives mounted internally. With an install base measured in the millions, after the floppy drive, the Zip is second in popularity in the removable media world. One feature the Zip drive does not have is compatibility with existing 3.5-inch floppy disks.That’s where the Imation SuperDisk (http://www.superdisk.com) comes in. It doesn’t wear blue tights, it cannot leap over tall buildings in a single bound, but it can read floppy disks and SuperDisks that hold 120MB. Originally called LS-120 drives, these drives look and work just like a regular floppy drive. If you are a notebook user, the LS120 is ideal because you need to carry only one drive.
Iomega Jaz Drives and Similar Products If you find Zip drives and SuperDisks a little confining, you might want to consider the Iomega Jaz drive (http://www.iomega.com/jaz).These drives can hold 1GB or 2GB per disk.The standard interface to a Jaz drive is an Ultra SCSI connection, but Iomega makes adapters for parallel ports, USB ports, and PCMCIA sockets, allowing you to connect the drive to almost anything. The Jaz drive used to have a competitor in the SyQuest SyJet drive, but in November 1998, SyQuest filed for bankruptcy. In April 1999, it agreed to sell all its U.S. assets to Iomega, leaving the Jaz drive alone in its field.
443
444
Chapter 20
Windows XP Backup and More
CD-Recordable (CD-R) Like the Zip drive, CD-Recordables (CD-Rs) have made a big impact on the computer world. Based on the CD-ROM standard, current CD-R drives enable you to record 650MB of data in about 10 minutes. CD-R media are readable by nearly any CD-ROM drive faster than 6x, making it a universal format. CD-R media are not susceptible to magnetic interference, so they are quite robust. Recording is permanent, and the CDs cannot be erased.
CD-Rewritable (CD-RW) Like CD-Recordables, CD-Rewritable (CD-RW) media can hold 650MB of data. Unlike CD-Rs, CD-RW drives can erase data on CD-RW disks or format them completely. CD-R and CD-RW media are different, although most CD-RW drives are backward-compatible and can write to CD-R media like a CD-R drive. Support for CD-RW was spotty at first, but many CD drives support them now. If you’re having trouble reading a CD-RW disc in your CD-ROM, consult the documentation because it might not be supported.
DVD-Recordable DVD is an acronym for Digital Versatile Disk or Digital Video Disk. DVDs look similar to CDs, but the similarity ends there. DVDs cannot be read by CD-ROM drives, although DVD-ROM drives can read CDs.They can hold more than 4GB per side, and they can be written to on both sides.There are currently three standards for consumer recordable DVDs: DVD-RAM, DVD-R/RW, and DVD+R/RW. DVD-RAM and DVD-R/RW are standards supported by the DVD Forum (go to http://www. dvdforum.com for more information), and DVD+R/RW is a separate, incompatible standard put forth by the DVD+RW Alliance (go to http://www.dvdrw.com for additional details).
Duplicate Drives You can also back up your data to a duplicate hard drive. Many companies make removable drive bays for hard drives.These bays support USB, IDE, and SCSI interfaces, so you can put a removable hard drive into a machine and use it for backups.To do this, you can use the following methods: n n
n
Copy important files to the removable drive in Windows Explorer. Create a bootable recovery drive, and install a bare-bones copy of Windows XP on the removable disk. If anything goes wrong with your standard installation, you can boot to the removable drive and recover your data. The Backup utility supports backing up to files.You can back up your files to a removable disk and store it offsite.
Choosing an Appropriate Backup Device
n
n
Products such as Ghost (http://www.norton.com/ghost) from Symantec or Drive Image (http://www.powerquest.com/driveimage) from PowerQuest enable you to save an image of a physical drive or partition to a file.This file can be used to restore the partition later and makes a great point-in-time image of a machine. Image Cast 3 from StorageSoft (http://www.storagesoft.com/ic3/) produces copies of hard drives, including the partitions, Registry settings, and applications, and restores the images onto target drives.
Choosing an Appropriate Backup Device Determining the appropriate backup device for your environment is not a decision to take lightly. Many factors affect which device is best for you. Here are a few considerations: n n
Backup space. How much drive space do you have to back up? Backup window. What is your backup window? (How long do you have each day to back up data?)
n
Downtime. What is an acceptable amount of time to be down, waiting for a restore?
n
Affordability. What can you afford?
Backup Space You need to make sure the media you use matches your size requirements. It doesn’t make a lot of sense to back up a server with 100GB online to a 100MB Zip drive.With the days of 100GB IDE drives for $200 (or less) upon us, the need for a high-capacity backup is here. As a power user, you need to make a good assessment of how much data you want to back up.When determining this amount, be aware of how much space it would take for a full backup of each machine individually. If your largest server has 100GB online, that’s where you want to start your size requirements.You’ll also want to plan for the future. Hard drives are only getting bigger, and many companies are getting more servers, not fewer.You don’t want to get a backup solution you’ll need to replace in a year. Give yourself some room to grow.You might want to consider adding a tape library to your backup system.Windows XP now has built-in support for these devices. In NT, the library was an expensive investment, and so was the software to use it. A tape library offers you the following advantages: n
You don’t have to change tapes daily.You can load the library up with several days’ worth of media and let it go.This is especially handy if you have a site that doesn’t have any support people to change tapes every day.
445
446
Chapter 20
n
n
Windows XP Backup and More
If the data you’re backing up is larger than a single medium can hold, the library automatically puts in another medium. For instance, a Digital Linear Tape (DLT)–7000 using DLT IV tapes can hold 35GB of uncompressed data or up to 70GB of data with compression. If you have 80GB to back up, there’s no way a full backup will fit on one tape.You’ll never be able to do a scheduled full backup of this machine. If you have a tape library, it can put the second tape in for you. Some backup software supports reading and writing to multiple tape drives at once, giving you the added bonus of faster backups and restores.
Qualstar (http://www.qualstar.com) tape libraries are highly recommended.These libraries support both Advanced Intelligent Tape (AIT) and Digital Linear Tape (DLT) drives. (See the next section, “Backup Window,” for more information on AIT and DLT.) Qualstar’s products support expandability.You can buy a library that holds 20 tapes and has one drive. If you need more than 20 tapes, you can simply add support for more tapes to the library you already have. If your backups aren’t completing quickly enough, you can purchase a second tape drive.This expandability lets you buy what you need without fear of painting yourself into a corner in the future.
Backup Window With the advent of the Web and companies having a 24-hour Internet presence, the window of opportunity for backing up data each day is getting smaller and smaller.You need to make sure your backup solution can back up all your data in the time allotted. If backup windows are a concern, some of the smaller media, such as CD-Rs and Digital Audio Tapes (DATs), won’t do the trick.The two types of media that will most likely fill the bill are AIT by Sony and DLT by Quantum. AIT AIT, in its current incarnation, is AIT-2. AIT-2 drives are normally standard 3.5-inch SCSI devices.They support a sustained transfer rate of 3MB/sec native, 6MB/sec compressed, and 20MB/sec burst.The physical medium is an 8mm tape. AIT-1 drives and media have a capacity of 25GB or 35GB, uncompressed. AIT-2 doubles that to 50GB uncompressed per media. One unique feature of AIT media is called Memory-InCassette (MIC). MIC is a 16Kb memory module chip built into the tape.This memory chip can hold data such as the tape catalog, so it’s not necessary to rewind the entire tape to locate a file on the tape.You can find more information about AIT drives and media at http://www.sony.com/ait. DLT DLT drives by Quantum are the other big contender in the high-capacity tape field. It is estimated that there are over 1.5 million DLT drives and 50 million DLT tapes in use now.The DLT format has been around a while, and there are several flavors to choose
Choosing an Appropriate Backup Device
from. Not only are there different generations of DLT drives, but there are also DLT media with different capacities.The newest DLT technology is Super DLT, which became available in September 2000.With the introduction of the Super DLT drive came the Super DLT I tape.Together, these two offer 110GB of native storage and a whopping 220GB compressed per tape.The Super DLT has a sustained transfer rate of 11MB per second, native. If the Super DLT is too large for your environment, you can get a smaller DLT drive.You can choose from DLT-4000, DLT-7000, and DLT-8000. Using a DLT IV tape, you can hold 20GB, 35GB, and 40GB of uncompressed data, respectively.To find out everything you want to know about DLT, check out http://www.dlttape.com. After you decide on a medium, you have to decide if one drive will be fast enough. If not, consider adding a tape library to the plan.
Downtime Downtime deserves some undivided attention. It is the great common denominator: Everyone understands not being able to get to their e-mail or Excel spreadsheets.When estimating how long it will take to restore a given amount of data, you can usually count on restoring the data taking twice as long as it did to back it up.This might be because of the “watched pot never boils” effect, but nonetheless you should account for it.When pitching a backup solution to the people who write the checks, make sure to impress upon them how long the data will be unavailable in case of a complete crash. If the backup solution you have in place will take 24 hours to recover a single server, you should know this before the big crash and the 30-hour workdays that will inevitably follow.You can decrease restore times the same way as backup times: with less data, faster drives, and more of them.
Affordability The final consideration is cost. Unless you’re lucky enough to work at a company where money is no object, you might have to defend your choice of backup hardware to folks who do not completely understand the need for it.The best defense is a good offense. Plan for this discussion, and have some ammunition ready. Do your research beforehand and find out the cost to your company for every hour its servers are down.Then compare that per-hour cost to the cost of your solution. Make sure you have a low-end and high-end solution to help demonstrate that saving money up front is not always the best answer. Each solution you offer should include the time needed to back up your critical data each night and, more important, the time it will take to restore that data in case of data loss. Even if you have spent thousands of dollars on high-end servers, RAID drives, Error-Correcting Code (ECC) memory, fault-tolerant NICs, and UPSs that will call you at home when the power flickers, things will still go wrong. Don’t forget about Murphy and his law (if it can go wrong, it will). If you have a good backup solution, you can
447
448
Chapter 20
Windows XP Backup and More
turn a terrible incident into a hero-making opportunity, but this opportunity hinges on planning well up front.
Rules for Backing Up Part of a successful backup plan is determining what to back up and what not to back up.The previous section discussed backup and restore times.What you back up affects the amount of time your backups and restores take. Generally, you should always back up any user-created data files and any program and operating system settings, including the System State and any program configuration files. Normally, it’s not necessary to back up the actual binaries for installed programs because you almost always have to reinstall them to get them to work properly. If a quick and full restore is ever needed, you might want to back them up anyway. Now that you’ve learned the types of files you should back up, it seems only fair to give equal time to the files you should not back up. Do not back up any files that do not contain information that would matter if it were lost.The following sections provide examples of files that meet these criteria.
Temporary Files Windows XP makes extensive use of temporary files during its day-to-day operations. These files are of no consequence after the machine is shut down, however, so they are perfect candidates to be omitted from backups. Normally, these files are written to the Temp folder.You can find this folder by going to a command prompt and typing echo %temp%. No files in this folder need to be backed up. Many applications make use of temporary files as well. Internet Explorer, for example, keeps a history of all Web pages you’ve visited recently, and it also caches these pages. None of this information is necessary if the machine needs to be restored.You can find these files by right-clicking on the Internet Explorer icon on your desktop and selecting Properties from the shortcut menu.The first tab, General, has a section labeled Temporary Internet Files. Click the Settings button in that section to see the location of these files displayed.You can safely leave that folder out of your backups.
The Page File The page file, also called the swap file, is a large file that Windows XP uses as virtual memory. Programs in memory that aren’t accessed frequently are swapped out to the hard drive to make more room for other, more active processes.The file that the operating system swaps them to is called the page file.This file can exist at the root of any local drive. Its filename is always pagefile.sys, and it can be present on more than one drive. The standard convention is to have a page file at least as large as the machine’s amount
Managing Backup Media
of physical RAM. It’s not uncommon to see servers with memory measured in the gigabytes. A file this size can slow down a backup job, so go ahead and leave it out. The job of searching out useless files doesn’t sound like much fun, does it? Luckily, the Backup utility comes to the rescue again with a preset group of files to exclude, saving you the trouble of finding them yourself.You can find these files by choosing Tools, Options from the Backup utility’s menu. In the Exclude Files tab, the Backup utility keeps track of all the files you don’t care about. As you can see, the Files Excluded for All Users section is already populated with some files.These are the files discussed in the preceding paragraphs. Feel free to add other files that meet the criteria discussed earlier.
Managing Backup Media Now that you’ve decided what data you’re going to back up, you need to design a backup schedule.The complexity of your schedule is directly proportional to the size of your environment. Start with the Son schedule and work your way up.The following examples refer to the media needed as “tapes.” If your organization is large enough, one tape might not do. In that case, you will have to define tape groups with the same name as the tapes referenced.
Son The Son scheme consists of using the same tape each day and doing a full, or normal, backup.With this method, there’s no concern about having the correct tape in for backups or which tape you need when you have to restore. However, this method has three obvious disadvantages: n
Because you’re doing a full backup each night, your backups will always take a long time, which wears out the tape drive more quickly than other schedules do.
n
You have only one day’s worth of backups. If you realize on Wednesday that a file was corrupted sometime on Monday, you cannot restore a version of that file that’s not corrupt.
n
Because you’re using the same tape every day and copying a full backup to it, it wears out much sooner than if you were using one of the other schedules.
Table 20.1 shows what the Son backup schedule looks like. Table 20.1 The Son Backup Schedule
Week #1 Type of backup
Monday
Tuesday
Wednesday
Thursday
Friday
Tape 1 Full
Tape 1 Full
Tape 1 Full
Tape 1 Full
Tape 1 Full
449
450
Chapter 20
Windows XP Backup and More
Father-Son The Father-Son schedule uses six tapes per cycle.This method reduces the wear and tear on both your tape drive and your tapes while extending the life of each tape to two weeks. In this schedule, four tapes, the Sons, are used from Monday through Thursday for an incremental or differential backup.The remaining two tapes, the Fathers, are used for full backups on Friday.They are rotated each Friday and ideally stored offsite (see the section “Benefits of Offsite Storage” later in this chapter).Table 20.2 shows the FatherSon schedule in action. Table 20.2 The Father-Son Backup Schedule Monday Week #1 Tape 1 Type of backup Incremental or differential Week #2 Tape 1 Type of backup Incremental or differential
Tuesday
Wednesday
Thursday
Friday
Tape 2 Incremental or differential Tape 2 Incremental or differential
Tape 3 Incremental or differential Tape 3 Incremental or differential
Tape 4 Incremental or differential Tape 4 Incremental or differential
Tape 5 Full Tape 6 Full
You can see that the Father-Son schedule, like the Son schedule, is structured and easy to use. If you implement this schedule, make sure to label Tapes 1 through 4 as Monday through Thursday. Label Tape 5 as Friday-1, and label Tape 6 as Friday-2. You need to decide whether you want differential or incremental backups during the week. Differential backups take longer, but have a quicker restore time because you need only two tapes: the latest full and the latest differential. Incremental backups offer the fastest backup times. Only the data that has changed since the previous day is written, but the restore times are longer.You need every tape that has been used since the last full backup. If you are using incremental backups with the Backup utility, you need to create several backup jobs. Because the backup job looks for a specifically named tape, you need to define a job for each day of the week, instruct that job to use the correct tape, and perform a differential or incremental backup.You also need to define a job for each Friday’s full backup because both backups write to different tapes. If you have a standalone drive, there is an alternative to specifying names for each backup job.The /um switch to NTBACKUP.EXE stands for “UnManaged.” Combine this switch with /p, and NTBACKUP.EXE formats and uses the first medium it finds.You have to manually add these switches to any backup jobs you schedule.
Managing Backup Media
Grandfather-Father-Son Most organizations use some variety of the Grandfather-Father-Son (GFS) schedule, which offers the following benefits: n
n n
It’s a logical, systematic approach that is easy to understand.Therefore, it’s easy to figure out which media you need and their locations. It minimizes wear and tear on the backup device and media. It minimizes the amount of backup media needed for a restore.
The Grandfather-Father-Son (GFS) method is the most complicated method covered here. Although it is more complex than the other two methods, it’s still easy to use and provides the most security for your data, without complicating the restoration process too much. The GFS method is based on a quarterly schedule.You retain the traits of the Son and Father-Son methods and add a third type of tape, the Grandfather, for monthly backups. As before, you have four tapes, labeled Monday through Thursday.They are used for differential or incremental backups during the week. Because you decided to do your full backups on Friday, you need five tapes, named Friday-1 through Friday-5.They are used for full backups each Friday of the month and are recycled once a month.The final group of tapes is labeled Month-1 through Month-3.These tapes are used for full backups the last business day of each month and are recycled once each quarter.Table 20.3 illustrates this schedule. Table 20.3 The Grandfather-Father-Son (GFS) Backup Schedule Monday Week #1 Tape 1 Type of backup Incremental or differential Week #2 Tape 1 Type of backup Incremental or differential Week #3 Tape 1 Type of backup Incremental or differential Week #4 Tape 1 Type of backup Incremental or differential Week #5 Tape 1 Type of backup Incremental or differential
Tuesday
Wednesday
Thursday
Friday
Tape 2 Incremental or differential Tape 2 Incremental or differential Tape 2 Incremental or differential Tape 2 Incremental or differential Tape 2 Incremental or differential
Tape 3 Incremental or differential Tape 3 Incremental or differential Tape 3 Incremental or differential Tape 3 Incremental or differential Tape 3 Incremental or differential
Tape 4 Incremental or differential Tape 4 Incremental or differential Tape 4 Incremental or differential Tape 4 Incremental or differential Tape 4 Incremental or differential
Tape 5 Full Tape 6 Full Tape 7 Full Tape 8 Full Tape 9 Full
451
452
Chapter 20
Windows XP Backup and More
With this schedule, you can restore data that is up to three months old. It’s a good idea to take the Father and Grandfather tapes offsite for storage until you need them. If you’re using this method with the Backup utility, you need to create separate backup jobs for each tape, as discussed with the Father-Son method.
Benefits of Offsite Storage If you’ve made it this far, you’re already familiar with Windows XP Backup, you’ve chosen the correct backup device for your environment, and you’ve even determined what information should be backed up and on what schedule. Congratulations! You understand the importance of your data and have given thought to designing a good backup system. So now what? Your backup jobs are running great, and your data is getting backed up.You’re restoring your data periodically as a test and everything is working great. Now what happens if your office building burns down? Although we hope this never happens to you, it’s important to keep in mind that an event like this can ruin an otherwise successful company. Storing your backups offsite is a smart protective measure. As with anything, there are expensive and not-so-expensive methods of offsite storage. Some companies specialize in this type of service, such as Business Records Management (http://www.businessrecords.com) and Tristate Archives (http://www.tristatearchives.com).These companies usually have specially designed buildings that have some, if not all, of the following features: protection from Mother Nature (floods, earthquakes, fire, and tornadoes), intrusion detector, controlled entry, heat and humidity controls, and bonded drivers and vehicles. All these features add up to a safer place for your data.These companies commonly have couriers drop off tapes for you each day, and they pick up the tapes used the night before.This service sounds like it would be expensive, doesn’t it? Well, it doesn’t come cheap, but imagine what a complete data loss would cost you. If you don’t want to spend the money for professional offsite companies, there is a cheaper alternative.Take the tapes home with you.There’s no need to take all your tapes home—maybe just the last full backup or the full backup before that, enough so that you could get data restored if the company were to go up in smoke. Often, the idea of offsite storage is abandoned and replaced with an onsite safe. Certainly, a safe is better than nothing, but most safes are not designed with magnetic tape storage in mind. Although the safe will protect your tapes from a fire, it might not adequately protect your tapes from the associated heat. Heat can destroy tapes as easily as the fire itself.
Third-Party Backup Tools and Utilities Although the Windows XP backup program has many features, it might not do everything you need.You might need to back up System States across the wire, or maybe you
Third-Party Backup Tools and Utilities
need to back up open items. If you have any needs outside the capabilities of the Backup utility, you might consider a third-party solution. Here are some of the more popular choices: n n n n n
Ultrabac ARCserve Backup Exec Legato Networker Tivoli Storage Manager
Ultrabac Ultrabac by BEI Corporation (http://www.ultrabac.com) is a popular choice for backing up Windows XP networks. It supports the standard tasks, such as backing up Exchange, Structured Query Language (SQL), and open files, as well as backing up to tape or disk. Here is a short list of some of its other impressive features: n n n n n n
Can back up to 32 output devices simultaneously Reroutes a backup job to a secondary output device if the primary backup fails Includes tape duplication for offsite copies Includes autoloader support Prioritizes backups so that important files get backed up first Searches for files by tape or date
The list goes on and on.You can download an evaluation copy at http://www. sunbelt-software.com.
ARCserve 2000 ARCserve from Computer Associates (http://www.cai.com) is one of the oldest players in the Windows backup game and remains one of the best, whether you are backing up a single Windows XP workstation or an entire heterogeneous enterprise. ARCserve has built-in support for storage area networks (SANs) and SQL, and scans for viruses as it backs up files. If you want to evaluate ARCserve, fill out the form at http://www.cai.com/registration/cd_it_workgroup.htm, and Computer Associates will send you a CD with a fully functional copy of ARCserve.
Backup Exec Backup Exec 8.5 is the latest version from Veritas (http://www.veritas.com). It is an excellent backup option if you are migrating away from the Backup utility. Because the Backup utility is a light version of Backup Exec, tapes written by Backup can be read
453
454
Chapter 20
Windows XP Backup and More
with Backup Exec.The interface is also similar to the Windows XP Backup utility. Backup Exec has support for all the items you might expect: Exchange, SQL, open files, tape libraries, and SAN tape devices. If you want to download an evaluation copy, browse to http://www.veritas.com/us/products/backupexec/ and click the Veritas Trial Software link. Backup Exec runs for 60 days in evaluation mode without a purchased license.While you’re there, take a look at NetBackup as well; it, too, might suit your backup needs if you have multiple operating systems in your environment.
Networker Legato (http://www.legato.com) offers a whole suite of backup and recovery programs based on Networker 6.0. Networker is a good solution for organizations that deal with large numbers of Windows and Unix machines and want to centralize backup operations. Networker has excellent client and server pieces for both operating systems. It also has support for SQL, Exchange, Hierarchical Storage Manager (HSM), and much more.You can download an evaluation copy at http://www.legato.com/ resources/downloads/.
Tivoli Storage Manager (TSM) Previously known as Adstar Distributed Storage Manager (ADSM),TSM has been rolled into the Tivoli (http://www.tivoli.com) suite of applications by IBM.The latest version, 5.1, boasts support for many different client platforms and server software for Windows XP,Windows 2000,Windows NT, AIX, HP-UX, Solaris, and IBM MVS OS/390. If you have a large enterprise and you’re serious about consolidating all backups to one spot,TSM is your product.There doesn’t appear to be an evaluation copy of TSM available on Tivoli’s Web site, although you can download a demo. If you’re interested to see what current users of TSM think of it and what problems they are experiencing, you can find out at a user-sponsored support site at http://my.adsm.org.
Other Backup Tools and Utilities There are many more backup programs. For information on other options, take a look at Andrew Baker’s site at http://www.ultratech-llc.com/KB/?File=Backups. txt. Click the link to Tape/Disk Backup Solutions for Windows.This page lists several vendors, their backup software, and their Web sites. It is also useful to see what problems other people are having with software you are considering.There is a large archive of Usenet postings at http://groups.google.com.
Troubleshooting Backup Problems
Troubleshooting Backup Problems The reason you run backups is to bail out of trouble—should it arise. But what do you do if you have trouble with your backups? This section provides some tips on troubleshooting backup problems. Backup and restore problems usually fall into one of three categories: hardware problems, software configuration, and permissions. If you are having problems, check any log files your backup software creates (Documents and Settings\%username%\Local Settings\Application Data\Microsoft\Windows NT\ntbackup.exe\Data for Backup utility log files) and check the Event Viewer. If neither check gives you enough information to corner the problem, use the techniques in the following sections to troubleshoot the problem.
Hardware Problems Backups and restores involve moving a great deal of information in the shortest time possible, so backup jobs can be taxing on hardware and make mountainous problems out of the smallest molehills. If you’re having problems backing up a remote machine but local backups are going smoothly, check your network card and associated hardware. If possible, do not leave the media settings for your NIC on auto. Explicitly select the correct setting because some NICs and switches have problems auto-negotiating. Also, check your cable. At one point, I was having trouble with backups taking forever to complete. I did some investigating and found that the network cable connecting the backup server to the 100MB switch was CAT3. Replacing it with a CAT5 cable got everything back in shape (if only I had thought of that first). If you think you might have a hardware problem, you’ll also want to give your tape system a good once-over. Could the problems be caused by a faulty tape drive? It’s always good to have another drive around to test with. Could the problem be the tape? Because tapes have moving parts, both tapes and drives eventually wear out. Most high-speed backup devices use SCSI, and that can complicate things a bit. Check all your SCSI connections and make sure they’re good. Is your SCSI chain terminated properly? Are there any other devices on the chain? Are they working? SCSI problems can often be elusive. Problems with the hard drive you’re trying to back up or restore to can also be an issue. Make sure you copy files from and to any disks you’re having problems with. Finally, check the actual machine running the backup. Backup operations can easily flood the PCI bus, turning minor issues into major problems.You might also want to check your RAM, as backup servers that usually run fine can fail during nightly backups because of faulty RAM. If possible, hook your tape hardware up to a different machine, and see if the problem follows the tape drive or the machine. If it follows the machine, you might have a hardware problem on your hands.
455
456
Chapter 20
Windows XP Backup and More
Software Configuration It probably didn’t take a lot of deductive reasoning to come to the conclusion that the problem is either hardware or software, but here you are trying to make that determination. If you are using third-party software and having problems, try using the Backup utility. Does it work? Does everything look good in the Removable Storage Management (RSM) console? If you can work with a drive in the RSM console but not in your backup application, chances are it’s not a hardware issue.
Permissions Having access to information such as the Active Directory database file and the Registry requires higher-than-normal privileges. If you’re having trouble backing up or restoring, verify that the account you are using has the appropriate permissions on all machines involved.You need to be in the Administrators or Backup Operators group or otherwise have rights to back up and restore files and folders on the machine you’re using.You can check whether you hold those rights from inside the Backup utility. Click the Backup tab and expand the shares for the machine in question. If you can see the hidden admin shares C$ and Admin$, you have high enough permissions to back that machine up. If you’re still having trouble, scan the Security logs on both the local and remote machines to see if anything stands out there. If you checked all these things and still cannot find the problem, check your software vendor’s Web site and the Microsoft online technical reference at http://www.microsoft.com/technet.
For More Information The following links can get you pointed in the right direction when you want to expand your knowledge of Windows XP backup: n
n n
n
TechNet, the Microsoft online technical reference: http://www.microsoft.com/technet. Microsoft Support KnowledgeBase: http://www.support.microsoft.com. Search http://www.pcwebopedia.com for information on any terms used in the chapter or for extra information on backup components. An online IT encyclopedia: http://whatis.techtarget.com.
21 Scripting and Automation
F
ACED WITH NETWORKS MADE UP of a number of systems and workstations, most administrators want to handle the tasks of installing, running, and maintaining these systems with as little hands-on intervention as possible. Fortunately,Windows XP includes a suite of tools that can help the administrator automate many of the repetitive tasks needed for the proper maintenance and operation of XP.
In this chapter, you learn how to work with the Windows batch commands to automate simple tasks. Next, you examine the different versions of the Windows Script Host (WSH) for Windows XP, both the command-line and Windows-based versions.Then you see how to use the Windows XP Scheduled Tasks applet to schedule scripted jobs to run unattended. Finally, you learn about the Remote Installation Service (RIS), which enables you to automate installing and configuring Windows XP.
The Computer Can Take Care of Itself Microsoft has positioned Windows as an enterprise-class operating system. For Windows to be taken seriously, it must not only be robust, but also have certain features and flexibility inherent to this type of operating system. Although most computer operating systems provide a user interface so that users can sit at a keyboard and perform operations interactively, true enterprise-class operating systems can run programs in the background with little or no intervention.These types of background tasks and programs are called batch jobs.Typically, batch jobs are used to perform repetitive, system-, or disk-intensive tasks that run outside normal business hours when the system load is light. Examples of batch jobs are database sorts, defragmentations, or payroll processing. To automate running jobs or administrative tasks, some type of automation language is required. For example, Job Control Language (JCL) is used in the IBM world, and various flavors of shell scripting are used in the Unix/Linux world.These languages work
458
Chapter 21
Scripting and Automation
with a job scheduler function so that the system administrator can schedule and run jobs or tasks at specific times and using specific resources. Fortunately, Microsoft has included several features in Windows XP that support the automation of system and network tasks. Included in these features is the Scheduled Tasks applet, which is a much improved version of the Scheduler service first included with Windows NT. In addition, the WSH is now included as a part of the operating system. Previously, the WSH was an operating system add-on, available only by download from the Microsoft Web site. Microsoft has also added several new command-line utilities for configuring and controlling most of the common operating system functions and services. Because these are command-line utilities instead of GUI-based tools, they can be called from within a batch file or script.This enables the system administrator to script many tasks that formerly could only be performed manually via the GUI interface. With the addition of improved task scheduling and a solid scripting environment, Microsoft has made it much easier to automate administrative and network tasks in the Windows environment.
Windows Batch Files and Commands MS-DOS–like batch files have been used on Microsoft Windows operating system platforms for years.The MS-DOS–based command language has remained very limited, even with the extra functionality Microsoft added to the command set for the Windows NT 4.0 platform. Unfortunately, although Microsoft has added a few new features to the batch language for Windows XP, they are not significant.The MS-DOS batch language does not provide a decent method of performing looping, there is poor support for variables, and the error-handling is minimal at best. In addition, there is no facility for debugging or troubleshooting completed scripts. Now that we have thoroughly dissuaded you from using MS-DOS batch files, we can say that for most small tasks, using a full-blown scripting language, such as VBScript or JScript, is overkill.Windows batch files can, and in most situations should, be used for small jobs, such as automating the configuration of a user working environment via logon or logoff scripts. A batch file can do something as simple as display a banner page with the current company news or attach the user session to network resources, such as file shares or printers. In addition,Windows batch files can be used to run any executable program. One of the major problems with the MS-DOS batch language is that it does not support variables—at least not in the true programming way that variables are normally supported.The Windows XP operating system makes two types of temporary repositories
Windows Batch Files and Commands
available: system and user environment variables.The system uses these variables to store items such as program and temporary directory locations, usernames, and hostnames. Although user environment variables are unique to each user, the user, system administrator, or application program can create and change them. However,Windows XP sets system environment variables, and only an administrator can set or change them. To view and change environment variables, follow these steps: 1. Log on as a system administrator. 2. Click Start, Control Panel. 3. In Control Panel, assuming you’re in Classic view, double-click the System icon to open the System Properties dialog box. 4. Select the Advanced tab. 5. Click the Environment Variables button. In the Environment Variables dialog box, you can add, change, and delete system and user variables.Windows XP saves the variables in the Registry (see Figure 21.1).
Figure 21.1 The Environment Variables dialog box, showing the configuration options.
Environment variables can also be set by using the SET command from the command line or in a script to display, configure, or delete environment variables. When the SET command is entered by itself, it displays all the defined variables, as in the following: C:\>Set ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\Scales\Application Data
459
460
Chapter 21
Scripting and Automation
AVENUETEMP=C: CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=SKELLY ComSpec=C:\WINDOWS\system32\cmd.exe HOMEDRIVE=C: HOMEPATH=\Documents and Settings\Scales LOGONSERVER=\\LRSSP4 NUMBER_OF_PROCESSORS=1 OS=Windows_NT Path=C:\Perl\bin;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\MSSQ L7\BINN;E:\Resource Kits\W2K Resource Kit\;C:\Program Files\Common Files\Adaptec Shared\System PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 1, GenuineIntel PROCESSOR_LEVEL=6 PROCESSOR_REVISION=0801 ProgramFiles=C:\Program Files PROMPT=$P$G SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\Scales\LOCALS~1\Temp TMP=C:\DOCUME~1\Scales\LOCALS~1\Temp USERDNSDOMAIN=home.org USERDOMAIN=home USERNAME=Scales USERPROFILE=C:\Documents and Settings\Scales windir=C:\WINDOWS
To add a new variable value to the environment, specify values for both variable and string: SET
Tempvariable=string
Windows XP adds the variable value to the environment and associates the string with that variable. If the variable already exists in the environment, the new string value replaces the old string value. If you use the SET command with only a variable name and the equal sign, the variable is cleared. When using an environment variable in a script, it must be used in the format %variable%, with percent signs surrounding the name.The percent signs tell the script file to replace the variable name with a value. Here is an example of using variables in a script: ShowMe.bat @echo off set sysadminname=Lee echo.
Windows Batch Files and Commands
Echo %sysadminname% welcomes you to the %USERDOMAIN% domain! C:\>ShowMe Lee welcomes you to the Home domain!
Table 21.1 lists some of the commonly used environment variables. Table 21.1 Commonly Used Windows XP System Environment Variables Variable
Description
%COMPUTERNAME%
The name of the computer that the script is running on The user’s local workstation drive letter connected to the user’s home directory The full path of the user’s home directory The domain controller that processed the user’s last network logon The operating system of the user’s workstation The domain that the user logged on to The user
%HOMEDRIVE% %HOMEPATH% %LOGONSERVER% %OS% %USERDOMAIN% %USERNAME%
Some common uses for Windows batch files are creating logon scripts, mapping drives, creating users, and other repetitive administrative tasks.The following example shows a typical logon script that greets the user and connects him or her to the appropriate shares with the NET USE command: Logonscript.bat @echo off echo. Echo Welcome to the Windows XP Power Toolkit! Echo. Rem Map network drives, delete any connections first Net use /d /y Rem map network drives Net use g: %server01%\accounting Net use h: %server03%\d$ Echo. Echo. **** Hello %USERNAME%! Welcome to the %USERDOMAIN% Domain! Echo. Echo.
The following is the output of the logon script that the user would see: Welcome to the Windows XP Power Toolkit! **** Hello Administrator! Welcome to the Home Domain!
After working with Windows batch files, you will find that they are easy to create, small, and very fast.
461
462
Chapter 21
Scripting and Automation
Windows Script Host The Windows Script Host (WSH) provides a scripting host for Microsoft 32-bit operating systems that is both language independent and extremely flexible. As mentioned earlier, an enterprise-class operating system must include tools that enable an administrator to efficiently automate jobs and administrative tasks. Including the WSH moves Windows closer to this target. Although there have always been a wide variety of third-party scripting languages available for the Windows platform, a barrier to the widespread use of these languages has been that the command interpreter needed to be preloaded on every computer the script would run on.This could be difficult if there were a large number of computers in the enterprise. Additionally, with a commercial product, there could be licensing issues to handle. Microsoft has solved this problem by including the WSH as part of the base operating system, starting with Windows 98.This gives administrators the freedom to write scripts that can run on any qualifying machine in the enterprise. The WSH is not a totally new technology. It has been available as a free download from the Microsoft Web site for several years. Microsoft still makes it available for download to support older operating systems (Windows 95/NT) and to provide new versions for current operating systems.The version that shipped with the original release of Windows XP is version 5.6; however, newer versions are available on the Microsoft Web site. The WSH is, technically speaking, not a scripting language as much as it is a framework. It is an interface that allows scripting engines to be plugged into it.These scripting engines are Component Object Model (COM) objects, and they support most of the objects supported on the Windows platform. Windows XP supplies two scripting engines with the WSH: a JScript engine and a Visual Basic Scripting Edition (VBScript) engine.VBScript is a subset of the Microsoft Visual Basic product.Therefore, anyone familiar with Visual Basic or Visual Basic for Applications (VBA) should be able to create VBScripts without any problems. JScript is the Microsoft version of the JavaScript language.There are enough similarities so that anyone familiar with the Java language should be able to create decent JScripts.The two Microsoft-supplied scripting languages have similar functionality, so the choice of which one to use should be determined strictly by which language you are most comfortable with. Several third-party, plug-in scripting engines are also available, as both freeware and commercial products.The most popular add-on scripting engines are for Perl and Python, but engines for Rexx, Kix, XLNT, and other languages are also available. Because the WSH is a COM object, it is registered in the Registry just like any other object. Because of this seamless method of object registration, you can install multiple script engines in the WSH, which automatically knows which engine to use. It does this by examining the command line and reading the script file extension. For example, if the script file extension is .vbs, the WSH looks in the Registry to find an entry corresponding to the .vbs extension.This entry tells the WSH to use the VBScript scripting engine.
Windows Script Host
Windows XP includes two versions of the WSH.The first (CSCRIPT.EXE) is a command-line version controlled by command-line switches.The second version is a Windows-based version (WSCRIPT.EXE) that uses a property sheet to control which properties it uses at runtime.The following sections examine the two WSH versions and show you how to work with them.
Working with CScript The command-line version of WSH, CSCRIPT.EXE, is found in the %systemroot%\system32 folder. Use the following syntax to run the CSCRIPT.EXE application: CScript scriptname.extension [option...] [arguments...]
The variables are explained in Table 21.2. Table 21.2 CScript Command-Line Arguments Variable
Description
scriptname.extension
Refers to the name of the script to be run. It can be a Visual Basic script, a JavaScript, or a third-party add-on script.The extension tells the WSH which scripting engine to use. Lets you enable and disable the various WSH options that are always preceded by two forward slashes (//).The slashes distinguish the WSH parameters from any parameters included with your scripts. Script options are also known as host parameters. CScript can pass information (arguments) to the script for processing. Script arguments are always preceded by a single slash.
option
arguments
Table 21.3 lists all the command-line options available in WSH version 5.6. Table 21.3 CScript Switches and Options Option
Description
//B
Runs the WSH in batch mode, in which all error messages and script prompts are suppressed and not displayed onscreen. Enables active debugging. Changes the default scripting host to CSCRIPT.EXE. Changes the default scripting host to WSCRIPT.EXE.This is the default setting.
//D //H:CSCRIPT //H:WSCRIPT
463
464
Chapter 21
Scripting and Automation
Table 21.3 Continued Option
Description
//I
Runs the WSH in interactive mode. All error messages and script prompts are displayed onscreen. Interactive mode, the default, is the opposite of the //B option. Specifies a third-party scripting engine. Runs a WSH job. Displays an execution banner when the script runs.This is the default setting. The opposite of //logo, this option prevents any banners from being displayed when the script is run. Saves the current command-line options for the user currently logged in to the system.This can be done on a per-user basis. Enables you to control the amount of time (in seconds) that a script can run. It prevents a script from hogging system resources for an extended period.The default for this option is no time limit. Runs script in the debugger. Uses Unicode for redirected I/O from the console. Displays the available options and their uses. It is the same as running CSCRIPT.EXE without any options.
//E:engine //Job:xxxx //logo //nologo //S //T:nn
//X //U /?
If, for example, you want to run the Visual Basic script named REBOOT.VBS and have it time out in 60 seconds, enter the following command: CScript reboot.vbs //t:60
The CSCRIPT.EXE version of WSH is normally used for running unattended tasks. The //B switch enables you to suppress any messages generated while the script runs.
Working with WScript The Windows version of the WSH is WSCRIPT.EXE.The options and command prompts are the same as for CSCRIPT.EXE. If you run WScript without specifying options or by entering the WSCRIPT.EXE //? command, a graphical Script Properties dialog box opens.
Working with the WSH Like most modern programming languages, the scripting languages included with the WSH are object-oriented, meaning that your code is written to perform actions against specific predefined objects. All objects have certain methods; these are the tasks an object is allowed to perform.The WSH provides a standard set of objects that can be used with any scripting language that it hosts. Some of the common WSH objects are listed in Table 21.4.
Windows Script Host
Table 21.4 Common WSH Objects Object
Description
Wscript
Used to provide information about the current script and any arguments associated with it. Used to access command-line options. Used to work with environment variables. Used to access the network; it allows you to map drives and attach to printers. Used to work with Windows shortcuts. Used to work with and manipulate the Windows Shell.This includes the Windows desktop, Start menu folders, and shortcuts.This object can also be used to work with the Windows Registry. Used to work with Windows folders, including the Desktop and Start menu folders. Used to work with Internet shortcuts. Used to work with files and folders.
WshArguments WshEnvironment WshNetwork WshShortcut WshShell
WshSpecialFolders WshUrlShortcut FileSystemObject
These are objects common to the WSH, which means that whatever scripting engine you use, these objects are always available.These powerful objects enable you to perform most of the common tasks required for basic system configuration. In most cases, you will find that the object’s name describes its function. Take a look at the logon script created earlier in the chapter: Logonscript.bat @echo off echo. Echo Welcome to the Windows XP Power Toolkit! Echo. Rem Map network drives, delete any connections first Net use /d /y Rem map network drives Net use g: \\server01\accounting Net use h: \\server03\d$ Echo. Echo. **** Hello %USERNAME%! Welcome to the %USERDOMAIN% Domain! Echo. Echo.
This fairly typical logon script maps a couple of drives and inserts a couple of system variables as replaceable parameters in a line of text that was sent to the screen. To convert this script to WSH, first you need to define a variable to hold the reference to your object.This step is not actually required.You could just create a variable
465
466
Chapter 21
Scripting and Automation
on-the-fly, but that is not considered good programming practice.You can force VBScript to require all variables to be explicitly declared by including the Option Explicit statement at the start of every script. Any variable that is not explicitly declared then generates an error. If you define the variable ahead of time, it is easier for the command interpreter to find the error if you make a typo in the code later.You define the variable with this command: Dim WshNetwork
Next, you have to create or instantiate it. Instantiating an object gives you a reference to it, so that you can perform various tasks with it.You then use the SET command to assign the reference to a variable, so that you can access the methods and properties using the variable: Set WshNetwork =Wscript.CreateObject (“WScript.Network”)
Now that you have an object to work with, you can map your drives, but first you need to make sure the drive letters you want to use are not already mapped.To do this, use the following commands: On Error Resume Next WshNetwork.RemoveNetworkDrive “G:” WshNetwork.RemoveNetworkDrive “H:”
The On Error Resume Next statement is important in this section of the code. If the drives you are removing do not exist, a runtime error is generated and the script fails. With the addition of the On Error Resume Next statement, if an error occurs, the command interpreter ignores the error and continues execution with the statement immediately following the one that failed. The drives are available, so now you can map them with these commands: WshNetwork.MapNetworkDrive “G:”, \\server01\accounting WshNetwork.MapNetworkDrive “H:”, \\server03\d$
Next, you need to display a line of text with a couple of system variables. One of the ways to display text in WSH is to use the WScript Echo method.The following line adds the Echo method and references the system variables: Wscript.Echo “**** Hello “ & WshNetwork.UserName & ➥”! Welcome to the “ & WshNetwork.UserDomain & “ Domain!”
Note that you have to use the & character to join the text and variables.The following lines put all the commands together as logonscript.vbs: Logonscript.vbs ‘Create a variable Dim WshNetwork
Windows Script Host
‘This creates the WshNetwork object Set WshNetwork =Wscript.CreateObject (“WScript.Network”) ‘Clear any previous mappings On Error Resume Next ‘Trap error if drive does not exist WshNetwork.RemoveNetworkDrive “G:” On Error Resume Next WshNetwork.RemoveNetworkDrive “H:” ‘Map a couple of drives WshNetwork.MapNetworkDrive “G:”, \\server01\accounting WshNetwork.MapNetworkDrive “H:”, \\server03\d$ ‘Display some text Wscript.Echo “**** Hello “ & WshNetwork.UserName & ➥”! Welcome to the “ & WshNetwork.UserDomain & “ Domain!”
Note Fortunately, Microsoft made things easy by adding most of the functionality you need in a typical logon script in the WshNetwork object.
The previous example is fine if all you want to do is create logon scripts. However, the WSH can do many other things.The staple of most programming languages is working with information, and the WSH has far more features for manipulating and displaying data than a simple batch language. Here is a basic beginner’s script using the common Hello World program as an example. It shows three different ways to display text using WSH objects. It also shows how to create and call subroutines.The script listing (for the Visual Basic version) is as follows: ‘Just another Hello World Program ‘This Hello World program shows three different ‘ways to display text ‘ Welcome_MsgBox_Message_Text=”Hello World from a subroutine!” Welcome_MsgBox_Title_Text=”Windows Script Host Sample” Dim Shell Set shell=Wscript.CreateObject(“Wscript.Shell”) ‘The wscript command echoes text to the command window wscript.echo “Hello World from the command line!” ‘The popup command ‘Displays a popup window, then waits 10 seconds Shell.Popup “Hello World rom a popup window”,10 Call Welcome() ‘ Sub Welcome() ‘The subroutine uses the MsgBox function Dim intDoIt
467
468
Chapter 21
Scripting and Automation
intDoIt = MsgBox(Welcome_MsgBox_Message_Text, vbOKCancel ➥+ vbInformation,Welcome_MsgBox_Title_Text ) If intDoIt = vbCancel Then WScript.Quit End If End Sub
You can run this script with either version of the WSH.The only difference is that when running WSCRIPT.EXE, the first output is displayed in a pop-up window instead of a command window. The preceding script is divided into two sections.The first section is the actual script, including all the variable declarations.The second section is a subroutine that is called to display the Welcome screen.The Welcome screen subroutine contains the information used to create the dialog box. Notice that although the Popup and the MsgBox functions seem similar, many more options are available with the MsgBox function. For example, you can specify a caption for the dialog box, what buttons are present, and the buttons’ functions.
AT
and the Scheduled Tasks Service
Now that you’ve seen a few scripts, you might be thinking, “That’s great, but what can I do to make my life easier?”You can use scripting to make your computer independent and configure the system to run the scripts according to a specific schedule.To do this, you use the built-in Windows XP tool called AT.EXE (found in the %systemroot%\ system32 folder). AT.EXE is a command line–based application that enables you to configure the system to automatically run scripts or applications. In addition,Windows XP includes a GUI-based tool called the Scheduled Tasks that has all the scheduling capability of the AT command in a more Windows-friendly format.
AT AT.EXE is a simple command-line application for scheduling events.With the AT command, you can list or schedule tasks that are to run at predetermined times.The AT command saves all the scheduling information in the Registry so that this information is saved across reboots.The AT.EXE command syntax is as follows: AT [\\computername] [ [id] [/DELETE] | /DELETE [/YES]] AT [\\computername] time [/INTERACTIVE] [ /EVERY:date[,...] | /NEXT:date[,...]] “command”
Although the person who performs the task scheduling must be a member of the Local Administrators group, the scheduled task can run in the security context of anyone who happens to be logged on to the system.The task can also run if no one is currently logged on.
AT and the Scheduled Tasks Service
Unless you specify the /INTERACTIVE switch when scheduling a program or batch file with the AT command, the task runs as a background process.The /INTERACTIVE switch is used when you want to display the prompts generated during the execution of the task.This assumes that a user will be logged on to the system when the task is executed. When tasks are running as background processes, no output is displayed. If you want to write the task output to a log, you need to use the escape symbol and the redirection symbol, as follows: at 0:01 /every:01,15,31 c:\test\compute_book_royalties.bat >c:\cash.log
It is important to remember that the Scheduled Tasks service in Windows XP runs in the security context of the Local System account.That means certain resources, such as network shares, might not be available to the scheduled task. Fortunately, Microsoft has provided a simple way for you to change the account the AT command uses. Note You can view tasks that have been created with the AT command via the Scheduled Tasks applet. However, you cannot see tasks created from within Scheduled Tasks via the AT command.
To change the account the AT command uses, follow these steps: 1. 2. 3. 4.
Click Start, Control Panel. Double-click the Scheduled Tasks icon to open the applet. Click System, Advanced from the menu, and then select AT Service Account. Select the This Account radio button, and then type in the name of the account you want to use for tasks created by the AT command. 5. Type the password once and then again to confirm. 6. Click OK to save. Because the instructions for using the AT command are covered in the Windows XP Help files, they are not covered in detail in this chapter. However, here are some tips and general information that will make it easier to work with the AT command: n
When using the AT command, always specify the entire path of the programs or batch files you want to run, including the drive letter.
n
You must enter commands in quotation marks. If the task you are scheduling is not an .exe file, you must precede the command with cmd /c.
n
n
The date and time must be specified in the format hours:minutes in 24-hour notation (00:00 [midnight] through 23:59).
469
470
Chapter 21
n n n n
n
Scripting and Automation
Days can be specified by the letters M–F, or you can enter the numeric date. Nonsequential days can be specified. All date entries must be separated by commas. When viewing tasks that were scheduled with the AT command in the Scheduled Tasks GUI, the job name is preceded with AT. If the \\computername switch is omitted, the commands are scheduled to execute on the local computer. Remember that if you are scheduling events on remote systems, you must make sure the Scheduled Tasks service is started on the remote system and that you have the proper rights to run this service on the remote machine.You can start this service (and even control its startup method) through the Windows XP Services application.
n
When scheduling tasks on a remote computer, use the Universal Naming Convention (UNC) notation for the server and sharename, not a drive letter.
n
The job ID is assigned automatically when you configure a scheduled event, and you cannot set it yourself.You can use this value to delete and modify scheduled events that are already in the queue.
Configuring an Event All the AT.EXE does is interface with the Scheduled Tasks service. After you configure an event, the information is passed to the Scheduled Tasks service, which writes the job to the HKEY_LOCAL_MACHINE\SYSTEM\ CurrentControlSet\Services\Schedule Registry key. AT.EXE does not need to be running for the event to be scheduled, nor does anyone need to be logged into the machine where the event is scheduled to execute. Rebooting the system does not reset the configuration information.
The Scheduled Tasks Applet The Scheduled Tasks applet is a GUI-interface scheduling tool that allows you to drag and drop scheduled tasks, select tasks from a menu, and save scheduled tasks in .job files that can be transferred to other systems. The Scheduled Tasks applet is not just a fancy interface to the AT command; it also adds several features, including the following: n n n
n
n
The capability to modify, disable, or stop previously scheduled tasks. The capability to view and control tasks that are scheduled on remote computers. Each user can control his or her own tasks or those created by others who have granted permission. The availability of a log file that lists all scheduled activity, useful for problem determination. A notification feature that can send you a message when a scheduled task fails.
AT and the Scheduled Tasks Service
n
All tasks that are scheduled using the Scheduled Tasks applet are saved as .job files that can be dragged and dropped or copied to the Scheduled Tasks folder of other machines.
Caution You can view tasks that have been scheduled using the AT command in the Scheduled Tasks applet. However, because of the differences in the way tasks are stored and the different options that are available, if you make any changes to the AT-generated task using the Scheduled Tasks applet, it can no longer be viewed or manipulated by using the AT command.
Note Because of the way Windows XP handles the security associated with .job files, when a task is moved or copied to a remote computer, you have to re-enter the security account the task is running under. This is because the security account credentials cannot be transferred between computers.
The Scheduled Tasks applet is supplied with the Scheduled Task Wizard. Although you can enter tasks directly from the GUI interface, this wizard takes you step by step through the entire process. To set up a task using the Scheduled Task Wizard, follow these steps: 1. Click Start, Control Panel. 2. Double-click the Scheduled Tasks icon to open the applet. 3. Click Add Scheduled Task to start the Scheduled Task Wizard. Click Next to continue. 4. The Scheduled Task Wizard displays a list of the applications on your computer. Although you can select one of these programs, click Browse to select one that is not listed. 5. In the Select Program to Schedule dialog box that appears, you can navigate to the program, batch, or script file that you want to run. Click Open to continue. 6. The Scheduled Task Wizard prompts you to type in a name for the task. A list of selections for how often to perform the task is displayed. Choose from the following: n n n n
Daily Weekly Monthly One Time Only
471
472
Chapter 21
Scripting and Automation
When My Computer Starts When I Log On Click Next to continue. In the next window, you have options to set the time and the date for the task. Click Next to continue. In the next window, enter the name of an account that has the proper authority to run the task to be scheduled and the correct password. Click Next to continue.The next window displays a summary of the options you selected to schedule this task. If any options need to be changed, click Back to return to the previous windows. Select the Open Advanced Properties for This Task When I Click Finish check box. Click Finish. n n
7. 8. 9. 10.
11. 12.
The Advanced Properties dialog box for the task opens. Here you can change any options you have already configured or select new options.The following four tabs appear: n n
Task. This tab displays the options that were previously selected. Schedule. This tab displays the schedule that was previously selected. However, many additional scheduling options are available. For example, you can show multiple schedules, or you can add times when you want the task to run. Clicking the Advanced button presents more scheduling options, such as running the task for a specified length of time, repeating the task every x minutes or hours, and scheduling a stop time for the task.
n
Settings. Use the Settings tab (shown in Figure 21.2) to stop the task after it has been running for a specified length of time.You can also specify that the task starts only if the computer has been idle for a certain length of time, or the task stops if the computer is no longer idle.This tab also contains settings useful for running tasks on laptop computers. Included are options to not start the task if the computer is running on batteries, stop the task if the computer goes into battery mode, or wake the computer to run the task.
n
Security. The Security tab has options for specifying the permissions that specific users and groups have for this task.This enables you to prevent users from changing the schedule of a task or deleting it.
AT and the Scheduled Tasks Service
Figure 21.2 The Scheduled Tasks dialog box, showing the configuration options in the Settings tab.
SCHTASKS A new feature in Windows XP is the SCHTASKS.EXE utility, a superset of the older AT.EXE utility. SCHTASKS enables you to create or modify tasks that you can control and monitor via the Scheduled Tasks applet. SCHTASKS, the command-line interface to the Scheduled Tasks applet, can be used to do just about everything that can be done via the GUI interface. However, as a command-line utility, it enables you to easily script its operations.The SCHTASKS command supports the subcommands listed in Table 21.5. Table 21.5 SCHTASKS Subcommands Command
Description
Schtasks
Displays all scheduled tasks (same as entering Schtasks /query). Creates a new task. Enables you to modify the task. Deletes a scheduled task. Stops a running task. Displays all scheduled tasks. Starts a scheduled task.
Schtasks /Create Schtasks /Change Schtasks /Delete Schtasks /End Schtasks /Query Schtasks /Run
Because the instructions for using the SCHTASKS command are easily located in the Windows XP Help files by using SCHTASKS as a keyword, they are not covered in detail
473
474
Chapter 21
Scripting and Automation
in this chapter. However, here are some tips and general information that will make it easier to work with the SCHTASKS command: n
n n n
n n
n
n
n
Always specify the entire path of the programs or batch files that you want to run, including the drive letter or UNC path. You must enter commands in quotation marks. Use the /Run command to test your tasks. The date and time must be specified in the format hours:minutes in 24-hour notation (00:00 [midnight] through 23:59). All date entries must be separated by commas. If the \\computername switch is omitted, the commands are scheduled to execute on the local computer. Remember that if you are scheduling events on remote systems, you must make sure the Scheduled Tasks service is started on the remote system and that you have the proper rights to run this service on the remote machine.You can start this service (and even control its startup method) through the Windows XP Services application. When scheduling tasks on a remote computer, use the UNC notation for the server and sharename, not a drive letter. You can display or save to a file a verbose listing of all scheduled tasks in various formats, including comma-separated values (CSV). Just use the /v switch with the /fo LIST parameter. You assign the task name when you configure a scheduled event, and you cannot change it later.You use this name to delete and modify scheduled events that are already in the queue.
Either the Scheduled Tasks applet or the SCHTASKS command can be used to work with scheduled tasks. It will probably be to your advantage to start using these two methods of task scheduling and limiting your use of the AT command. Although the AT command is currently supported in Windows XP and Windows Server 2003, Microsoft is recommending that you use SCHTASKS instead.This is most likely its way of saying the AT command will probably not be in the next Windows release. Note It is important to realize that AT.EXE, SCHTASKS.EXE, and the Scheduled Tasks applet are simplified applications. If you require advanced applications to schedule your scripts and events, you need a third-party application. Some of these applications are discussed later in this chapter in the section “Third-Party Scripting and Automation Alternatives.”
Scripting and Automation Scenarios
Scripting and Automation Scenarios Now that you’re armed with all this scripting and automation knowledge, it’s time to put it to use. For example, you want to boot your servers and workstations once a week. Unfortunately, the best time to do this is at 2:00 a.m. Sunday morning! Fortunately, you just learned how to script and automate tasks, so you won’t have to lose any sleep. The following script disables any logons via Remote Desktop Connection (RDC) or Terminal Services connections and sends a warning message to all connected users. It then waits 60 seconds and forces all running applications to close and reboot. reboot.cmd Change logon /disable shutdown -r -f -m \\MyServer -t 60 -d “Please Logoff the ➥System, it will be available again in 10 minutes”
To schedule this script to run at the desired time, you can set it via the Scheduled Tasks Wizard or use the SCHTASKS command as shown: Schtasks /create /tn OnlyOnSunday /tr “C:\reboot.cmd” /sc Weekly /d ➥Sun /st 02:00:00 /s MyServer /u admin /p password
Adding a Shortcut to a User’s Desktop As another example, perhaps you need to update a shortcut on users’ desktops.To save you the trouble of going to each machine, you can insert the following script in the logon script, or schedule it to run via the Scheduled Tasks applet: ‘Add Shortcut.vbs ‘create the Wshell object set shell=Wscript.CreateObject(“Wscript.Shell”) ‘Get the Desktop folder ADesktop=shell.SpecialFolders(“AllUsersDesktop”) ‘Create new shortcut and name it set NewScut=shell.CreateShortcut(ADesktop & “\Solitare.lnk”) ‘add details NewScut.TargetPath=”%systemroot%\system32\sol.exe “ NewScut.save
Modifying the Registry One of the most common situations you will encounter is having to modify the Registry on more than one system on your network at the same time.The following script listing illustrates how you can create and delete Registry entries:
475
476
Chapter 21
Scripting and Automation
‘ UpdateRegistry.vbs Dim WSHShell Set WSHShell = WScript.CreateObject(“WScript.Shell”) ‘Create with value ‘Top level key’” WSHShell.RegWrite “HKCU\MyRegKey\”, “Top level key” ‘Create key with value ‘Second level key’” WSHShell.RegWrite “HKCU\MyRegKey\Entry\”, “Second level key” ‘Set value to REG_SZ 1” WSHShell.RegWrite “HKCU\MyRegKey\Value”, 1 ‘Set value to REG_DWORD 2” WSHShell.RegWrite “HKCU\MyRegKey\Entry”, 2, “REG_DWORD” ‘Set value to REG_BINARY 3” WSHShell.RegWrite “HKCU\MyRegKey\Entry\Value1”, 3, “REG_BINARY” ‘Delete value WSHShell.RegDelete “HKCU\MyRegKey\Entry\Value1” ‘Delete key WSHShell.RegDelete “HKCU\MyRegKey\Entry\” ‘Delete key WSHShell.RegDelete “HKCU\MyRegKey\”
A whole book could be dedicated to creating scripts. Although that is not the focus of this book, some of the most commonly used scripts have been mentioned here. See the “For More Information” section at the end of this chapter for other useful sources.
Windows Remote Installation Service (RIS) One of the most time-consuming tasks for a network administrator is loading and configuring the operating system and applications on client computers. A basic installation of Windows XP, without any additional applications, can take over an hour to install and configure. Microsoft has provided a utility called the Remote Installation Service (RIS) to make it quicker and easier for the system administrator to automatically load and configure Windows. The RIS service enables the system administrator to create custom-built system images and place them on a distribution server.These images can be used to build a Windows 2000/XP/Server 2003 system from scratch.
Windows Remote Installation Service (RIS)
Using a PC equipped with a network card that supports the Pre-boot Execution Environment (PXE), the system administrator can boot from the network, attach to the RIS server, and load a preconfigured image.This simple, unattended installation can be performed by administrators or authorized users. RIS was originally introduced with Windows 2000 as part of the IntelliMirror technology. IntelliMirror is not a feature; it is a framework that includes other features, such as Group Policies, that enables network administrators to automate building, configuring, and maintaining servers and desktops. RIS requires operating in a Windows 2000/Server 2003 Active Directory domain. In addition, there are the following requirements: n n
You must be using Microsoft DHCP. You must be using a DNS server that is compatible with the DNS version supplied with Windows 2000 or Windows Server 2003.
n
Your RIS server has to be authorized.This authorization is accomplished in the same manner as a DHCP server is authorized in Windows 2000/Server 2003 Active Directory.
n
The volume used to store your RIS images must be formatted with NTFS, and it cannot be a system or boot partition. Although Windows XP Home Edition images can be created and distributed via RIS, Microsoft doesn’t officially support this procedure. To support Windows XP images on a Windows 2000 server requires Windows 2000 Service Pack 3 or the riprep.exe update.
n
n
n n
RIS can be installed only on a Windows 2000/Server 2003 server. For a client to receive an RIS-generated system image, its NIC must support the Pre-boot Execution Environment (PXE) standard or have a network driver included with the RIS boot disk.
RIS is installed just like any other service on a Windows 2000/Server 2003 server. Just go to Add/Remove Programs in Control Panel and select Add/Remove Windows Components. Follow the prompts to install and configure RIS using the Remote Installation Service Setup Wizard.The wizard creates the initial folder structure, installs and configures the required components, and loads the initial Windows image on your server. RIS can create two types of images: CD-based and RIPrep images.The CD-based image is just what the name suggests. It is similar to loading a CD and installing Windows XP. The CD-based option allows you to install a preconfigured version of Windows in an unattended mode. The RIPrep image is more versatile.This type of image is created by loading Windows 2000/XP/Server 2003 and any other applications and utilities needed on a reference computer. After this has been completed, the system administrator runs the RIPrep
477
478
Chapter 21
Scripting and Automation
Wizard.This wizard then removes any computer or user-specific information and loads the completed image on the RIS server. After the RIS server has been configured with the images, they can be used to image client computers.The client can receive the RIS images in one of two ways. If the client computer has a PXE-compatible network card, the user can just power on the computer and select the Boot from Network Card option. If the client computer does not have a PXE-compatible NIC, you can use the RIS boot disk, which is created with the Remote Boot Disk Generator Utility (RFBG.EXE).This utility is installed on the server when RIS is loaded, and it builds a boot disk that simulates the code in the PXE ROM. However, the boot disk supports only a limited number of network cards, all of them Peripheral Component Interconnect (PCI) cards.This prevents you from using RIS with laptops. As part of the PXE startup process, the computer receives an IP address from the DHCP server and locates the RIS server. Depending on how the RIS server is configured, the operating system load automatically starts, or the user is presented with a menu of choices of images to load. RIS is flexible because you can control which users have access to RIS images.This enables you to limit the use of RIS to help desk or system administration personnel, or even let users load their own images. Although RIS has the potential to save system administrators a lot of time and effort, there are a few disadvantages, as in the following: n
A separate RIS image must be created for each machine with a different Hardware Abstraction Layer (HAL). For example, a RIS image created on an Advanced Configuration and Power Interface (ACPI)–compliant machine cannot be used on a non-ACPI-compliant machine.
n
RIS requires an Active Directory domain. RIS supports only a limited number of network cards, all of which must be PCI. That means RIS does not currently support laptops.
n
n n
RIS does not support upgrades and is capable only of running a fresh install. RIS can image only the C drive.
Troubleshooting Scripting and Automation Even the best of us cannot create error-free processes all the time. One of the most important parts of working with scripting and automated processes is learning how to troubleshoot them.
Troubleshooting Scripting and Automation
Troubleshooting Problems with Scripts Diagnosing problems with scripts is one of the most difficult parts of learning to write them. Scripts should always be thoroughly tested, preferably in a safe test environment, before running them in a production environment. Scripts can be afflicted with a variety of errors, but the most common type of scripting error is a syntax error. A syntax error happens when the scripting code does not follow the scripting language’s spelling or formatting rules.Typical examples of these errors are misspelled words or omitted parameters. Most commands have to be spelled out with just the right number of parameters in exactly the right order. Another type of error is the runtime error, which is discovered only when you are actually running the code.Typical causes are improper use of commands or variables that were not properly initialized. A common problem is that when using environment variables, the system on which you tested the script might have had a different set of system variables from your production system. The final type of error is the logic error. Logic errors are generally the most difficult to find because everything seems to be fine, but for some reason, two plus two now equals six! Although the other types of errors generate error codes, a logic error might go unnoticed for years.Typically, programmers find most logic errors by crawling through the code and checking everything carefully; however, the best way to find logic errors is by using a debugging program. Tip Sometimes, it helps to have others look through your code. They might spot the error immediately. It is easy to get so wrapped up in looking at the details of the code that you cannot see simple, obvious mistakes that someone else can see immediately.
Last, but certainly not least, always include detailed remark statements in your code.They make it easier if someone else has to maintain your code. In addition, you might have forgotten why you made certain decisions when you’re trying to fix your own code months after you originally created it.
Troubleshooting Problems with the Scheduled Tasks Applet The Scheduled Tasks applet is one of the most improved features in Windows XP. However, occasionally a scheduled task fails to run. By running the Scheduled Tasks applet in Details view, you can see a Status column indicating the status of all tasks.The status indicators are listed in Table 21.6.
479
480
Chapter 21
Scripting and Automation
Table 21.6 Scheduled Tasks Status Indicators Indicator
Meaning
Blank
The task is not currently running. Either it has been completed, or it has not been run yet. The task failed to start. The time window was missed. The task is currently running.
Could Not Start Missed Running
In addition to the status indicators, the Last Result column can give you some insight into Scheduled Tasks problems. Any result not equal to zero usually indicates that the task was not completed properly. The Scheduled Tasks applet logs all its operations to a file.You can view this file by doing the following: 1. Click Start, Control Panel. 2. Double-click the Scheduled Tasks icon to open the applet. 3. Choose System, Advanced from the menu, and then select View Log.The Scheduled Tasks log opens in a Notepad session. Note The most common error with scheduled tasks is an incorrect user account and/or password. Make sure the user account you are using to run the task has the proper permissions to all resources required to complete the tasks. In addition, unlike previous versions of Windows, XP will not run a task when the user account has a blank password.
When examining the Scheduled Tasks logs, you should look for the following: n n n n n
Which tasks were run The exit code of the task Errors caused by insufficient permissions Errors caused by typos in the commands Errors caused by syntax errors
Tip The most recent entries to the Scheduled Tasks logs are at the bottom of the file.
It is important to remember that the AT command and the Scheduled Tasks Wizard maintain their own separate lists of tasks.When using both methods, it is easy to inadvertently schedule the same task to run at the same time.This can cause both tasks to fail because they are competing for the same resources.
Third-Party Scripting and Automation Alternatives
Note A missed task is one that was scheduled at a specific time, but could not run because the computer and/or the Scheduled Tasks service were not operational. The missed task notification occurs after the computer or the Scheduled Tasks service is restarted, and the Scheduled Tasks service notices that the current time exceeds the next runtime of a task. When this happens, a system message is sent to the user, and an entry is inserted into the Scheduled Tasks log.
The default size of the log is 32KB, and it wraps around when it reaches its maximum size. In case you need to archive the file, it is named SchedLgU.txt and is stored in the %systemroot% folder.
Third-Party Scripting and Automation Alternatives This section looks at some of the available third-party scripting and automation solutions.There are a number of alternatives to the Windows XP Scheduled Tasks applet and the included WSH languages.
Arcana Scheduler Arcana Scheduler from Arcana Development LLC is a replacement for the Scheduled Tasks applet included in Windows XP.The Arcana utility expands on the basic functionality of the XP Scheduled Tasks applet by permitting more sophisticated scheduling, such as the recognition of user-editable holidays, and offers Execution chaining and Execution conditions.You can find more information about this utility and download an evaluation copy at http://www.arcanadev.com.
Macro Scheduler Macro Scheduler from MJT Net Ltd. is a solution that covers scripting, macros, and scheduling.The Macro Scheduler is a visual tool that enables you to create scripts without having to hash out code. A person who has never written scripts can quickly and easily create complex scripts using this tool. In addition, you can use this utility to create macros to automate anything from backups to checking e-mail.There is also a Macro Scheduler VBScript edition that enables you to embed VBScript code within your Macro Scheduler scripts.You can find more information about this utility and download an evaluation copy at http://www.mjtnet.com.
OpalisRobot Another third-party application for scheduling jobs is OpalisRobot by Opalis Software, Inc. OpalisRobot is a powerful scheduler application that you can use to automate
481
482
Chapter 21
Scripting and Automation
different tasks under Windows XP. OpalisRobot is an event-driven program that is powerful and easy to configure. It can monitor different Windows XP services and events, and can react to them according to a set of rules you configure. A trial version of this utility can be downloaded from http://www.opalis.com.
Opalis JobEngine Another product from Opalis Software is Opalis JobEngine, a stripped-down version of the OpalisRobot offering. It includes all the sophisticated scheduling functionality of OpalisRobot, however. JobEngine is intended for use when the advanced monitoring functions of OpalisRobot are not needed.You can find it at http://www. opalis.com.
ScriptLogic This useful GUI tool enables you to create user profiles and scripts on-the-fly. ScriptLogic is especially good for customizing the user interface and creating login scripts.You can find more information at http://scriptlogic.com/eng/ home.asp.
Perl Practical Extraction and Reporting Language (Perl) is a scripting language that has been around for quite a few years. Both commercial and freeware versions are available for just about every computing platform. For more information on Perl, visit http://www.perl.com. Active State has a freeware version of Perl available as an ActiveX Scripting engine that can be used with Windows Script Host. For more information, visit the Active State Web site at http://www.activestate.com/ Products/ActivePerl/index.html.
Python The Python scripting language is somewhat newer than Perl, but is rapidly gaining in popularity. It is available for Windows and various versions of Unix. Active State has a freeware version of Python available as an ActiveX Scripting engine that can be used with Windows Script Host. For more information, visit the Active State Web site at http://www.activestate.com/Products/ActivePython/index.html.
For More Information For more information about Windows XP scripting and automation, please consult the following resources:
For More Information
n
n
n
n
Borge, Stein. Managing Enterprise Systems with the Windows Script Host. APress, 2001. ISBN: 1893115674. Eck,Thomas. Windows NT/2000 ADSI Scripting for System Administration. New Riders Publishing, 2000. ISBN: 1578702194. Hill,Tim. Windows NT Shell Scripting. Macmillan Technical Publishing, 1998. ISBN: 1578700477. Hill,Tim. Windows Script Host. Macmillan Technical Publishing, 1999. ISBN: 1578701392.
n
Honeyman, Jeffrey. Scripting Windows 2000. Osborne McGraw-Hill, 2000. ISBN: 007212444X.
n
Knittel, Brian. Windows XP Under the Hood: Hardcore Windows Scripting and Command Line Power. Que, 2002. ISBN: 0789727331.
n
Microsoft KnowledgeBase: http://support.microsoft.com/. Microsoft Scripting Technologies Web page: http://msdn.microsoft.com/scripting/default.htm. The Microsoft System Administration Scripting Guide, part of the Microsoft .NET Server Resource Kit.
n
n
n
Russell, Charlie et al. Microsoft Windows 2000 Server Administrator’s Companion. Microsoft Press, 2000. ISBN: 1572318198.
n
TechNet (the technical subscription service from Microsoft): http://technet.microsoft.com/. Weltner,Tobias. Windows 2000 Scripting Secrets. John Wiley and Sons, 2001. ISBN: 0764546848.
n
n
The Windows Script Host FAQ Web site, hosted by Ian Morrish, contains a variety of information about WSH and lots of sample scripts: http://wsh.glazier.co.nz.
483
22 Tuning and Optimizing Windows XP
A
LTHOUGH MICROSOFT HAS CONTINUED TO IMPROVE the various versions of Windows over the years, any out-of-the-box operating system can be improved. It is impossible for anyone, even Microsoft, to create an OS that will be perfect for all situations.Taking the time to fine-tune Windows XP can greatly improve performance and reliability.
This chapter takes a look at the Performance utility (which includes the System Monitor and the Performance Logs and Alerts snap-ins), Network Monitor, and a handful of other tools included with Windows XP.There’s also some discussion about Windows 2000/.NET Resource Kit utilities. After you have a grasp of the tools and an understanding of the basics of performance tuning, you’ll learn about some specific actions you can take to improve your system’s efficiency and speed.
Establishing a Baseline The art and science of performance tuning require a general understanding of the normal operational parameters of the system being tuned. In other words, if you don’t know how a system typically operates, you won’t know how to improve it or know whether some part of the system isn’t performing as well as it once did. Establishing a measurement of common operation levels gives you insight on what components can be improved, how much improvement can be gained, and how much improvement you’ve obtained.This measurement standard is called a baseline. Establishing a baseline is simple, but often tedious. It involves recording performance information for each aspect or component of a system over a reasonable length of time. From this data set, you can derive the average performance levels for each component.
486
Chapter 22
Tuning and Optimizing Windows XP
After you understand the normal operating parameters, you can use this information to evaluate future levels and calibrate system changes. The primary tool for establishing a baseline (excluding third-party utilities) is the Performance utility.With the Performance utility, you need to record from days’ to weeks’ worth of performance data for each major object in your system (CPU, memory, disk, network, and so on).Then, using all views in the Performance utility (Graph, Histogram, and Report), you can extract the median performance level (and even its standard deviation) for each important counter or object. Tip For a quick snapshot of system performance—for example, if you just started a program and your system has noticeably slowed down—you can use the Task Manager. With this utility, you can get a real-time view of system performance and diagnose temporary performance problems. For an overview of Task Manager, see the “Task Manager” section later in this chapter and Chapter 23, “Managing Applications.”
Windows XP is a modular, object-oriented operating system. Each subsystem within Windows XP is an object. For example, the CPU is an object, the memory is an object, the storage subsystem is an object, and so on. As your computer performs tasks, each object generates performance data. Each object has several performance-measuring functions called counters, which offer insight into a different aspect or function of the object.The CPU object (called Processor in the Performance utility), for example, has counters that measure the percentage of active time, percentage of time used by user applications, number of interrupts per second, and more. Performance utilities take advantage of this design by reading the counters and then displaying the information in a human-readable format (numbers or graphs). Note A counter is a unit measured by the Performance utility to establish whether the component the counter is related to is performing optimally.
Although the number of objects available for monitoring vary by system, these are the objects you need to monitor closely for performance issues: n n n n
Memory Processor Physical Disk Network
The Performance utility enables you to log on an object basis and a counter basis.This means you can configure a log to record all data for an object instead of using individual
Working with System Monitor
counters.Therefore, after a log file is recorded, you can select any counter from an object to examine. After you determine what to record, you need to determine two timerelated factors—the measurement interval and the length of time to record the log file— using the following guidelines: n
The measurement interval determines how often a performance reading is taken. Too short an interval can produce results that are not truly representative of the system and cause additional workload on your system.Too long an interval might hide performance changes. Although most readings are insignificant in their effect on overall performance, frequent readings can cause significant performance degradation.
n
The length of time over which a log file is recorded should be long enough to capture all normal operational activities—typically, at least a week. A shorter time period might not offer you a complete picture of your system’s normal weekly performance.
Tip Unless there are batch jobs running at all times, the typical Windows XP computer is in use for only a set number of hours a day. An average reading that includes time periods when the user and computer are sleeping won’t accurately reflect performance.
Balancing the number of objects recorded in a log file at one time against the load placed on the system is also important.Typically, recording more than three or four objects at a time is not recommended. So when 16 objects are required to establish a complete baseline, for example, you are better off recording a week’s worth of data for four objects over four weeks. The Performance utility is the built-in investigation tool in Windows XP. Although it has some limitations and few automated capabilities, it is a useful tool in a system administrator’s arsenal.This utility can measure the operations of a standalone system or an attached network, or it can manage measurements from multiple remote systems.The Performance utility is actually a combination of two Microsoft Management Console (MMC) snap-ins. One, the System Monitor, is available only by accessing the Performance utility.The other, Performance Logs and Alerts, is available via any MMC console.
Working with System Monitor The System Monitor component is used to view real-time measurements (see Figure 22.1) or to review data stored in a log file. Each counter is displayed as a colored line. You can view multiple counters simultaneously from the same system or from remote systems.
487
488
Chapter 22
Tuning and Optimizing Windows XP
View Current Activity
View Graph
New Counter Set
Clear Display
Delete Counter
View Histogram
View Log Data
Copy Properties
View Report
Highlight
Add Counter
Update Data Properties
Help
Freeze Display
Paste Counter List
Figure 22.1 You can view performance-related information in the System Monitor snap-in.
The System Monitor provides views of performance data in three formats: n n n
Graph Report Histogram
Graph View The Graph view is the default view you see the first time you start System Monitor.You can use this view to examine real-time data or stored information from log files. By default, it is populated with three counters that track memory, disk, and the processor. You can use these default real-time counter measurements to quickly check the effect of a recent system adjustment. To add counters to the System Monitor, click the Add Counter button (the plus sign on the toolbar) to open the Add Counters dialog box (see Figure 22.2). In this dialog box, you can select counters based on the host computer (local or remote), the object, the object’s instance (when multiple instances of the same object are present on the computer, such as three disk drives or two network interface cards [NICs]), and the counter itself.To obtain information about the selected counter, click the Explain button. After you’ve added counters, you can configure options to modify the counter’s appearance, such as color, line width, and line style, by right-clicking the counter and selecting Properties.The Scale setting is used to tune the measurements to fit better on the display screen or to more closely match the magnitude of other counters.
Working with System Monitor
Figure 22.2 You can select which items to measure in the Add Counters dialog box.
You can use the System Monitor Properties dialog box (accessed by clicking the Properties toolbar button) to control the display area as follows: n n n n n n n
Change the background, foreground, or text colors Display the legend and value bar Display vertical or horizontal grid lines, or both Display the vertical scale labels Display as a graph (like an EKG) or as a histogram (like a thermometer bar) Set the vertical maximum Set the measurement interval for automatic updates or specify when manual updates should occur
The main area of the System Monitor is the display area where the measurements are plotted. From the left border to the right border, the display is divided into 100 intervals. No matter how small or large the window, it displays only 100 measurements.When displaying real-time measurements, the values wrap around from the right to the left, overwriting the older values.When displaying historical measurements, the total number of values is reduced to 100 points by using evenly spaced values throughout the log file. Note If you check the Duration field at the bottom of the Graph view, you’ll notice that the default setting is 1:40. This is determined by 60 seconds (1 minute) plus 40 seconds to equal 100.
At the bottom of the System Monitor are a selected counter detail line (a value bar) and a list of all displayed counters (a legend) with their selected properties.When a counter is selected in the legend, its details (Last, Average, Min, and Max) are displayed in the value
489
490
Chapter 22
Tuning and Optimizing Windows XP
bar. Pressing Backspace when a counter is selected toggles the highlight for the selected graph line. In all views of System Monitor, you can save a configuration file for each view or for all views together so that your settings and counter/object selections are retained. A stored configuration file can be reloaded during future sessions of the Performance utility on the same or a different system. All locally referenced counters become local to the new machine, but all remotely referenced counters retain their original designations.
The Report View The Report view (see Figure 22.3) is a snapshot tool that generates an organized report of counter values and is accessed by clicking the View Report button in System Monitor.The Report view is almost useless when working with real-time data, but when working with logged data, it is a great tool for extracting averaged information quickly. Real-time data is displayed on an instantaneous basis, meaning that the data collected from the current measurement interval is displayed. Logged data is shown as an average over the selected time window.Therefore, with the Report view, you can see the average levels of counters over a five-minute period, a five-day period, or whatever time frame you specified.The Report view is often used to create quick baselines simply by viewing various time windows from log files.
Figure 22.3 The Report view provides real-time data in text format.
Adding counters to the Report view is just like adding counters to the Chart view. Simply select the computer, object, instance, and counter in the Add Counters dialog box (accessed by clicking the plus button). Selected counters are displayed in order of computer, object, instance, and counter in an easy-to-read format suitable for printing. The only control in the Report view is the measurement interval.
Working with System Monitor
Histogram The Histogram view of your system performance looks like a bar chart (see Figure 22.4).This view is more useful for real-time data, as it enables you to view your system’s performance at a glance. Adding counters to the Histogram view is just like adding counters to the other views.
Figure 22.4 The Histogram view provides a bar chart of measured objects and counters.
The Alerts Container The Alerts container is used to define threshold alerts (see Figure 22.5).These alerts can be used with real-time measurements or with historical log files. An alert is issued when a specific counter crosses a defined threshold value.When this occurs, a trigger event is initiated.The following are trigger events: n n n n
Logging the alert in the Application event log Sending a network message to a user or group Starting a performance data log Running a program or batch file
To add an alert, you simply right-click on the Alerts container and choose the New Alert Settings option.You are then prompted to enter a name for the alert, followed by a window for selecting the counters to be monitored. In the Alert When the Value Is section, you define the threshold of a specific value and specify whether the alert should occur when the measurements are above or below that value.The only trigger event defined on a counter level is starting a program or batch file.This event can take place only the first time or every time the alert occurs.
491
492
Chapter 22
Tuning and Optimizing Windows XP
Figure 22.5 The Alerts container is where you configure alerts and determine actions to take when a counter reaches a specified threshold.
he Send a Network Message to Alert option in the Alert Properties dialog box is limited to a single name. If you need to send an alert to more than just one user or the members of just one group, you must use a batch file to launch a command-line messaging tool. To send network pop-up messages, you can use the NET SEND command in a batch file. (The NET SEND command is covered along with many other commands in Appendix C, “Windows XP Command-Line Reference.”) If you want to send Simple Mail Transfer Protocol (SMTP) e-mail messages, you’ll need a third-party tool to use in a batch file. Alerts are most often used to monitor systems in real time.You can set an alert to notify you when a specific event occurs. Some of the conditions you might want to configure an alert for are low disk space, swap file usage, and task queues for network cards and CPUs. Any of these items can point to a current or potential system problem.
Counter and Trace Logs In Windows XP, two different log options exist.The first, Counter Logs, records the activities of an entire object (that is, all counters of the selected object) or individual counters into a file, which can be viewed later.The utility’s logging capabilities are by far its most valuable asset.The logging operation is quite simple: 1. Select the Counter Logs entry in the left pane of the Performance utility. 2. Double-click the log in the right pane to open its Properties dialog box. 3. In the General tab, select the counters to add to the log by clicking the Add Counters button (see Figure 22.6).The added counters are displayed in the Counters list box.
Working with System Monitor
4. Define a path and filename for the log file in the Log Files tab, and set the interval (the default is 15 seconds). 5. Click OK to save your settings and close the Properties dialog box. 6. Right-click the log in the right pane and then click Start Log. 7. When you want to stop logging, right-click the log in the right pane and then click Stop Log.
Figure 22.6 You can add objects and counters and configure log file settings in the System Overview Properties dialog box.
The only limitation to log file recording is the free disk space on the destination drive; if your hard disk is full, the log file cannot record unless it is emptied or deleted. Tip You should always name your log files as descriptively as possible within the 255-character filename limitation. Try to include the name of the system, the start and end date/time, and the object names recorded. A properly labeled log file is easier to use and locate.
After a log file is recorded, it can be loaded into the System Monitor utility by clicking the View Log Data button on the toolbar. Just specify the path and filename of the log file and click OK.You can return to viewing current activity (real time) through the System Monitor Properties dialog box as well. A time window is a selected block of time from a log file.When a log file is used as the source of data, the System Monitor utility automatically sets every data point within the log file as active—that is, it views data from the start to the end of the log file.Through the use of a time window, you can shorten or otherwise alter the data in use.The Schedule tab of the log’s Properties dialog box reveals the Time Range settings.You can
493
494
Chapter 22
Tuning and Optimizing Windows XP
slide the start and end points manually to select your start or stop points. Only the data in the selected time frame (between the start and stop points, shaded in gray) is used by the System Monitor utility. While a log file is being recorded, don’t try to view it from the same instance of the Performance utility that is performing the logging. If you need to view the contents of the open log file, use another instance of the Performance utility.You can view all data points up to the point when you opened the log file, and new data continues to be recorded into the file by the first instance of the Performance utility. After a log file is recorded, you can append and resample the file to combine multiple files or to remove questionable readings.To record new data into an existing log file, just specify the path to the existing file in the Log Files tab of the log’s Properties dialog box. You can also change the sampling interval for a log file.The Performance utility averages surrounding data points to extract missing data.The only restriction to this process is that log files must be combined in chronological order.The System Monitor utility cannot sort out-of-order log files and cannot read the data. Tip When recording a log file for the PhysicalDisk and LogicalDisk objects, don’t record the file to the same drive being measured. You are not recording accurate values because the act of reading the object and writing to the drive adds a significant amount of workload.
If a process is not active from the moment a log file is recorded, it initially does not appear in the instance list when viewing data from that log file. Instead, you must alter the time window to the point at which (or after) the process is active.The process then appears in the instance window.
Trace Logs The Performance utility also offers the capability to create Trace Logs, which are used to record application events when a specific system event occurs. Developers commonly use Trace Logs to trace an application’s interaction with the operating system.Trace Logs are configured the same way as counter logs.
Characterizing System Performance The Performance utility is your primary tool for recording performance data from which to extract a baseline.You can manually extract a baseline by viewing log file data in the Graph view.You can also use the Report view to generate averaged values over various time windows. Create a report that includes all the counters that interest you. (Several important counters you might want to include in your reports are examined in
Key Objects and Counters
the “Key Objects and Counters” section later in this chapter.) Then define various time intervals to get a multiperspective picture of your system’s performance. Some suggested time intervals are as follows:
n
5-minute blocks every 30 to 60 minutes 30-minute blocks every 1 to 2 hours 1-hour blocks every 2 to 4 hours 6-hour blocks 24-hour blocks
n
Full-week blocks
n n n n
Viewing your report for each of these intervals gives you plenty of information about the average or normal activity of your system.This information is the baseline. All future measurements should be compared to this baseline to determine whether performance has improved or degraded. You should update your baseline regularly. If your system changes frequently, your update time frame can be short (such as every month). If your system changes very little over time, your update time frame can be longer (such as every quarter or every six months). As your network grows and evolves, its performance changes.You need to be aware of these changes and their magnitude. Each time you create a new baseline, take the time to compare it to your previous baseline.This helps identify the areas of a system where performance problems are most likely to occur.The areas with the most change (toward higher loads or slower performance) are often candidates for future problems. If you don’t know where to start when creating a baseline, start with recording log files for the following objects: Memory, Processor, System, Network Segment, Network Interface, LogicalDisk, and PhysicalDisk. Using these object-level log files and the counter-specific information, you’ll have a solid basis for designing your own system-specific baseline.
Key Objects and Counters The following sections describe some subsystem-specific objects and counters with typical measurements of which you should be aware. Keep in mind that this list does not contain all possible bottleneck identifiers, nor do the discussed values necessarily indicate a bottleneck on your system. If you are unsure of what is normal on your system, the details in these sections will be of little use to you.You cannot properly evaluate your system without first establishing a baseline. .
For a full listing of all objects and counters, see Appendix D, “Windows XP Performance Monitor Objects and Counters,” p. 789.
495
496
Chapter 22
Tuning and Optimizing Windows XP
Memory Object The Windows XP memory system is based on the concept of virtual memory.The physical RAM is combined with space from a swap file stored on the hard disk to provide plenty of accessible memory.The Virtual Memory Manager (VMM) from Executive Services manages swapping pages in and out of RAM. Because disk systems are often 10,000 times slower than physical RAM, the goal of memory management is to reduce paging as much as possible.This is most often accomplished by installing enough RAM so that the foreground application does not cause paging. You need to watch your memory performance for the following two situations: n
n
Watch for memory becoming a bottleneck (meaning the CPU and other components wait on memory before they can accomplish a task). Watch for abnormal virtual memory performance (a constant high level of page faults).
You can easily discover memory bottlenecks by watching counters for the following objects: n
Memory: Pages Input/sec. When this counter remains at a low value (2 or less), it indicates that all operations are occurring within physical RAM.This means paging is not occurring and, therefore, is not the cause of the performance degradation.
n
LogicalDisk: % Disk Time and Processor: % Processor Time. These and other percent-active or utilization measurements remain low, even during highwork operations and tasks. Sustained percentages of 90% or higher, however, might indicate that a storage device or processor is too slow.
Tip When measuring an object, try to record or obtain the measurements by a pathway other than over the object being measured. Don’t record a log file to the same drive being measured, for example, and don’t obtain network performance information remotely over the same interface transmitting the data; otherwise, the data you are collecting could be incorrect because of the measurement activity.
When both conditions are met, the physical RAM of your system is suspect. Most likely, it is too low for your system and the services it hosts. Additionally, you might need to consider upgrading your processor and motherboard. Virtual memory–related bottlenecks are also easily revealed.They involve watching for hard page faults. In a hard page fault, a requested memory page must be moved from the swap file to physical RAM. A high level of hard page faults degrades system performance. Soft page faults occur when the requested memory page is already in physical RAM
Key Objects and Counters
and don’t have the same effect on the system as a hard page fault.These are the three counters for determining the level of hard page faults: n
n
n
Memory: Page Faults/sec. Measures the number of page faults (hard and soft) per second. Memory: Pages Input/sec. Measures the number of pages read from the disk every second (hard page faults).This counter measures pages read, not disk accesses. Memory: Page Reads/sec. Measures the number of disk reads per second involved in hard paging.This counter measures disk accesses, not individual pages read.
Add all these counters to the System Monitor (from either the current activity or a log file). Look at the lines for Page Faults and Pages Input.Where these two lines intersect, the VMM is reading a page from the swap file (a hard page). Compare the values of Pages Input and Page Reads.Where these two lines intersect, one page is read per disk access.When there is space between the two lines, there are multiple page reads per disk access. Excessive hard paging occurs when more than 20% of the total number of page faults result in a disk access (Pages Input/Page Faults). A consistent level of Page Reads above 5 also indicates excessive hard paging. Another method to determine whether virtual memory is a bottleneck is examining the amount of disk time consumed by page faults.When more than 10% of disk activity is caused by page faults, you need to adjust your system (such as adding more physical RAM). Use the following counters to determine the portion of disk activity used by paging: n
LogicalDisk: Avg. Disk Read Queue Length: _Total. Measures the average number of disk tasks waiting to be processed. A consistent value of 2 or higher indicates a bottleneck.
n
LogicalDisk: Disk Reads/sec: _Total. Measures the number of disk reads per second.
Too little physical RAM causes excessive paging.This is evident by a lengthy disk queue and by the amount of disk time used by paging (Memory: Page Reads/sec and LogicalDisk: Disk Reads/sec). If more than 10% of active disk time is caused by paging, your system needs more physical RAM. A third method to detect virtual memory problems is to monitor page file (swap file) usage. As more memory space is needed,Windows XP uses more disk space to store memory pages.The page file can grow until the limit defined in the System applet is reached or until all available disk space is used.You can monitor the page file size by
497
498
Chapter 22
Tuning and Optimizing Windows XP
viewing the Process: Page File Bytes counter. If the page file is reaching its maximum size, your system needs more physical RAM or a larger swap file. To eliminate virtual memory bottlenecks, you can take several actions.The following list of suggestions is in recommended trial order: 1. 2. 3. 4. 5.
Install more RAM. Define a larger maximum swap file size. Use multiple fast drives to host the swap file. Use only required applications and services to reduce memory usage. Install a faster drive subsystem (controller card and drives) to host the swap file. (Note:This usually means SCSI.) 6. Don’t put your page file on a RAID device (with the exception of RAID 0). Because most types of RAID write to multiple locations, this can slow performance. In addition, a page file does not need to be fault tolerant.
Processor Object The processor, or CPU, is the heart of a computer. All data transactions and calculations are made by or through the processor. It is important to maintain a system in which the CPU is not a bottleneck. Before you can determine whether the CPU is a bottleneck, you need to check memory, applications, and disk subsystems. You can use the following counters to identify processor bottlenecks: n
Processor: % Processor Time. Measures the time the CPU is actively processing non-idle work. Although this counter often peaks around 100%, it should not consistently remain above 90%.
n
Processor: % Total Processor Time. Provides the same type of information as the preceding counter but for multiprocessor systems. System: Processor Queue Length. Measures the number of threads waiting for CPU execution time. A consistent value of 2 or higher indicates that the CPU cannot keep up with tasks.
n
CPU bottleneck removal is often an expensive task.You can try several actions, however, before replacing the CPU.The following is a list of suggestions: n n
n n
Remove all screensavers that are graphics-intensive. Reduce the number of large applications (that is, move heavy applications to other systems). Reduce the execution priority of unimportant processes. Upgrade older motherboards.
Key Objects and Counters
n n
Install a faster CPU. (This might require replacing the motherboard and memory.) Install a second (or third or fourth) CPU.
Disk Objects Disk bottlenecks are defined by the speed at which data is written to and read from storage devices.When the disk subsystem is operating slowly, the entire computer’s performance suffers. Because Windows XP relies on hard drive space for virtual memory management, a fast disk subsystem (that is, SCSI) is often a significant speed improvement throughout a system. The two disk objects in the Performance utility are PhysicalDisk and LogicalDisk. PhysicalDisk focuses on a hard drive as a whole device; LogicalDisk focuses on volumes by drive letter. Disk bottlenecks are sustained levels of activity for significant periods of time. A % Disk Time value at a consistent level of 85% or more might indicate a problem, but this factor should not be considered in isolation.You need to combine it with other symptoms, such as an Avg. Disk Queue Length of 2 or more. Disk bottlenecks are most often eliminated by device replacement, but there are actions you can try to see whether they remedy your disk bottlenecks.The following is a list of suggestions: n
n
n
n n
n n n
Defragment the drive. Although Windows XP includes a basic defragmentation tool, there are many different utilities that are more advanced than the built-in one. For example, you can download a trial version of Symantec’s Norton Tools Speed Disk (http://www.symantec.com/).The Windows XP Defragmentation tool is a basic version of the more advanced Diskeeper product that is licensed from Executive Software (http://www.execsoft.com/). Avoid using compression on files and folders that the system, applications, and users often access. Install faster drives and drive controllers; this means a SCSI disk subsystem with seek times and transfer rates better than the currently installed set. Buy 32-bit or 64-bit bus-mastering drive controller cards. Buy drives that use faster drive technologies (such as Ultra ATA/133 or Wide Ultra SCSI). Use drive controllers that support asynchronous I/O. Install drives on separate controller cards. Use RAID to distribute workloads across multiple devices.
499
500
Chapter 22
Tuning and Optimizing Windows XP
Network Objects Network bottlenecks often involve the capability of a computer to transmit and receive data—that is, the network interface. Network bottlenecks, however, are not limited to local NIC problems.They can also include server overload (when a system is not responding to requests properly), network overload (when the medium is supporting too much traffic), and data loss (when a physical or configuration problem causes data to be lost or corrupted). Examining the following counters can reveal some general networking problems: n
Network Interface: Bytes Total /sec. Measures the traffic load on the NIC. During active use, if this value remains below 75% of the device’s rated capacity, communication is not occurring as freely as it should.
n
Network Interface: Current Bandwidth. Measures the current level of available bandwidth.This value changes only on variable-bandwidth devices, such as modems or other bandwidth-on-demand devices.
n
Network Interface: Output Queue Length. Measures the number of packets waiting to be processed by the NIC. If this value remains at 2 or higher, your NIC is too slow.
n
Network Segment: % Network Utilization. Measures the amount of bandwidth actually being used for data transmission. If this value remains at 80% or higher, your network technology might not be suitable for your level of network activity.
n
Redirector: Server Sessions Hung. Measures the number of active sessions that have timed out because of failures in communications.This counter is cumulative. A value of 5 or more within a short time frame (about four hours) might indicate a network problem.
n
Redirector: Current Commands. Measures the number of queued service requests.When this value is more than two times the number of NICs plus two, a network bottleneck exists.
n
Server: Sessions Errored Out. Measures terminated sessions caused by error conditions or dropped communications.This counter is cumulative. A value of 5 or more within a few hours might indicate a network problem. Server: Work Item Shortages. Measures the number of requests that fail because the system is unable to provide resources to handle the task. A value of more than 3 indicates a problem.
n
Network bottlenecks can be resolved or eliminated in several ways, from modifying your workload to exchanging devices.The following are some suggestions to improve network performance: n n
Install required protocols and services only. Remove or disable all NICs, protocols, and services not in use.
Identifying Bottlenecks
n
n n
n
n
n n
Bind the most often used protocols and services in priority on NICs—that is, give the highest priority to the resource used most often. Install more RAM on servers. Use the same speed NICs on all network members.The network operates at the speed of the slowest device. Use NICs from the same vendor and, if possible, of the same type to maintain a high level of consistency, compatibility, and similarity of performance. Don’t rely on auto-sensing. Manually configure the speed of your NIC on your machine and on your switch ports. Use 32-bit or 64-bit PCI bus-mastering NICs. Divide your network into multiple logical segments. Use multihomed servers or routers to enable communication between segments.
Identifying Bottlenecks A bottleneck is a component in a computer system that is preventing some other part of the system from operating at its optimum performance level. A bottleneck does not necessarily refer to components operating at 100% of their capability. It is possible for components operating at only 60% to slow down other components. Bottlenecks can never be fully eliminated; there always is a slowest or limiting component.The goal of removing bottlenecks is to attempt to make the user the most significant bottleneck rather than have a computer component as the bottleneck.This way, the system will be faster than its user. Bottleneck discovery and elimination is not an exact science. In fact, it’s not even an automated process.Through a comparison between a baseline and current or recorded activity, you need to decipher the clues that might indicate a bottleneck.The “Key Objects and Counters” section earlier in this chapter discusses several counters and common values that can indicate a bottleneck. Every system is different.You need to use the methods discussed in this chapter and learn to apply them to your own unique situation. A measurement value that indicates a bottleneck on one system might not be a bottleneck on another.Typically, you want to look for areas of your computer that are operating outside your normal baseline measurements or that are affecting other components adversely. After you identify a trouble spot, you need to take action in software configuration or hardware replacement to improve the performance of the suspect area. Don’t just look for low-throughput measurements. Other common telltale signs of bottlenecks include long task queues, resource request patterns, task frequency, task duration, task failures, retransmissions or re-requests, and system interrupts.With a little practice and by using some of the suggestions in this chapter, you are sure to get a feel for bottleneck discovery.
501
502
Chapter 22
Tuning and Optimizing Windows XP
Troubleshooting System Monitor Problems The System Monitor utility is a good tool, but it does have limitations.You need to be aware of several issues and workarounds to extract the most out of this bundled tool. This section looks at a few troubleshooting issues and gives some tips for using the Performance utility.
Process Time Starvation The Performance utility, or any other process, can exhibit process time starvation on active systems. Process time starvation occurs when the process does not receive enough execution time to perform its tasks adequately. For the Performance utility, it can mean missing data points or providing skewed measurements.You can attempt to track this problem by viewing the Process: % Processor Time, Process: % User Time, and Process: % Privileged Time counters for the starving process. If these counters do not indicate a level of activity above 1% for an extended period of time, the process is being starved. If a process is being starved, you must move that process to a different system or reduce the workload on the current system to obtain more CPU time. In some cases, just increasing the execution priority of the starved process can help. Because Microsoft built in only 4 levels of user priority settings out of the 32 possible, however, this offers little hope. See the “Task Manager” section later in this chapter for additional details on how to alter an application’s priority settings.
Process and Thread IDs The System Monitor utility reads counters based on their object name.This can cause problems when an object (such as an application or a service) is terminated and another object is launched with the same name.To identify when this problem occurs, add the Process or Thread ID counters.These values are unique between process launches. If the value changes during a monitoring session, you know the Performance utility is reading data from two (or more) different processes with the same name.
Zero Measurements and Logging The System Monitor utility displays readings of zero for several reasons, including the following: n n n n n
Negative differential values Disabled counters Invalid measurements Process or object terminations during measurement Measurement read errors
Other Windows XP Performance Tools
Resource Kit Performance Tools The Windows 2000 Server and Windows 2003 Server Resource Kits include a handful of performance tools for expanding your performance-monitoring capabilities. Most of these tools are for developers or for load-testing a system.You should read the complete documentation in the resource kit for instructions on installing and using these tools. This brief discussion is included to give you some insight into their existence and to help determine whether these tools can be of use to you. The resource kit performance tools are installed by default into a container called Performance Tools.Table 22.1 lists some of the most common utilities and their tasks. Several useful utilities on the Windows NT Server Resource Kit are no longer included with the later resource kits, so tools from both resource kits are listed in the table, with the ones from the Windows NT Resource Kit marked as “WNTRK.” Table 22.1 Utilities in the Performance Tools Folder Utility
Explanation
CLEARMEM CPUSTRES CTRLIST DRIVERS EMPTY EXCTRLST HEAPMON KILL LEAKYAPP NTIMER PERFMON4 PFMON PMON PROFILE
A command to force all pages out of memory (WNTRK) A tool to push processor usage to 100% A command line for listing all objects and counters on a system A command to list all loaded device drivers A command to purge the resource set of a process or task (WNTRK) A tool to display extensible performance counters’ DLLs A utility to display heap information (WNTRK) A command to terminate an active process (WNTRK) A tool that consumes memory like a leaky application A tool for measuring how long a program is running The Windows NT 4.0 Performance Monitor utility A tool to monitor page faults (WNTRK) A tool to display memory statistics (WNTRK) A tool to reveal the code segments most often run from an application (WNTRK) A tool to view process statistics (WNTRK) A tool to list all active processes A command to list the address space configuration of a process
PVIEWER TOTLPROC VADUMP
Other Windows XP Performance Tools In addition to the Performance utility, you should be aware of a few other performancerelated tools and settings in Windows XP.The following sections discuss these tuning utilities and interfaces.
503
504
Chapter 22
Tuning and Optimizing Windows XP
Task Manager Almost a mini-Performance utility,Task Manager provides a quick glance into a system’s health.You can access this tool by pressing Ctrl+Alt+Delete, or by right-clicking the taskbar and selecting Task Manager.There are the following five tabs: n
n
Applications. This tab lists all active applications, displays status (running/not responding), and enables application termination and new task launching. Processes. This tab lists all active processes and their activity metric details. In this tab, you can make process execution priority changes from or to Low, Normal, High, and Real Time.You can also make these changes by selecting View, Update Speed; this changes only the query interval of Task Manager, not the thread priority. (Note that only administrators can use Real Time.)
n
Performance. This tab displays CPU and memory usage graphs along with memory, page file, and Kernel usage statistics (see Figure 22.7).
n
Networking. This tab, displayed if you have a NIC installed, shows the state, link speed, and network utilization of each NIC.
n
Users. This tab, displayed only if Fast User Switching is turned on, is used to display information for the current client sessions.
Figure 22.7 You can view currently active applications and processes in the Task Manager applet.
Windows XP System Information The Windows XP System Information snap-in has several containers listing configuration specifics for many areas of Windows XP; refer to Chapter 2, “Common Windows XP Administrative Utilities,” for a full discussion of this tool.This interface offers an easy-to-locate storehouse of information about the operating system version, system
Third-Party Performance Monitoring Tools
hardware, video, drives, memory, services, system resources, environment, and the network.This tool is most often used to determine whether interrupt requests (IRQs) or I/O address space is available for new devices before they are installed.This utility can be used on remote machines and can print a detailed report about your system.This report is helpful when you want a cursory view of a system’s configuration. To access the System Information snap-in, perform the following steps: 1. 2. 3. 4.
Click Start, Help and Support. In the Help and Support window, click the Support button. Click the Advanced System Information link in the left pane. Click the View Detailed System Information (Msinfo32.exe) link in the right pane.
Virtual Memory Management You can access the virtual memory settings for Windows XP by clicking the Change button in the Performance Option section of the System applet.This interface controls the size and placement of the swap file.The swap file is placed by default on the same volume that hosts the main Windows root folder and is created as 1.5 times the amount of physical RAM.
Third-Party Performance Monitoring Tools Most of the third-party commercial utilities aimed at monitoring and tuning general and network performance have two common problems. First, they focus on Windows 2000/Server 2003 as a network host instead of Windows XP as a client or standalone system. Second, they are often very expensive.When it comes to commercial software, little is offered that the Performance utility does not already include.You might, however, want to explore the shareware and freeware utilities that sometimes offer capabilities that aren’t included with any commercial products. There is a wide variety of performance and monitoring software. Determining which product is best for you is often more difficult than locating products.When possible, take the time to read as much documentation about the product as possible. Next, download available demos and trial versions before making a decision and laying out the cash.You should also elicit advice from other users through public newsgroups, the Microsofthosted NNTP news server (http://msnews.microsoft.com), or one of several software distribution sites.The following Web sites should be included in your search for software of any type:
505
506
Chapter 22
n
n
n
Tuning and Optimizing Windows XP
Beverly Hills Software (BHS). This is a clearinghouse of Windows information and software. It is a great place to read peer reviews of software and technical recommendations from experts.You can find more information at http://www.bhs.com/. Windows & .NET Magazine. This solid technical magazine offers as much value online as it does on the newsstand. If you are looking for product reviews and information about new technology, this is your source.You can find more information at http://www.winnetmag.com/. MCP Magazine. This is another solid reference magazine to find resources for Windows professionals.You can find more information at http://www.mcpmag.com.
Performance tools are not just available as typical commercial products. Many shareware and freeware tools offer amazingly useful features and functions.You can find these tools by using your favorite shareware search engine (such as http://www.shareware.com). To give you a head start in locating some of the better options, however, take a look at the Systems Internals Web site, a Windows NT/2000 resource center maintained by Mark Russinovich and Bryce Cogswell, who designed and created all the software on this site. If you haven’t visited the Systems Internals Web site (http://www. sysinternals.com/), it’s about time you did.The descriptions in the following list are pulled from the Systems Internals Web site for accuracy. All copyrights are maintained by Systems Internals. Although you should visit this site on a regular basis, here are some of the utilities available: n
CacheSet. A program that enables you to control the Cache Manager’s working set size using functions provided by Windows XP. It’s compatible with all versions of Windows, and full source code is provided.
n
Contig. Wish you could quickly defragment your frequently used files? Use Contig to optimize individual files or to create new files that are contiguous.
n
CPUMon. Use this advanced tool to read the performance counters of Pentium processors. Not for the faint of heart, CPUMon is intended for those with a good familiarity of processor architecture.
n
Diskmon. This is a GUI/device driver program that watches all hard disk activity. Filemon. This Windows XP GUI/device driver program layers itself above all file systems on a system so that it can watch all file system activity.
n
n
Handle. This handy command-line utility shows you what files are open by which processes and much more.
Monitoring Tools
n
n n
n n
ListDLLs. Lists all currently loaded DLLs, including where they are loaded and their version numbers. NTFSDOS. Enables you to boot from DOS and read an NTFS disk. NTFSDOS Tools. This NTFSDOS add-on provides NTFSDOS with limited rename and file overwrite capability aimed at disaster recovery. PageDefrag. Defragment your page files and Registry hives. Pmon. This Windows XP GUI/device driver program watches process and thread creation and deletion as well as context swaps, if running on a multiprocessing or checked Kernel.
n
Regmon. This GUI/device driver combo uses a technique developed by Russinovich and Cogswell (Kernel-mode system call hooking) to watch all Registry-related activity.
n
Sync. Forces Windows XP to flush all modified file system data to disk, ensuring that it will be safe in the face of a crash.
n
Undelete. It works just like Recycle Bin but tracks files deleted from the command prompt or from inside programs in case you need to recover them.You can download a free trial version.
Monitoring Tools The Windows 2000 Server Resource Kit includes a handful of useful tools for monitoring network activity. The first tool is Browser Monitor (BROWMON), which gives you a GUI insight into the world of the browser service.With BROWMON, you can see the current status of master, backup, and potential browsers.To improve the performance of the browser service, try one of the following: n
Disable the primary domain controller (PDC) and backup domain controller (BDC) from being a master browser—that is, set MaintainServerList to No.
n
Disable all nonpermanent servers and clients from being a master browser—that is, set MaintainServerList to No.
n
Designate the least active permanent server as the master browser—that is, set MaintainServerList to Yes.
Another tool is the Domain Monitor (DOMMON), which displays the status of servers within a domain and in trust relationships with other domains.This is a great tool for determining whether a trust is active. Network Watcher (NETWATCH) is similar to Server Monitor. It displays a list of shared folders by computer and the users connected to those shares.
507
508
Chapter 22
Tuning and Optimizing Windows XP
The last tool worth mentioning in this area is Server Info (SRVINFO).This commandline tool reveals status information, such as active services, storage drives, up time, active protocols, and more.
Third-Party Network Monitoring Tools There is a large aftermarket for network monitoring tools. Here are some suggested ones: n
bserver from Network Instruments, LLC: http://www.
n
NetBoy by Sunbelt: http://www.sunbelt-software.com WildPackets from The AG Group, Inc.:
networkinstruments.com/
n
http://www.wildpackets.com/misc/startfromag.html n n
NTManage from Lanware, Inc.: http://www.lanware.net/ Sniffer Basic and Sniffer Pro from Network Associates: http://www.sniffer.com/
Generally, most network-monitoring tools for the Windows platform cost $1,000 or more. If you are familiar with Linux, there are quite a few freeware and shareware network-monitoring packages available. An example is IPTraf, a freeware monitoring tool available from http://cebu.mozcom.com/riker/iptraf/. IPTraf supports most of the common IP protocols.
For More Information To learn more about fine-tuning the performance of Windows XP, see Chapter 23, “Managing Applications,” and Appendix D, “Windows XP Performance Monitor Objects and Counters.” In addition, check out these resources: n
Microsoft KnowledgeBase: http://www.support.microsoft.com/.
n
Microsoft Windows XP Professional Resource Kit. Microsoft Press, 2001. ISBN: 0735614857.
n
TechNet technical subscription service from Microsoft: http://www.microsoft.com/technet/.
23 Managing Applications
W
INDOWS XP HOME EDITION AND Professional are built on a common foundation, unlike the Windows 9x and NT platforms that they replace.The convergence of the two older operating systems presents a problem because many of the programs designed to run on Windows 9x usually would not run on Windows NT, and vice versa.
Microsoft has addressed this issue by including several application compatibility features in Windows XP and making additional utilities available via download.With these measures, users can continue to run their favorite applications that were written for various Windows versions, and MS-DOS programs are still supported. This chapter briefly discusses how Windows XP handles different types of applications and provides tips on how to run your applications more efficiently.
Understanding Foreground Priority Windows XP provides a fast, reliable, multitasking environment that supports preemptive multitasking and running applications in separate address spaces. In preemptive multitasking, the operating system controls which application has access to the CPU and for how long.The OS is free to switch resources at any time to an application with a higher priority.This also allows the OS to revoke resources from a defective or poorly designed program that tries to hog resources. Windows XP supports multiple units of execution for a single process through multithreading. In a multithreaded environment, a process can be broken up into subtasks, called threads, which can run independently of the main process.This allows a program
510
Chapter 23
Managing Applications
to perform multiple tasks simultaneously instead of sequentially. For example, when you are using Microsoft Outlook, you can read messages or create a new message while downloading or sending messages. Multithreading means one process does not have to wait for another to finish. In a preemptive multitasking system, individual tasks cannot dictate how long they use system resources.That means some type of priority system is necessary to ensure that critical tasks get a larger share of the processor’s time.The priority system is part of the OS, but individual tasks can tell the OS what priority they need.This works well in theory, but there are always situations in which a system might get loaded with highpriority tasks that keep the low-priority tasks from getting any system resources. Windows XP uses a dynamic priority system that adjusts the priority of tasks to reflect constantly changing system conditions. For example, if a low-priority task is passed over in favor of a high-priority task,Windows XP increases the priority of the low-priority task until it gets some system resources. After a high-priority task runs for a while, Windows XP lowers that task’s priority.The dynamic priority system ensures that some tasks get more system resources than others and that every task gets at least some system resources. A foreground application is one that is made active by selecting it on the Windows XP desktop, thus bringing it to the foreground. All other applications running are then deemed background applications with respect to the foreground application. By default, Windows XP assigns more resources and a higher priority to a foreground application than to any background applications in the same priority class. Windows XP uses priority to allocate processor time in small chunks to applications. This is called time slicing.Windows XP allocates multiple short, variable-length time slices to foreground applications and longer, fixed-length, but less frequent time slices to background applications or services. To change the default behavior, open the System applet in Control Panel. In the Advanced tab, click the Settings button in the Performance section, and then select the Advanced tab in the Performance Options dialog box to find options for optimizing your system’s responsiveness (see Figure 23.1).Two choices are available: Programs and Background Services.The default is Programs, in which the foreground sessions receive more resources than the background sessions.This option, which results in a more responsive system, is recommended for systems that use interactive applications.The Background Services option assigns more resources to applications running in background sessions, such as backup programs or database queries.
Managing Application Priority
Figure 23.1 You can modify Windows XP performance settings in the Advanced tab of the Performance Options dialog box.
Managing Application Priority As explained in the previous section,Windows XP can distribute processing time by prioritizing applications. Priority levels are assigned numbers from 0 to 31; applications and non-critical OS functions are assigned levels of 0 to 15. Real-time applications, such as the Kernel, that cannot be written to the page file are assigned levels of 16 to 31.The normal base priority is level 8. The 32 priority levels that Windows XP supports are divided into two classes: a real-time class and a dynamic-priority class. Real-time classes use priority levels from 16 to 31 and generally are time-critical processes. Only the Windows XP Kernel can use these priority levels.The levels 0 to 15 that applications use are called dynamic-priority classes.The system can dynamically alter the priority by as many as two levels while it is waiting for user interaction.The interactive processes always run at a higher priority—usually 10 to 15—whereas computer processes generally run at a much lower priority level, such as 1 to 5. The priority level is very important. If a low-priority thread is running when a higherpriority thread starts to run, the low-priority thread is halted so that the higher-priority thread can run.The priority of a process increases when it returns from a voluntary wait condition. All processes automatically receive a priority boost at regular intervals to prevent lower-priority processes from having to wait too long for execution.
511
512
Chapter 23
Managing Applications
You can manually change the priorities of running processes in the Task Manager applet (see Figure 23.2).To start Task Manager, follow these steps:
Figure 23.2 You can change priority levels through the Task Manager applet.
1. Start Task Manager (right-click anywhere on the taskbar and select Task Manager). Alternatively, you can just press Ctrl+Alt+Delete. 2. Click the Processes tab. 3. Right-click the required process and choose Set Priority from the shortcut menu. 4. Select a different priority in the list that appears. Task Manager does not allow you to set a process to a specific number; it only allows you to set base priorities.The priorities are as follows: n n n n n n
Realtime = priority 24 High = priority 13 AboveNormal = priority 9 Normal = priority 8 BelowNormal = priority 7 Low = priority 4
Using Task Manager to tune an application in this manner is a temporary fix because after you reboot your system or stop and start the application, you lose the priority properties.
Using the Run and Run As Commands
Note To use the Realtime option, you have to be logged on as a user with Administrator rights.
Normally, there should be no need to change the priority of processes. However, suppose you have a database query process that cannot complete because the process is not getting enough CPU time. In this case, you can temporarily change the priority of the process to High to enable the task to complete successfully. Be warned that if you run applications at high priority, it might slow overall performance because other applications get less I/O time. Also, changing an application’s base priority to Realtime makes its priority higher than the process that monitors and responds to keyboard input. If the process you set to Realtime finishes successfully, this is acceptable. However, if it requires any input for processing or recovery, your only option is to reboot the system. To get a better idea of the current priority settings of running processes, configure Task Manager to display priorities. (This is not the default.) In the Task Manager Processes tab, choose View, Select Columns from the menu, click the Base Priority check box in the Select Columns window, and click OK (see Figure 23.3).
Figure 23.3 The Task Manager applet, showing the Base Priority column.
Using the Run and Run As Commands Although Windows XP is designed with a graphical user interface, at times working from the command line is faster and easier. Fortunately, Microsoft has added a couple of features to make access to the command line quick and easy for both the common user and the administrator.
513
514
Chapter 23
Managing Applications
The Run command, accessible from the Start menu, enables you to browse for and quickly access folders, network shares, and documents and to run programs with a variety of custom command-line switches. A feature that was first introduced in Windows 2000 is the Run As command.This command allows you to log on to Windows XP with your user credentials and run programs with different permissions than the currently logged-on user.
Using the Run Command to the Max When you open the Run dialog box (see Figure 23.4), you can enter a command, a network location, a document, or an Internet location.Windows XP opens the location or the document using the associated program. If you don’t know the name or location of the file you are looking for, you can click Browse to locate it.You can also click the Open drop-down list to recall previous entries.
Figure 23.4 You can launch a number of programs from the Run dialog box.
The Start command gives you more flexibility in how programs are run.The Run command can use the Start command to do a variety of different things. (See Table 23.1.) The syntax of the Start command is as follows: START [“title”] [/Dpath] [/I] [/Min][/MAX] [/SEPARATE|/SHARED] [/LOW | /NORMAL | /HIGH | /REALTIME | /ABOVENORMAL | /BELOWNORMAL] [/WAIT] [/B] [command/program][parameters]
Table 23.1 Start Command Options Switch
Description
title
The title displayed in the window title bar. The program directory. The new environment passed to the Cmd.exe command processor. Starts the window minimized. Starts the window maximized. Starts the program in a separate memory space.
Dpath I Min MAX SEPARATE
Using the Run and Run As Commands
Table 23.1 Continued Switch
Description
SHARED
Starts the program in a shared memory space. Starts the process with a priority value of 4. Starts the process with a priority value of 8. Starts the process with a priority value of 13. Starts the process with a priority value of 24. Starts the process with a priority value of 9. Starts the process with a priority value of 7. Starts the process and waits for it to terminate. Starts the process, but doesn’t create a window.The process also ignores Ctrl+C signals. Ctrl+Break is the only way to terminate a process started in this manner. The name of the program to run. List of the parameters that the program needs.
LOW NORMAL HIGH REALTIME ABOVENORMAL BELOWNORMAL WAIT B
command/program parameters
For the Start command to work properly, all the command-line switches, application switches, and filenames must be in the correct order. If you change this order, the application usually starts, but it reports some type of error in opening your file. Sometimes it even insists that it cannot find the program. The Start command offers a lot of control for running programs.You can start it minimized or maximized by using the appropriate switches.When running a Windows 3.x application, you have the option of starting a separate NT Virtual DOS Machine (NTVDM) in which to run the program or running it in a shared NTVDM.You can also use the Start command to change the priority of a program as it starts. If you use the Start command in a batch file to start your application, it ensures that the application always starts at a higher priority level with the appropriate settings. When you use the Run command on the Start menu to start an MS-DOS application, Windows XP searches for a Program Information File (PIF) to use with the application. If it finds one,Windows XP starts the application using the PIF. If no PIF is available, Windows XP uses _Default.pif. PIFs are discussed later in this chapter in the section “Program Information File (PIF).” Use the Run command to access network shares, or type in the appropriate path or share name.The Run command can browse folders for files or shares. Caution Never start processor-bound applications at Realtime priority. It can lock up your system.
515
516
Chapter 23
Managing Applications
Using the Run As Command Administrative users in a network environment have been told for years to always have two separate accounts: a standard domain user account with limited rights and permissions, and an administrative account for managing the network. Administrative users should always use their domain user account for normal tasks, such as creating documents and reading e-mail.They should log on to the network with their administrative account only when performing administrative tasks. However, in reality, most administrators never followed this practice, as they were always being interrupted while reading their e-mail to reset a user password or change the permissions on a share. Having to log off and then back on just to perform a 30-second task got annoying after a while, so even though they knew better, a lot of administrators were always logged on with their administrative accounts. This practice exposed them to several risks, such as inadvertently deleting shared resources or allowing a virus to run in the administrative context, when opening an infected e-mail or accessing an infected Web site. Additionally, there was also the security risk of having an Administrator session open to prying eyes when the user went to lunch or to grab a cup of coffee. Unfortunately, this type of problem is not limited to network users. Previous Windows versions allowed any user virtually unlimited access to the machine, thereby opening it up to attacks from viruses or Trojan horse programs. Microsoft has included the Run As command in Windows XP Professional and Home Edition.This command enables you to log on to your computer as a normal user, and when you need to perform an administrative task, just enter the program to run and the appropriate credentials. (See Table 23.2.) The syntax of the Run As command is as follows: RUNAS [ [/noprofile | /profile] [/env] [/netonly] ] RUNAS [ [/noprofile | /profile] [/env] [/netonly] ] program
/user:<UserName> program /smartcard [/user:<UserName>]
Table 23.2 Run As Command Options Switch
Description
/noprofile
Doesn’t load the user profile. Allows the application to start more quickly. Loads the user profile (the default setting). Cannot be used with /netonly. Passes the current environment to the Cmd.exe command processor. Use if the credentials for accessing a network resource are different from those used to start the program. Cannot be used with /profile.
/profile /env /netonly
Environment Subsystems
Table 23.2 Continued Switch
Description
/smartcard
Used when user credentials are supplied from a SmartCard. The user ID used to start the program.You can use the format user@domain or domain\user. The program to run.
/user:username program
For example, if you are logged on as a regular user but need to perform an administrative task (such as reset a password), you would start the Users and Computers Microsoft Management Console (MMC) using this command: RUNAS /profile /env /user:mydomain\admin “mmc %windir%\system32\dsa.msc”
For best results, always log on as a member of the Users or Domain Users group (Windows XP Professional) or as a member of the Limited Users group (Windows XP Home Edition). Use an administrative account only when you need to install programs or perform other administrative tasks.
Environment Subsystems One of the principal features of Windows XP is its capability to run applications written for other operating systems by means of its built-in environment subsystems.The environment subsystems can run applications written for several operating systems by emulating those operating systems.Windows XP accomplishes this by translating the application’s native instructions into instructions that the Windows XP Executive can understand. Windows XP ships with the following environment subsystems: n n n
Win32 VDM Win16 (also called Windows-on-Windows, or WOW)
Note Beginning with Windows XP, Microsoft has discontinued support for POSIX and OS/2 applications. POSIX support has been replaced by Interix, which is a superset of POSIX. Interix is included with the Services for Unix add-on.
Win32 The primary application environment for Windows XP is Win32, which supports 32-bit Windows applications. In this environment, each Win32 application runs in its own 2GB virtual address space.This provides protection from other applications so that a bad
517
518
Chapter 23
Managing Applications
application does not affect other applications.The Win32 environment is not only responsible for handling Win32 applications; it is also the host, or interface, that manages the keyboard, mouse, and display for the entire system. All other environments, including MS-DOS and Win16, send their OS tasks and messages through Win32 for processing by the Kernel (see Figure 23.5).The other two environments,VDM and Win16 (WOW), are discussed in the following sections. DOS NTVDM Win16 NTVDM Win32 App Win32 App
User Mode
Win32 Subsystem
Kernel Mode
Windows XP Kernel
Figure 23.5 How the Win32 subsystem fits into the Windows XP architecture.
VDMs Windows XP provides support for MS-DOS applications in an environment called an NT Virtual DOS Machine (NTVDM), a Win32 application that looks like MS-DOS. Because it is a Win32 application, NTVDM can be preemptively multitasked just like any other Win32 application. NTVDM provides a simulated MS-DOS environment for MS-DOS applications. Each MS-DOS program has its own VDM, which is necessary because MS-DOS programs expect to have full and exclusive use of all system resources. NTVDM acts as a wrapper around MS-DOS applications and simulates PC hardware by providing virtual device drivers (VxDs). Because Windows XP does not allow programs to access hardware directly, the VxDs intercept hardware calls from the MS-DOS applications and pass the equivalent 32-bit instruction to the Windows XP device drivers. The VxDs allow most, but not all, MS-DOS applications to run on Windows XP.The exceptions are applications that directly communicate with hardware (such as scanners or fax cards), applications that directly communicate with disk drivers (such as diskmaintenance software), and applications that use their own sound or graphics device drivers to communicate with the hardware.
Environment Subsystems
The NTVDM can be configured to set the default window size, fonts, buffers, and other options (see Figure 23.6).To configure the NTVDM, follow these steps: 1. Click Start, All Programs, Accessories. 2. Right-click Command Prompt. 3. Choose Properties from the shortcut menu.
Figure 23.6 You configure the NTVDM in the Command Prompt Properties dialog box.
The Windows XP NTVDM also supports configuration via command files. By default, Config.nt and Autoexec.nt files are stored in the %systemroot%\SYSTEM32 folder. These files are configured similarly to the corresponding files in MS-DOS.You can use them to load device drivers, run startup commands, or perform any task needed to preconfigure your DOS sessions. Note Any configuration changes made to the Config.nt or Autoexec.nt files in the Command Prompt Properties dialog box apply to all NTVDM sessions. To customize individual sessions, see the upcoming section on PIFs.
Windows XP supports the following MS-DOS Config.sys commands from inside an NTVDM: n
DEVICE
n
EMM
n
FCBS
n
FILES
519
520
Chapter 23
Managing Applications
n
INSTALL
n
LOADHIGH
n
SHELL
n
STACKS
Windows XP supports the following MS-DOS commands from inside an NTVDM: n
CALL
n
ECHO
n
ENDLOCAL
n
FOR
n
GOTO
n
IF
n
PAUSE
n
REM
n
SETLOCAL
n
SHIFT
As you can see, the NTVDM supports a reasonable number of the MS-DOS commands you need to configure your sessions. Any unsupported commands included in the configurations are ignored. Program Information File (PIF) To configure individual MS-DOS applications to run more efficiently (or to run at all), you configure the VDM settings by using the application’s Program Information File (PIF). PIF files are a holdover from Windows 3.x, where they were used to adjust the configuration of the DOS window in which the program ran.This was done so that the DOS program could have settings for memory, path, environment, and so forth created just for that session. The PIF editor for creating these files in older versions of Windows is no longer used.To create and modify PIF files in Windows XP, right-click the application filename in Windows Explorer or My Computer, and choose Properties. Change the Usage properties in the Screen tab to specify whether an MS-DOS program starts in a full screen or in a window (see Figure 23.7). (Note that some MS-DOS programs cannot run in a window.) Windows XP also supports terminate-and-stay-resident (TSR) programs running in an MS-DOS session.You can create a custom batch file that starts the TSR without adding the memory-resident program to the Autoexec.nt or Config.nt files. If the memoryresident program is added to one of the configuration files, additional copies of the program start every time you open the command-prompt window.
Environment Subsystems
Figure 23.7 The Screen tab, showing configuration information for a PIF file.
Windows XP PIFs are similar to the PIF used with Windows 3.x, except that the Windows XP PIF enables you to specify a custom Autoexec or Config file so that you can add parameters or device drivers that apply only to a particular program.To change these initialization files (see Figure 23.8), click the Advanced button in the Program tab of the Properties dialog box. In the Windows PIF Settings dialog box, you can add a custom Config or Autoexec file for your application. Note that you can create custom files with Notepad or WordPad.
Figure 23.8 Changing the default Autoexec and Config files.
Selecting the Compatible Timer Hardware Emulation check box reduces the rate at which the computer’s timer sends timer signals.This is used mostly for games because many games use timing loops instead of interrupts to control timing. Unfortunately, running an application when this option is selected can hurt performance because Windows XP must spend additional time processing the application’s needs.
521
522
Chapter 23
Managing Applications
The PIF file has a number of memory configuration options, available in the Memory tab of the Properties dialog box.You can configure your MS-DOS application to use initial environment, conventional memory, expanded (EMS) memory, extended (XMS) memory with or without High Memory Area (HMA), and MS-DOS protected-mode (DPMI) memory (see Figure 23.9). Following are descriptions of these options:
Figure 23.9 Changing the default MS-DOS PIF memory configuration. n
n
n
Conventional Memory. Usually, setting this option to Auto is fine. Selecting the Protected check box, on the other hand, allows some applications to run, but prevents Windows XP from moving applications around in memory. Some applications that access memory directly need this kind of protection.The downside of selecting the Protected option is that a fixed session in memory always increases memory fragmentation and the chance that you will artificially run out of memory. Initial Environment. This option specifies the number of bytes of memory reserved for the command interpreter and is equivalent to the /p switch in MSDOS. If this configuration is set to Auto, the initial size of the environment is determined by the SHELL= line in your Config.nt file. Expanded (EMS) Memory. This option specifies the maximum amount of expanded memory (in kilobytes) to be allocated to the program. Usually, setting it to Auto is fine.
Environment Subsystems
n
n
Extended (XMS) Memory. This option specifies the maximum amount of extended memory (in kilobytes) to allocate to the program. Usually, setting it to Auto is fine. Some programs (DOS) must be loaded into high memory. (The range is FFFF:0010–FFFF:FFFF.) By selecting the Uses HMA check box, you tell the program to run in that memory space (if possible). It is similar to the DOS=HIGH command in Config.sys. MS-DOS Protected-Mode (DPMI) Memory. This option specifies the maximum amount of MS-DOS protected-mode (DPMI) memory (in kilobytes) to allocate to the program. Usually, setting it to Auto is fine.
If no PIF file is set up for an application,Windows XP always uses the settings in the Default.pif file. In most cases, this is fine. However, if you create an application-specific PIF file, setting any memory entries you do not need to None conserves system memory, thus allowing Windows XP to provide better services to the rest of the applications on your machine. Tip If you set Expanded (EMS), Extended (XMS), or DPMI memory to Auto, no limit is imposed. If your program has difficulty coping with no limit, set the value to 8192 (the maximum value).
Two settings in the Screen tab (in the Performance section) control display performance. Selecting the Fast ROM Emulation check box usually causes applications to write to the screen faster. Disable this setting if you experience problems with the application writing text to the screen. Selecting the Dynamic Memory Allocation check box maximizes the amount of memory available to other applications when you are running an application that switches between text and graphic modes.When the application switches to text mode, which generally requires less memory, more memory becomes available to other applications. Both settings are enabled by default. The Misc tab contains the settings that do not fit anywhere else, including options for shortcut keys, the mouse, and screensavers (see Figure 23.10).The two most important settings are Background and Idle Sensitivity.The Background option, the default, prevents the application from using any system resources when it is not in the foreground. This option should not be used with any time-sensitive applications, such as a communications program. Note In full-screen mode, most applications can run with native performance because they do not have to be virtualized to run within a window.
523
524
Chapter 23
Managing Applications
Figure 23.10 The Misc tab for an MS-DOS application’s PIF file.
Many MS-DOS applications use keyboard loops.The application runs in a loop while waiting for keyboard input. Looping requires system resources, but was not a problem in the MS-DOS environment with only one application running. However, it can be an extreme drain on system resources in a multitasking environment.The Idle Sensitivity setting determines how long the application can remain idle before Windows XP reduces the CPU resources allotted to the application. Setting the Idle Sensitivity slider to Low lets the application run longer before the CPU resources allotted to it are reduced. The default of Medium is fine in most cases, but sometimes Windows does not give an application sufficient resources to complete a task when the default setting is used.This is especially true with communications applications. If this happens, lowering the Idle Sensitivity setting causes the application to run better. The Warn If Still Active check box in the Termination section displays a message if you try to close the MS-DOS application window or perform a system shutdown without first ending the program.This check box should remain selected for any program that can potentially lose data if not ended properly.
Environment Subsystems
Note Many machines have the option to shadow the system or other BIOS to memory. Shadowing is the process of copying the BIOS from slow ROM into fast RAM and remapping the address space. Although BIO shadowing produces a noticeable speed increase with MS-DOS, it is not necessary with Windows XP. Windows XP uses the BIOS only during startup. Therefore, turning off BIOS shadowing with Windows XP is advisable because it results in slightly more memory being available to the operating system.
After you configure all the settings for your MS-DOS program, click OK to save.The PIF file then appears as a shortcut in the folder with your MS-DOS program.To start your program with the configured properties, double-click the shortcut.
Win16 (WOW) A Win32 application, referred to as Win16 on Win32 or Windows-on-Windows (WOW), provides support for Windows 3.x applications. Like MS-DOS applications, Windows 3.x applications are supported by Windows XP in the NTVDM environment. Because the NTVDM is a Win32 application, it is preemptively multitasked just as with any other Win32 application.The Windows emulator,Wowexec.exe, runs in an NTVDM and simulates the Windows 3.x environment. All Windows 3.x applications run in this environment by default, and Windows 3.x applications are cooperatively multitasked within this environment and share the same address space. Running all Windows 3.x applications in the same VDM provides maximum compatibility with the native Windows 3.x environment. Unfortunately, as with Windows 3.x, if an application fails or behaves improperly, it can affect all the other applications running in the same NTVDM.The WOW VDM has the same weaknesses as Windows 3.x: It allows Windows 3.x applications to access memory that belongs to other Windows 3.x applications or to WOW, with potentially disastrous effects. It also makes it possible for a single Windows 3.x application that does not yield control of the processor to effectively crash all other Windows 3.x applications. A crashed Windows 3.x application does not affect the other VDMs, nor does it affect applications running under other subsystems. Fortunately,Windows XP provides a way for you to run a Windows 3.x application in its own WOW session, allowing Windows XP to run the application as a separate process without affecting other Windows 3.x applications.To run a Windows 3.x application in its own WOW session, perform the following steps: 1. 2. 3. 4.
Create a desktop shortcut to the Windows 3.x application. Right-click the shortcut icon, and choose Properties from the shortcut menu. In the Shortcut tab, select the Run In Separate Memory Space check box. Click OK.
525
526
Chapter 23
Managing Applications
Caution In Windows XP, a Windows 3.x application that fails could crash the WOW session and not permit any Windows 3.x applications to run until the entire Windows XP system is shut down and restarted.
You can also use the Run command to run a Windows 3.x application in its own WOW session. (Refer to the section “Using the Run Command to the Max” earlier in this chapter.) Running Windows 3.x applications in their own VDMs keeps faulty applications from affecting other Windows 3.x applications, allowing the Windows 3.x applications to be preemptively multitasked. Each application is treated as a separate Win32 application. On a multiprocessor machine, this enables multiple Windows 3.x applications to run on separate processors.This is not possible when they are running in a shared session because that session is confined to one processor.The disadvantage is the additional overhead from starting an additional NTVDM: a minimum of approximately 2MB of page file space and 1MB of system memory per session. The Windows XP default is for all Windows 3.x applications to share the same address space and run in one WOW session.You can change this default behavior so that each Windows 3.x application runs in a separate address space.To do this, change the Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WOW\ DefaultSeparateVDM to Yes. Because the MS-DOS and WOW VDMs are essentially just Win32 applications running in their own address space,Windows XP allows MS-DOS and Windows 3.x applications to be isolated from other Win32 applications.This isolation provides a high degree of reliability, ensuring that an errant MS-DOS or Windows 3.x application has no effect on other Win32 applications. Note Windows XP does not support Windows 3.x virtual device drivers (VxDs) running in a VDM. Therefore, any applications that require VxDs, such as some multimedia applications, do not run under Windows XP.
Making the Most of Virtual Memory The Windows XP design utilizes a 32-bit flat memory model that allows it to address up to 4GB of memory. Memory in the top 2GB is available only to the operating system, whereas the operating system and applications must share memory in the bottom 2GB.
Making the Most of Virtual Memory
The Virtual Memory Manager To keep track of this relatively large address space,Windows XP uses a component called the Virtual Memory Manager (VMM).The VMM supplies applications with a virtual address instead of a physical memory address.When an application attempts to access memory, the VMM translates the virtual address into the physical address where the associated code or data actually resides in physical memory. Because the VMM performs the translation of virtual addresses to physical addresses, applications do not need to know where their code and data reside or how much memory is available.The VMM can move code and data in physical memory whenever and wherever necessary and can store the code and data outside of physical memory. Paging is used to increase the amount of memory available to applications.The Windows XP VMM performs paging to make it seem to applications that the computer has more physical memory than is installed.The amount of virtual memory available on a computer is equal to its physical memory plus whatever hard disk space is configured for the VMM to use as paging files. Most machines are not equipped with the capability to use a full 4GB of physical memory. A concept that has been used for years in the mainframe world, where memory is far more expensive, is called demand paging. Demand paging is a process by which the VMM moves data from fixed-length 4KB units (pages) in physical memory to a temporary file on the hard disk.When code and data are not needed for processing, they are saved to the hard disk, freeing physical memory for other code and data to use.When an application needs the data, the data moves back into physical memory.The algorithm that Windows XP uses for paging is optimized to perform per-process paging as opposed to system-wide paging. Pages are stored in files called page files and can be copied between page files and physical memory efficiently because all pages are the same size. Any available space in physical memory or the page file can accommodate a page transferred from either. The most efficient way to use virtual memory is not to use any at all. Accessing the hard drive is always a lot slower than reading directly from physical memory. Unlike Windows 3.x, in which you could turn off paging if you had enough system memory, Microsoft designed Windows XP to use paging for virtual memory independently of how much physical memory is available.To help optimize your system’s use of virtual memory, add more physical memory. Adding memory reduces the amount of paging, but does not eliminate it completely. Because Windows XP uses the page file regardless of the amount of available memory, optimizing the use of the page file is essential.
Optimizing the Page File The best way to optimize the use of the page file is by monitoring your system’s memory requirements and properly configuring the paging file for maximum paging performance.The most important factors to consider are page file location, disk access speed, and size.
527
528
Chapter 23
Managing Applications
Page File Location When Windows XP is installed, it creates the hidden file Pagefile.sys, using contiguous disk space in the boot partition’s root directory. Unfortunately, this creates problems because Windows XP generally performs simultaneous disk I/O on the system directory and the page file.We recommend moving the page file to a different physical hard disk so that Windows XP can handle multiple I/O requests more efficiently. Putting the page file on the fastest disk is also a good idea. If your system has only one hard disk, consider adding a second one.Windows XP supports as many as 16 page files that it can distribute across multiple drives. Configuring the system to have multiple page files allows it to make multiple simultaneous I/O requests to the hard disks, which increases the speed of I/O requests to the page file. However, using multiple page files spread across multiple partitions on the same drive reduces system performance because the hard disk must move constantly between partitions when handling paging requests.This method should be used only when you have just one physical disk and do not have a partition large enough to store an entire page file. If possible, locate the page file on its own separate hard drive or partition to prevent the file from becoming fragmented. To add multiple page files, follow these steps: 1. 2. 3. 4.
Open the System applet in Control Panel. Select the Advanced tab. Click the Settings button in the Performance section. In the Performance Options dialog box, select the Advanced tab (refer to Figure 23.1). 5. Click the Change button to open the Virtual Memory Configuration dialog box. 6. 7. 8. 9. 10.
Set the initial size and the maximum size for a drive. Click the Set button to store the new values. Repeat steps 6 and 7 on the next drive. Click OK twice to exit. Reboot the machine.
In earlier versions of Windows, removing the page file from the boot partition prevented Windows from creating the crash dump file Memory.dmp if a Kernel mode STOP error occurred. On a critical system, this was a problem if the STOP required a debug.The workaround was to create one page file on the boot partition, using the default settings, and create the main page file on a less frequently used partition.The paging algorithm in Windows would use the page file on the less frequently used partition before it used the page file on the heavily used boot partition.
Making the Most of Virtual Memory
This limitation has been modified, but not improved.There are now three types of dumps available, so you have options for configuring your system: n
n
n
Complete Memory Dump. This dumps the entire contents of system memory to disk.The limitation is that you must have a page file available on the boot volume with space equal to the size of physical memory plus 1MB. Kernel Memory Dump. This saves only the contents of the Kernel memory, which is approximately one third the size of the physical memory installed in the machine.You must have a page file on the boot volume that is one third the size of the physical memory installed in the machine. Small Memory Dump. This option saves the smallest possible subset of useful information. It is usually around 64KB.This option requires that you have a page file of at least 2MB on the boot volume.
In most situations, you can disable the crash dump or use one of the smaller dump options without any problems.To change the crash dump options, follow these steps: 1. 2. 3. 4.
Open the System applet in Control Panel. Select the Advanced tab. Click the Startup and Recovery Settings button. Click the Write Debugging Information check box, and select the path for the dump (see Figure 23.11). 5. Click OK to exit. 6. Reboot the machine.
Figure 23.11 You configure how Windows XP writes debugging information in the Startup and Recovery dialog box.
529
530
Chapter 23
Managing Applications
You can also configure this information via the Registry.The Registry keys for the crash dump reside at HKLM\SYSTEM\CurrentControlSet\Control\CrashControl\ CrashDumpEnabled. Following are the options for these keys: n n n n
No Dump = 0 Small Dump = 3 Kernel Dump = 2 Complete Dump = 1
You can make a .reg file or a script to remotely enable or disable a crash dump, if you want. Disk Access Speed Hard disk type makes a big difference in access speed. Generally, SCSI drives are faster than IDE or EIDE, and a single host or bus-mastering SCSI controller can simultaneously access multiple hard drives.Two drives on the same IDE or EIDE controllers are accessed sequentially. If you are limited to IDE or EIDE, it is best to have your boot partition on a hard drive that is connected to a different controller from the hard drive on which the page file is located. Always make sure you put the page file on the fastest, least used hard drive. Page File Size The size of the page file is critical; proper sizing gives you the best system performance. The Windows XP default for the initial size is the amount of physical RAM times 1.5 (example: 1GB installed × 1.5 = 1.5GB page file). Unlike Windows NT/2000, the default is usually adequate, except in large memory machines. Just remember not to configure an initial page file that is too small.When the system needs to enlarge the file because of increased paging activity, it must create new space for the page file while handling paging requests, which increases system overhead. Expanding the page file on-thefly also causes fragmentation.The system can scatter the page file throughout the disk instead of maintaining it in contiguous space.This fragmentation increases system overhead and severely degrades performance. Setting the page file to a fixed size can increase performance. For best results, run a hard drive DEFRAG utility before setting the page file size to ensure that your new page file is created in contiguous disk space.To change the size of the page file, follow these steps: 1. 2. 3. 4.
Open the System applet in Control Panel. Select the Advanced tab. Click the Settings button in the Performance section. In the Performance Options dialog box, select the Advanced tab.
Making the Most of Virtual Memory
5. Click the Change button to open the Virtual Memory dialog box. 6. Set the page file’s initial size and maximum size to the same value (see Figure 23.12). 7. Click the Set button to store the new values. 8. Click OK three times to exit. 9. Reboot the machine.
Figure 23.12 You configure page file size via the Virtual Memory dialog box.
Note The page file performs better on a FAT drive than on an NTFS drive. This works especially well if you dedicate a drive to paging.
If you set the minimum and maximum size to the same value, you will experience less disk fragmentation and get a slight speed boost. Matching these sizes reduces the file fragmentation that occurs to a dynamically resizable page file as the system grows and shrinks the file. It also eliminates the processing overhead required to manipulate the file size.The page file size needs to be large enough to easily accommodate the maximum virtual memory usage on your system. Because hard drive prices have fallen so much in the past year or so, tuning the page file is going to quickly become a lost art. A quick and dirty trick is to set the minimum and maximum size to two times the installed memory. However, if you have an older
531
532
Chapter 23
Managing Applications
machine with a limited amount of hard drive space, it’s still possible to tune the page file size. There are several ways to discover the best size for the page file. First, start all the applications that you usually run, and then start Task Manager by pressing Ctrl+Alt+Delete and selecting the Performance tab (see Figure 23.13).
Figure 23.13 Task Manager, showing memory usage.
The Commit Charge section indicates whether the Peak setting, which is the highest amount of virtual memory allocated so far, approaches or exceeds the Limit setting.The commit limit is equal to physical memory plus initial page file size and represents the amount of virtual memory available without expanding the page file.You should set the size of your page file to the value of Peak ÷ 2 + 15%–20%.This results in a reasonable approximation of page file usage. However, for the most accurate view, you should use Performance Monitor. Using Performance Monitor gives you several options for monitoring page file usage. Use it just as you used Task Manager—by starting all typical programs to get a typical page file size.You get the most accurate page file size figure by using Performance Monitor to track page file usage over a period of time and saving it to a log file.The log file enables you to closely examine your page file usage over an extended period and see how daily tasks affect the size. Whichever method you decide to use, the two counters you want to watch are % Usage and Usage Peak (Bytes) under the Paging File object type. If you have multiple page files, each file’s counter pathname appears as an instance of the Paging File object type. You can add a counter for each page file or select the total instance to look at combined usage data for all your page files.To determine your optimal page file size, multiply the initial file size by the Usage Peak (Bytes) value. Adding 10% to 15% to this value for insurance is best.
Using Compatibility Mode
Another way to improve paging performance is by not paging operating system code. Windows XP pages portions of itself to disk during system operation. By default, it does this even on systems with a large amount of free physical memory.You can also disable OS paging to improve performance.To turn off OS paging, change the value of the Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ Session Manager\Memory Management\DisablePagingExecutive.This forces all drivers and the Windows XP Kernel to remain in memory at all times. If you make this change, be sure your system has plenty of available memory after you load the system and user applications, or performance will suffer. On systems with plenty of physical memory, this change reduces paging and improves performance.
Using Compatibility Mode With the release of Windows XP, most software publishers have released new versions of their applications, complete with new features to take advantage of the increased capability and stability of XP. For applications that haven’t been upgraded yet, there probably won’t be many problems—if the applications were initially designed for Windows NT or 2000. However, with Windows XP Home Edition and Professional, Microsoft has finally done what it has been promising for years: host both consumer and business versions of Windows on the same code base. On the surface, this seems like a no-brainer; however, Windows XP is more closely linked to the Windows NT/2000 code than to the consumer-oriented Windows 9x/Me family code. That means there could be problems running a lot of the applications originally developed for the less restrictive Windows 9x/Me environment, now that they have to obey the strict coding rules carried over from the NT/2000 environment. Fortunately, Microsoft has included a compatibility mode in Windows XP that tailors the environment for these older applications to fool them into thinking they are running on the OS for which they were originally designed. Although you have seen how to configure MS-DOS and Win16 applications to run on Windows XP, a more serious issue is the more recent Windows 9x applications that users upgrading from that platform will need to run. Many of those applications were created to run on a specific version of Windows.Typically, they perform a version check, and when they see that they are not running on the OS they expect, they terminate. The application compatibility features built into Windows XP fool these programs into thinking that they are running on the required version of Windows.Windows XP provides an environment similar to what they need to run, while translating the output to be compatible with Windows XP display themes. Microsoft has tested a large number of legacy applications and created a database of the information needed to run many of these applications in Windows XP.This database is stored in %systemroot%\AppPatch. Microsoft is constantly updating this database, and you can download additional entries via Windows Update.
533
534
Chapter 23
Managing Applications
Using the Program Compatibility Wizard Microsoft has provided the Program Compatibility Wizard (see Figure 23.14) to assist you in making some of the more obscure programs run.
Figure 23.14 The Program Compatibility Wizard, showing program options.
To use the wizard, perform the following steps: 1. Click Start, All Programs, Accessories, Program Compatibility Wizard. 2. Click Next in the opening window. 3. In the next window, you are presented with three choices: I Want to Choose from a List of Programs. This option searches your computer for programs that you have installed. n
n
I Want to Use the Program in the CD-ROM Drive. This option enables you to run a setup program in compatibility mode, which is useful for programs that refuse to install on Windows XP.
I Want to Locate the Program Manually. With this option, you can browse to the program. If the program is on a network drive, the compatibility settings cannot be permanently applied.You need to create a shortcut to the program on your computer, and then run the wizard from the shortcut. 4. Select a choice appropriate to your needs, and then select your program. 5. You are then prompted to select a compatibility mode for your program (see Figure 23.15).You can select the version of Windows that the program was designed for, or select the most recent version of Windows that the program has run on. Select the most recent version, if possible, as fewer compatibility fixes will be applied, thereby improving performance. n
Using Compatibility Mode
Figure 23.15 The Program Compatibility Wizard, showing compatibility modes.
6. Next, you are prompted to select changes to display settings (see Figure 23.16). Most application programs do not require any changes. However, some games might require display tweaking. 7. Click Next.The wizard shows the settings you selected and runs the program. If the program ran correctly, you can save your settings. If not, you can go back and try other settings.
Figure 23.16 The Program Compatibility Wizard, showing display settings.
535
536
Chapter 23
Managing Applications
Configuring Program Compatibility Manually You can also configure compatibility settings manually by following these steps: Note The Compatibility tab will be grayed out if the file you are working with is not installed on your computer.
1. In My Computer or Windows Explorer, locate the program executable file, rightclick it, and choose Properties. 2. In the Properties dialog box, select the Compatibility tab.The entries in the Compatibility tab are the same as those you worked with using the wizard. 3. Select the options you want, and then click OK to save. 4. Test-run the application, and then return to the Compatibility tab to make changes, if necessary (see Figure 23.17).
Figure 23.17 Configuring program compatibility manually.
Your settings have been saved, so whenever you run the application, it will be provided with the environment it requires.
Troubleshooting Application Difficulties
The Application Compatibility Toolkit In addition to the compatibility tools built into Windows XP, Microsoft has provided an Application Compatibility Toolkit, designed for developers or network administrators who need to configure custom programs or for pinpointing subtle compatibility issues with Windows XP.The toolkit consists of several white papers, including a compatibility checklist, and several applications, including:
n
Compatibility Administration Tool. This tool provides an interface to the built-in compatibility functionality in Windows XP. It enables you to manually turn fixes on and off and create special fix packages that can be installed on other computers. Application Verifier Tool. This tool is used to test program compatibility and diagnose problems. Qfixapp. This tool is used to test applications with different combinations of fixes.
n
PageHeap. This tool is used to diagnose memory-related application problems.
n
n
The Application Compatibility Toolkit is available for download from the Microsoft Web site at http://msdn.microsoft.com/compatibility. For more information about application compatibility in Windows XP, see the Windows XP Application Experience pages at http://www.microsoft.com/windowsxp/appexperience/ itpros.asp.
Third-Party Application Management Tools Most of the third-party commercial utilities aimed at application management on the Windows platform focus on Windows 2000/Server 2003 as an enterprise host rather than on Windows XP as a client or standalone system.These utilities are generally too expensive for the average user. Among the third-party utilities with application management capabilities for the desktop are ServerBench, NetBench, and BAPCo. Both ServerBench and NetBench are very good benchmarking tools and can be useful tuning applications on your system.They are available as free downloads from http://www.zdnet.com/downloads/. BAPCo is benchmarking software for workstations and servers. See the Web site for more information at http://www.bapco.com.
Troubleshooting Application Difficulties Windows XP can run most MS-DOS and Windows applications, even when they are not designed for Windows XP. However, sometimes a device driver designed to run with Windows XP is required. If you have an application that does not include the device
537
538
Chapter 23
Managing Applications
driver for Windows XP, contact the application’s manufacturer for a version of the software that is compatible with Windows XP.
MS-DOS Applications If you are not satisfied with the performance of your MS-DOS applications, try one of the following solutions: n
If the application is in a window and the video display performance is slow, try full screen mode.
n
Disable the Compatible Timer Hardware feature in _Default.pif or in the application’s PIF.
n
If the application is in a window and seems to pause periodically, try disabling the Idle Sensitivity setting.
n
If the MS-DOS application can be configured for printing, choose LPT1 or LPT2 rather than the parallel port. Most MS-DOS applications use Int 17 to print when configured for LPT<x>. If you select Parallel Port mode, these applications print directly to printer ports. Parallel Port mode is much slower in Windows XP than in Windows 3.1.
Note Applications that attempt to directly access hardware, such as private device drivers, are not supported in Windows XP.
Windows XP uses Config.nt and Autoexec.nt files for running MS-DOS applications instead of the Config.sys and Autoexec.bat files used in real MS-DOS.That means when you run the MS-DOS–based installation program in Windows XP, any changes made in the Config.sys and Autoexec.bat files have to be manually copied over to the *.nt files.
General Applications When Windows XP shuts down, it sends a shutdown request to all processes. Most 32bit applications shut down, but applications running in the VDM usually do not.The OS prompts you with a dialog box, asking whether you want to kill the task, wait for the task to die on its own, or cancel the shutdown.You can force Windows XP to kill all running processes on shutdown by changing the Registry key HKEY_USERS\ .DEFAULT\ControlPanel\Desktop\AutoEndTasks to 1. If an unwanted application starts every time you start Windows XP, you need to determine how it is starting. Applications can be started from a number of places: n n
In the Startup folder for the current user, all users, or default users HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\ CurrentVersion\Run
Using DualView to Display the Desktop Across Two Monitors
n
n n
n
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ Runonce HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ RunOnce HKEY_CURRENT_USER\Software\Microsoft\WindowsNT\ CurrentVersion\Windows
Tip The easiest way to find an entry in the Registry is to search it by using REGEDIT on the application name, if you know it.
If you receive a message from NTVDM saying that there is no disk in drive A or a CDROM drive letter, the path statement might contain a reference to this drive.To find it, check the following: n n n n
The Control Panel System applet, Advanced dialog box, Environment tab Autoexec.bat A reference in an application shortcut HKEY_LOCAL_MACHINE\SYSTEM\SETUP\WinntPath
Using DualView to Display the Desktop Across Two Monitors With DualView, a new feature in Windows XP, you can view your desktop on two monitors. Most laptops are able to send separate signals to their internal LCD and to the external port.The DualView feature enables you to connect both displays to your laptop and work with different files or applications on each display. DualView is also supported on most PCs that are equipped with dual-port display cards. DualView is similar to the Multiple Monitor feature that was initially included in Windows 2000, except that with DualView, you are limited to two displays. DualView is supported on most laptops, but you might need to download an updated driver from the manufacturer. Microsoft has supplied a list of supported display adapters in the following KnowledgeBase article: http://support.microsoft.com/ default.aspx?scid=kb;en-us;Q307397. TO enable DualView, follow these steps: 1. Right-click on the desktop and choose Properties. 2. In the Display Properties dialog box, select the Settings tab (see Figure 23.18).
539
540
Chapter 23
Managing Applications
3. Select the second monitor, and then select the Extend My Windows Desktop onto this Monitor check box. 4. Click OK.
Figure 23.18 Enabling DualView in the Display Properties dialog box.
Note The online help for Windows XP states that the LCD monitor on your laptop will always be the primary monitor. We have found that this is not always true.
The primary monitor is the monitor on which your default desktop icons and the logon dialog box appear when you start your PC. In addition, most programs open their initial windows on the primary monitor.When your external monitor is larger or easier to read than the LCD monitor on your laptop, you might want to make the external monitor your primary monitor. To switch primary monitors, follow these steps: 1. 2. 3. 4.
Right-click on the desktop, and choose Properties. In the Display Properties dialog box, select the Settings tab. Click the Advanced button. In the Default Monitor Properties dialog box, select the Displays tab.
Using DualView to Display the Desktop Across Two Monitors
5. Click the primary button for the external monitor, and then click the secondary button for the LCD monitor (see Figure 23.19). 6. Click OK twice to save.
Figure 23.19 Selecting the primary display monitor.
Note Display drivers for Windows XP vary widely, so there will be minor differences in the procedure to switch the primary monitor.
After you have selected the primary monitor, you must orient the two monitor icons to reflect their physical position. For example, if the laptop display is to the left of your desktop monitor, you want to make sure that when you are working with an item on the desktop monitor and you drag it to the left, it appears on your laptop display. To adjust the physical arrangement of your monitors, click the Identify button in the Display Properties dialog box.You will see the number 1 or 2 appear on your monitors. For example, if the number 1 appears on your laptop display, the number 2 will appear on your desktop monitor. If the physical arrangement of the numbers that appeared on your displays matches that shown in the Settings tab, you can just click OK. However, if it doesn’t match, you can right-click one of the icons and drag it to the other side (see Figure 23.20).Then click OK and make sure you can move your mouse pointer between the two displays.
541
542
Chapter 23
Managing Applications
Figure 23.20 Changing the orientation of your display.
For More Information If the information presented in this chapter about managing applications in Windows XP has increased your desire to learn more, here are a few resources you can research: n n
n
Microsoft KnowledgeBase: http://support.microsoft.com. Microsoft Windows XP Professional Resource Kit. Microsoft Press, 2001. ISBN: 0735614857. TechNet (the technical subscription service from Microsoft): http:// technet.microsoft.com/.
24 Printing with Windows XP
F
OR YEARS, WE HAVE HEARD THAT the paperless office is the wave of the future. Even after the adoption of online documents, intranets, and the exploding use of e-mail, the love affair with paper documents has not faded.
To this day, file and print services remain the bread and butter of the networking world. Printing is one of the key capabilities around which networks and computers are designed. Most computer operators cannot function without being able to transfer data onto paper. Accessing a shared printer is one of the most frequently used network capabilities.The Windows XP printing subsystem has an advanced architecture capable of supporting a large user base, managing a wide variety of printer types and capabilities, and offering several layouts and access controls. As long as the printer host is a member of a network, any type of network client can use printers hosted by a Windows XP system, including Windows 2000 Server and Windows 2000 Professional,Windows NT, Windows 95/98,Windows for Workgroups,Windows 3.x, DOS, NetWare servers, Macintosh, Unix, and other TCP/IP clients.This chapter examines the Windows XP printing system and covers printer installation, management, configuration, and troubleshooting.
The Windows XP Print Architecture The Windows XP print architecture design is comprehensible, but many of the terms and concepts it uses must be defined because they are used in ways contrary to common sense or common usage.The following list explains most of the Microsoft printingrelated terms.You should become familiar with these terms before working with the Windows XP printing system: n
Logical printer. Microsoft uses this term to refer to the software construct that redirects print jobs from a client to the print server. Logical printers appear in the Printers folder, and you can create them by using the Add Printer Wizard from
544
Chapter 24
n
n
Printing with Windows XP
that folder.The logical printer is where you define configuration settings for physical print devices. Logical printers are also used to control and manage access to physical printers.The term “logical printer” is often synonymous with “printer” in Microsoft documentation. Print device. This is the actual physical device that creates the printed document. This term is synonymous with “physical printer.” Client. A client is either a computer hosting a specific operating system or an application submitting a print job.The terms “client,” “client system,” “client computer,” and “client application” are used interchangeably in most cases.The client can be a true network client that submits a print job to a print server on the network, or it can be the same computer system that serves as the print server.The term “client” refers to the relationship between the object submitting the print job and the object hosting the printer spool.
n
Connecting to a printer. This action creates a logical printer that redirects print jobs to a network printer share. Use the Add Printer Wizard in the Printers and Faxes folder to create a logical printer.
n
Creating a printer. This term is similar to connecting to a printer, but it is used in reference to a locally attached physical printer—that is, a printer connected directly to the computer via a parallel cable. In creating a printer, you use the Add Printer Wizard from the Printers and Faxes folder. Creating a printer involves installing the device-specific driver, setting any configuration options, and possibly sharing the printer with the network.
n
Dynamic print clients. Dynamic print clients do not have print drivers installed locally for network printer shares. Each time a print job is sent to a logical printer, the print server sends a print driver for the appropriate client operating system to the client.The client uses the driver to format and submit the print job.This system enables print drivers to be stored in a single location, simplifying maintenance and upgrades.
n
Network-attached printer. A network-attached printer is a print device that has a built-in or specially attached network interface connected to the network media instead of to a computer. Such printers still require that you define a computer as the print server where spool files reside, but they are independent network devices. Network-attached printers typically use TCP/IP or the Data Link Control (DLC) protocol for communications.
n
Print client. This term is used interchangeably with “client,” “client system,” “client computer,” and “client application.” A print client is any object that submits a print job to a printer.
n
Print job. This is the object transmitted from a client to a print server that contains not only the document or content to be printed, but also control and processing instructions.The client creates print jobs and sends them to a print server via a logical printer redirector.The print server stores the print job to a spool, and
The Windows XP Print Architecture
n
when the printer is available, the print job is pulled from the spool and sent to the physical print device. Print server. This is the actual computer that controls and manages a printer. It accepts print jobs from clients, stores them in a spool, supervises the physical printer, and sends print jobs from the spool to the physical printer when it is available. A print server can manage a locally attached or a network-attached printer.The print server is also the storage location for print drivers used by dynamic print clients. On Windows networks, print servers can be Windows XP or Windows Server 2003,Windows 2000 Server or Professional,Windows NT Server or Workstation, or Windows 95/98 systems. Print drivers are stored on these servers in the \\printserver\print$ directory.
n
Print resolution. Print resolution is a measurement of pixel density in dots per inch (dpi). It determines how sharp and clear the printed document looks. In most cases, a higher dpi results in a better printed document.The base dpi for most laser and ink-jet printers is around 300dpi; however, several printer models can print up to 2,400dpi. Higher dpi resolutions can be produced on professional printing systems.
n
Print server services. You can expand the print system’s printing capabilities through the use of print server services.These add-on modules broaden the client base from which print jobs can be submitted. Print server services include Services for Macintosh, File and Print Services for NetWare, and TCP/IP Print Services. Print server services not only add support for additional client types, but also expand the range of protocols that can be used to submit print jobs.
n
Print spooler or spooler. The spool is the temporary storage area hosted by the print server for submitted print jobs.The software component of the print server that manages the spool is the spooler.The spooler is responsible for saving new print jobs to a file and for sending print jobs from the spool to the physical printer. In most cases, the print job is retained in the spool until it has successfully printed.The spooler can be bypassed with a change to the logical printer configuration, causing print jobs to be sent directly to the printer instead of being stored in the spool. Doing this suspends the client sending the print job; the print job is communicated only as fast as the printer can create the printed output.
n
Print users. A print user is any user on the local system or network who has been granted the privilege of printing. Print users can be given Print, Manage Documents, or Manage Printers access privileges. Print access enables users to submit print jobs and to manage their own print jobs (pause, resume, restart, and delete). Manage Documents access enables a user to submit print jobs and to manage any print job in the queue (pause, resume, restart, and delete). Manage Printers access enables a user to submit print jobs, to manage any print job in the queue (pause, resume, restart, delete), to make changes to the settings and configuration of the logical printer, and to alter the security settings and access privileges for the logical printer.
545
546
Chapter 24
n
n
Printing with Windows XP
Printer. Also called the logical printer, this term refers to the logical printer software construct that redirects print jobs from a client to the print server rather than to the physical print device.The type of device used as the physical printer does not affect the rest of the print model, as long as the correct device driver is installed. Print driver. A print driver is a software element used to inform the print server or print client about a printer’s capabilities and limitations. It informs the print server how to communicate with the physical printer, and it informs print clients how to format print jobs.
n
Queue or print queue. The print server maintains a queue (or list) of print jobs for each physical print device and automatically manages these jobs. Each logical printer has its own print queue. Each physical printer can have multiple logical printers defined for it, so it can have multiple print queues. Multiple queues allow for priority processing of print jobs. Print users can manipulate only those print jobs they have submitted. Print users with Manage Documents access can manipulate any print job in a queue. Print users with Manage Printers access can also manipulate any print job in a queue, and can change the settings and configuration of the queue and the logical printer.You can view a print queue by opening the logical printer from the Printers folder. Individual print queues operate in first in, first out (FIFO) mode.
n
Rendering. Rendering is the process of transforming video display images from video system–specific instructions to printer model–specific language codes that reproduce the image on paper.The Windows XP print system renders images using the print driver installed for a particular logical printer/physical printer.
From this list of terms, you can see that the Microsoft print system is not focused on the physical print device, but on the software-redirecting mechanisms that direct print jobs from the client to the physical printer’s connection point to the print system (a print server). After you attach the physical print device directly to a computer or to the network and then install the proper drivers, the Windows print system pays little attention to the physical device.You’ll interact with the physical printer only to retrieve documents, add paper, and troubleshoot hardware-specific problems. The actual Windows XP print system architecture is fairly extensive. As a system manager or a print user, you do not need to know the architectural details. All that is required to adequately support printing under Windows XP is that you understand how to add printers and configure and troubleshoot printing. Discussion of the architecture is included here so that you will have a clearer understanding of what is actually going on under the hood when a client submits a print job. The print system design is modular, like that of every other part of Windows XP.This modular design enables you to interchange, tweak, control, and replace individual components of the overall system based on the needs of the system and the types of hardware present.
The Windows XP Print Architecture
Each element of the print architecture is designed to manage or perform a single task. A print job traverses the system one step at a time, providing a seamless procession from print client to printed document. Each module of the system can communicate with its immediate neighbors, but not with other components located elsewhere in the system, which simplifies processing.The following list presents the key elements of the print architecture in the order in which a print job encounters them: 1. A Windows-based print client uses an application to create a document or other printable element and then initiates a print job. 2. The print client application interacts with the graphics device interface (GDI) and print driver to create a valid print job for the specified logical printer.The GDI is a software element that interacts with both the video and printer systems to enable images to be rendered for display or print.The GDI is what makes the Windows What You See Is What You Get (WYSIWYG) capability possible.The interaction of the GDI with the actual print driver helps create a print job that accurately reproduces the displayed image. 3. The print job is sent to the local print spooler and held there until the remote print provider can transmit it to the print server. Note Non-Microsoft print clients perform similar functions that result in a formatted print job being sent to the appropriate print server service hosted by the print server. The spooler is a multipart element consisting of the router, the local print provider, the print processor, and the separator page processor. It is responsible for accepting print jobs from clients and holding them until they are passed on to the print monitor. The router is responsible for directing print jobs to local or remote printers. It passes print jobs for a local printer to the local print provider and passes print jobs for a remote printer to the remote network print server, such as a NetWare print server.
4. The local print provider writes the print job to a spool file (.spl). 5. The print processor despools print jobs and performs any additional processing before sending them on to the print monitor. 6. The separator page processor adds any logical printer-specific separate pages to the beginning of each document as it is sent to the print monitor. 7. The print monitor is the print system component that communicates directly with the printer. It manages the connection port and the language used by bidirectional print devices. 8. The print device receives the print job and prints the data. If you need more details or additional information about the structure, elements, and architecture of the Windows XP print system, consult the TechNet CD.
547
548
Chapter 24
Printing with Windows XP
Adding Printers Whether you are installing a printer for local use only, configuring a network print server, or even defining a print server for a network-attached printer,Windows XP makes adding new printers easy.The following sections discuss each of these printer installation issues.
Locally Attached Printers Local printers are attached directly to the computer.The type of attachment you use doesn’t matter as long as the operating system recognizes the bus type and the print driver corresponds. Local printers are usually attached by using parallel cables, but serial ports, USB, and other technologies can be used. Before beginning the installation of a local printer, you need to have a few key pieces of information on hand: n n n
n
n n n
The exact make and model of the printer The port to which the physical print device is connected The location of print drivers, if they are not included on the Windows XP distribution CD A name for the logical printer (if you are using a naming convention, be sure to comply with its rules) Whether you will be sharing the printer with the network Whether you want to print a test document Whether the printer requires a bi-directional cable
The following are the basic steps for adding a local printer: 1. Physically set up the printer (with the exception of power) and attach it to the computer. 2. Power up the printer. 3. Open the Printers and Faxes folder (Start, Settings, Printers and Faxes). 4. Start the Add Printer Wizard by clicking the Add a Printer option under the list of Printer Tasks in the left pane. Click Next. 5. Select the Local Printer Attached to This Computer for a Locally Attached Printer option, and click Next to reveal the port selection window. 6. Select the port to which the printer is connected, and click Next to move to the Printer Model Selection window, which lists the print drivers included on the Windows XP distribution CD. 7. Select the manufacturer in the left column, and select the printer model in the right column.
Adding Printers
8. If your printer is not listed, click the Have Disk button.You’ll need to point the dialog box to the location of the manufacturer-supplied drivers. 9. Click Next to move to the Printer Name window.This is the name that will appear below the logical printer icon in the Printers folder on your local machine. 10. Enter a name, or accept the offered default name. Remember that if you want MS-DOS applications to print to this printer, the printer name must be no more than eight characters long and must have no spaces. 11. Select whether you want Windows-based programs to use this printer as the default printer, and click Next to move to the Printer Sharing window. 12. The default in Windows XP is for local printers to not be shared. If this printer is to be used by the local system only, leave the default Do Not Share This Printer option selected.To share the printer, select the Share Name option, and type in a user-friendly name for the printer. (See “Network-Shared Printers” later in this chapter for more information about this window of the Add Printer Wizard.) 13. Click Next. If you shared the printer in the previous step, the Location and Comment window appears. If you fill in these optional fields, users who are searching in Active Directory will be able to read or search on these fields. 14. Click Next to move to the Print a Test Page window. Printing a test page is recommended, but if you do not want to, select No and click Next. 15. Click Finish. The final step of the Add Printer Wizard initiates the printer installation routine.The wizard might prompt you for the path to the print driver and associated print system files. After the required drivers are installed, the newly installed printer icon appears in the Printers and Faxes folder.You might need to refresh the display (by selecting View, Refresh or pressing F5) to see the new icon. If you elected to print a test page, a dialog box appears asking whether the page printed successfully. If the page printed, click Yes. If the page failed to print, click Troubleshoot.The printing troubleshooter appears and walks you through several options for remedying the printing problem. Most of these options are discussed in the “Troubleshooting Printing Problems” section later in this chapter. If you’ve installed a printer on this system before, you will see an additional question on the Printer Name window asking whether to make the printer you are currently installing the default printer.The default selection is No. If you want the new printer to be the printer to which all applications print to by default, select Yes. If you already have a printer of the same type or a printer that uses the same print driver installed on this system, you will see an additional window (after the Printer Model Selection window) asking whether to keep or replace the existing driver. In most cases, you can accept the default (and recommended) option of retaining the existing driver. If you want to reinstall the driver or install a new driver from a new source, select the Replace the Existing Driver option.
549
550
Chapter 24
Printing with Windows XP
Plug and Play Printers With Plug and Play (PnP), a printer connected via USB or an IEEE 1394 compatible port is automatically detected and identified. After the printer is identified, the drivers are automatically loaded, and the printer is configured for you. A printer connected to the parallel port will be detected when the computer is restarted. It is also possible to start the detection process by opening the Add Hardware applet from Control Panel. After the printer is installed, you can make any necessary configuration changes, just as you would with a manually installed printer. Network and serial port attached printers are not PnPcompatible, and must be installed and configured manually. .
For a detailed description of the Windows XP Plug and Play feature, see Chapter 4, “Windows XP and Hardware,” p. 77.
Network-Shared Printers You can create network-shared printers through a simple procedure of installing a locally attached printer, sharing that logical printer, and connecting to that printer from each client.The simplest way to share a local printer is to select the Share Name option during the Add Printer Wizard installation process. If you want to share an existing logical printer, however, you need only modify the Sharing tab in the printer’s Properties dialog box. Creating a new printer to be shared with the network requires the same preparation and installation steps as a local-only printer, with a few additions.You need to have the following additional pieces of information on hand: n
n
The name of the printer share (if you are using a naming convention, be sure to comply with its rules) The operating system–specific print drivers you want to host from the print server
The installation process is the same as for a local-only printer, with the following changes. Follow steps 1 through 11 for the local-only printer installation and then follow these steps to complete the installation: 1. In the Printer Sharing window, select the Shared Name option. 2. In the Share Name text box, enter the name to be used on the network for this printer share. Remember that if you want MS-DOS,Windows 3.x,Windows for Workgroups, and other operating system clients that don’t support long filenames to use this print share, the share name must be no more than eight characters long. Click Next.
Adding Printers
3. The Location and Comment window appears. If you fill in these optional fields, users who are searching in Active Directory will be able to read or search on these fields. Click Next to move to the Print a Test Document window. It is recommended that you print a test page by selecting Yes. If you do not want to print a test page, select No and click Next. 4. Click Finish. The final step of the Add Printer Wizard initiates the printer installation routine in the same manner as for locally installed printers. (Refer to the “Locally Attached Printers” section earlier in the chapter for details.) If you have clients other than Windows XP and Windows 2000 that will be connecting to the printer, you might want to make the appropriate drivers available so that users do not need to search for them.To do so, open the Printers and Faxes folder, right-click the shared printer, and click Properties. In the Properties dialog box, select the Sharing tab and click the Additional Drivers button. At this point, you have installed a local printer that is shared with the network.The next step, which is performed from each client, is to connect the client to the network printer share.The actual process varies depending on the operating system, although it is the same on all Windows 95, 98, NT 4.0, 2000, and XP systems. If you need additional information about connecting other clients to network printer shares, consult TechNet or the manufacturer of the client operating system. On any Windows 95/98/NT/2000/XP system, follow these steps to connect to a network printer share: 1. Open the Printers folder (Start, Settings, Printers). 2. Start the Add Printer Wizard by double-clicking the Add Printer icon in the Printers folder, and then click Next. 3. Select the Network Printer option to connect to a network printer share. 4. Click Next to open the Browse for Printer dialog box (see Figure 24.1). 5. Here, you can choose to connect to a printer on your intranet or the Internet just by entering the appropriate URL.You also have the option of typing in the printer name, if you know it, or searching in Active Directory. Or you can type the name of the printer in the Printer text box, and then click Next. 6. Traverse the network resource browser tree to locate the print server and the share name of the printer share. Select the printer share. 7. Click OK and then click Finish.
551
552
Chapter 24
Printing with Windows XP
Figure 24.1 The Add Printer Wizard, showing the Browse for Printer options.
If the print server hosts the print drivers for the local operating system, the Add Printer Wizard requires no additional files. If print drivers must be installed locally, you are prompted to provide the path to their location. After the required drivers are installed, the newly installed printer icon appears in the Printers folder.You might need to refresh the display (by choosing View, Refresh) to see the new icon. The same test page steps are next, if you elected to print a test page. (Refer to the steps described earlier in this chapter for details.)
Network-Attached Printers A network-attached printer is equipped with its own network interface, making the printer a network device. Use network-attached printers when communication speed is important (such as when printing large or complex documents) or when no suitable system has an available communication port. Network-attached printers require a print server—that is, a printer attached directly to the network that relies on a computer to manage print jobs, process the spool, and control user access. Different protocols can be used to communicate with network attached printers.The DLC protocol can be used for IBM mainframe interaction or for communicating with network-attached printers. DLC is not the only protocol that can be used to communicate print data from a print server to a network-attached printer; both TCP/IP and NWLink can also be used. In addition, some printer vendors have proprietary protocols. Ultimately, the protocol used to support printing on network-attached printers is not important, as long as the printer and the supporting software function. Configuring a network-attached printer can involve a variety of steps, configurations, and driver installations.You need to read the installation instructions included with the printer to learn exactly what must be done for that particular device. In general, the steps are as follows:
Adding Printers
1. If not already present, install the network interface into the printer. 2. Attach the printer to the network. 3. Perform any necessary hardware-specific routines to prepare the device for network communications.These routines might include switching print modes, defining protocol-specific parameters, or enabling the network interface.The printer/NIC manual should detail the required steps. 4. Install the communication protocol on the system destined to be the print server for the network-attached printer: DLC,TCP/IP, NWLink, or a vendor-supplied protocol. 5. Add a virtual port to the print server. In this process, a new port used to redirect print jobs from the print server to the actual print device is defined to the system. A port is usually created by clicking the Add Port button in the Port Selection window of the Add Printer Wizard. Some vendors, however, have their own installation routine.The Windows XP distribution CD includes several ports that can be installed, including the Hewlett-Packard and Digital network ports. 6. Using the Add Print Wizard, complete the printer installation by selecting the new port as the connection point for the network-attached printer. Following these steps creates a logical printer icon in your Printers and Faxes folder. Network-attached printers are managed and controlled in the same manner as locally attached printers. In some cases, vendors provide additional control or interface software that can enhance the foundational controls offered through the print system. Publishing a Printer in Active Directory Any printer attached to a machine that is logged in to the domain or any networkattached printer can be shared and published. In a pure Windows .NET TCP/IP-only environment, there is no browser service available to find shared resources. All resources to be shared must be published in Active Directory. For a printer to be published in Active Directory, it must first be shared. However, a printer can still be shared without being published.You can still connect to it by using the NET USE command. By default, all shared printers in a Windows .NET domain are made available as objects within Active Directory. By publishing shared printers in the directory, users can search for them based on attributes such as printer features or location. To share and publish a printer in Windows XP, follow these steps: 1. Click Start, and then select the Printers and Faxes folder. 2. Right-click the printer icon and select Sharing. 3. In the Sharing tab of the Properties dialog box, go to the Shared Name text box and type in the name you want to appear in the Active Directory database. 4. Select the List in the Directory check box, and then click OK to save.
553
554
Chapter 24
Printing with Windows XP
Note When a printer is installed on a Windows machine, it may or may not be shared and published in Active Directory, depending on whether it is Windows 2003 Server or XP Professional. The default behavior can be changed via Group Policies. For information on Group Policies, see Chapter 9, “Introducing the Windows XP Registry.”
Publishing a Non–Windows XP Printer in Active Directory Printers attached to machines running Windows NT and Unix printers can be published. For a non–Windows XP printer to be published in Active Directory, it must first be properly installed and shared on its respective platform. To publish a non–Windows XP printer in Active Directory, follow these steps on the Active Directory server: 1. Click Start, All Programs, Administrative Tools, and then select Active Directory Users and Computers. 2. Click the desired domain, and then right-click the container of the organizational unit (OU) you want to publish the printer in. 3. From the shortcut menu, select New, Printer to open the New Object – Printer dialog box. 4. In the New Object – Printer dialog box, type in the Universal Naming Convention (UNC) path of the printer you want to publish.The name should be in the format \\servername\printername. 5. Click OK to save. Searching for Printers in Active Directory Active Directory client users can locate printers that are published in Active Directory and configure them for use with their computers. To find a printer using Active Directory in Windows XP, do the following: 1. Click Start, and then select the Printers and Faxes folder. 2. In the Printers and Faxes folder, select the Add a Printer option from the Printer Tasks list to start the Add Printer Wizard. Click Next to continue. 3. In the Local or Network Printer window, select the radio button A Network Printer or a Printer Attached to Another Computer. Click Next to continue to the Specify a Printer window. 4. In this window, you have the choice of entering the printer name, browsing Active Directory for a printer, or entering a Universal Resource Locator (URL) to connect to a printer on the Internet or your intranet. Select the Browse for a Printer radio button, and then click Next to continue to the Find Printers dialog box (see Figure 24.2).
Adding Printers
Figure 24.2 You can search for printers by using a number of options.
There are many search options in the Find Printers dialog box to base a search on.The user can search for the printer by name, location, or model. If you select the Features tab, you can also search for specific features, such as paper type, paper size, print resolution, print speed, and whether the printer supports color. For an even more detailed search, select the Advanced tab and then click Field, which opens a dialog box with additional options, such as Asset Number, Input Trays, Supports Collation, and many others. The In text box in the Find Printers dialog box enables you to limit your search in Active Directory to a specific domain or to search the entire directory. To find a printer, perform the following steps: 1. Type your criteria into the search fields, and click the Find Now button to continue. 2. A list of printers matching the search criteria is returned.To examine the returned printers’ properties to make sure they are suitable, right-click the printer name in the Returned Objects text box and then choose Properties from the shortcut menu. 3. In the Printer Properties dialog box, verify that it is the correct printer, and then click OK. 4. Make sure the printer is highlighted, and then click OK to open the Default Printer dialog box. 5. If you want this printer to be your default printer, click the Yes radio button. Click Next to continue to the Completing the Add Printer Wizard window. 6. Check the options listed. If anything needs to be changed, click Back; otherwise, click Finish to end. Tip If you are looking for a printer that you know is published in Active Directory, you can bypass the Add Printer Wizard and get directly to the Find Printer dialog box by clicking Start, Search, selecting Printers, Computers, or People, and selecting the option A Printer on the Network.
555
556
Chapter 24
Printing with Windows XP
Updating Print Drivers and Determining Who Needs Them Point and Print is a term Microsoft created to describe a collection of print features. Not all of these features require a print driver to be installed on the client; some allow the print server to host the print drivers.Windows .NET,Windows XP,Windows 2000, Windows 95,Windows 98, and Windows NT (3.1, 3.5, 3.51, and 4.0) all support Point and Print.When a printer is shared from a print server, you can select additional operating system version-specific and platform-specific print drivers for local storage.When a client that supports Point and Print uses the printer, the print server sends the appropriate print driver to the client.This enables the client to properly process the print job before actually submitting it to the print server.The print driver remains on the client system until it is rebooted or until a new user logs on. This print driver management scheme allows for a single repository of print drivers so that upgrading is quick and easy.This scheme also reduces the complexity of connecting to network printer shares from a client perspective. Another benefit of this scheme is drag-and-drop printing. Even if a client does not have a logical printer defined for a printer share, a document can be dropped onto the printer share (displayed in a browse list in Network Neighborhood, My Network Places, or Windows Explorer).This drag-and-drop initiates the print driver exchange, and the document is printed. Installing new or upgraded drivers for existing printers is a snap. Simply click the New Driver button in the Advanced tab of the printer’s Properties dialog box, and click Next in the first window of the Add Printer Driver Wizard to see the list of manufacturers and printers that can be used to select new drivers. In most cases, you’ll use the Have Disk button to indicate the path to the new drivers.This enables you to update the drivers for the print server, the clients, or both.Windows NT, 2000, XP, and .NET clients automatically receive the new driver the next time they connect to the print server.You need to manually refresh the print drivers on Windows 95 and 98 clients. As a rule, print a test page to verify that everything worked out the way you planned after you switch drivers. Tip Print drivers must be installed and maintained on the client system for any Microsoft operating system before Windows 95 and on all non-Microsoft operating systems.
Printer Pooling Printer pooling is a print system function that enables a single logical printer to serve multiple physical printers. Print pooling is often used in offices in which many documents
Managing Printer Users, Queues, and Priorities
are printed continuously and a single printer is inadequate. As print jobs are sent to the logical printer, the print server sends each print job to the next available printer.This results in an overall faster printing time and a more efficient use of multiple printers. Note that the same print driver must operate all the printers in a print pool. In most cases, using identical printers is best, but this is not strictly necessary.Working with printers from the same manufacturer within a generation or so of each other provides adequate similarity for printer pooling. You can configure printer pooling just as you would any locally attached printer. Instead of working with a single port, however, you must select all the ports to which a printer is attached that should be a member of the pool.You must also enable printer pooling in the Ports tab in the printer’s Properties dialog box. As you know, the Windows XP print system allows multiple logical printers to serve a single printer. Likewise, multiple logical printers can serve a printer pool.This enables you to create logical printers with different printing priorities, varied availability time frames, or different paper trays.
Managing Printer Users, Queues, and Priorities Printer management tasks range from changing print server configurations to manipulating active print jobs in a queue.This section looks at several print-related management functions.
Server Management Server management focuses on the configuration options for a print server as a whole rather than for a specific logical printer.You can access the options for server management by choosing File, Server Properties from the menu in the Printers folder.This opens the Print Server Properties dialog box (see Figure 24.3). In the Forms tab of the Print Server Properties dialog box, you can do the following: n
Delete available print forms on this print server. A form is a defined paper type. Form definitions rather than tray designations are used.
n
Create new forms. New form creation requires a name, the paper size, and margin area specifications.
In the Ports tab of the Print Server Properties dialog box, you can do the following: n n n n
Choose from a list of existing ports and their associated printers Create or add new ports Delete existing ports Configure existing ports
557
558
Chapter 24
Printing with Windows XP
Figure 24.3 You can view options for managing the print server in the Print Server Properties dialog box.
In the Advanced tab of the Print Server Properties dialog box (see Figure 24.4), you can do the following: n
Define an alternative location for the spool files.The default location is %systemroot%\System32\spool\PRINTERS\.
n
Log spooler error events to the System log. Log spooler warning events to the System log. Log spooler information events to the System log. Request audio warning of remote document errors. Request notification of successfully printed documents.
n n n n
The setting changes made to the print server affect all printers served by this print server.
Print Job Management You can manage print jobs through the Print Queue dialog box. Each logical printer has its own print queue that can be accessed by double-clicking its icon in the Printers and Faxes folder.You can manage documents by selecting one or more documents in the queue and then issuing one of the following commands from the Document menu: n
Pause. This command prevents the selected document from being printed; the document is retained in the queue.
n
Resume. This command releases the selected document so that it prints normally. This command could be thought of as “unpause.”
Managing Printer Users, Queues, and Priorities
n
n n
Restart. This command stops the current print processing of the selected document and starts the process over. Cancel. This command removes the selected document from the print queue. Properties. This command displays the properties for the selected document.
Figure 24.4 You can view options for managing the print server in the Print Server Properties dialog box.
Keep in mind that the documents you can manage depend on your access level. If you have only Print access to the printer, you can manage only your own documents. If you have Manage Documents or Manage Printers access to the printer, you can manage any print job in the queue. If you have Manage Documents or Manage Printers access to a printer, you can also use the commands from the Printer menu of the Print Queue dialog box.These commands include the following: n
n
n
Pause Printing. This command halts the printing process for all print jobs in the queue. Any data in the physical printer’s buffer continues to print, but no new data is sent from the print server. Set As Default Printer. This command sets the current logical printer as the default printer for all print applications on this client. Printing Preferences. This command opens the Default Document Properties dialog box.The Page Setup tab of this dialog box is used to define the association of paper type to trays, specify the number of copies to print, and indicate whether to print in portrait or landscape mode.The Advanced tab displays the same controls discussed previously for the Device Settings tab of the printer’s Properties dialog box.
559
560
Chapter 24
n
n
n
n
Printing with Windows XP
Sharing. This command accesses the Sharing tab of the printer’s Properties dialog box, as previously discussed. Cancel All Documents. This command removes all documents in the print queue. Use Printer Offline. This command takes the printer offline so that users cannot print to it. Properties. This command opens the printer’s Properties dialog box (previously discussed and accessed directly from the Printers folder).
Web-Based Print Management One of the slickest new features introduced in Windows 2000 that’s included with Windows XP is Web-based print management.This feature enables you to connect and manage a printer from any computer that has a Web browser installed. Of course, it requires that you have Internet Information Services (IIS) installed on your print server. IIS, by default, creates a Printers folder under the Default Web site; this folder contains the Active Server Pages needed to interface the printer subsystem to the Web browser. This Web page can be managed and customized just like any other Web page.You can host this page on your intranet or on the Internet.You can also customize the appearance and the information that’s presented and control access to the page. For example, you could create a map showing the location of the selected printer in your building. To connect to a print server, you would use the address servername/printers.This displays a Web page showing all printers installed on that server.To connect to an individual printer, you would use the address http://servername/sharename.This displays a Web page showing the individual printer. From this Web page, you can manage the documents on the printer just as you could from the console on the print server. Tip If you need to access your printers from the Internet, putting the Web management print server in your demilitarized zone (DMZ) is a good idea. Then you can use whatever type of user authentication/security you normally use for your secure Web pages.
Third-Party Print Management Tools You’d be hard pressed to find an add-on or replacement utility that actually improves on the existing Windows XP print system, but here is a list of some tools that have promise: n
Print Manager Plus from Software Shelf. This quota and tracking system for printers can record every activity associated with printing. It develops a usage pattern, which in turn can be used to justify print access, reduce waste, and delegate
Troubleshooting Printing Problems
n
n
n
n
n
printing costs (paper, toner, repairs, and so on) by user, group, or department. As a quota controller, you can limit printer access to a specific page count per user or per printer. For more information, visit http://www.sunbelt-software.com. Print Queue Manager (PQM) from Software Shelf. This enterprise-level print management utility allows full viewing and manipulation of print jobs anywhere on a domain. PQM offers automatic and manual redirect of print jobs, load balancing, printer status, printer disaster recovery, and print broadcasting. For more information, visit http://www.sunbelt-software.com. Printer Accounting Server from Software Metrics. This straight-up usage tracking system helps you find exactly how many pages are being printed, on which printers, and by which users. For more information, visit the Software Metrics Web site at http://www.metrics.com. Zenographics. This tool offers several print-related utilities, including SuperPrint, InterPrint, and Zj. SuperPrint is a Windows XP print system replacement package that transforms Windows XP into a true 32-bit printing system with better multitasking and background printing. In addition, SuperPrint enhances the printed graphic output. InterPrint is an add-on package that enables remote users to e-mail print jobs to a print server. It transforms Windows XP into a true crossplatform Internet/intranet printing solution. For more information, visit the Zenographics Web site at http://www.zeno.com. FinePrint from Single Track Software. This shareware utility is used to print multiple pages (one, two, four, or eight) on a single sheet of paper. It’s a great tool for previewing large documents or for providing amazingly legible small-print overviews of presentations. For more information, visit the Single Track Software Web site at http://www.singletrack.com. Beverly Hills Software. The 32-bit download area has many other specialized utilities and single-function tools, including font printers, directory list printers, CD-ROM label layout printers, print screens, and business card design and printing tools. Check out the latest additions by visiting http://www.bhs.com.
Troubleshooting Printing Problems Troubleshooting problems with the Windows XP print system is a straightforward endeavor. Problems can occur in one of the following six areas: n
The physical print device. The printer itself can experience problems, including paper jams, paper feed problems, ink depletion, toner cartridge malfunction, power surges, or failed memory/control chips. In most cases, clearing out the paper, replacing print cartridges, and cycling the power restores the printer to operation. If not, consult the printer’s manual for additional troubleshooting steps before calling a repair technician.
561
562
Chapter 24
n
Printing with Windows XP
One of the most common problems is a simple oversight of making sure the printer is online. Some printers must be manually enabled to receive print jobs; others automatically switch into online mode after their power-on self-test. If you’ve changed or manipulated the printer’s default settings, you might want to issue a memory/setting reset to return the printer to its factory defaults. The print driver. The most common driver-failure problem occurs when a disk becomes highly fragmented or a virus infection causes a corruption in a driver file. In most cases, reinstalling or replacing the driver resolves the issue. In rarer cases, updating Windows XP might change print driver–dependent DLL files. In these cases, you need to obtain newer driver files that have been tested with the new service pack from the manufacturer. In some cases, the problem can be found in the logical printer itself. If replacing the driver fails to resolve the problem, try deleting the logical printer and re-creating it from scratch. Keep in mind that if the logical printer is shared with the network, you need to re-create the logical printers connecting to that share on every client. (The name might be the same, but to Windows XP, it is a completely different object with a new security ID [SID]).
n
Access permissions. Resolving print-related access permission problems involves the same steps as resolving them for any other type of security object. First, try accessing the object from another account with the same or similar privileges. Next, test the problem account from different clients.Then test a Manage Document, a Manage Printers, and an Administrator account from the original fault client.These tests should tell you whether the problem is specific to a user account, a computer, or the object. In any case, you should check the permission settings at the print server to make sure you’ve set the access correctly.You might want to review the group memberships through Active Directory Users and Computers.
n
Network shares. Network share–related problems revolve around failed network connections, unshared printers, offline servers, or congested traffic pathways.To determine whether the problem is printing related, try accessing other shared objects from the suspect client and server. If they succeed, check to see that the printer is actually shared. If they fail, inspect the network for a point of failure and make sure the server is online.
n
Communications and connections. Communications between the print server and the physical print device are essential to the printing process. If they are disrupted, printing will cease. Solving these problems often centers on disconnected cables. Release and reconnect all connections between the print server and the printer (whether locally attached or network attached). Next, verify that the protocol required by network-attached printers is installed on the print server and is properly configured on both the print server and the print device.
For More Information
n
Spooler. The spooler is the final place to check for problems. It is possible for the spooler to be interrupted so that it hangs in the middle of an operation.This can happen when the Windows XP Kernel grants more processing time to tasks other than the print system. Hung spoolers might continue to accept new print jobs or might reject them. (This means either the client receives an error or the print job is dropped with no error.) Usually, spooler problems can be corrected by stopping and restarting the Spooler service through the Services applet. If this fails to solve the problem, check to make sure the spooler’s host drive has at least 50MB of free space. If it doesn’t, change the spool host drive and reboot the system. In some cases, a simple reboot corrects the spooler problem. In addition, sometimes it’s necessary to delete the .spl files from the spooler and restart.
If these suggestions fail to solve your printer problems, you might want to contact the vendor or a licensed printer repair center for further help. In rare cases, reinstalling Windows XP might solve the problem. It is recommended, however, that you exhaust all other options before attempting this final solution.
For More Information If this chapter has left you with more questions about Windows XP and printing, consult the following resources: n n
n
Microsoft KnowledgeBase: http://support.microsoft.com. TechNet (the technical subscription service from Microsoft): http://technet.microsoft.com. Windows XP FAQ: http://www.ntfaq.com.
For more information about network-attached printers, visit the manufacturers’Web sites, such as the following: n n
n n
Canon: http://www.usa.canon.com. Digital Equipment Corp/Compaq: http://www.dec.com or http://www.compaq.com. Hewlett Packard: http://www.hp.com. Lexmark: http://lexmark.com.
563
25 Managing System Security
T
HIS CHAPTER EXPLORES AND EXPLAINS the many built-in security features and facilities in Windows XP. Even more important, this chapter also outlines a vital routine for maintaining security on any computer system or network.That’s because security is an ongoing effort and should never be considered completely taken care of.Therefore, a security regimen must become part of any regular computer- and network-maintenance routine.
Note Many of the issues in this chapter apply equally to systems attached to a LAN and to standalone systems (which are probably connected to the Internet at a minimum). Except where explicitly mentioned, all coverage in this chapter focuses on Windows XP systems. Also, networking issues usually apply only if your computer is a client on some network. (But if you’re connected to the Internet via cable modem or DSL, you are indeed connected to a network!) Some issues apply only when a Windows XP machine is part of a Microsoft network that includes Active Directory services.
Windows XP Security Components Windows XP contains numerous security subsystems, services, and facilities, as follows: n
Strong logon authentication mechanisms, based on Kerberos v5 and Active Directory. Logon authentication requires access to Kerberos, but works best with Kerberos and Active Directory.
n
Support for X.509 certificates, which enables digital signatures and digital proofs of identity for parties that do not belong to a common security domain.This support is part of the Public Key Infrastructure (PKI) covered in the “Certificate Services” section later in this chapter; it requires access to Certificate Services and works best in an Active Directory domain.
566
Chapter 25
n
n
n
Managing System Security
The Encrypting File System (EFS), which permits users to store files securely on laptops or other computers. EFS is easiest to administer in an Active Directory domain, but can be managed on a standalone system. Enhanced TCP/IP security protocols and features that include the Internet Protocol Security (IPSec) protocol,Transport Layer Security (TLS), improved virtual private network (VPN) protocols and services, and a variety of securityoriented filtering techniques for TCP/IP. Centralized security controls called Group Policies that consolidate security settings and controls for everything from user rights to desktop settings to resource access, and much more. Although Windows NT claimed to support a policy editor, the general policy definition and management facilities in Windows 2000 Server and Windows XP are vastly improved compared to their predecessors.
Given the preceding list, it’s no exaggeration to say that Windows XP incorporates significant security enhancements compared to Windows NT 4.0.This is particularly true for native-mode Windows 2000 Server networks, which can use TCP/IP without also using NetBIOS (by using Active Directory resource advertisement and discovery services rather than their older NetBIOS equivalents), thereby avoiding the well-known security problems in NetBIOS. Unfortunately, most networks these days contain a mix of older versions of Windows alongside Windows XP.They are called mixed-mode networks (in which machines include Windows servers that predate Windows 2000). Mixed-mode networks do require NetBIOS services, however, and for networks that use only TCP/IP, that means some method of resolving NetBIOS names must be supported.That’s why NetBIOS security exposures are covered in this chapter, despite the Windows 2000 Server capability to avoid NetBIOS on native-mode networks. Other topics covered in this chapter include the following activities related to the best practices that should be part of any well-formulated security maintenance routine: n n n n n n n
n n
Understanding user and group rights and permissions Compensating for less-than-secure security defaults in Windows XP Identifying and closing well-known vulnerabilities in Windows XP Applying the right service packs and hotfixes Securing file systems and network shares Auditing systems and networks with security in mind Using so-called personal firewall software to secure individual machines that connect to the Internet Having an essential Windows XP security toolkit Accessing important Windows XP security information sources and resources (see the “For More Information” section at the end of this chapter)
Windows 2000 Security Overview
Broadly speaking, system security can be defined as the capability to restrict access to a computer to only those individuals who are specifically granted access to it.Within the realm of Windows 2000, many security issues need to be considered and addressed to turn an out-of-the-box implementation into a relatively secure installation. Throughout this chapter, we explain how you can apply the right service packs, hotfixes, application patches, and configuration changes to limit your exposure to would-be hackers and other potential malefactors.Therefore, this chapter looks at Windows XP from a security perspective, explains how to configure and improve Windows XP security, and examines a handful of useful security utilities.
Windows 2000 Security Overview From a security perspective,Windows XP includes radically different—and much stronger—security facilities than those in Windows 9x (including Windows Me) or Windows NT 4.0. Because of requirements for backward-compatibility (the capability to interoperate with older, less capable versions of Windows), however,Windows XP continues to support the various security capabilities that older versions use. This section provides an overview of the Windows XP security subsystems and capabilities and explains when they’re most likely to be useful. For a variety of reasons discussed in the following sections, most of this advanced functionality works best on Windows networks in which Active Directory provides the underlying domain model and security services. Therefore, for standalone Windows XP machines, most of the operating system’s advanced security functionality is unlikely to be exercised. Unless your service provider supports native Windows XP services on its side of your Internet connection—at the time of this writing, this is not at all common—you are unlikely to use much of the enhanced authentication or credentials-handling services in Windows XP.You should, however, be able to use the EFS, Group Policies, and X.509 certificates (which also work through your Web browser and e-mail client) to good effect.
The Windows XP Security Model The Windows XP Security Model rests on two primary system facilities.The first is the operating system’s object orientation, which enables all User mode requests for resources to be subjected to access controls.The second is an enhanced and strengthened authentication subsystem, which not only handles user logons to the network, but also provides enhanced security for subsequent access to network resources.These facilities are explained further in the following sections.
567
568
Chapter 25
Managing System Security
Object-Based Access Controls At its heart,Windows XP is an object-oriented operating system. (If necessary, a quick refresher of the Windows architecture in the “Windows XP Architecture” section from Chapter 1, “Introducing Windows XP,” might be in order.) This object orientation means that all user-mode processes must request any system resources through the Kernel’s Executive services. Whenever a User-mode process requests object access, the Object Manager turns to the Security Reference Monitor to check its access control lists (ACLs) for any requested objects. Each requested object’s ACL is scanned and compared to the user’s access token to see whether the related request should be granted or denied. For an access request to be granted, the requester must have the permissions necessary to access the requested object and to perform whatever operation is requested for that object.This permission is derived from the user’s account settings or settings specific to one or more groups to which the user account belongs. If an access request is denied, however, that could mean any of several things. It could mean the requester has been explicitly denied access to the object because a Deny Access permission appears in the ACL. It could mean that the requester simply lacks the proper permissions to perform the requested operation, such as when attempting to write to an object for which only read and execute operations are allowed. Finally, it might mean that no aspect of the user’s identity (the accounts or groups to which he or she belongs) appears in the ACL in any way—in that case,Windows XP denies access by default.This is one of a very few cases in which Windows XP implements default behavior that is inherently secure. Windows XP User Authentication The other part of the Windows XP security model relates to user authentication, particularly during the network logon process.Windows XP still uses the same secure attention sequence (SAS) by requiring the Ctrl+Alt+Delete keys to be pressed simultaneously to initiate the logon process.This sequence is used because it’s nearly impossible to fake out the hardware by imitating the SAS in a program; it’s considered secure because those keys must actually be pressed simultaneously to generate the hardware interrupt that invokes the Windows logon subsystem. The Network Logon Service falls under the purview of a privileged user-mode process called the Local Security Authority (LSA).The LSA handles logons and enforces local security policies, including local logon, password, audit policies, user rights and privileges, and local system access controls (such as the right to change the system clock or to back up local files).The LSA works with the Security Reference Monitor (SRM) to handle logons and auditing, and runs in a process called LSASS.EXE. (It’s always present in the Processes tab in Task Manager.)
Windows 2000 Security Overview
The logon process itself is named WINLOGON.EXE. (It’s also always present in the Processes tab in Task Manager.) When the SAS is entered at the keyboard, it automatically invokes the Winlogon process, which handles the resulting Windows Security display. Behind the scenes, there’s one other system facility involved in logging on: It’s the Graphical Identification and Authentication (GINA) facility, and its job is to display the Windows Security window and to pick up and deliver information entered in that window to the LSA for further processing. Replacing this default GINA with an alternative is what allows Windows XP to support alternative logon methods—for example, SmartCards or biometric devices, such as retinal scanners. When a user logs in to a Windows XP machine using a local account, the logon process doesn’t differ much from that of Windows NT.That’s because local account and password information still reside in the Security Accounts Manager (SAM) portion of the local Registry.The LSA passes those credentials on to the SRM, which checks them against the Registry; if they match a Registry entry for an account that’s not disabled, the logon is allowed to complete successfully. However, a local logon does not grant that user automatic access to network resources. Only when a Windows XP client logs in to a Windows 2000 domain controller across the network does a new authentication method come into play. In this case, the LSA attempts to use the Windows 2000 Server Kerberos service to authenticate the user with Active Directory. Otherwise, the Windows client tries increasingly less-secure authentication methods, starting with NT-style authentication and then LAN Manager authentication. Inside the Registry, Things Are Different Although the Windows NT password encryption algorithms (known as the NT LAN Manager [NTLM] and NT LAN Manager version 2 [NTLMv2] hashes) have been successfully cracked, Microsoft continues to use the SYSKEY encryption method to store local passwords in the SAM database. Unfortunately, the pwdump2 utility (available at http://razor.bindview.com) can even dump hashes from domain controllers. (However, this occurs only if a bad guy gets local access to that machine, which should never happen!) Exactly three days after Microsoft released the SYSKEY password upgrade for NT 4.0 to NTLMv2, the experts at L0pht Heavy Industries announced a successful crack. For a good explanation of the company’s approach to this cracking problem, please visit http://www.atstake.com/research/lc/.
To handle Kerberos authentication, the LSA uses Active Directory to locate a Kerberos Key Distribution Center (KDC) server.Then the LSA forwards a request to the KDC that includes the user’s account name, password, and domain name.The KDC looks up this information in Active Directory and, if the credentials presented are valid, returns a Kerberos credential called a ticket-granting-ticket (TGT) to the LSA. Part of the TGT is encrypted with the user’s password so that the client should be the only potential recipient of the TGT that can decode it successfully.
569
570
Chapter 25
Managing System Security
For the remainder of the user’s logon session, the TGT can be used to request an individual ticket to access specific resources.The benefit of this approach is that users need to present their credentials only once to obtain a TGT, and can use the TGT thereafter to obtain a shared mechanism to enable strong encrypted communications with other servers in the domain.This is possible because Active Directory “knows” about private keys for each partner in any information exchange, and it can use that information to secure data exchanges between partners so that only those partners can understand each other’s transmissions.
Certificate Services X.500 is the designation for a series of directory services and security certifications originally developed in Europe by the Consultative Committee for Telephony and Telegraphy (CCITT) in the 1980s.The X.509 standard in this X.500 series specifies a method for two parties that are essentially unknown to one another to involve a third party who can absolutely vouch for the other two parties’ identities. X.509 depends on the use of electronic credentials called digital certificates (or, more simply, certificates) as proofs of identity. Each certificate has a public key and a private key that are mathematically constructed so that messages encrypted using the private key can be decrypted only by using the public key.This provides proof of identity because only the certificate holder should have access to the private key. X.509 also provides a mechanism for secure communications because messages encrypted with the public key can be decrypted only with the recipient’s private key. (Therefore, only the holder of that key can read the messages’ contents.) The foundation of certificate services rests on a trusted source of digital certificates that can also respond to third-party requests to check the validity of such certificates.These entities are called Certificate Authorities (CAs).Windows 2000 Server includes a Certificate Server that functions as a CA, which can issue and manage certificates on Windows networks. In addition, certificate clients and servers can configure Certificate Trust Lists (CTLs) that designate other CAs whose certificates will be accepted if they appear in such a list. Because configuring and managing certificate services is beyond the scope of this book, however, this side of the certificate equation is not covered in further depth. Windows XP supports X.509 certificates for the following uses: n n
n
To support the Secure Socket Layer (SSL) for secure Web-based communications. To support Secure Multipurpose Internet Mail Extensions (S/MIME) for secure e-mail applications. To participate in a Public Key Infrastructure (PKI) that supports enterprise- or extranet-wide proofs of identity and related access controls.
Windows 2000 Security Overview
n
n
n
n
To securely exchange private session-oriented keys between communication partners. (These keys are used by the IPSec protocols;VPNs can be configured to behave the same way.) To establish a single network logon that gives access to resources across a variety of systems, none of which may otherwise share a common authentication scheme. To identify trusted content, as in Microsoft’s Authenticode system used to tag its executable code. Likewise, certificates enable online delivery of signed content that need only be executed in a Web browser or other application if its accompanying certificate appears in the receiving client’s CTL and also proves to be current and valid. To provide proof of identity that, when combined with transaction logging (which records use of the certificate for later inspection), provides proof that certain activities took place with a client’s consent.This is formally called non-repudiation (because it means the client cannot later deny that the transaction took place) and provides an important foundation for e-commerce.
Therefore, digital certificates offer an extremely useful way for users to prove their identities and conduct business, for parties to have many kinds of private digital conversations and ensure that their conversations stay private, and to identify trusted sources for content and executable code online.
Encrypting File System (EFS) EFS provides a way to encrypt individual files, folders, or even entire disk volumes (everything inside a specific drive letter) for Windows XP. EFS uses the logged-on user’s public and private keys to randomly create File Encryption Keys (FEKs) to encrypt (public) and decrypt (private) information stored on a hard disk. Because EFS works on a per-user basis, there is no way for any user, except for an encrypted file’s original creator and owner, to decrypt that file’s contents. Therefore, EFS depends on public key technology to encrypt files. It also depends on public key technology to support file encryption recovery. During encryption, the logged-on user who requests EFS services automatically generates a public/private key pair and obtains a certificate. In an Active Directory environment, a CA for the domain issues this certificate; if a Windows machine is running standalone (or without access to a CA), EFS creates its own self-signed certificate for private use. EFS also incorporates a recovery policy, which designates a method for a trusted individual to recover EFS files if the user’s key pair is damaged, lost, or unavailable.This role is called the EFS recovery agent; these agents are also issued a recovery key pair and an EFS recovery certificate. On domain machines, this information is stored on the domain controllers; on standalone machines, it’s essential to export this information to a floppy disk (or some other secure storage location) and keep that data in a safe place. It’s also
571
572
Chapter 25
Managing System Security
essential to delete this information from the standalone machine to keep it from becoming compromised. EFS requires that a recovery agent be identified before it encrypts anything. In a default installation, a recovery agent is always available. (It defaults to the local administrator for a standalone machine and to domain administrators for a machine that belongs to an Active Directory domain.) EFS cannot be used to encrypt the files or folders that Windows XP uses (most of the %systemdrive%\winnt directory tree). Also, any files or folders you want to encrypt using EFS must reside on partitions formatted with NTFS version 5 (which means these partitions cannot be shared with Windows NT in a dualboot configuration). Finally, NTFS version 5 does not allow you to both encrypt and compress files; you can choose only one option or the other. Using EFS to encrypt files or folders is almost ludicrously simple, after all this explanation; simply follow these steps to encrypt a file or folder: 1. In Windows Explorer, highlight the file system object you want to encrypt. 2. Right-click your selection, and choose Properties from the resulting shortcut menu. 3. In the ensuing Properties dialog box, click the Advanced button in the General tab. 4. Select the Encrypt Contents to Secure Data check box in the Compress or Encrypt attributes section (see Figure 25.1). 5. Click the OK button to complete the process.
Figure 25.1 You can encrypt files via the Advanced Attributes dialog box.
Note that if you encrypt a file that is not stored in an encrypted folder, the file system displays an Encryption Warning dialog box reminding you that all files stored in encrypted folders are encrypted by default.Therefore, any files stored in encrypted folders are automatically encrypted, and the file system is smart enough to ask if you want to encrypt the parent container.
Windows 2000 Security Overview
Tip You can use the cipher.exe command at the Windows command line to encrypt files or folders or to display their encryption status. For more information on using this command, type cipher /? at the command line. .
For more information about working with EFS, see the “Encrypting File System (EFS)” section in Chapter 19, “Windows XP and Storage,” p. 428.
The following list describes best practices for security when using EFS: n n
Set up secure folders where you keep encrypted files for each user’s access. In environments where sensitive information is in regular use, encrypt the Temp folder to maintain security on working copies of files.
n
Set up special recovery agent accounts that are used for no other purpose, and assign recovery agent certificates to those accounts. (This helps keep administrative roles separate and clean.)
n
When changing recovery agent accounts, always retain old recovery agent certificates to maintain access to files encrypted using the old recovery key.
n
Export the private key for recovery certificates to a .pfx file. Protect it with a strong password and store it offline on a floppy disk in a secure location.
n
Always use explicit Copy or Cut and Paste commands to place files in an encrypted folder. If they’re moved from inside the same NTFS partition into an encrypted folder, they will not become encrypted.
TCP/IP Security Enhancements Windows 2000 introduced major changes to the TCP/IP implementation, not the least of which included a variety of significant protocol and service enhancements. Because they are covered from an operational standpoint in Chapter 14, “Windows XP and TCP/IP,” the following list highlights only the security implications of these additions and enhancements: n
IPSec. Adding support for this protocol makes it possible to define stringent communication policies that limit communications to a single pair of IP addresses or to specific subnets or domains. IPSec creates a secure, end-to-end path from sender to receiver and encrypts all payloads to prevent snooping. One downside is that IPSec does not work with Network Address Translation (NAT) and, therefore, requires public IP addresses for both sender and receiver. An upside is that proper use of named IPSec policies for each type of connection makes it easy to identify and manage access restrictions.
n
TLS. This protocol works with SSL applications to provide secure applications for use in the Windows XP environment.These applications work best in a 128-bit
573
574
Chapter 25
n
n
Managing System Security
encryption environment.TLS supports client authentication, client/server authentication, message integrity checks, and secure encryption services.TLS and SSL are often used in tandem with digital certificates.The Microsoft TLS and SSL implementations use the secure channel (schannel) API in Windows XP. Layer 2 Tunneling Protocol (L2TP). The original VPN protocol in Microsoft, Point-to-Point Tunneling Protocol (PPTP), was found to be subject to various security flaws.Working together with Cisco Systems, Microsoft developed a replacement VPN protocol, known as L2TP, which uses stronger encryption and is not subject to PPTP’s documented weaknesses. Although PPTP is still supported in Windows XP for backward-compatibility, Microsoft recommends that you use L2TP instead whenever possible. IP Filtering. The Advanced Properties dialog box for the TCP/IP protocol on Windows XP includes an Options tab, where you can create filters on TCP ports, User Datagram Protocol (UDP) ports, or entire IP protocols. Although this feature sounds nice, Microsoft decided to make the controls alternate between Permit All and Permit Only buttons on the interface, which means that if you want to allow more ports or protocols than you want to deny, configuring your machines will require more work.We recommend that you create a text file with one selection per line for each of these windows and use it if you must configure IP filters for several machines. On most enterprise networks, this kind of task is handled at the firewall; you should follow the recommendation in the “Close External Ports, Especially NetBIOS” section later in this chapter to use a personal firewall on standalone machines connected to the Internet.
The TCP/IP environment in Windows XP offers all kinds of ways to improve IP security, be it through using more secure protocols, combining enhanced encryption and privacy technologies, or using port- and protocol-specific packet filters. By combining all these technologies, you can realize significant improvements in IP security compared to Windows NT.
Using Policies to Manage Windows XP Security Windows XP includes a number of improvements to its policy-based management and incorporates a sizable array of security-related options and components. For one thing, the Microsoft Management Console (MMC) makes it possible to access nearly all policy-related settings through a single consistent interface. One key element of the Windows 2000 Server policy environment is called Group Policies, and it addresses everything from configuring the desktop’s look and feel to managing security settings. .
For more general information on Group Policies in Windows XP, see Chapter 9, “Introducing the Windows XP Registry,” p. 179.
Windows 2000 Security Overview
Because of the tendency to manage Group Policies at the domain level,Windows XP also supports specific local policy interfaces. One of these interfaces, Local Security Settings, is where you manage local security settings on a Windows XP machine or a Windows 2000 server that’s not functioning as a domain controller.The easiest way to launch this utility is to enter secpol.msc in the Open text box for the Run command. (Another way to get there is Start, All Programs, Administrative Tools, Local Security Policy.) Because this command supplies the Microsoft Console file (denoted by the .msc extension) that drives local security policies, it opens the MMC display. Default local security policy settings include the following: n
Account Policies. This is where elements of the local user account policies are enacted, including password and account lockout policies.
n
Local Policies. This is the heart of local machine policies, which include auditing and assigning user rights.This is also where you must manage a wide range of security options, including the use of digital signing, logon screen controls, secure channel controls, authentication methods used, and a great deal more.
n
Public Key Policies. By default, this shows the recovery agents assigned to Encrypted Data Recovery. (Remember, the local administrator is automatically designated.)
n
IP Security Policies. By default, three levels of IPSec access are defined (but no corresponding policy is defined): one that specifies that secure client traffic should occur with secure partners, one that limits all inbound request (server) traffic only to secure traffic, and one that uses secure means for inbound communications if the designated partner can use a Kerberos trust, but uses insecure means if that partner does not.
In most cases, the Security Options settings in the Local Policies settings will be your focus of activity; at other times, you might need to venture into other areas, which are covered in the following sections.The best way to understand the Security Options settings is to follow this recipe to explore exactly what your options for any particular setting might be: 1. Open the Local Security Settings dialog box (Start, All Programs, Administrative Tools, Local Security Policy). 2. Double-click the Local Policies entry in the left pane to expand its subordinate items, and select the Security Options entry in that same pane. 3. In the policy pane on the right, right-click any entry, and then choose Properties from the shortcut menu to open the Local Security Setting dialog box. 4. Click the Local Policy Setting drop-down list, and read through the list of options for each setting.
575
576
Chapter 25
Managing System Security
Establishing a Windows XP Security Regimen The following sections switch gears from examining the security components and capabilities in Windows XP to focus on the practices and activities that help maintain system and network security.
Managing Users and Groups To access Windows XP resources, some kind of user logon is absolutely necessary—even if it’s a null or an anonymous account. Basically, a user account associates some kind of authentication information, such as an account name and password, with authorization to access whatever resources are linked to that named account and to exercise its privileges. In other, more ominous terms, this means that anyone who knows an account name and can supply a valid password (whether by guess or by knowledge is immaterial) can get into your system.The more resources that are accessible and the more privileges that can be exercised, the more dangerous this capability becomes. It also explains why controlling accounts, managing passwords, and monitoring use of privileges are all important for maintaining system and network security. Windows XP offers alternatives to using accounts and passwords. By replacing the default GINA with a customized subsystem,Windows XP can require users to insert a SmartCard into a reader or submit to some kind of biometric analysis (such as a thumbprint or faceprint scan). For most networks, however, distinctive user accounts and strong passwords are where network and system security begin. Imposing strict security measures involves more than requiring the use of unique accounts and strong passwords, however. It also requires network or systems administrators to develop security policies to formally describe what resources should be protected, by what means, and at what costs. In fact, a security policy should include some or all of the following elements: n n
n n
n
Create passwords that are hard to guess and not susceptible to dictionary attacks. Prohibit users from installing any type of external connection and creating backdoor Internet connections that bypass normal security measures. Prohibit users from installing or using unauthorized software. Prohibit users from sharing accounts and passwords so that all users online are uniquely identifiable. Require users to log off when they leave their workstations unattended or to use an inactivity disconnect utility.
These are just some of the elements that belong in any well-designed security policy.You will find many more throughout the rest of this chapter. (If that’s not enough, check out
Establishing a Windows XP Security Regimen
the pointers to more details on security policies in the “For More Information” section at the end of this chapter.)
Establishing Secure Account Controls As long as they can access your network or systems, intruders need to possess only a valid account name and password to gain access.That’s why it’s important to not only protect your network or system boundaries (to keep outsiders outside), but also to develop hard-to-guess account names and passwords. Managing Account Names When it comes to creating account names, consider the following guidelines and common-sense restrictions: n
Combine information from a user’s first and last names to create account names; steer clear of a first-name only policy. (Otherwise, what happens when a second Jim shows up for his first day at work?)
n
Rename common, well-known account names, such as administrator, guest, and iusr_<servername>.This won’t stop someone really determined or knowledgeable, but it will keep out the riff-raff.
n
Do not create overlapping user account names and e-mail addresses.This makes it too easy to guess account names. For example, do not have a user account name of JohnDoe with an e-mail address of
[email protected].
n
Educate users about the risks of compromise so that they’ll be less inclined to use their account names (and passwords!) for external accounts (for example, on Web sites or at an ISP).
n
Audit failed logon accounts or use intrusion detection software to identify accounts where break-in attempts might be occurring. Rename such accounts if necessary. (Auditing is covered in more detail in “Auditing as a Security Tool” later in this chapter.)
The preceding guidelines, plus other similar approaches, can help you protect account names, but complete protection is probably impossible.That’s why creating strong passwords is such an important security topic and a key ingredient in helping prevent unauthorized system or network access. Managing Passwords With Windows XP Account Policies, you can require passwords to meet minimum length restrictions (we recommend eight characters or more) and to adhere to specific complexity requirements.This latter stipulation can require passwords to contain both upper- and lowercase characters as well as numeric and non-alphabetic characters to
577
578
Chapter 25
Managing System Security
make them harder to guess.We recommend that you enact both policies on your systems or networks. Other useful password controls include the following: n
n
n
Enforce Password History. This option maintains a count of some stipulated number of recent passwords so that users cannot cycle back and forth among a small number of passwords.The number can vary from 1 (the default) to 24 (the maximum). Maximum Password Age. This option tacks a timer onto account passwords and forces them to expire when the timer runs out.The default value is 42 days, but it can be any number from 0 to 999. In more security-conscious environments, this number should be lower (30 or 60 are common); in more relaxed environments, it can be higher.Windows XP provides reminders to users each time they log on that their passwords must be replaced when they have 30 days or fewer to go before they expire. Minimum Password Age. This option requires users to live with a password for a certain minimum amount of time before they can move on to a new one (and thus cheat by returning to one or more favorite passwords). By default,Windows 2000 permits passwords to be changed immediately, but in more securityconscious environments, settings of 3 to 7 days are the norm.This option can be set between 0 and 998.
The Password Policy settings also make it possible to require passwords to be stored using reversible encryption. Because this encryption automatically weakens passwords’ stored form, we don’t recommend using this setting. Although the Password Policy settings provide useful password controls, there are many ways you can improve password strength that exceed their requirements.These methods might not be mechanically enforceable, but if you make them part of your organization’s security policy, you can improve your organization’s overall security.These methods include the following stipulations: n
Avoid using words, common slang terms, or other normal parts of speech as passwords.
n
Never write passwords down, unless you keep them in a highly secure location (such as a safety deposit box).
n
Stay away from proper names for friends or family, and avoid names of hobbies, book or movie titles, or other items of personal information that a well-informed snooper might be able to guess.
n
If you must use dictionary terms, use two of them separated by numbers or punctuation.Thus, alpha$#fox qualifies, whereas neither alpha nor fox would by itself.
Establishing a Windows XP Security Regimen
n
n
Create passwords that include numbers and non-alphanumeric characters (but not well-known titles, such as OU812) in the middle of words, such as m@sk1ng-tap3 or c1nst@nt1nople. Remember, 14 characters is still the legal limit for Windows XP password length. Create acronyms for easy-to-remember sentences. For example, the holidaythemed 1pipt2td3fh is based on “One partridge in a pear tree, two turtle doves, three French hens.”
By using system policies that require mixed character types with an overlay of imaginative password construction, you can create lots of passwords that will never appear in anybody’s dictionary (except for the examples here—don’t assume it’s safe to use any of them). Combine strong passwords with solid account policies and a well-designed security policy for your organization, and you’ve got a recipe for reduced exposure to breakins and penetration. Managing Account Settings The other group of settings that appear inside Account Policies in the Local Security Settings console is named Account Lockout Policy.These settings permit you to monitor and respond to failed logon attempts on a per-account basis and impose the following conditions: n
Account Lockout Threshold. This value represents a count of the number of failed logon attempts that can take place before automatic account lockout occurs. When used, the value set here is normally in the range of 3 to 5. (The default is 0, which means no threshold is set.)
n
Account Lockout Duration. This value sets a waiting interval in minutes for a locked out account before the account is automatically unlocked. On highly secure networks, set this count to 0.This value requires that an administrator unlock the account. A normal value for less secure networks is 15 minutes. (This value slows dictionary attacks to a crawl if the threshold is set in the 3 to 5 range.) Reset Account Lockout Counter After. This value is the amount of time in which the number of failed login attempts specified in Account Lockout Threshold must occur. Note that the default is 5 minutes, and all counters are reset whenever a successful logon occurs.
n
For more secure networks, longer lockout duration and counter reset intervals of 30 to 120 minutes are typical. For extremely secure networks, set the lockout duration to 0 to force an administrator to unlock the account manually. Because of the overhead involved, this option is seldom used. Protecting your network’s external boundary is important. Recent studies from TruSecure Corporation (http://www.trusecure.com) indicate that more than half of system break-ins are inside jobs—that is, the perpetrators belong to the organizations
579
580
Chapter 25
Managing System Security
they’re breaking into.This means you must take steps to protect your networks and systems from internal as well as external attacks.
Avoiding Internal Attacks The secret to preventing inside jobs from succeeding requires that information assets be adequately protected. For Windows XP, this means managing user rights and permissions to files, printers, and other system resources.The philosophy behind your approach should be based on “need to access,” which might be better stated as “deny access by default and allow access by exception.”This approach represents what experts sometimes call a pessimistic view of security, but it works well nonetheless. In practice, applying this philosophy requires that you review permissions for NTFS objects and related shares. Permissions are granted on the basis of user accounts and group memberships, as stored in Access Control Lists (ACLs) associated with file system objects. An object’s ACL defines who can access it and what operations they can perform, but it can also explicitly deny access or not define any explicit permissions for certain users or groups. Everyone Takes a Back Seat Finally, Microsoft has listened to network administrators everywhere and changed the default file system security settings in XP.The Security Configuration Manager (SCM) is responsible for establishing default NTFS file system security on an XP system at install time for the partition where XP will be located.The SCM does this by using a security template called Setup. In addition, new default file systems permissions have been assigned to the root folder. These root-level permissions include Full Control for the Administrators, System, and Creator Owner security identities.The Everyone group gets Read and Execute permissions with no inheritance, and the Users group gets Read and Execute (Object Inherit), Create Directory (Container Inherit), and Add File (Inherit Only), but with Container Inherit included with all rights. By default,Windows XP still grants the Everyone group Full Control for all new sharepoints created.This default group contains all accounts active on a Windows XP machine, including null sessions and anonymous logons as well as authenticated user accounts. By default,Windows XP also includes a group named Authenticated Users; unlike Everyone, only users who logged on to the machine (or domain) belong to this group. Because they all have legitimate system credentials, using this group to control access makes the most sense. One good way to manage file and folder permissions in bulk is to use Change Access Control Lists (CACLs) at the command line. By writing folder listings to an output file and then massaging that file in an editor or with a program, you can use the Cacls.exe command to make sweeping changes to permissions on entire drives or directory trees.
Establishing a Windows XP Security Regimen
Just be sure to use the /e parameter so that ACLs are edited rather than replaced. (Replacing them can mangle large numbers of files, so be sure to test your work before executing it.) To perform this kind of task through a GUI interface, you could use Windows Explorer or a similar utility (such as Norton Explorer), and make changes one folder at a time. A better GUI tool is the Security Explorer version 4.6 from Small Wonders of Orlando, Florida. (Download a demo version from http://www.sunbelt-software.com.) This tool delivers most of Cacls.exe’s functionality in a friendly GUI interface. Managing User Rights So far, you have learned about issues related to user and group permissions to access NTFS objects.Windows XP also provides account controls based on user rights. In this context, a user right represents some system operation or execution privilege.To get a sense of what kinds of operations or privileges user rights can confer (or deny), examine the entries for User Rights in the Local Security Settings console. (Click Start, Run, type secpol.msc, and then click OK (see Figure 25.2).
Figure 25.2 You can configure security settings by running secpol.msc.
Expanding Windows XP Variables When you install Windows XP, it sets values for the environment variables %systemdrive% (it’s usually drive C: and represents the drive letter where the system files are installed) and %systemroot% (it’s usually C:\Windows and represents the directory tree where the Windows XP system files reside). You can check these values at any time by typing the SET command in the command-prompt window. This command produces a listing of all currently defined environment variables in alphabetical order, making it easy to find the two just mentioned.
581
582
Chapter 25
Managing System Security
By default, the User Rights policy is reasonably secure, but the following tweaks can tighten up your system even further: n
n
n
Remove the Everyone group from the Access This Computer from the Network right.This prevents non-authenticated accounts from accessing resources on this machine across the network. Remove the Everyone group from the Bypass Traverse Checking right.This keeps non-authenticated users from jumping into subfolders through parent folders to which they lack access permissions. Remove the Backup Operators group from the Restore Files and Directories right. Because a backup operator can restore a file to a FAT or FAT32 partition and void NTFS permissions, removing this group restricts access to system files to your most trusted staff.
Should you enact these recommendations, verify that the resulting configuration doesn’t cause user problems. Sometimes it’s necessary to add the Users or Authenticated Users groups to an altered user right after removing the Everyone group to keep things working as they should. Granting Minimal Permissions Applying the earlier pessimistic security model to permissions means granting only the minimum needed to meet user requirements. It also means extending permissions beyond safe defaults; administrators and owners have Full Control, and other users and groups have no explicit access whatsoever (and, therefore, are denied access). Add only those groups that need access, granting the minimal permissions they need to perform necessary tasks. Add only individual users as special cases (such as local accounts that have no domain access) when group membership cannot accommodate their needs. By starting with pessimistic grants of permission, users will squawk if they cannot gain access to resources they need. Should anything be overlooked, the pessimistic approach guarantees that access is denied by default rather than allowed. Although it might not be the most convenient approach to managing permissions, it is indeed the most secure. Following the recommendations in this chapter—using the pessimistic approach, creating strong passwords, managing access for the Everyone group, checking ACLs, and tightening up user rights—supports a safe and secure Windows XP environment.
Applying Service Packs and Hotfixes Microsoft released Windows XP in September 2001. Since its release, Microsoft has issued interim software patches, called hotfixes, for Windows XP. Hotfixes represent immediate software updates, usually issued quickly in response to critical security or system software problems. Hotfixes should be applied at only the user’s risk; Microsoft does not ordinarily support systems to which hotfixes have been applied.
Establishing a Windows XP Security Regimen
In August 2002, Microsoft released Service Pack 1 for Windows XP. A service pack represents a collection of hotfixes and other system updates that Microsoft has tested extensively and put through a formal release process. Unlike systems with hotfixes applied, Microsoft supports systems to which service packs have been applied. One major improvement for service packs that was introduced with Windows 2000 and continues to be available in XP is called slipstreaming. Slipstreaming means applying a service pack to an image of the operating system on a hard disk so that subsequent installs from that image already incorporate the service pack. Because service packs are cumulative, everything in Service Pack 1 (SP1) is also included in Service Pack 2 (SP2), plus any new changes that occurred since SP1 was released. Slipstreaming means that subsequent service packs can be applied to the operating system image on disk and kept completely up to date. Windows XP also supports the Windows Update facility. (It appears “above the line” in the first panel of the All Programs menu.) Windows XP has enhanced the Windows Update facility so that it connects to the Windows Update Web site and checks for new updates each time you open your Internet connection. A message then informs you of any new updates and offers an option to install them.You can refuse updates simply by clearing the check box next to the item.This is the default configuration on a Windows XP machine.To change these default values, run the Windows Update Wizard from the icon in the system tray. It’s a sad fact of life in the Windows world that as many as half of the critical updates to the operating system are security-related. Any time you get a critical update reminder, you are wise to investigate what it’s for. If it’s related to security matters that could affect your computer (this is particularly true for Web browser updates), installing the update is recommended. If in doubt, however, inspect the readme file that accompanies all updates to see whether it reveals any known conflicts or problems with software on your system, and apply the update only if no potential problems are evident. To determine which service pack has been most recently applied to your Windows XP computer, you can do any of the following: n
Inspect the operating system version information that appears during the blue screen phase of Windows XP startup.
n n
Check the Help, About screen in Windows Explorer. Inspect the General tab in the System applet (Start, Settings, Control Panel, System).
n
Type the WINVER (Windows version) command at the command line.
Applying Service Packs or Hotfixes Manually If you don’t (or cannot) take advantage of Windows Update, it’s relatively easy to install service packs and hotfixes. After you’ve obtained the necessary files (by download or on
583
584
Chapter 25
Managing System Security
CD), the process normally consists simply of creating target folders for these selfextracting executable files and then copying those files into their target folders. After running the service pack file, it normally installs itself. After running a hotfix file, the enclosed readme file normally provides detailed instructions on the name of the program to run to apply the hotfix. Whenever you install a service pack or a hotfix, it’s wise to save uninstall information for the software. If you do this, you can use the Add/Remove Software applet in Control Panel to remove the update, if you need to. Although saving uninstall information takes more disk space (because all original files are copied and saved so that they can be replaced during the uninstall process), it is by far the safest choice. Caution One side effect of keeping uninstall information when installing service packs or hotfixes is that they leave unique tracks in the %systemroot% folder on your system, which could alert an intruder to your configuration.
Where to Get Service Packs and Hotfixes In addition to desktop delivery from Windows Update, you can obtain service packs and hotfixes from a variety of locations. By far, the two most convenient sources are the following: n
The Microsoft Web site. Visit http://www.microsoft.com/windowsXP/ default.asp.The current service pack appears on this page.
n
On the TechNet CDs. Here, service packs and hotfixes warrant their own CD, updated as often as necessary.
Other possible sources include various mirror sites and the Microsoft FTP site (ftp.microsoft.com). More on Service Packs Note that there’s only one generic service pack container, named $NTServicePackUninstall$, but that each hotfix gets its own unique name. The Qnnnnnn" string that ends each hotfix filename also identifies the KnowledgeBase article that describes the hotfix—a handy information tidbit if you find yourself wondering what the hotfix does! Because there’s only one generic service pack container, if you want to save old SP uninstall information, rename the generic container to something like $NTServicePackUninstallSP1$ (for Service Pack 1) before installing Service Pack 2. The install program will create a new generic container, and you’ll be able to keep track of all SPs you’ve applied. Of course, you need enough disk space to handle this, so you might need to create the old container on another drive with more space available.
Establishing a Windows XP Security Regimen
Securing Well-Known Windows XP Vulnerabilities This section covers the best-known points of illicit access or vulnerability for Windows XP and includes tips or workarounds on how to close, mitigate, or eliminate them. Note that the number of these vulnerabilities is lower for Windows XP than in previous versions, which is as much a product of our collective lack of experience with the newer operating system as it is a product of Microsoft’s efforts to improve system security. Disable Administrative Shares By default,Windows XP creates hidden shares for each drive letter that’s accessible to the operating system every time the system boots.They are called administrative shares because they exist mostly for the convenience of network administrators, who might want to quickly map a drive across the network with minimal keystrokes. Therefore, anyone with administrative access can map all administrative shares.They can also be mapped across any kind of remote connection, including Routing and Remote Access Service (RRAS), virtual private network (VPN), IPSec, and so forth. (After all, with the right password, all the built-in security in these remote access technologies is worthless.) Windows XP does not require access to administrative shares for drives. (Other default shares—ADMIN$ and IPC$—are required, but aren’t affected by this proposed Registry hack.) You can disable administrative shares by adding AutoShareServer (Windows 2000 Server varieties) or AutoShareWks (Windows XP Professional) to the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\ Parameters Registry key. Setting this value to 0 turns off administrative shares; setting the value to 1 turns them back on. Protect Predefined Accounts Anyone who knows anything about Windows XP (and you’d have to count would-be break-in artists among that crowd) knows that certain default accounts are created every time the operating system is installed.Therefore, you should rename the Administrator, Guest, and IUSR_<servername> accounts to prevent easy access. Likewise, define a strong password for each such account. To protect these accounts even further (although perhaps this is overkill for Guest), you can create a dummy account for each of them after you rename the original. Its name should match that original name, but the account’s permissions should be as minimal as possible.The idea is to create a decoy account that nobody uses so that you can monitor attempts to access those accounts. Even if unauthorized users do succeed in breaking in, they won’t be able to do much inside accounts with such limited system access.
585
586
Chapter 25
Managing System Security
Close External Ports, Especially NetBIOS By default,Windows XP still leaves numerous TCP and UDP ports open when installed. These ports need to be closed to shut off well-known points of attack.This is particularly true for port addresses in the range from 135 to 139, which are associated with NetBIOS and Server Message Block (SMB) services of various kinds on Windows networks. In addition, ports for FTP (21),Telnet (23), SMTP (25), Finger (79), HTTP (80), POP3 (110), IDENT (113), IMAP (143), and HTTPS (443) are also routinely left open on Windows XP systems. Because they represent potential points of attack, these open ports must be closed.The best ways to achieve this are as follows: n
n
n
Use the TCP/IP stack’s port-filtering capabilities to block all the preceding ports listed in the TCP and UDP filter lists. Note that this blocks outgoing as well as incoming traffic. Disable all services that use these ports from your Internet interface. Although outsiders might try to get in on these ports (and know they exist on your machine), if there’s no process listening for connections, they cannot get into your system that way. Use a personal firewall on a standalone machine, or interpose a standalone firewall/screening router between machines on your local area network (LAN) and the Internet. Either way, these approaches should block unauthorized access to these ports, if they don’t hide them completely from external view.
Whatever approach you take, be sure to check your work.This means you should launch a security scanner that checks for well-known attack points and scans TCP and UDP ports on your Internet interface.This lets you see what hackers see when they try to fingerprint your systems, looking for points of possible attack. One simple way to start this process is to use Gibson Research’s Shields Up and Port Probe services.To do this, visit the Web page at http://grc.com/ and click the Shields Up and Probe My Ports buttons on various pages. (Just keep clicking the Shields Up graphic until it scans your system; when it’s finished, the results page includes a button that probes your ports.) Especially on systems that connect to the Internet using always-on technologies, such as DSL or cable modem, closing these doors of attack is essential because anyone else on your cable segment can otherwise waltz right into your system. It is also a good practice to routinely scan the well-known Trojan ports to see whether any of them happen to be listening. Establish Web Security Web access through a browser allows dynamic content from other sources to be implemented. Likewise, operating a Web server invites anonymous users into a Windows machine. Both sides of this equation make it imperative to keep tabs on Web-related security exploits, break-ins, and related patches and fixes that follow in their wake.
Establishing a Windows XP Security Regimen
Like Windows XP, Internet Explorer 6.0 supports an online update service (in fact, they’re one and the same). Again, it’s important to keep up with service packs and critical updates, most of which are security related. Although there are a plethora of potential points of attack through the Web for both clients and servers, you can stay out of trouble by staying current with your software.
Auditing as a Security Tool As with Windows NT,Windows XP includes a built-in auditing facility. Its primary uses are for troubleshooting system or application errors, but also for tracking potential security problems. Properly configured, your auditing system can identify numerous potential threats to your Windows XP systems. Auditing is configured through settings available in Local Security Policies, Local Policies, and Audit Policy (running secpol.msc launches the Local Security Settings console quickly). All audit events appear in the Event Viewer’s Security log (Start, Programs, Administrative Tools, Event Viewer); select the Security log in the left pane to view its contents in the right pane. Auditing must be used with some purpose in mind; otherwise, it’s a massive waste of time and system resources. By itself, auditing frequently accessed objects (such as system events or file and directory object access) can bring a system to its knees. Be careful to audit only what’s absolutely necessary and focus primarily in sensitive areas.Table 25.1 lists security issues you can track by engaging only part of Windows XP’s auditing capabilities. Table 25.1 Elements to Audit for Security Problems Potential Problem
What to Audit
Brute-force account attack Compromised accounts
Account logon events (failure) Account logon events (success and failure; look for offhours or unusual access patterns) Audit privilege use, audit policy change, audit directory service access, and audit account management Audit object access (success and failure; look for write access on .exe and .dll files) Audit object access (success and sensitive files and folders failure; scope auditing to containers where sensitive files reside)
Administrative abuses Virus activities Unauthorized access to
When auditing is enabled, the Windows XP auditing system records all audited events in the Event Viewer’s Security log.To reveal potential security problems, you must review log files directly. If your budget can support security software that costs upward of
587
588
Chapter 25
Managing System Security
$1,000 per server, it may be easier to deploy intrusion detection systems (IDSs) that can do the necessary pattern matching, trend analysis, and diagnosis of event data. IDSs can identify and alert you to ongoing events and emerging trends that can flag security threats in their early stages and block well-known attacks outright. Because of the expense, this software is usually too expensive for standalone systems (although some personal firewalls include IDS features). To learn more about intrusion detection systems, check out the following Web sites (and their downloadable demo software, where available): n
Internet Security System’s RealSecure IDS components: http://www.iss.net/products_services/enterprise_protection/.
n
Harris Corporation’s STAT: http://www.statonline.com/.
Personal Firewalls and Security Software For standalone computers (or even small office/home office [SOHO] networks), inserting a full-blown firewall/screening router/proxy/bastion host combination between your computer and the Internet—as you’d find on a typical corporate network—is too expensive.Without a barrier between your Windows XP machine or small-scale network and the Internet, you’re just asking for trouble if you’re using always-on digital technologies, such as DSL or a cable modem. Modem connections are usually safe because they go point-to-point to your ISP, but always-on technologies essentially put your machine on a network with lots of other users, some of whom might be inclined to inspect or invade your system. The emergence of always-on technologies is most likely why a new category of software called personal firewalls has become available. Basically, a personal firewall provides the following kinds of services: n n n
Incorporates or cooperates with dynamically updated antivirus software. Scans your system and closes all vulnerable external ports of entry. Closes well-known outgoing ports to Trojan horses, illicit remote control software (for example, Back Orifice), and so forth.
n
Tells you when applications or services attempt to use particular TCP or UDP ports.
n
Unbinds unnecessary protocols and services (such as NetBIOS) from Internet interfaces.
In fact, some personal firewalls even include limited security-scanning capabilities.They examine your system for potential vulnerabilities and give advice on how to cure them. Some even offer basic intrusion-detection features, and let you know when your ports are being scanned or if an illicit brute-force account attack is underway.
Security Is a Way of Life
Given that personal firewalls typically retail for $50 U.S. or less, they’re definitely worth adding to your systems if you use DSL or cable modems to attach to the Internet. They’re also worth considering if you carry a laptop and use it on networks over which you have no control.The “For More Information” section at the end of this chapter offers pointers to comparative reviews for personal firewall products and recommendations for the most secure products.
Security Is a Way of Life Maintaining a secure system or network is no “set it and forget it” task. It also involves more than just installing the right kind of software and making the right kinds of configuration tweaks. Maintaining security is a three-pronged effort that requires managing physical access, handling operating systems, and educating users about security, even if you are the only user you need to worry about. Failure to cover any of these bases could lead to system compromise, data theft, or loss of the applications and information you depend on to do your job. Maintaining security never gets the day off, either—it’s a task that requires ongoing vigilance and activity. Managing physical access to systems and networks is important because that’s how you keep the bad guys from laying hands on your hardware.This could mean locked doors, security badges, and locked cases in the corporate world or an EFS-encrypted folder on your home machine. It’s essential to keep intruders from being able to manhandle your equipment, or they can easily take it over. For example,Winternal’s outstanding Remote Recover and Locksmith products make it possible for anybody to reset a Windows XP machine’s administrator password in about five minutes if he or she can put a floppy disk in your computer and reboot it from there (http://www.winternals.com); this is why managing your system security is so important. Controlling access to equipment doesn’t end the need for physical security, however.You should shred or otherwise destroy printouts and other hard copy from your computer systems, lest it betray account or password information—likewise for your recycled paper, Post-It Notes, or other handwritten materials that might disclose the same kind of information. It’s amazing how much information is available for those with the time and inclination to go dumpster diving. Other often-overlooked physical security issues include the following: n
Is your cleaning crew bonded? Do crew members have access to computer equipment?
n
Are floppy drives installed on your servers or other important systems? Can anybody hook up to an unused port and gain access to your network? Where do you store backup tapes? Emergency repair disks? EFS recovery keys? Does anybody watch your systems after hours?
n n n
589
590
Chapter 25
Managing System Security
For standalone or home systems, many of these issues may be moot, but in office space, they matter!
Exposure to Theft In the past three years, thefts of laptops have increased more than 100% per year. Although not every theft has more sinister implications, some thefts are undertaken to attempt access to the employer’s network.Too often, traveling staff carry computers with all kinds of remote access capabilities.With access to a stolen machine, hackers can dial in or link up, and walk right through the front door, even if the back doors and alleyways might be securely barred. If you do carry a Windows XP laptop, use EFS to encrypt all sensitive files and information and to protect applications and configuration files containing account names, passwords, phone numbers, and other information that malefactors could use for a break-in attempt. If you expose as little important information to potential outside scrutiny as possible, you can help protect your office as well as your laptop. (Make sure you keep a backup at the office, just in case.)
Raising Users’ Security Consciousness Because users can unknowingly expose so much of a system or network’s inner workings, training users about security is a key ingredient in maintaining security.Without information that explains why security is necessary and why your information assets must be protected, users will do everything they can to avoid following security guidelines simply for convenience. Educating users means explaining what kinds of measures are in place to ensure physical security and system security. Unfortunately, it’s often necessary to explain the consequences that security lapses can bring and to enforce those consequences strictly. It’s a good idea to address the following matters when educating users about security (if they apply): n
Make users sign a nondisclosure agreement that prohibits unauthorized disclosure of your organization’s IT environment and data holdings.
n
Instruct users to never share passwords, user accounts, authentication devices, or security badges.
n
Instruct users to never walk away from a workstation without logging out or locking the workstation.
n
Inform users that they may not install unapproved software. It’s not only a potential copyright violation; it’s also a potential security threat.
Security Is a Way of Life
n
n
n
Instruct users to follow all security measures and not to bypass or ignore such measures (such as installing a modem to log in to their system from home). Formulate acceptable use and privacy policies for e-mail and other information on company equipment. Inform users that legal precedent for ownership of information (including personal e-mails) is solidly on the side of the equipment’s owner. Explain the consequences of violating or ignoring security measures, including the penalties that apply.
Numerous organizations report that after developing, discussing, and deploying a security policy, they notice an increased awareness of security measures among employees. Before these benefits materialize, however, some organizations lose a few employees who cannot tolerate the new regimen. Although it might seem draconian, terminating users who fail to comply with the security policy sends a clear signal to employees that the policy is a serious matter and shouldn’t be tested. Most experts agree that losing a few people during the early stages of security deployment pales beside the implications of failing to implement such a policy in a worst-case scenario.
Viruses Threaten Security, Too Maintaining a secure environment means more than preventing unauthorized access from inside and outside the firewall. It also requires taking steps to protect your systems from data loss. Although this general guideline means you should think about topics such as business recovery and disaster relief, it also means you should take steps to prevent virus infections. In fact, a last resort for all these problems relies on a good, clean system backup. Preventing virus infections requires constant vigilance.The only ways to avoid infection are to install a defense mechanism that can screen out potential viruses and educate your users about safe computing practices (such as “Don’t open any e-mail attachments unless you’re expecting them and you know what they’re for”). For viruses, the best defense mechanism is antivirus software that scans all inbound data—be it from the Internet, floppy disks, or other sources of input—and includes an auto-update facility to make sure signature files and software are always up-to-date.There are numerous great products to choose from, but you must install and configure them correctly—and effectively—for them to work properly. Effective use of antivirus software depends on protecting all pathways that data can follow to enter your computers—be it the network, the Internet, e-mail, removable media such as floppy disks, or whatever. It’s essential to deploy software that covers all these bases rather than rely entirely on user education and luck to avoid infection.
591
592
Chapter 25
Managing System Security
In fact, policies about virus avoidance, treatment, and protection should be part of your security policy. Here are some key components for an antivirus policy: n
n
Perform regular software updates. Keep your antivirus software and signature files up-to-date, just as you do your operating systems and applications. Isolate risk-takers. Individuals who are unusually subject to infection might also be installing unauthorized software, bringing infected floppy disks to work, or engaging in other unsafe behaviors. Isolate them from the rest of the community until you can get them under control; if necessary, revoke their access privileges until you get things straightened out.
n
Ensure virus-free backups. If a virus gets backed up, it can always return to reinfect your systems.
n
100% virus-free servers. No file should be saved on a server without passing a virus scan.
The University of Mississippi offers a much more detailed and complete antivirus policy at http://www.olemiss.edu/depts/it/av_pol.pdf. For an excellent comparative review of antivirus software, visit http://www.pcworld.com/reviews/ article.asp?aid=14572. Based on the authors’ experiences, we recommend the following antivirus packages: n n n n
Symantec’s Norton AntiVirus 2000: http://www.symantec.com. Trend Micro PC-cillin: http://www.antivirus.com. Panda AntiVirus Platinum: http://www.pandasoftware.com. Command AntiVirus: http://www.commmandcom.com.
Although there are many other options to choose from, these products do the best job of handling a wide variety of viruses and of responding effectively to new strains.
Interesting Security Tools A Power Pack title could hardly omit a section on security tools.Therefore, the sections that follow provide information about and pointers to some of the favorite items in the authors’ security toolkit, not to mention all the tools covered elsewhere in this chapter.
Security Tweaks for ACLs, Events, and the Registry The Windows XP built-in interfaces for managing ACLs, inspecting security settings, and scoping out the Registry are neither as user-friendly nor as security-focused as you might like. If you ever tried to compile a coherent survey, or simply compile and organize data about your system from the Microsoft tools, you might have come away less than satisfied.To remedy your frustration, try adopting the following excellent tools from SomarSoft (now distributed by http://SystemTools.com):
Interesting Security Tools
n
n
n
DumpSec. This tool dumps permissions and audit settings for the file system, all shares, the Registry, and printers in a readable and machine-scannable format.This format makes it easy to survey and alter security settings for an entire system. DumpEvt. This tool grabs the contents of System, Security, and Application logs from the Event Viewer in a form suitable for database import and manipulation. It also handles the Windows XP event logs for DNS, file replication, and directory services. DumpReg. This tool dumps the entire Registry into a text file that can be sorted in all kinds of ways. Use it to take before-and-after snapshots when installing software on a machine to see exactly what Registry changes the new software makes.
All three tools are free downloads at http://SystemTools.com.They include simple, intelligible GUI interfaces plus help documentation. Give them a try!
Resource Kit Nonpareils The Windows 2000 Resource Kits for Professional and Server tend to include many of the same security tools that also work under Windows XP. Instead of spelling out their usage details, we’ll simply point them out and inform you that they’re amply documented in the resource kits. Although there are too many tools on the CDs to mention them all, the following are the must-see security tools in the current Windows 2000 crop: n
REGENTRY.CHM. An exhaustive help file on the Windows 2000 Registry. Although it’s not specifically a security tool, it contains information about lots of security-related Registry keys and values.
n
W2RKTOOL.CHM. The help file that documents all the Windows 2000 Resource Kit utilities; use it to get more information about other utilities mentioned here.
n
KERBTRAY.EXE. Installs itself in the system tray and can report on your machine’s current Kerberos tickets and their status. APPSEC.EXE (Windows 2000 Server Resource Kit only). Enables administrators to restrict installable applications in a networked environment.
n
n
CUSRMGR.EXE. A command-line utility that permits editing properties available through the Local Users and Groups MMC snap-in.
n
CyberSafe Log Analyst. An MMC snap-in designed to perform analysis of the Event Viewer’s Security log.
n
DELPROF.EXE. A user profile deletion utility. DUMPEL.EXE. A dump event log utility (creates a tab-delimited text file for database import).
n
n
EFSINFO.EXE. Provides information about EFS-encrypted files, folders, and related certificates.
593
594
Chapter 25
n
n n
n
n n
Managing System Security
ELOGDUMP.EXE. Provides access to text information from any event log file (including the Security log). Use it with findstr.exe to search for specific patterns. FLOPLOCK.EXE. Blocks access to floppy drives on Windows 2000 computers. Internet Scanner. Internet Security Systems’s TCP/IP protocol, port, and vulnerability scanner is included in the Resource Kit utilities. PERMS.EXE. Displays file permissions per user or for a specified group of files. Handy troubleshooting tool for permissions problems. SHOWPRIV.EXE. Displays users or groups that are granted a specified privilege. XCACLS.EXE. Enables setting all file-system security options available through Windows Explorer at the command line.
These utilities are just a sampling of the hundreds of tools that make up the Resource Kit utilities.We strongly suggest you do some exploring and see what else is there.
Security Scanners The previous section mentioned Internet Security Systems’s Internet Scanner (which is included in the Windows 2000 Resource Kit utilities). It scans a system’s TCP and UDP ports, probes for protocols and services, and tests a range of well-known vulnerabilities on target systems. If you don’t have the CD, you can download this tool from http://www.iss.net/. Other useful scanning utilities include the following: n
SecureScan from http://www.vigilante.com gets high marks for its thorough system checkups.
n
Nessus is an extremely popular security scanner that comes from the Unix world; because a Java client is available, it can also run on Windows systems (http://www.nessus.org).
n
Saint is the highly regarded successor to the infamous SATAN security scanner. Although it runs only on Unix, it might be worth pointing at a Windows system (http://www.wwdsi.com/saint/). SARA is a similar tool (Unix-based; http://www.www-arc.com/sara/). QualysGuard scans from the outside in and shows you what a hacker would see (http://www.sunbelt-software.com). Legion is a NetBIOS port scanner and password cracker that deserves a place in your toolkit.Visit http://www.slacker.org, and search on “legion” to locate this tool.
n
n
n
Cerberus’s Internet Scanner is a Windows-specific Internet scanner that runs more than 300 specific system checks. Definitely worth downloading and trying (http://www.cerberus-infosec.co.uk/cis.shtml).
For More Information
You might not choose to put all these goodies in your toolbox, but remember the Reverse Golden Rule:When it comes to break-ins, do unto yourself before others can do unto you. If you keep trying new exploits against your own systems, you won’t be surprised (or exploited) when somebody else tries them on you.
For More Information For more information about Windows XP and security topics, consult the resources cataloged in the following lists. Books and Courseware n
Badahar, Gary and Weber, Chris. Windows XP Professional Security. Osborne/McGraw-Hill, 2002. ISBN: 0072226021.
n
Bott, Ed and Siechert, Carl. Microsoft Windows Security Inside Out for Windows XP and Windows 2000. Microsoft Press, 2002. ISBN: 0735616329. Get the security details on Windows XP and 2000 straight from the source.
n
Bragg, Roberta. Windows 2000 Security. New Riders, 2000. ISBN: 0-7357-0991-2. Ms. Bragg is the security editor for Microsoft Certified Professional magazine, and her vast knowledge base and years of experience are immediately apparent—and very helpful—in this excellent book.
n
Scambray, Joel, McClure, Stuart, and Kurtz, George. Hacking Exposed: Network Security Secrets & Solutions, 2nd edition. Osborne/McGraw-Hill, 2000. ISBN: 0-070212748-1. Probably the best book about how hackers attempt to break into networks. It not only covers common vulnerabilities, but also explains how to offset or repair them and how to practice the safest possible networking and computing.
n
Stewart, James Michael and Tittel, Ed (contributors to this book) also teach a Windows 2000/XP security class at Interop and the Internet Security Conference (TISC) three or more times a year. Download their materials for these classes and access the handouts and a comprehensive list of pointers to security resources online at http://www.lanw.com/training/interop/. Look for the most recent offering with “Security” in the title.
n
TechNet: A monthly, CD-based technical subscription service from Microsoft that includes most resource kits and related software, service packs, a KnowledgeBase, and a great deal more useful information. For information about obtaining a subscription and access to online information, register for the TechNet Subscription CD online at http://technet.microsoft.com/.
595
596
Chapter 25
Managing System Security
Online Resources on Microsoft Security The Microsoft Windows security Web site: n
n
n
http://www.microsoft.com/security/. Here’s where you can get the official story on late-breaking security news and events, plus information about best practices.You can also download tools and security checklists, read editorial columns on security matters, and check out Microsoft security-related products and technologies. Definitely worth a visit! Microsoft KnowledgeBase: A compilation of questions to and answers from the Microsoft technical support operation.The KnowledgeBase contains tons of security information and is available online at http://support.microsoft.com/, but is also included on CD with a TechNet subscription. Microsoft provides the section of the Resource Kit Documentation on security at http://www.microsoft.com/technet/treeview/default.asp?url=/ technet/prodtechnol/winxppro/reskit/prpt_pt3_ptnz.asp.
n
Microsoft’s Download Center is where you must go for service packs, hotfixes, and various security-related tools and utilities.Visit it at http:// www.microsoft.com/technet/treeview/default.asp?url=/ technet/security/Default.asp.
n
One of TechNet’s most useful areas for the security minded is called the Security Tools page.Visit http://www.microsoft.com/technet/treeview/default.asp?url=/ technet/security/tools/tools.asp to grab all kinds of security checklists,
tools, and important software updates. General Security Resources Online The Computer Security Institute provides training, product resources, and all kinds of documentation.Visit its site at http://www.gocsi.com. SecurTek Corporation offers access to presentations, pointers to Web resources, and book recommendations at http://www.securtekcorporation.com/ InfoResources.htm. TruSecure Corporation, formerly known as the International Computer Security Association (ICSA), offers security publications, mailing lists, and documents of all kinds, and even sponsors a vendor-neutral, computer security certification program.Visit this group at http://www.trusecure.com. SecurityFocus.com is a great source for all kinds of security-related information online, at http://www.securityfocus.com. It is one of the authors’ favorites. TechTarget operates numerous useful information resource sites on the Web. For this chapter, the two of greatest interest are http://www.searchsecurity.com and http://www.searchWindows2000.com; because some content is common to both sites, feel free to search for security information on either one. n
n
n
n
n
For More Information
Non-Microsoft Windows 2000 Security Sites and Mailing Lists Christopher Klaus of Internet Security Systems (ISS) maintains a huge list of security-related mailing lists and similar resources at http://oliver.efri.hr/ ~crv/security/mlist/mlist.html. Russ Cooper operates NTBugTraq, one of the best-known resources for information about bugs and security problems related to Windows 2000 (and NT).Visit his home page at http://www.ntbugtraq.com. An occasional source of security information and a great general Windows tips and tools resource online is Windows NT/2000 Tips,Tricks, Registry Hacks, and More.Visit it at http://www.jsiinc.com/reghack.htm. Gibson Research offers online system vulnerability and port scanning services called Shields Up and Port Scan through its Web page at http://grc.com/.You must use this service to test your systems if they have Internet access. n
n
n
n
Vendors of Personal Firewall Products McAfee Firewall is a $40 product that gets reasonable reviews for its capabilities. Learn more by visiting the McAfee online store through http:// www.mcafee.com, and select “McAfee Firewall” to read more information. Symantec’s Desktop Firewall lists for $30 and gets strong reviews for its capabilities. Visit http://enterprisesecurity.symantec.com/products/ products.cfm?ProductID=36 for more information. Zone Labs provides a free basic version of its personal firewall, Zone Alarm, for home users (http://www.zonelabs.com/store/content/catalog/ products/zonealarm/znalm_details.jsp). BlackICE Defender is an impressive system that provides many configurable options and details on intruders (http://www.iss.net/netice/). n
n
n
n
597
26 Managing System Recovery
A
LTHOUGH WINDOWS XP IS THE MOST reliable and sturdy operating system from Microsoft to date, it still can succumb to many common computer system ailments. Failed hard drives, corrupted files, virus infection, electrical surges, moisture, and even sudden jarring impacts can render an expensive, otherwise high-performance workhorse into a useless pile of expensive but organized shiny parts.
Many computer disasters can result in severe damage, and the only way to protect yourself from a complete loss of data on your network (or even a single system) is through a backup. Backup was discussed in detail in Chapter 20, “Windows XP Backup and More.” If you don’t have your survival skills honed before you are stranded, a thousand books on survival in your home library will offer you little comfort.The same is true when you are stranded with a computer problem. If you don’t have a plan for dealing with disaster, your network (and probably your job) will not recover.The amount of preparation required is moderate; usually, it won’t even make you perspire. All you need to do is implement a regular backup and practice a few of the recovery techniques discussed in this chapter. Investing a few moments now will be invaluable to you later, especially when your boss asks you to restore his e-mail from the past three years. Disaster recovery is implemented in the following three main phases: n n n
Preparation. Gathering information and performing regular backups. Prevention. Maintaining a system to avoid failures. Procedure. Deploying recovery solutions in an effort to restore a damaged or lost system.
Preparation and prevention typically occur simultaneously and are ongoing activities, whereas the procedure phase takes place only when a problem arises.
600
Chapter 26
Managing System Recovery
Some Preventive Techniques Regular testing, maintenance, and upgrades help reduce the risk of a system failure. However, no matter what steps you take, there is always a risk of losing data.You and your organization can live without the physical hardware that makes up your computers and network, but the data created and stored on that network cannot be replaced.The need to protect your data is directly proportional to how important that data is on a daily basis for the continued operation of your organization. To monitor your systems regularly for increased load or decreasing performance, you can use the System Monitor included with Windows XP. As you see areas of your network becoming overloaded, add more capacity. However, don’t add just the necessary capacity for the moment; plan ahead and build in room for expansion. Planning ahead for expansion delays the need to apply another fix and often provides improved performance and cost benefits. .
For information on system monitoring, see Chapter 22, “Tuning and Optimizing Windows XP,” p. 485.
Perform manual inspections of subsystem components.Testing to make sure that connections still allow communications, that disk drives have adequate free space, and that Domain Name System (DNS) systems still resolve queries can help locate potential problems before they become full-blown emergencies. Don’t be shy about upgrading or replacing parts that look, act, or are old. Any computer part more than two years old should already be on the short list to be replaced.This is especially true of hard drives and backup devices, but other high-priority replacements should include CPUs, memory, motherboards, and controller cards.This doesn’t mean you must replace everything that is two years old, but be aware that the more time an electronic part is in use, the more likely it will fail.You need to guess, hope, and judge when the failure point will occur and replace it before it happens. At the least, move older hardware to clients and install new devices on mission-critical servers. Obviously, you have to work within a budget. Tip Back up, back up, back up. If we have to say it again, we will: Back up, back up, back up!
If you do not have the funds to be fully flexible and proactive, at least have emergency fund acquisition papers filled out before you need them. For instance, what will you do when your hardware budget is gone and your three-year-old RAID array becomes an electric doorstop? Collect as much information about your system as possible. (Some vendors have management utilities that help with this—for example, Compaq’s Insight Manager.)
Repairing a Damaged Windows XP System
Documentation is always your best weapon in any situation. Detailed information about your computers and your network not only helps prevent problems before they occur, but also helps resolve problems quickly. If you are not thoroughly familiar with every aspect of your system, you might not know how to fix a failure. Following are the types of data you should collect: n n n
Software documentation, manuals, settings, configurations, and so on Hardware components, manuals, settings, configurations, and so on Network components, layout map, free ports, and so on
n
Performance data for the system, including baselines and regular trend-analysis reports
n
Log of historical troubleshooting sessions, including both failed and successful actions
n
Schedule of regular maintenance tasks and log of recent configuration changes Floppy disk copies of driver files, operating system and software installation disks, backup copies of configuration files, and the Registry
n
The amount of data you have about your network could fill up several bookshelves and file cabinets, but having all this documentation on hand is worth the collection and storage effort.This list is not exhaustive; be sure to include anything that relates to the computer systems in your organization. The collected data is only as good as it is current.You must update the data in storage as you alter the network or even an individual system.When new software is installed or upgraded, when a new hard drive is installed, when a service setting is changed, or whatever, always mimic the change to your computer systems in the documentation. In other words, develop a written System event log.
Repairing a Damaged Windows XP System No matter how experienced you may be, when a system exhibits a problem, resist the temptation to slip into panic mode. No matter what has gone wrong, maintaining a calm attitude and approaching the problem systematically will produce faster and more effective results. Here are a few tips to keep in mind when you first discover a problem: n
Take your time. Don’t try to rush. Being impatient only causes more problems than it solves. Attempting a fix too hastily can often cause you to overlook or forget important issues or settings.
n
Keep your emotions under control. Anger, frustration, and fear are not conducive to clear thought.Take a breather.
n
If things don’t go as planned, try again. Take a few minutes to step away; grab a drink, eat some food, jog up the stairs, watch a bit of TV, call a friend, or
601
602
Chapter 26
n
n
Managing System Recovery
play a game. Give your brain a few minutes of distraction, and then return to the problem with a better perspective. Know your systems. If you are not familiar with your software, operating systems, hardware, and network, you will have a difficult time tracking down problems and implementing solutions. If you haven’t spent enough time with your documentation beforehand, do so now before attempting a fix. Know what is normal. You need to know the normal operational parameters for your systems so that you can recognize when a fix has successfully returned things to their normal state.You can glean this information from baselines, but it is more of an experiential knowledge gained through interacting with a system regularly.
n
Always isolate the problem before attempting to fix it. Isolation is the process of systematically eliminating suspects. Until a problem is isolated, you don’t know what you are dealing with. Isolation focuses your attention on the one or more components that are actually causing or hosting the problem. Proper isolation can help you replace or repair the one bad component instead of a whole computer.You should be asking questions such as the following: Does the problem occur throughout the network? Does the problem occur on all servers? Does the problem occur on all hard drives in the server? Does the problem occur on all files on the hard drive?
n
Undo the most recent change or alteration (if possible). Most problems are caused inadvertently by configuration changes, which could be as simple as a software setting, a hardware switch, or even a software or driver upgrade.
n
Reinvestigate points of failure your system has experienced before. You’ll be able to review historical failure points only if you document your troubleshooting actions.
n
Attempt the simplest and least expensive corrections first. Reserve new hardware or complete reinstallations as last resorts. Keep in mind that the more invasive a correction is, the more likely the network’s data and configuration will be in jeopardy.
n
Take single-step actions on your path to a solution. After each step, test the system. Some attempted solutions could actually cause other problems, and performing multiple corrections at once often hides the solution. In other words, you want to know exactly which action resolved the issue.
n
If you are having difficulty locating the problem component, attempt to repeat the failure. Often, the only way to discover a problem’s origin is to repeat it while inspecting the system.
n
Always log your attempts, failures, and successes at resolving problems. This information can be vital for avoiding future problems or repairing a repeat of the latest problem.
Repairing a Damaged Windows XP System
Common Recovery Tools Some of the tools and techniques you’ll use to perform repairs on a damaged Windows XP system are already included in the operating system. Many of them you’ve probably worked with under Windows NT and Windows 2000. Under Windows 2000 and Windows XP, there are a few more enhanced features at your disposal. Event Viewer The Event Viewer is used to examine the log files created by the system and several services and is an important tool for tracking down problems.These log files include the three base logs: Application log, Security log, and System log. Other logs are accessible through Event Viewer, based on the applications and services installed. Some of these other logs include the Directory Service, DNS Server, and File Replication Service. All available logs are listed in the left pane of the Event Viewer (see Figure 26.1).You can find the Event Viewer in the Administrative Tools section of both the Start menu and Control Panel or access it through the Computer Management tool.
Figure 26.1 You can view events registered in the System logs in the Event Viewer.
The logs are collections of event details. An event detail is a collection of data relevant to an instance or a situation that caused a service or application to create an event. Events can be created when a security policy is violated, when a service fails to launch, when an application performs an operation improperly, and for many other reasons.There are at least three types of event details: Information (non-critical items of operation), Warning (cautions about an operation), and Error (reporting of a problem). Most often, however, the event details recorded in these logs are warnings or error reports.The data
603
604
Chapter 26
Managing System Recovery
items retained in an event detail depend on the type of situation that triggered the event, but usually they include the following (see Figure 26.2):
n
Date and time Event type and/or category (Information,Warning, and Error) User and/or computer involved Source of event (usually a service or application) An event ID A description of the event
n
A memory dump, captured data, or text related to the event
n n n n n
Figure 26.2 You can view details about an Error event in the Event Properties dialog box.
The Security log records all event details related to auditing. Event details are of two types in this log: failure and success.These types simply indicate the type of event that generated the event detail. The System log records event details related to the native services of Windows XP and other critical drivers and files.When problems are occurring with the system’s functionality, this log is most often the one to view first. Many important occurrences cause event details to be recorded in this log—for example, system shutdowns, startups, reboots, system crashes (blue screens), device driver failures, service failures, and storage issues (lack of free space, unreadable files, unable to write, and so on). The Application log records event details related to the operation of installed applications and services. Note that only those applications and services specifically programmed to create event details do so.
Repairing a Damaged Windows XP System
The Event Viewer offers several data reduction tools to help locate event details quickly, especially if you already have an idea of what to look for.You can use the View, Filter command to reduce the amount of data displayed and the View, Find command to locate specific records by keyword.With a little practice, this tool will become second nature to you. In fact, a weekly check of the logs available through the Event Viewer is recommended.You might prevent some problems before they occur by viewing Information and Warning messages. Computer Management Windows XP has consolidated many of the administrative utilities in a section called Computer Management (see Figure 26.3). Like the Event Viewer, this tool is located in the Administrative Tools of both the Start menu and Control Panel.
Figure 26.3 The Computer Management tool provides a common interface for many system tools.
This tool focuses on managing local components, but it can easily be used to manage remote systems.When the Computer Management (Local) item is selected, the Action, Connect to Another Computer command displays a list of other systems on the network you can manage. The utilities accessible within Computer Management are divided into three sections: System Tools, Storage, and Services and Applications.The System Tools section offers quick access to many commonly used utilities: n n
Event Viewer. Used to view logs. Performance Logs and Alerts. Used to create and manage counter log files and alert scans.
605
606
Chapter 26
n
n
n
Managing System Recovery
Shared Folders. Used to view all current shares (including hidden shares), open files, and active sessions. It can also be used to create new shares. Device Manager. Used to troubleshoot devices, alter configuration, change drivers, and so on.This tool is also accessed from the Hardware tab of the System applet. Local Users and Groups. Used to manage users and groups on a local system. It is disabled when Active Directory is installed.
The Storage section contains tools used to manage storage devices on the system.These tools include the following: n
Disk Management. Used to manage the volumes on hard drives, including creating and deleting volumes, formatting volumes, and accessing the Disk Cleanup, Error-Checking, and Defragmentation tools.
n
Disk Defragmenter. Used to reduce the level of file fragmentation, which results in faster read and write access and fewer instances of file corruption.
n
Removable Storage. Used to view and manage media pools of removable media, such as floppy disks, writable CDs, tapes, Zip and Jaz drives, and so on.
The Services and Applications section contains service- and application-specific management tools.The contents of this section are determined by the installation of various software components. Some of the more common tools appearing in this section can be used to manage Dynamic Host Configuration Protocol (DHCP), telephony, services, indexing, Internet Information Services (IIS), and DNS. The Computer Management tool is a troubleshooting aid in many respects. Primarily, it grants single-interface access to many tools for investigating your system’s hardware and services. At the very least, the use of the Event Viewer, System Information, and Device Manager can help locate problems quickly. System Restore Microsoft has also included a tool called System Restore in Windows XP. Its purpose is to roll back a system to a specified point in time, called a restore point. System Restore runs as a background service and creates restore points automatically when “trigger events” occur; these events can include application installations, unsigned drivers, AutoUpdates, and Backup utility restores.You can also create restore points manually, if needed, and by default, System Restore creates a new restore point daily. Note System Restore requires 200MB of free space on the hard drive to run and disables itself automatically if there is not enough free space.
Repairing a Damaged Windows XP System
To manually create a restore point, perform the following steps: 1. Click Start, All Programs, Accessories, System Tools, System Restore to launch the System Restore Wizard. 2. Select the Create a Restore Point radio button, and then click Next. 3. Enter a description of the restore point in the text box, and then click the Create button (see Figure 26.4). When Windows creates the restore point, note that the date and time are automatically added to the description.
Figure 26.4 You can enter a description of the restore point being created in the System Restore Wizard.
To restore your system using a restore point, perform the following steps: 1. Click Start, All Programs, Accessories, System Tools, System Restore to launch the System Restore Wizard. 2. Select the Restore My Computer to an Earlier Time radio button, and then click Next. 3. In the Select a Restore Point window (see Figure 26.5), either select a date on the calendar on the left or select a restore point from the list on the right, and then click Next. 4. Confirm the restore point in the following window. Note that the wizard shuts down Windows, so you should save any work and close any open programs.
607
608
Chapter 26
Managing System Recovery
5. When the restoration is complete, a notification appears. In this window, you can click OK if the problem is solved, or click the Choose Another Restore Point link or the Undo This Restoration link for other restoration options. Click OK.
Figure 26.5 You can either select a date to restore your system to or select a restore point from the list.
Boot Options The Windows XP boot menu is greatly improved over that of Windows NT, primarily because of the integration of boot option capabilities from Windows 98 and several new boot recovery innovations.The boot menu appears on Windows XP systems by pressing F8 while the system is booting (unless multiple operating systems are in use, in which case it appears for 30 seconds by default). From the boot menu, you have the option to select from any available operating system.There is a default choice used to boot the system if you do not alter the selection within the allotted time period. As you know, the settings of the timeout, the available operating systems, and the default operating system are defined in the boot.ini file.You can manually manage the boot.ini file through a text editor or the System applet’s Advanced tab by clicking the Startup and Recovery button. The most interesting and useful (in light of system recovery) feature of the boot menu is the addition of the Advanced Options menu. Advanced Options is a menu of alternative boot methods and recovery techniques or tools that can be used to attempt a system recovery.This menu is accessed the same as every computer in the world, namely by pressing F8 while the boot menu is displayed—that is, before the timer expires.There is
Repairing a Damaged Windows XP System
even a message at the bottom of the screen while the boot menu is displayed informing you that F8 can be pressed to reach Advanced Options.The Advanced Options menu is similar to the following: Windows Advanced Options Menu Please select an option: Safe Mode Safe Mode with Networking Safe Mode with Command Prompt Enable Boot logging Enable VGA Mode Last Known Good Configuration (your most recent settings that worked) Directory Services Restore Mode (Windows 2000 domain controllers only) Debugging Mode Start Windows Normally Reboot Return to OS Choices Menu Use the up and down arrow keys to move the highlight to your choice.
The boot options available through the Advanced Options menu are used to perform the following actions: n
Safe Mode. Windows XP is booted using minimal drivers and system files:VGA monitor driver, mouse driver, keyboard driver, storage device drivers, and core services. No networking components are loaded.
n
Safe Mode with Networking. Windows XP is booted using minimal drivers and system files. Networking components are loaded, but PC card services are not loaded (therefore, no PC card NICs).
n
Safe Mode with Command Prompt. Windows XP is booted using minimal drivers and system files. No networking components are loaded.The GUI environment is not loaded; instead, a text-only command prompt is offered. Enable Boot Logging. This is a toggle command to enable the boot logging process that records the filenames of all loaded drivers and services during a boot. Data is written to the ntbtlog.txt file located in the main Windows directory.
n
n
Enable VGA Mode. Windows XP is booted using the base VGA video drivers with the resolution of the desktop set to 640×480 with 256 or 16 colors.
n
Last Known Good Configuration. Windows XP is booted using the version of the Registry present at the last successful logon. Each time a logon occurs, the Registry’s current state is copied into a backup key for use in disaster recovery.
n
Directory Services Restore Mode. Windows 2000 Server is booted and Active Directory is rebuilt and restored.This option is available only on domain controllers.
609
610
Chapter 26
n
Managing System Recovery
Debugging Mode. Windows XP is booted and debugging data is transmitted over the serial port. A second system connected by a passthrough serial cable can capture the debugging data. See the Windows 2000 Server Resource Kit for more details on this procedure.
System recovery can often be accomplished through judicious use of these Advanced Options for booting Windows XP. In many cases, just booting into Safe Mode and then rebooting normally will restore a system. Other times, you might need to update a driver or remove a component while in Safe Mode to restore the system.The Last Known Good Configuration (LKGC) option should be attempted first any time you suspect that a Registry setting or a new driver installation is the cause of the problem.Therefore, it is often a good idea to try LKGC first, and then pursue Safe Mode, Recovery Console, system file repair, or other boot or recovery solutions. .
For more information on the boot process, see Chapter 7, “Booting Windows XP,” p. 129.
Preparation for Recovery The recovery methods discussed in the remainder of this chapter often require additional components, files, data, and so on to complete their recovery attempt. So before you rush ahead, take a moment to think about where your resources are.You might even want to double-check your backups and download some files. Here are the most often required elements or components: n n
n
n n n
The original Windows XP distribution CD. Any service packs, preferably in an expanded form on a CD, local drive folder, or a network share. An updated Automated System Recovery (ASR) disk, which can be created from the Backup utility. (Select Advanced mode, and then click the Automated System Recovery Wizard.) A full backup of your system. A full backup of your Registry and System State data. All third-party device drivers used on your system—that is, not pulled from the original distribution CD or service packs.
With the elements in the preceding list at hand, you can perform the following repair process. Repairing Files with the Automated System Recovery Disk Windows XP introduces a new invasive repair technique called the Automated System Recovery (ASR).This tool is used to repair or replace key system files, the boot volume,
Repairing a Damaged Windows XP System
the Registry, and other aspects of the startup environment.The ASR disk should be used after you have exhausted all other recovery techniques. Note This process requests your ASR disk. If you do not have an ASR disk for your system, you will not be able to run the ASR process.
To initiate the ASR process, you must reboot the Windows XP system using the distribution CD. At the ASR prompt, press F2.When the repair process starts, you are prompted to insert the ASR backup media, which can be a backup tape, CD-ROM, or a different hard disk. The ASR process formats the system partition, and then replaces any operating system files that need to be repaired. ASR should be attempted only after a System Restore.
Working with the Recovery Console The Recovery Console is a Windows XP component that can be used to perform a wide range of repair operations from a command-line interface.You can install it onto a system where it is available at any reboot, or start it from setup boot disks. In either case, the Recovery Console’s command line offers the capability to replace driver and system files, replace Registry files, enable and disable services and device drivers, format hard drives, copy files, delete files, and much more. Launching the Recovery Console from the setup boot floppy disks simply requires selecting the Recovery Console option on one of the early menus. Installing the Recovery Console adds a boot menu item for starting the Recovery Console from the boot menu during a system reboot .To install the Recovery Console, run winnt32\ cmdcons from the distribution CD.When the installation is completed, the Recovery Console appears as an additional item on the main boot menu (not on the Advanced Options menu). The Recovery Console is a text-only, command-line environment that can read and write files on NTFS and FAT (FAT32) volumes.Through the use of specialized commands (many similar to MS-DOS tools), you can manipulate many aspects of Windows XP, from system files to service credentials to Registry key values. When launched, the Recovery Console prompts you to select the installation of Windows XP to work against (even if only a single instance of the operating system is present). Next, you are prompted to provide the password for the Administrator account for this system. After this logon, the command prompt is shown with the directory context of the main Windows root folder—that is, C:\winnt>.
611
612
Chapter 26
Managing System Recovery
You have 34 commands available in the Recovery Console.To view their complete syntax and usage information, just issue the help command or /? as a parameter of a command (such as copy /?).The available commands are as follows: n
attrib. Alters the attributes on files and folders.
n
batch. Performs the commands contained in a text file (known as a batch file).
n
bootcfg. Provides boot.ini configuration and recovery information.
n
cd. Changes the command-line context into a child folder or displays the name of the current folder.The use of .. as a parameter changes the context to the parent
folder. n
chdir. Changes the command-line context into a child folder or displays the name of the current folder.The use of .. as a parameter changes the context to
the parent folder. n
chkdsk. Inspects a hard drive for bad sectors and lost files. Bad sectors are
n
cls. Clears the screen.
n
copy. Creates a duplicate copy of a source file; can be used with full pathnames.
marked, and lost files are recovered into text files.
This command decompresses files copied from the distribution CD. n
del. Deletes a file.
n
delete. Deletes a file.
n
dir. Displays the contents of the current directory, including files and folders; can
also be used to display files based on attribute settings. n
disable. Disables a service or device driver.
n
diskpart. Creates or deletes partitions.
n
enable. Enables a service or device driver and sets the start type for the compo-
n
exit. Exits the Recovery Console and reboots the system.
n
expand. Uncompresses a file.
n
fixboot. Re-creates the boot sector on the system partition.
n
fixmbr. Repairs the Master Boot Record on the boot partition.
n
format. Formats a partition.
n
help. Displays command use information.
n
listsvc. Displays a list of all services and device drivers present on the system.
n
logon. Switches context between one installation of Windows XP and another
n
map. Displays a list of all partitions, sizes, and mapped drive letters.
n
md. Creates a new child directory within the current context directory.
nent.
on the same system.
Using IntelliMirror
n
mkdir. Creates a new child folder (directory) within the current context
n
directory. more. Displays the contents of text files to the screen. net use. Connects a network share to a drive letter. rd. Deletes a directory. ren. Renames a file. rename. Renames a file. rmdir. Deletes a directory.
n
set. Lists and alters the environmental parameters of the Recovery Console. Note
n
systemroot. Sets the command-line context back to the main Windows root folder—that is, C:\winnt>.
n
type. Displays the contents of text files to the screen.
n n n n n
that this command does not appear in the help listing of available commands.
Working with the Recovery Console is as simple as working with files under DOS.You do need to pay attention to your spelling and the syntax of parameters for the commands. In most cases, if you mistype, Recovery Console just issues an error.The most beneficial use of the Recovery Console is the capability to disable services and device drivers. With a little imagination, you can use the Recovery Console to perform some amazing tasks. For example, if you have backup copies of the compressed Registry files from the \repair folder, you can replace the Registry. If you have updated a file with the same name as an existing file (such as a device driver, DLL, or other system file), you can replace it with a copy command.
Using IntelliMirror Most network administrators will find the IntelliMirror feature in Windows 2000 Server and Windows XP indispensable. However, IntelliMirror is a bit like the smoke and mirrors of a fun house. It is nothing more than the name assigned to the capabilities derived from the cooperative interaction of native Windows 2000 Server and Windows XP features.There are no IntelliMirror interfaces or executables. Instead, you can benefit from IntelliMirror just by properly configuring Active Directory, Group Policy, and other components of Windows 2000 Server and Windows XP. IntelliMirror is discussed in Microsoft documentation as having the following three core features or capabilities: n n n
User data management Software management User settings and desktop environment management
613
614
Chapter 26
Managing System Recovery
The lines between these three features are blurry, however, especially if you have already begun to implement some of the configuration techniques in Windows 2000 Server and Windows XP that Microsoft labeled as IntelliMirror.The real “meat and potatoes” of IntelliMirror shows up only when disaster strikes. Even without the Remote Installation Service (RIS), IntelliMirror offers some fault tolerance for user data and user profiles. This not only improves users’ experiences by moving their environments to any Windows XP client they log in to, but also protects them in the event of data loss or corruption on a client. From an administrator’s point of view, IntelliMirror offers configure-and-forget convenience. IntelliMirror can maintain fault-tolerant copies of user data, perform any needed restorations automatically (including single files), and completely replace the operating system, software, and data. Additionally, any changes or settings applied to a client continue in effect, even when that client is disconnected from the network.
User Data Management User data management is the task of ensuring that data is always available to a user, no matter which client he or she logs in to or whether the user is disconnected from the network.This task requires several key elements, including user profiles, a home directory located on a network share, redirection of local directories, and offline files.The following components of Windows 2000 Server and Windows XP are involved in user data management under IntelliMirror: n n n n n n n
Active Directory Group Policy Offline folders Synchronization Manager Enhancements to the Windows XP shell Folder redirection Disk quotas
For user data management to function, you must configure or perform the following: n n n
n
Configure user profiles to map a home directory on a network share. Set disk quotas on the network share to prevent abuse. Define a Group Policy (at whatever organizational unit [OU] level that’s necessary) to redirect the common local folders (such as My Documents) to locations within the user’s home directory. Configure offline folders to make the user’s home directory available when not connected to the network.
Using IntelliMirror
Software Management Software management is the task of distributing approved software to clients. In addition to initial installation, software management encompasses the distribution of updates and patches as well as the removal of software after its official use has been terminated. IntelliMirror cannot be used to prevent other software from being installed, but it can ensure that the minimum required applications are always available on every client on the network and that these software products are up to date.The following components of Windows 2000 Server and Windows XP are involved in software management under IntelliMirror: n
Active Directory
n
Group Policy Windows Installer Add/Remove Programs Enhancements to the Windows XP shell
n n n
For software management to function, you must configure or perform the following: n
Create software distribution packages (MSI files) using Microsoft Installer. Please see the Windows 2000 Server Resource Kit for information on the Microsoft Installer.
n
Add the MSI file to the Software Settings section under Computer Configuration of an OU’s Group Policy.
After an MSI file is defined in the Group Policy, that software’s presence is verified each time the policy is applied to a computer. If the software is new or a patch/upgrade is available that is not present on a system, it is made available to that system.The actual installation of software does not occur until a user attempts to launch the application. Instead, the verification procedure adds icons to the Start menu for new programs and adds an update flag to existing programs. After a user attempts to launch a new application, the system downloads the necessary files and performs the installation. There are two types of software distribution methods: n n
Assigned software is distributed in the method just described. Published software is made available to clients through their Add/Remove Programs applet.This means they must make a manual selection to install published software.
Software can be removed from clients by removing it from the Group Policy.The removal process offers a selection of automatic removal or elected removal. Automatic removal uninstalls the software the next time the Group Policy is applied. Elected removal informs the user that the software has been removed and prompts whether to retain or remove the software. If the user elects to retain the software, he or she can remove the software manually by using the Add/Remove Programs applet.
615
616
Chapter 26
Managing System Recovery
User Settings and Desktop Environment Management User settings and desktop environment management is the task of maintaining a user’s environment, no matter what client the user logs in to.This is really nothing more than roaming user profiles enhanced through Group Policy.The following components of Windows 2000 Server and Windows XP are involved in user settings and desktop environment management under IntelliMirror: n n n n n
Active Directory Group Policy Offline folders Roaming user profiles Enhancements to the Windows XP shell
For user settings and desktop environment management to function, you must configure or perform the following: n n n n
Create roaming user profiles for all users. Define home directories on network shares. Define Group Policies on OUs as required to grant or restrict user capabilities. Configure offline files to cover user’s home directories.
Remote Installation Services The Remote Installation Service (RIS) automates the deployment of Windows XP Professional. (It cannot be used to deploy Windows 2000 Server.) When combined with IntelliMirror, RIS provides a complete system recovery solution.The following components of Windows 2000 Server and Windows XP are involved in RIS: n n n n
Active Directory Group Policy DHCP DNS
The RIS installation process can be initiated by a DHCP remote boot ROM network interface card based on PXE (Pre-boot Execution Environment) or by an RIS boot disk (created by using the RBFG.EXE tool located in the ...\system32\reminst and \RemoteInstall\Admin\i386 folders). RIS deployments can be fully automated so that the only human interaction required is to power on the target client. RIS uses DHCP to function. After a target client boots, it receives its TCP/IP configuration from DHCP, and then the RIS server transmits the Client Information Wizard (CIW) to the client.When installed, the user is asked to log in and select from the offered installations (unless this is automated). After the operating system is installed, the system is rebooted into the new operating system. If IntelliMirror is used, after a user
Using IntelliMirror
logs on to the new client, all his or her related data and configuration is copied to the new client. RIS is not difficult to install or configure. In fact, the configuration dialog box is the Remote Install tab of a domain controller’s Properties dialog box, accessed through the Active Directory Users and Computers tool. RIS must be installed on a domain controller or have direct access to a domain controller. Microsoft DHCP must also be present on the network.There are a few hoops to jump through to get RIS installed.They are detailed in the Windows 2000 Server Resource Kit, but one important item not to overlook is the need to create a DHCP scope for the RIS clients. Target client systems must meet the following minimum requirements for RIS to be able to install Windows XP Professional onto them: n
n n n
All hardware must be compliant with the minimal requirements for Windows XP Professional. All hardware must be on the Hardware Compatibility List (HCL). There must be at least 1.2GB of free storage space. An RIS-compatible PCI NIC must be present.These NICs include the following: 3Com 3c900 (Combo and TP0), 3c900B (Combo, FL,TPC,TP0), 3c905 (T4 and TX), and 3c905B (Combo,TX, FX) AMD PCNet and Fast PC Net Compaq Netflex 100 (NetIntelligent II) and Netflex 110 (NetIntelligent III) DEC DE 450 and DE 500 HP DeskDirect 10/100 TX Intel Pro 10+, Pro 100+, and Pro 100B (including the E100 series) SMC 8432, SMC 9332, and SMC 9432 n
n n n n n n
During RIS installation, you create an installation image.You can create other installation images from the Remote Install tab (described earlier in this section). Linking an unattended answer file with an RIS image can create custom installation processes.With the right answer file, you can completely automate the installation process.You can even associate multiple unattended answer files with a single RIS image to offer install options to clients. If you want to duplicate an existing installation on RIS clients, you can prepare a system image by using RIPrep.This tool requires that Windows XP Professional and all applications be installed into drive C, but it creates an exact duplicate RIS installation, including installed software and configuration settings.The target clients for these types of installation images must be able to use the same HAL as the original system. RIS images are stored in \RemoteInstall\Setup\English\Images\image name\i386\Templates folders. By managing the permissions on these images, you can control which users and groups can access them. A user requires Read & Execute, List
617
618
Chapter 26
Managing System Recovery
Folder Contents, and Read permissions to all contents of the Templates folder to perform an RIS install from it. Note The Windows 2000 Server Resource Kit has an in-depth discussion on installing, configuring, and using RIS that you can investigate for more information.
Third-Party System Recovery Tools There are few third-party system recovery tools to select from. Primarily, the bulk of the non-Microsoft recovery tools are just backup solutions. However, in addition to backup software, you might want to investigate the following products. Norton Utilities from Symantec offers storage device-specific system recovery techniques.This collection of tools focuses on maintaining the health of storage devices. It can recover deleted files (even after removal from the Recycle Bin) and repair drive configurations and boot records. Norton Ghost from Symantec is a disk-imaging tool. It is similar to a backup solution, but instead of making backups on a file-by-file basis, it makes duplicates of entire hard drives onto another storage device. In addition to cloning systems, Ghost offers quick recovery to the last Ghost image in the event of a system failure. Image Cast 3, from Innovative Software, performs similarly to Ghost. Check out this fullfeatured product at http://www.imagecast.com.au/ for more information.
For More Information For more information on Windows 2000 system recovery, please consult the Windows 2000 Server Resource Kit and Microsoft TechNet (http://www.microsoft.com/ technet/default.asp).You might also find useful information on system recovery at the following Web sites: n n n n n
n
ActiveWin: http://www.activewin.com/. Search Win2000: http://searchwin2000.techtarget.com/. Sunbelt Software: http://www.sunbelt-software.com/. Windows 2000 Magazine: http://www.winntmag.com/. Windows NT/2000 Tips,Tricks, Registry Hacks and more: http://www. jsiinc.com/reghack.htm. WinInfo: http://www.wininformant.com/.
V Windows XP Goes Online: Internet or Intranet Access 27
Windows XP as a Web Client
28
Windows XP as an E-mail Client
29
Internet Services from Windows XP Professional
30
Sharing an Internet Connection
31
Maintaining Internet Security
27 Windows XP as a Web Client
T
O GET STARTED WITH WINDOWS XP and the Internet, you should have all the tools in place before you begin.This chapter covers all the details you must have to effectively use Windows XP and the Web; discusses how to use other services that the Web and Windows XP have to offer, such as Microsoft Internet Explorer, other Web browsers, desktop customization, e-mail, newsgroups, and File Transfer Protocol (FTP); and looks at troubleshooting Internet or intranet access problems.
Types of Internet Access As we move from the world of 28.8K and 56K modems to the era of broadband technology, the choices become more interesting. Broadband is the technology that moves information at the rate of 256Kbps or faster. Now you can choose from a regular dial-up connection at 56K or use broadband technology and select a Digital Subscriber Line (DSL) or cable modem provider. .
For additional information on connection types and their speeds, see Chapter 17, “Remote Access,” p. 353.
Dial-Up Connection This is the original connection method everyone has used and is still the most common and ubiquitous. Because the required tools are already available, everyone can use it.You use the modem in your computer to connect to your Internet service provider (ISP) through the phone line in your home, office, hotel, or client’s site.Tried and true, the technology works well and reasonably quickly.The difficulty is that, when using a dialup connection, you use your principal telephone connection, meaning that you cannot make or receive calls over the line used to connect to the Web. An alternative is to install a second phone line just for your Internet service, which is a choice many people have
622
Chapter 27
Windows XP as a Web Client
made.This choice works well and adds only the monthly cost of an extra phone line, which is roughly $20 to $45 per month, depending on your location. The drawback to dial-up connection is speed.Telephone lines allow for only 56.6Kbps throughput, so making use of many modern Internet technologies, such as streaming audio and video, is time consuming. For regular uploading and downloading of e-mail and text-based Web content, however, this speed is sufficient.
DSL DSL is an especially high-speed version of the dial-up connection. Using the existing telephone line in your home or office, the phone company can simultaneously provide your current telephone service and offer connection speeds beginning at 256Kbps.With DSL service, there is no need to have a second phone line just for Internet use.These connection speeds are a dramatic improvement over the traditional dial-up connection speed of 56.6Kbps (actually, you can get only 53Kbps). An added benefit of DSL service is that it is always available.There is no waiting for the modem to connect. Open your browser or mail account, and you are connected. DSL service is available in all the major metropolitan areas of the country and through a variety of sources.Typically, your local phone company is your first point of inquiry. Call to find out whether the service is available in your area and what it costs. As an alternative to the phone company, there are service providers, such as Earthlink and Covad (among many others), that offer high-speed DSL service.When your local phone company is unable to provide DSL service, these companies can often help.The service is identical; it’s just coming from a different source. Signing up for DSL service is the first of a two-part process; in addition to the DSL provider, you also need an ISP, the company that provides the actual connection to the Internet. Frequently, it is the same company that provides the DSL service, but it is not necessary for them to be the same. It’s just simpler to receive a single bill at the end of the month. DSL is also referred to by a number of different acronyms and terms: SDSL, ADSL, HDSL, Symmetric, Asymmetric, and high-speed. Because they all accomplish the same thing, providing high-speed Internet access, they are referred to by the single name of DSL. For a service provider to supply DSL service, you must be within a certain cable distance of the local phone company’s central office (CO). Usually, it’s about a two-and-a-halfmile radius.This is because the quality of the service degrades the farther away from the CO you are.The provider cannot ensure quality service if the distance is too great.This technology is improving regularly, however, and these limitations will most likely be addressed within a year or two.
Equipment to Use
Cable Your local cable company may be in the business of supplying Internet service in addition to cable television.The Internet feed is through the same cable connection for cable television service, but a splitter is used to connect to a cable modem that is connected to the Ethernet card in your computer.The speed of the service is comparable to that of DSL and much faster than a dial-up connection. Cable companies are scrambling to expand this service to as many areas of the country as possible.They know the competition is fierce and want to be able to give you what you want. Frequently, they offer incentives, such as free cable modems or reduced introductory rates, to entice you to sign up for their service.
Selecting an ISP You have your new computer, you have a modem or network interface card, and you want to connect to the Internet.What do you do next? The first task is to decide the type of service you want: traditional dial-up, DSL, or cable, as discussed in the previous section.The other consideration is selecting an ISP. Begin your ISP search by looking through the phone book.There are many companies competing for your attention. Look at what they have to offer (standard dial-up, cable, or DSL) and the fees. Nearly all have an activation fee of some sort and structured rate plans, which depend on how much you use the service each month. A flat rate for unlimited monthly use is becoming fairly common. Following are other considerations to keep in mind when selecting an ISP: n
How accessible is the ISP’s customer service? If customer service is available only during typical working hours, what happens when you have a problem at 10:00 p.m. and cannot reach anyone to help you?
n
Can you set up your own Web page? Many ISPs have a service that allows you to create a Web page or two and place it on their server at no additional cost. Some even provide limited-functionality Web page creation software.
n
How many e-mail accounts can you have? ISPs frequently create an e-mail account in your name.What about others in your family? They might like e-mail accounts of their own. Some providers offer the ability to set up multiple e-mail accounts.
Equipment to Use Each type of Internet provider requires certain types of equipment to use that service (see Table 27.1).
623
624
Chapter 27
Windows XP as a Web Client
Table 27.1 Required ISP Equipment Type of Service
Required Equipment
Standard dial-up DSL Cable
Analog modem DSL router or modem and Ethernet adapter Cable modem and Ethernet adapter
Modem Installation As shown in Table 27.1, each type of Internet provider requires using and, therefore, installing a modem. Standard Dial-Up Installation Usually, when you purchase a computer, it has an analog modem installed as part of the package. Although installing the modem is typically not a concern, the dial-up connection must be configured.To configure the dial-up connection, follow the steps outlined in the Network Connection Wizard, as described in the section “Using the New Connection Wizard” later in this chapter. DSL Installation DSL service requires a separate router or modem that is different from the dial-up modem in your computer.The DSL provider usually supplies it (at a cost of about $100). In addition to the router, you need an Ethernet card (some also have USB connections).The installation process for the Ethernet card is the same as that for the cable modem (described in the next section).They both connect to the router or modem with an Ethernet cable (usually supplied along with the router or modem). Cable Installation Cable service requires a separate cable modem. Frequently, the cable company providing the service supplies the modem and performs the installation. An Ethernet card must be set up in your computer before a cable modem can be installed. Any reputable computer store can supply an Ethernet card, but be sure that the card is listed on the Windows XP Hardware Compatibility List (HCL). If it isn’t compatible with Windows XP, you will have problems using it.To install the card (often referred to as a NIC, or network interface card), open the computer case and insert the card into an open slot.Then restart the computer and open the Add Hardware Wizard from Control Panel to properly install the card.This should prepare your computer for installation of the cable modem.
Using the New Connection Wizard After you have decided the type of service to use (dial-up, DSL, or cable) and have the service installed, the next step is to actually connect to the Internet.Windows XP
Equipment to Use
provides the New Connection Wizard to lead you through the process of successfully connecting to the Internet. It creates an Internet connection for you and then displays a list of ISPs and information about their services. After you decide on an ISP, you can sign up for a new account by selecting one from the list. If you already have an account with an ISP and want to create an Internet connection to your account, the New Connection Wizard collects all the necessary information from you and creates a connection directly to that account. To open the New Connection Wizard, select Start, All Programs, Accessories, Communications, New Connection Wizard. Click Next in the Welcome to the New Connection Wizard window. In the next window, you select the type of network connection you want to create (see Figure 27.1).To create a connection to the Internet using an ISP, select the Connect to the Internet option and click Next.
Figure 27.1 You configure network and Internet connections via the New Connection Wizard.
In the next window, you are asked if you want to do the following: n n n
Choose from a List of Internet Service Providers (ISPs) Set Up My Connection Manually Use the CD I Got from an ISP
The first and last choices apply when you are using a dial-up connection.The wizard automatically detects the presence of your modem and proceeds from there. Use the second choice if you are using a cable modem or DSL router. After making your selection, click Next. The path through the wizard depends on your choice of how you want to connect to the Internet. If you sign up for a new Internet account, a list of potential ISPs is displayed.To set up an account with one of these companies, follow the instructions
625
626
Chapter 27
Windows XP as a Web Client
onscreen. If you have already selected an ISP, you are given the opportunity to set up the account manually with the information the ISP supplies. Dial-Up Connections In the New Connection Wizard, follow these steps: 1. Select how you are connecting to the Internet—a modem or a broadband connection—and then click Next. 2. Type in a name for the connection.This is the name that will be displayed in the Network Connections folder. Click Next. 3. Enter the local access number for your ISP, including the area code and phone number. 4. Enter the username and password provided by your ISP in the Internet Account Information dialog box and choose from the following options: Use This Account Name When Anyone Connects to the Internet from This Computer n
Make This the Default Internet Connection Turn on Internet Connection Firewall for This Connection After making your selection, click Next. 5. Click Finish to close the wizard. n n
Your dial-up connection is now ready for use.To use it, open Internet Explorer. Windows then automatically dials the number. Alternatively, you can click Start, Settings, Network Connections, and select the new connection from the list. Cable or DSL Connections If you are connecting to an ISP using DSL, a cable modem, or nearly any other type of connect-on-demand technology, the process of connecting to an ISP is nearly identical to using an analog modem. Most ISPs consider DSL as a simple, high-speed, dial-up access method, meaning that, as far as their customer is concerned, the configuration is no different from using an analog modem. DSL users should have their telephone company run the DSL service and their service provider properly configure it. In addition, they must have a modem or router. Connecting to the Internet directly requires that Transmission Control Protocol/Internet Protocol (TCP/IP) be present on your computer. In the New Connection Wizard, select the I Want to Set Up My Connection Manually radio button and click Next.The next window prompts you to specify whether you connect through a dial-up modem, a broadband connection requiring a user name and password, or a broadband connection that is always on. If you select one of the first two
Internet Explorer 6.x
options, complete the preceding steps to provide ISP settings. Click Finish to complete the wizard. You must then configure the Ethernet card so that it functions properly with the service provided by your ISP.To begin the process, click Start, Settings, Network Connections. Right-click Local Area Connection and select Properties to open the connection’s Properties dialog box, as shown in Figure 27.2.
Figure 27.2 The Local Area Connection Properties dialog box.
The only concern in this dialog box is the Internet Protocol (TCP/IP) choice. Select it and click the Properties button. In the Internet Protocol (TCP/IP) Properties dialog box, you need to select the option to obtain an IP address automatically (if your ISP uses DHCP), or specify an IP address, subnet mask, and default gateway.When you are done, click OK. Click OK again to close the Local Area Connection Properties dialog box. You are now ready to use the Internet.
Internet Explorer 6.x Microsoft Internet Explorer (IE) is provided as part of Windows XP.This tool combines a number of elements that transform it from a common Web browser into a multimedia tool, which enables you to browse the Web while listening to your favorite music or radio station. IE is a multifunctional Web browser. It allows users to access content hosted by Web sites on the Internet or an intranet. IE is not just a Web browser, however; it can also be used to access many other types of Internet information, such as e-mail and newsgroups (also called discussion groups).
627
628
Chapter 27
Windows XP as a Web Client
As a Web browser, IE supports the Hypertext Markup Language (HTML) and other basic Web technologies, such as Hypertext Transfer Protocol (HTTP), Common Gateway Interface (CGI), JavaScript, and more. It also includes support for Java, Dynamic HTML (DHTML), Extensible Markup Language (XML), and VBScript. Microsoft has developed and deployed its own Web-based technologies, such as ActiveX and Active Server Pages (ASP) and has integrated them into IE. It includes features such as the following: n
n n n n n
Capability to view remote and local resources through the same Internet Explorer interface Support for offline browsing of local, cached, or subscribed content Security based on zones (Local Intranet,Trusted Sites, Internet, Restricted Sites) Desktop integration (known as Active Desktop) Search, History, Channel, and Favorites bookmarks Support for plug-ins and helper applications
Customizing the Toolbar IE version 6.0 is included with Windows XP. After you launch IE, the IE toolbar is the opening into your exploration of the Internet.You can customize the toolbar to add or remove buttons and to show or hide text.To do this, select View,Toolbars, Customize from the menu to open the Customize Toolbar dialog box (see Figure 27.3).
Figure 27.3 You can customize the buttons and appearance of the Internet Explorer toolbar via the Customize Toolbar dialog box.
Select which icons you want to appear on the toolbar and how the text for the icons should be displayed, or hide the text if that option best suits your needs.When you have finished customizing the toolbar, click the Close button.
Selecting Your Options IE enables you to set a wide number of parameters that control how it functions.You can select the home page (which is the location displayed every time IE is opened),
Internet Explorer 6.x
modify security settings, select which programs Windows automatically uses for each Internet service, and set a number of other advanced parameters. To set these parameters, select Tools, Internet Options from the IE menu to open the Internet Options dialog box.The General tab, displayed first by default, is where you set your home page and make other selections about your service (see Figure 27.4). Additionally, you can select options for storing temporary Internet files and determining how long to keep pages in the history toolbar and configure colors, fonts, languages, and accessibility options.
Figure 27.4 In the General tab of the Internet Options dialog box, you can customize your home page, how temporary Internet files are stored, and many other options.
You can use the Security tab, shown in Figure 27.5, to customize your Internet security settings.The first setting is Web content zone, which provides the following four options: n
n
n
n
Internet. This is a general zone that includes any Web sites that haven’t been placed in another zone. Local intranet. This zone houses the Web sites located on your local intranet, or network. Trusted sites. This zone stores Web sites that you trust not to be harmful to your computer or data. Restricted sites. This zone contains Web sites that have the potential to be harmful to your computer or data.
To add any site to one of these zones, simply click the zone icon, click the Sites button, and add the site in the Add This Web Site to the Zone text box. Click the Add button to add it to the zone, and click OK when you are done.
629
630
Chapter 27
Windows XP as a Web Client
Figure 27.5 You can configure security options in the Security tab of the Internet Options dialog box.
The lower portion of the Security tab contains customizable security options for each zone.To configure these options, click the Custom Level button to open the Security Settings dialog box, where you can configure myriad security options, such as how to handle ActiveX controls, file downloads, scripting, and authentication for each zone. You can use the Privacy tab, shown in Figure 27.6, to select how IE handles cookies from Web sites.These settings include the following: n
Block All Cookies. This is the strictest setting. It blocks all cookies from Web sites and protects any existing cookies on your system from being read by Web sites.
n
High. This setting blocks cookies lacking a privacy policy or that gather personally identifiable information without your explicit consent.
n
Medium High. This setting blocks third-party cookies lacking a privacy policy or those that gather personally identifiable information without your explicit or implicit consent.
n
Medium. This is the default setting. It blocks third-party cookies lacking a privacy policy and first- or third-party cookies that gather personally identifiable information without your implicit consent. Low. This setting blocks third-party cookies lacking a privacy policy and restricts cookies that gather personally identifiable information without your implicit consent. Accept All Cookies. This is the least restrictive setting. It enables and saves all cookies on the computer and allows existing cookies to be read by the Web sites that created them.
n
n
Internet Explorer 6.x
Figure 27.6 You can configure how to handle cookies in the Privacy tab of the Internet Options dialog box.
In addition, you can import other IE privacy preferences from your computer by clicking the Import button, override automatic cookie handling by clicking the Advanced button, or restore the default setting (Medium) by clicking the Default button.To override cookie handling for specific Web sites, click the Edit button to block or allow cookies from specific Web sites. The Content tab (see Figure 27.7) contains three configurable areas: Content Advisor, Certificates, and Personal Information.The Content Advisor enables you to select ratings for Internet content by clicking the Enable button.You can then set up restrictions for language, nudity, sex, and violent content; enable approval for specific sites; set up password authentication for rated sites; and import rating information from Internet ratings bureaus. Use the Certificates area to configure certificate settings for yourself, certification authorities, and publishers.The Personal Information area provides an interface for configuring the personal information about you that’s stored in the system, including your name, e-mail address, and home and business information. The Connections tab provides an interface for configuring Internet, proxy, virtual private network (VPN), and local area network (LAN) settings. The Programs tab (see Figure 27.8) is where you can configure which applications to use for your HTML editor, e-mail, newsgroups, Internet calls, calendar, and contact list. You can use the Advanced tab in the Internet Options dialog box to configure numerous specific settings for accessibility, browsing, protocol, multimedia, printing, searching, and security.
631
632
Chapter 27
Windows XP as a Web Client
Figure 27.7 You can configure Content Advisor, Certificates, and Personal Information settings in the Content tab of the Internet Options dialog box.
Figure 27.8 You configure which applications to use for Internet services in the Programs tab of the Internet Options dialog box.
Exploring Other Browsers (Netscape, Opera) Although IE is one of the most frequently used browsers, it is not the only one available. There are other choices that offer features and functionality that IE might not have.The following sections provide a brief introduction to two major IE competitors.
Working Outside the Web with E-mail, Newsgroups, and FTP
Exploring Netscape Netscape (http://www.netscape.com) was one of the early entrants in the field of Internet browsing. Currently in version 7.0, it offers a browsing experience that incorporates Java and multimedia in much the same way as IE.The philosophy behind its construction, however, reflects a different mindset that provides different tools and functionality. For instance, its mail and newsgroup functionality is integrated into the browser instead of operating as separate programs.You set the parameters in the Preferences menu. My Sidebar is a customizable feature on the left of the screen that enables you to quickly browse to the Web sites you visit most frequently. Research the weather, read the news, check the sports, search for other topics, or contact your friends from here quickly and easily.To maximize your screen real estate, collapse the sidebar when it is not in use.
Exploring Opera Opera (http://www.opera.com) is the creation of a group of developers in Norway who wanted to present an alternative to IE and Netscape.Their philosophy offers a browser that is smaller in size than its competitors and arranged a bit differently. E-mail is part of the program, similar to Netscape. Another difference is that the full commercial program is not free. Currently, the application costs approximately $40.They do, however, provide a free download version that places a small ad at the top of the screen.
Working Outside the Web with E-mail, Newsgroups, and FTP When you install IE, Outlook Express (an e-mail and newsgroup program) is also installed. Outlook Express is not part of IE, but its functionality integrates directly with IE, enhancing and extending its capabilities.You can add an e-mail button to the IE toolbar (it looks like an open envelope) that enables you to directly access the functionality of Outlook Express, including reading e-mail, creating a new message, sending a hyperlink or Web page to someone, and reading newsgroups.
Using E-mail Programs The decision of which e-mail program to use is one that only you can make and depends on what you want to accomplish. If you want seamless integration with your browser and simultaneous access to more than one mail account and a newsreader, Outlook or Outlook Express is an excellent choice. Other mail programs, such as Eudora, Pegasus Mail, and Pine, offer features, benefits, and functionality that could be of particular interest to you. Look at them, test their functionality, and decide which best suits your needs.
633
634
Chapter 27
Windows XP as a Web Client
Address Books Each mail program has an address book similar to a traditional paper address book.You can store lots of information about your contacts, such as the following: n n n n n n n
Name E-mail address Physical address Business information Personal information NetMeeting details Digital ID information
Although each e-mail program can have similar parameters, all automate the process of sending and receiving mail. Creating a New Mail Account Before you can send and receive mail using Outlook Express, you must set up a new mail account. Normally, when you subscribe to an ISP, you are provided with one or more e-mail addresses. To create a new mail account in Outlook Express, follow these steps: 1. Click Tools, Accounts from the menu to open the Internet Accounts dialog box. 2. Select the Mail tab, click the Add button, and click Mail to start the Internet Connection Wizard. 3. Type a display name.This is the name that will appear on outgoing messages. Click Next. 4. Type your e-mail address.Your ISP supplies this information when you sign up for an account. Click Next. 5. Select the type of mail server (POP3, IMAP, or HTTP) and provide the names of the incoming and outgoing mail servers. Click Next. 6. Type the username and password for the account. Again, your ISP provides this information. Click Next. 7. Click Finish to close the Internet Connection Wizard. Composing and Sending Mail Outlook Express is the mail program used to compose and send mail.The program you use might be slightly different, but the process is essentially the same for all mail programs. To create a new e-mail message, choose File, New from the menu (or press Ctrl+N) to open the New Message dialog box.This is where you address your message, identify the
Working Outside the Web with E-mail, Newsgroups, and FTP
subject, and compose the message.The following sections explain how to perform these tasks. From This line is automatically completed for you.You identified this information when you completed the Internet Connection Wizard and filled in the details for Internet Mail. To This field is where you enter the e-mail address of the person to whom you are sending the message. It always looks something like this:
[email protected]. If you have set up your address book, all you need to enter here is the name of the person you entered in the address book.The e-mail address is automatically entered for you. Cc If you want another person to receive a copy of the message, enter the e-mail address in the Cc field. Subject Enter the subject of your message on this line to help the recipient determine what your message is about. (This information also helps when you receive a response or message from someone else.) Message This field is where you compose the text of your message. Use the icons at the top of the box to format the message, just as you would any other document. After reviewing your message (always a good practice because with many e-mail programs, you cannot retrieve a message after it is sent), click Send.
Using Newsgroups As a newsreader, Outlook Express is fully functional. It offers a Windows Explorer–like interface to the 25,000+ Internet newsgroups. Outlook Express enables you to use any number of news servers, subscribe to individual groups, browse or search through message headers, read messages and posting details, and post messages. Note A newsgroup is a collection of people with a common interest who gather to exchange news, information, and opinions. It serves as a message board and communications tool, where anyone can read messages from others and post his or her opinions, messages, and items for sale. Because newsgroups are, by their very nature, so open, there is virtually no privacy or security.
635
636
Chapter 27
Windows XP as a Web Client
Subscribing to Newsgroups To subscribe to a newsgroup, you first need to add a newsgroup server to Outlook Express or another e-mail program. If you are using Outlook Express, add the newsgroup server through the Tools menu.Your ISP supplies the name of the server you use. It usually looks something like this: news.myisp.com (myisp is the name of the ISP you use). To add the newsgroup server, follow these steps: 1. 2. 3. 4. 5. 6. 7. 8.
Choose Tools, Accounts from the Outlook menu. Click the News tab. Click the Add button and select News from the list that appears. Enter your name and click Next. Enter your e-mail address and click Next. Enter the name of the news server supplied by your ISP. Click Next. Click Finish to complete the process of adding the newsgroup server to Outlook. Click Close to close the Internet Accounts dialog box.
You are now ready to look at available newsgroups and subscribe to those that interest you. Here’s how to actually subscribe to a newsgroup: 1. Select the newsgroup you created under the Folder list. A window appears informing you that you have not subscribed to any newsgroups. Click Yes to subscribe now. 2. The Newsgroup Subscriptions dialog box appears with the All tab displayed (see Figure 27.9).The list of newsgroups available through your ISP are automatically downloaded from your ISP and displayed. Scroll through the list until you find one that looks interesting. Highlight it and click the Subscribe button. 3. Repeat this process until you have completed all your selections, and then click OK.The newsgroups you subscribed to are displayed in Outlook Express. 4. To read the messages, click the name of the newsgroup.The messages are displayed on the right side of the screen.When you first subscribe to a newsgroup, all the messages posted to date are displayed.That could be quite a few.You can always read the most recent and delete the remainder if you don’t want to spend a lot of time looking through old material. Newsgroup Safety Potential hazards exist whenever you are online, and newsgroups are no different.You can avoid unwanted and objectionable content by following a couple of simple rules: n n
Avoid newsgroups that are, by their name, obviously objectionable. Filter some of the content you see in the newsgroups.
Working Outside the Web with E-mail, Newsgroups, and FTP
Figure 27.9 You can subscribe to newsgroups in the All tab of the Newsgroup Subscriptions dialog box.
In addition to any objectionable content you might encounter, some folks are prone to victimization in a newsgroup unless some basic precautions are in place; these are common-sense precautions, such as revealing any personal information. Don’t forget that anyone anywhere in the world with access to an Internet connection can see what you post to a newsgroup.
File Transfer Protocol FTP enables you to remotely retrieve or deliver files on another computer through the Internet.You can do this anonymously or be authenticated. Anonymous access doesn’t require a username or password and is used to share folders on a computer for retrieval only. An authenticated FTP site requires a username and password to log in and actually use the system. After logging on to an FTP site, you can look at the content in much the same manner as a Web site. In general, an FTP URL is constructed in this manner: ftp://domain_name:port/ path.This basic FTP URL is used to access anonymous sites (sites not requiring an authorized username and password to gain access).The domain name portion can be a fully qualified domain name (FQDN) for an FTP site, such as ftp.microsoft.com, or an IP address, such as 207.46.133.140.The port is the TCP port used to access the FTP service. By default, it is 21. As long as the FTP server is using the default, you don’t need to specify the port in the URL. Many FTP sites, however, use other port addresses to limit unnecessary access and to prevent Web crawlers (also called robots or wanderers) from traversing the site.The logic is that if you host an FTP site on a non-default port address, users must visit your Web site or otherwise interact with you before they learn how to gain access to your FTP site. A path statement, which includes subdirectories in the FTP directory structure, can be added to jump immediately to a sublevel of the FTP site.
637
638
Chapter 27
Windows XP as a Web Client
If the FTP site requires a username and password to gain access, you can construct an URL to include this data, such as ftp://username:password@domain_name: port/path/.This URL provides the logon mechanism with the authentication information needed to authorize access.You should remember, however, that an URL such as this does not protect the password in any way; it is transmitted as clear text, which could lead to potential security problems. After you have entered an FTP site using IE or a specific FTP program, such as CuteFTP, you can traverse the directory structure by clicking on the displayed links. Depending on the operating system hosting the FTP site, the display of file and directory information varies. In most cases, directories are identified with a located to the left of the linked name. All other links are files.Traversing down a directory tree is simple; just click on a -labeled link.Traversing up a directory tree can be tricky. Depending on the host system type and how it is configured, moving to a parent directory might require one of the following: n n
n
Clicking on a link of .. (see ftp.3com.com) Clicking on a link labeled Up to Parent Directory or just Parent Directory (see wuarchive.wustl.edu) Manually editing the current URL to remove the last element of the path (see ftp.microsoft.com)
You can use IE to explore an FTP site and download files; however, only one file can be selected for download at a time. After a file download is started, you can select another file to download, but you cannot select two or more files at the same time.To upload files to an FTP site using IE, you drag or copy and paste the files from Explorer or My Computer into the IE window with the FTP site open.This is not the most effective way to upload files to an FTP site, however. An FTP program, such as CuteFTP, that is specifically designed to handle FTP transfers is a much better option. Go to http://www.cuteftp.com for additional information on this application.
The Internet Explorer Administration Kit (IEAK) Organizations with a large number of clients using IE can spend valuable time configuring browser settings on individual workstations.This makes it difficult to configure browsers exactly the same way and keep them that way. Also, when configuration changes need to be made to browser settings, each workstation must be visited. One way to reduce the administrative overhead of configuring and maintaining browsers is to implement the Microsoft Internet Explorer Administration Kit (IEAK). The IEAK enables you to deploy and customize different IE components. Organizations can use it to centrally manage, customize, and administer IE, regardless of the platform.
Troubleshooting Internet or Intranet Access Problems
This central management makes it easy for organizations to customize and configure browsers in exactly the same way for all users. Using IEAK, you can do the following: n n n n n n n
Deploy IE Customize privacy settings Enable cookie restrictions Customize security settings Customize the toolbar Configure multimedia settings View browser settings
The IEAK includes different components and features for deploying and managing IE. The Customization Wizard steps you through the process of creating a custom browser package. After the package is deployed to clients’ desktops, they receive a customized browser with all the settings you selected in the wizard.The Profile Manager enables you to automatically change browser settings and restrictions after deployment.The IEAK includes additional tools, programs, and sample files to manage browser packages and includes Help files with information on concepts and procedures.
Troubleshooting Internet or Intranet Access Problems Resolving Internet access problems is a two-step process. First, you must verify that your network connection is active. Second, you must verify that you are communicating properly with the remote host.
Verify Your Network Connection To verify your network connection, check the physical network connection, the protocol you use, and authentication/logon parameters. If you are unable to access Web sites or your request times out, your network connection might be interrupted.To check this, open a command prompt (click Start, All Programs, Accessories, Command Prompt) and issue a PING command. Use a name such as ping www.microsoft.com. If you see the message Destination host unreachable or if no information is returned at all, your network connection is not working. Another way to test the connection is to use TRACERT.This tool lists each device encountered between your system and the remote host as well as the devices’ response times. It can determine whether your communication efforts are failing before they reach the destination host or failing at the last step.You must perform this test on the
639
640
Chapter 27
Windows XP as a Web Client
computer hosting the firewall or proxy software. It does not work from behind a firewall or proxy. If you have determined that the communication link fails outside your local computer or your attached network (or even the ISP to which you are connected), there is nothing you can do but wait until someone else resolves the problem. Of course, notifying the ISP that there is a problem is a good idea. Next, you should test communications between your system and the ISP. If a failure is located, it is likely a physical interruption or a network failure. A final place to look is at the client software, even though client software failures are uncommon.Verify that all configuration options are defined properly, and consult the vendor or view the vendor’s Web site for further troubleshooting advice.
Check the Hardware First, make sure the physical connections are secure. For modem users (this includes ISDN, ADSL, cable modems, and so on), verify that the modem has power, that it is properly connected or seated, and that all connection cables are securely fastened on both ends (such as the modem and the wall outlet). Inspect all connection cables for tight kinks, sharp bends, or exposed wiring (such as insulation that has been scraped off). Make sure the connectors on both ends are snug—loose connectors or exposed wiring near the connectors can cause shorts and data loss. Replace all damaged wiring. Cycle the power on the modem device if external; reboot your system if internal. For network users, perform the same checks on your NICs and cabling. Include a check for proper termination, proper cable length, and maximum devices-per-segment restrictions. Also make sure all hubs and routers between you and the Internet are powered on and functioning properly.
Check the Configuration Next, check your protocol installation. In most cases, you are using TCP/IP. Other protocols might be in use when a proxy server performs resource translation on the client’s behalf. If you are connecting to an ISP, make sure the information it provided is exactly what is entered in the TCP/IP configuration. (Look at the Network Connections applet’s Protocol tab, in the TCP/IP Properties dialog box.) If necessary, contact the ISP to verify that the configuration data you have is current and correct. If you are a network client, verify that the TCP/IP configuration matches what your system administrators supplied. At a minimum, it must include an IP address, a subnet mask, and a default gateway.You might also have one or more DNS servers. If you make any modifications to protocol settings, always restart your computer. On occasion, when the protocol driver files are corrupted, you might need to remove and reinstall TCP/IP.
For More Information
Check the Network If the problem is network related, you should verify that you are properly authenticated with the logon system.This applies to systems connecting directly to an ISP and to clients on a network. Double-check the spelling and capitalization of your username, password, and domain name (when applicable). If your problem is network-connection related, what you have just done should restore your communications. After each resolution step, retest the configuration to see whether your client software can access the remote/local site. (You can also use another PING command.) If the communications themselves are at fault, you should look at your software, the path between your system and the remote host, and the remote host itself. Start with the remote host and work back to your local system.The best practice in general is to PING the remote system first to see whether it is online.Test other systems located in the same general area (somewhere else on the Internet). As long as you use a handful of hosts, you should be able to determine the source of the problem. If you are unable to PING only a single host, you can deduce that the host is offline or does not respond to PINGs, or that the path to the host is interrupted. If multiple hosts, but not all, fail to respond to a PING, a router is at fault somewhere in the chain, or a serious network overload is occurring. If all hosts fail to respond to a PING, your Internet connection could be at fault.
Don’t Forget the Modem If there is no communication outside your computer, the problem lies in your modem or DSL router. If this is the case, it’s time to call customer service at your ISP and have them walk you through a solution to the problem. All modems have their own software, which might be the source of the problem. Customer service can be an invaluable source here, particularly if you have a DSL or cable modem. An ISP’s software and your modem software can be especially complex if you have never worked with them before.
For More Information Check out the following resources for more information: n
n
n
Bogue, Robert and Barker, Gord. MCSE Training Guide (70-270):Windows XP Professional. Que, 2002. ISBN: 0789727730. Cowart, Robert and Knittel, Brian. Special Edition Using Windows XP Professional, Bestseller Edition. Que, 2002. ISBN: 0789728524. Sirockman, Jason. MCSE + Internet Complete. Que, 1999. ISBN: 0735700729.
641
28 Windows XP as an E-mail Client
W
ITH THE FIERCELY COMPETITIVE ATMOSPHERE of today’s business climate, the old adage “You have to stay in touch to be in touch” has never been more accurate. In the past few years, e-mail has evolved from an alternative means of communication to an essential way of doing business. Simply put, e-mail is now considered a mission-critical application.
This makes it essential that e-mail and collaboration client software possess a wide range of capabilities to keep up with ever-changing communication needs. Many third-party e-mail and news programs are available for Windows XP, but Microsoft has supplied a couple of good e-mail and collaboration clients. This chapter explores the Microsoft e-mail clients: Outlook Express and Outlook 2002. To help you evaluate which client is better for you, the strengths and weaknesses of each product are covered.Then you step through some of the difficult parts of each product’s setup and configuration and learn a few tips and tweaks to make these products more efficient.
Outlook Express and Outlook 2002 Microsoft has developed the Outlook family of messaging and collaboration clients to serve the needs of different users. Although the typical home user probably requires only simple and reliable Internet e-mail and newsgroup functionality, business and power users need richer e-mail functionality and tighter integration between e-mail and tools for information management and collaboration. The Microsoft Outlook family of e-mail clients consists of not only Outlook 2002 and Outlook Express (available in various Windows versions and other platforms), but also
644
Chapter 28
Windows XP as an E-mail Client
Outlook Web Access and Pocket Outlook for Windows CE. All these products offer flexibility and power in key areas such as Internet functionality, security, integrated messaging, and information management. However, the feature sets and capabilities are adjusted to different platforms and target audiences. The Windows XP products Outlook Express and Outlook 2002 support the key Internet standards, including Post Office Protocol 3 (POP3), Internet Message Access Protocol 4 (IMAP4), Hypertext Transfer Protocol (HTTP), Lightweight Directory Access Protocol (LDAP) for public address lookups, and Secure/Multipurpose Internet Mail Extensions (S/MIME) for security. In addition, you can compose messages using HTML and custom stationery in each product.With both products, users with multiple mail accounts can consolidate e-mail from different HTTP, POP3, and IMAP4 mail servers into a single inbox.You can also create rules that move incoming messages from different accounts into separate inbox folders.
Outlook Express Microsoft Outlook Express provides efficient and effective e-mail and newsgroup services, security, and full support for Internet standards and technologies. Outlook Express has been included with Internet Explorer since version 4.0, and regular updates are available from Microsoft as free downloads. Outlook Express is a scaled-down version of the Microsoft flagship e-mail client, Outlook 2002.Whereas Outlook 2002 is a high-end mail client with a powerful Personal Information Manager (PIM) integrated into the package, Outlook Express concentrates strictly on Internet e-mail and news. Even though Outlook Express is designed to be an entry-level product, it comes extremely close to matching Outlook 2002 feature-for-feature in terms of Internet e-mail capabilities. Although Outlook Express is less capable than Outlook 2002 in overall functionality, it’s optimized for Internet mail and news functions and enjoys a performance edge in every e-mail area the two clients share.This makes Outlook Express suitable for use on slower Pentiums or any machine with limited resources. Outlook Express is seamlessly integrated with Internet Explorer and is only available bundled with Internet Explorer. It features a simple, three-pane interface, with separate panes for folders and message headers, and a preview window that displays the first few lines of a message before you actually open it (see Figure 28.1).The folder and message header views are customizable, so you can change which fields are displayed.The toolbar has a row of large icons for accessing the most common features. Outlook Express is equipped with various tools and wizards that streamline the processes of setting up and migrating from another mail or news client.Tools and wizards are available for importing your existing messages, mail account settings, address books, and news account settings from a variety of popular mail clients.
Outlook Express and Outlook 2002
Figure 28.1 The main window of Outlook Express.
For the mail and news clients that are not directly supported, Outlook Express supports importing files in the comma-separated values (CSV) format. Most other mail and news clients are capable of exporting their data to a CSV file that you can use to import the data into Outlook. Importing is supported for the following e-mail products: n n n n n n n n n
Outlook (all versions) Outlook Express (all versions) Eudora Light (through version 4.0) Eudora Light or Pro (through version 3.0) Netscape Mail (version 2.0 or 3.0) Netscape Communicator Microsoft Exchange Client Microsoft Windows Messaging Microsoft Internet Mail and News
Outlook Express version 6.0 is part of the Internet Explorer package included with Windows XP. Later versions of Internet Explorer and Outlook Express can be obtained on CD or downloaded from the Internet Explorer download page at http://www.microsoft.com/windows/ie/download/windows.htm.The Web site automatically detects which version of Internet Explorer and Outlook Express you’re running and offers to download an update for you.
645
646
Chapter 28
Windows XP as an E-mail Client
Outlook 2002 Outlook 2002 (see Figure 28.2) is the industrial-strength big brother of Outlook Express. Although average users can find all the features they will ever need and more in Outlook Express, the serious power and/or business user will want to upgrade to Outlook 2002.
Figure 28.2 The Outlook 2002 main window.
Microsoft Outlook 2002 provides tightly integrated e-mail, calendar, and information management.The first version, Outlook 97, was introduced with the Microsoft Office 97 suite as a replacement for the Schedule+ and Exchange applications included in earlier versions of Microsoft Office. Outlook 2002 includes most of the features of Outlook Express and adds to them by extending these features. In addition, Outlook 2002 adds a calendar, to-do list, journal, sticky notes, and a module called Outlook Today, which displays unread messages, daily appointments, and tasks at a glance. Outlook 2002 has far more powerful options for sorting and grouping e-mail messages and a more flexible Rules Wizard. It also has the capability to support custom forms and applications that are designed to work within the application. In addition to the major Internet standards supported by Outlook Express, Outlook 2002 includes support for vCalendar (which enables you to exchange meeting request information over the Internet) and iCalendar (for sharing calendar/scheduling information over the Internet). Like Outlook Express, Outlook 2002 imports your connection settings, e-mail messages, and address books from your existing mail clients. It also offers a similar import function for the PIM. Currently, support is provided for Applied Computer Telephony (ACT), Ecco, Lotus Organizer, and Schedule+. A number of third-party companies also have tools that enable users to synchronize Outlook data with various handheld devices.
Configuring E-mail Access
Tip After you import the information into Outlook, it’s still available in your previous program if you want to use both packages.
Outlook 2002 is available as part of Office XP or can be purchased separately from your local software store or online.The online Microsoft purchase point is located at http://www.microsoft.com/office/order/.
Configuring E-mail Access After you have decided on the version of Outlook Express or Outlook 2002 and installed it, it is time to get it configured for e-mail access. Both versions of Outlook come with a tool called the Internet Connection Wizard (ICW), which walks you through the process of setting up your Internet account information.The ICW provides a step-by-step, fill-in-the-blanks guide to setting up Outlook for use with your Internet service provider (ISP) account(s) or on your POP3-based local area network (LAN).The ICW is displayed automatically when you first enter Outlook.You can use it to set up your account information at that time, or you can set it up later by choosing the Tools, Accounts command. Before you start the ICW, you should obtain the following information from your ISP or network administrator: n n n n n n
Internet e-mail address (example:
[email protected]) Username and password Type and name of incoming mail server (HTTP, POP3, or IMAP4) Internet Mail logon or Secure Password Authentication (SPA) Simple Mail Transfer Protocol (SMTP) server LDAP directories (if supported)
As you progress through the windows of the ICW, you are prompted for all the information you need to set up your e-mail and newsgroup accounts and Internet directories (also called LDAP directories). Before you start the ICW, you should have already installed and tested your Internet connection (see Chapter 17, “Remote Access”). Here is a brief overview of some of the steps of the ICW: 1. In the Your Name window, supply the name you want to show up in the From box of e-mail messages you send to other people.This name can be up to 255 characters and can contain spaces.You can type your full name, a nickname, an alias, or any other name you want. 2. In the Internet E-Mail Address window, enter the e-mail address that your ISP assigned to you.This is the address that other people will use to send mail to you.
647
648
Chapter 28
Windows XP as an E-mail Client
3. In the E-Mail Servers window, enter the type (HTTP, POP3, or IMAP4) and name of the incoming and outgoing e-mail servers that handle your e-mail.The addresses may be the same.This information is obtained from your ISP. 4. If your ISP does not use SPA—most ISPs do not—click Log On Using and enter the e-mail account name and password you use to log in to your ISP’s mail server to send and receive e-mail.Your e-mail account name might also be referred to as User ID, Member ID, or User Name; it is usually the name used to start your account. If your ISP uses SPA, click Log On Using Secure Password Authentication (SPA), and then click Next.You will then enter your e-mail account name every time you log in to the mail server.This information is obtained from your ISP. At this point, you should be ready to connect to your ISP and start sending and receiving messages. Note Outlook Express can also be used as a mail-only client for Microsoft Exchange Server 5.5 or Exchange 2000 Server. For the configuration options, contact your Exchange Administrator.
Multiuser Support As part of the Windows XP built-in security features, each user has a separate profile. Profiles enable multiple users to use the same Outlook client and maintain separate mail stores, settings, and address books. As long as each user logs in to Windows XP and Outlook, his or her mail, settings, and address book configuration information are stored in the %systemdrive%\Documents and Settings\%username%\Application Data folder. Whenever a new user wants to log on, the current user simply logs off from the Start menu, and the new user logs on and automatically receives his or her personal mail folders, address books, mail, and news configuration. Tip Although Outlook Express enables you to configure multiple mail accounts, users can still access each other’s messages. For more privacy, format your computer’s drives with New Technology File System (NTFS) and create a separate user account for each user. This forces Outlook Express to store each user’s files in his or her own profile folder.
Address Books An address book is a list of names, usually with e-mail addresses, that you can select from when addressing your e-mail messages. Outlook Express stores all its addresses in the
Configuring E-mail Access
Windows Address Book. However, Outlook 2002 users can access three or more address books.The following are a few of the address book types available in Outlook 2002: n
Personal Address Book. A holdover from the older Microsoft e-mail clients, this was the only address book available in MS Mail and Exchange.This address book is stored on your PC and is not installed by default during a new Outlook 2002 installation. If you are upgrading from an older Microsoft client, this feature is installed, but you are given the option to migrate your old addresses into the Outlook Address Book.You shouldn’t need to use a personal address book anymore.They are still around only because previous versions of Outlook did not support personal distribution lists, and they would have to be stored here.
n
Outlook Address Book. The default address book installed with Outlook 2002 includes all your contacts and enables you to configure personal distribution lists.
n
Global Address List. Available only to those users who have access to an Exchange server, this common address book contains individual e-mail addresses as well as distribution lists.The company mail administrator typically maintains it, and the average user cannot make changes to it.
Note The Windows Address Book used in Outlook Express is not directly accessible from Outlook 2002. To use it with Outlook 2002, you must import the contents of the Outlook Express address book into one of the Outlook 2002 address books.
Address books can be tricky for users of Outlook 2002, mainly because there can be so many choices. Just remember that the Global Address List is common to all users and is controlled by the Exchange Administrator, whereas the Outlook Address Book and Personal Address Book are controlled by individual users.
Directory Services You can use directory services to search for users on the Internet or in an Active Directory domain. Directory services run on servers located on your network or a public server on the Internet that you can use to locate someone if you know his or her name but not the e-mail address. Directory services follow the LDAP standards that define a common format for electronic directories. To locate someone in Outlook Express, choose Edit, Find People from the main menu to open the Find People dialog box. Click the Look In drop-down list to select from your address books or one of the preconfigured LDAP servers (see Figure 28.3). Tip You can add LDAP servers to search for contacts by using the Tools, Accounts command in Outlook Express or Outlook 2002.
649
650
Chapter 28
Windows XP as an E-mail Client
Figure 28.3 Outlook Express LDAP search options.
Enter the name you are looking for and then click the Find Now button. Notice that the search also returns names similar to what you are looking for. If you want to add the resulting name to your address book, select the name and then click the Add to Address Book button. All the information available for that person on the LDAP server is written into your address book. How much information you get varies; it can be limited to only a name and an e-mail address, or it could include a street address, telephone number, and other miscellaneous information.
Customizing and Configuring Your Messages The Outlook e-mail clients offer a lot of flexibility in formatting your messages. Outlook Express supports both plain text and HTML; Outlook 2002 supports those options and adds support for Rich Text Format (.rtf files) and Microsoft Word document formats. Different tools are available on the Format menu and the Formatting toolbar, depending on what option you select. You have the option of setting a default mode for all messages, which you can override for selected users by choosing the Text-Only option in the address book.Text-only and HTML give you the most compatibility with other users on the Internet. Selecting HTML opens up a lot of options for formatting e-mail messages.You can use a background from your favorite Web site, or you can even create your own background using HTML.The HTML option also supports preconfigured stationery. Some sample stationery is included with all versions of Outlook, and many Internet sources offer more.To create a message using stationery, select Compose, New Message Using in Outlook Express, or choose Actions, New Mail Message Using in Outlook 2002. The Word option requires that you have Microsoft Word installed on your machine, and for the recipient to read your messages, he or she must have it installed, too.To turn on the Word option, choose Tools, Options from the main menu, and then select the Mail Format tab and change the Send in This Message Format option (or Compose in This Message Format, in Outlook 2002). Notice that this option is called WordMail, and that
Managing and Searching E-mail Folders
there are additional options for selecting predefined templates for use with WordMail. When you turn on WordMail, a hidden copy of Word runs on your machine whenever you run Outlook 2002. If you have a slower machine, you probably don’t want to enable this option. Note All versions of Outlook reply to an incoming message in whatever format it was received as long as that format is supported, even if it is not the default for that user. For example, suppose Gina Graham is configured for plain text only, but you receive a message from her in HTML format. Your reply to her will be in HTML.
Managing and Searching E-mail Folders All Outlook features are organized as folders, and like the folders that you work with in My Computer, most can be copied, moved, renamed, created, deleted, and viewed in different ways.You can also create a series of subfolders to organize your mail into different categories. As is true of everything else in Windows XP, you have several choices for manipulating your folders in Outlook.You can highlight a folder and then right-click it to get a menu of options, or you can select File, Folder from the main menu to get options. Just as you do in My Computer to manipulate files, you can drag and drop messages to various folders. You cannot move the main folders in either Outlook version, but you can copy them. The main folders include Inbox, Contacts, Calendar,Tasks, Notes, and Journal.The Outlook Express folders are stored in .dbx files in your profile folder. In Outlook 2002, your folders are stored in personal folders (.pst), files stored on your PC; if Exchange Server support is installed, all data is stored in your mailbox.The mailbox is physically located on the Exchange server and controlled by your Exchange Administrator. You have the option to designate some or all of the working folders in your Exchange Server mailbox as offline folders (.ost files).This means you can access the data in them even when you are not connected to your Exchange server.This feature is handy for laptop and dial-up users.You can work with your data while offline, and when you reconnect, the information in the folders is automatically synchronized between the server and your machine. Even when you are using a mailbox on an Exchange server, you still have the option of adding personal folders to your local computer.This feature can be handy if you need to offload some of your data from your mailbox onto your PC. Just remember that although your Exchange Administrator backs up and protects your mailbox contents, after you move an item into a personal folder, it is your responsibility to protect it. In addition, items in your personal folder are not available when you are logged in to your Exchange account from a different computer.
651
652
Chapter 28
Windows XP as an E-mail Client
Encryption Because Outlook 2002 has the option to store your information in personal folders (including your e-mail, contacts list, calendars, and so on), there is an additional option for providing password protection for personal mail folders. However, if you forget your password, there is no way to recover the information in the file.This option can be set only during the initial configuration setup of personal folders. If you need to change the options later, you can install another set of personal folders with the changed options and then copy your data from the old folders to the new folders. There are three encryption options for personal folders: n n
n
No Encryption. Does just what it says. Compressible Encryption. Encrypts the file in a format that allows compression if you are using NTFS disk compression. Best Encryption. Encrypts the file using a stronger encryption method. If you are using NTFS disk compression, the file can still be compressed, but to a lesser degree than the Compressible Encryption option allows.
Tip To add extra security for your personal mail folders, format your system drive with NTFS instead of FAT to limit access to your %systemdrive%\Documents and Settings\%username%\Application Data folders.
Searching E-mail Folders in Outlook Express Although it’s nice to have your e-mail client so well organized, it does you no good if you cannot find the information you so carefully stored when you really need it. No matter how much you try to stay organized, sometimes a message gets misplaced.With the Find Message tool in Outlook Express, you can search for a message in a folder and all its subfolders.You can look for a message using any of the following search criteria: n n n n n n n n
Sender Recipient Subject or title of the message Text within the message Attachments Messages within a specified date range Messages in a specific folder and its subfolders Flagged messages
Filtering E-mail
Searching E-mail Folders in Outlook 2002 Because Outlook 2002 is designed to store more data than Outlook Express, it comes with a more sophisticated search tool. Actually, two search utilities are included with Outlook 2002: Find for quick basic searches of the Inbox, and Advanced Find for more sophisticated searches. To use Find, choose Tools, Find from the main menu.The search criteria are limited to information in the From and Subject fields or the message body of messages in the Inbox. To use Advanced Find (see Figure 28.4), choose Tools, Advanced Find from the main menu.With this feature, the search criteria are virtually unlimited.You can search any type of Outlook 2002 data repository for any text, condition, category, size, date, and so on.
Figure 28.4 The Advanced Find feature in Outlook 2002.
Filtering E-mail One of the most powerful features of the Outlook mail clients is the capability to filter incoming e-mail.You can specify, by account, what rules you want applied to your incoming e-mail.These rules let you sort, filter, redirect, and even delete mail before it arrives in your inbox.
Filtering E-mail in Outlook Express Although the e-mail filter included in Outlook Express is not quite as powerful as the Rules Wizard in Outlook 2002, it is still a solid feature that’s more powerful than most other e-mail clients.
653
654
Chapter 28
Windows XP as an E-mail Client
Outlook Express uses a feature called Message Rules (accessed from the Tools menu), which examines all incoming messages and processes them according to rules you configure (see Figure 28.5).This feature enables you to have incoming messages that meet certain criteria sent to the folders you want. For example, you can specify that messages from all individuals using the same e-mail account be delivered to their personal folders, or indicate that all mail to or from a certain person should be automatically routed to a specific folder.
Figure 28.5 The New Mail Rule dialog box in Outlook Express.
Incoming messages can be examined for the following items: n n n n n n n n n n
Recipient Carbon Copy (CC) Sender Subject Presence of an attachment Encrypted Priority Specific words in the message body Mail account to which the message is being sent Message size
You can even choose to have all messages rerouted.You can have any of the following actions performed on the selected messages: n n
Move to a specific folder Copy to a specific folder
Filtering E-mail
n n n n n n n n
Forward to a mail recipient or distribution list Reply to the sender with a file Highlight Flag Mark as read Mark as watched or ignored Do not download from server Delete from server
Most of these rules can also be applied to newsgroup items. For example, you can elect to not download newsgroup postings from certain individuals or postings that contain a certain type of content. In addition, Message Rules has a Blocked Senders option for specifying that all e-mail or news items from a specific e-mail address or domain name be automatically moved to the Deleted Items folder. You can specify multiple filters or rules for incoming messages and change their sorting priorities.To change the priorities by which messages are sorted, click the Move Up or Move Down button in the Message Rules dialog box.
Filtering E-mail in Outlook 2002 Although the Outlook Express Message Rules feature is impressive, it simply cannot match the Outlook 2002 Rules Wizard when it comes to developing complex mail filters.The Rules Wizard is the most advanced e-mail-filtering system available and a musthave for anyone who needs a multiple-level mail filter.This wizard has all the features of the Inbox Assistant in Outlook Express and the following additional capabilities: n n n n n n n n n n
Operate on sent and received messages Automatically assign categories to messages Assign different colors and shading to messages Notify the user when a message of a certain priority arrives Filter with specific words anywhere in the message Filter with attachments Filter within a specific date range Use a predefined Junk Mail Senders list Use a predefined Adult Mail Senders list Right-click on an incoming message and add it to one of the predefined lists
655
656
Chapter 28
Windows XP as an E-mail Client
Outlook 2002 also comes with a set of predefined rules you can use.The Filters.txt file in the Program Files\Microsoft Office\Office10\1033 folder contains the text strings Outlook uses to identify spam.You can edit this file to add or change any filter.There are separate sections in this file for general spam and X-rated spam. Of the several ways to create a new rule, one of the easiest is to start from the Organize window, as described here: 1. Highlight a message from a recipient that you want to work with. 2. Click the Organize button, and in the Create a Rule to Move New Messages From drop-down list, select the folder you want to move to. 3. Click the Create button, and the rule is saved. To edit the rule after it is saved, follow these steps: 1. Select the Rules Wizard from the Organize window, or choose Tools, Rules Wizard from the main menu. 2. In the Rules Wizard, highlight the rule and click the Modify button. 3. Make any necessary changes. In this case, you are not creating a new rule or checking anything else, so click Next twice. Because computer news ages fast, you might want to be notified if, for example, you didn’t read your copy of the Windows XP newsletter for 10 days.To do so, follow these steps: 1. In the main Outlook window, right-click the message containing the newsletter. 2. In the Rules Wizard window, select the check box for WinXPnews. Click Next. 3. When prompted to decide what you want to do with this message, select the Flag Message for Action in a Number of Days check box (see Figure 28.6). 4. At the bottom of the Rules Wizard window, click the Action in a Number of Days link, fill in the number of days in the Flag Message dialog box, and then click Next. 5. Because there won’t be any exceptions, click Next again. Now you can review the rule to make sure it is what you want. If it is, click Finish to save it. Be careful how you use rules—even the predefined ones—especially when you choose automatic deletion.They are not 100% reliable and can sometimes filter out messages you want to receive.
Creating Calendars
Figure 28.6 Creating a rule to flag incoming messages for follow-up.
Creating Calendars Up to this point, you have learned about the e-mail features available in both Outlook versions for the Windows XP platform. From here on, you discover the features in Outlook 2002 that leave Outlook Express in the dust. Most people think of Outlook as an e-mail program only, and a surprising number of people use only its e-mail features. However, they are ignoring a powerful integrated PIM or, as Microsoft prefers to call it, a Desktop Information Manager (DIM). The heart of any good PIM (or DIM) is the calendar. In Outlook 2002, the look of the calendar program is straightforward. It is designed to look like pages in those paper planners most of us cannot live without. However, if you want or need a different view, you can customize the calendar to look just about any way you want it to.The standard views for the calendar are viewing your schedule by month, day, five-day week, or sevenday week.You can also create custom views to display your calendar with a week of any number of days, change the start day of your week, and adjust your workday.To configure these options, choose Tools, Options, Preferences, Calendar Options from the menu. The best feature of Outlook 2002 has to be the Outlook Today window (see Figure 28.7).This default window displays a summary of not only the day’s schedule, but also other upcoming appointments and tasks. It shows the importance flags, too, so you can see at a glance what you need to do and which items have priority. It also shows the number of unread messages in your inbox and provides a search field for locating your contacts.
657
658
Chapter 28
Windows XP as an E-mail Client
Figure 28.7 The Outlook Today window, showing a summary of schedule and tasks.
Outlook treats holidays as all-day events or appointments.You have the option to show your time as busy, free, or tentative. Outlook comes with a selection of predefined holidays specific to various countries or religious groups.To configure these options, choose Tools, Options, Preferences, Calendar Options, Add Holidays. You can select more than one set of holidays, if you want. However, if some of the holidays are the same in both sets (Christmas Day, for example), several identical events show on the same day.To prevent this, you can create your own set of holidays for Outlook to use. Outlook stores predefined calendar holidays in Outlook.txt, a plain text file located in the Program Files\Microsoft Office\Office10\1033 folder.The Outlook.txt file lists holidays in the following format: [Country] ### Holiday description, yyyy/mm/dd Holiday description, yyyy/mm/dd
In this format, ### is the total number of holidays listed for a particular country. Note that there is a space between the closing bracket and the number. On each holiday line, there is a comma and a space between the holiday description and the date. For example, a file might look like this: [United States] 3 Independence Day, 2004/07/04 Thanksgiving Day, 2004/11/24 Christmas Day, 2004/12/25
Handling Appointments
Outlook.txt is a read-only file, so before you start editing, make a backup copy and remove the read-only attribute.To minimize editing, it would probably be best to copy the section of the file with the majority of the dates you need, and then just add or subtract entries. Give the section a new name, update the number of entries, and you are done.The next time you run Outlook, you can add the new custom holidays to your calendar.
Handling Appointments After you have created the calendar, you need to fill it with information.The calendar offers three major types of events: meetings, appointments, and events. An event is an allday occurrence that does not have a set start time and during which you might be busy or not—such as a holiday or birthday. An appointment is something that you generally must attend; it has a scheduled start and end time, and by default, between those times your schedule shows you as busy. A meeting is similar to an appointment, but is scheduled by a central person who sends out invitations and keeps track of the responses. The procedures for creating events and appointments are similar: 1. In Calendar view, select the month and day for which you want to schedule an appointment or event. 2. Double-click next to the time at which the appointment is scheduled to begin. 3. When the Appointment dialog box opens (see Figure 28.8), fill in the information that identifies your appointment. 4. Click the Save and Close icon, and the appointment is posted to your calendar.
Figure 28.8 The Appointment dialog box, showing an appointment to be posted to the calendar.
659
660
Chapter 28
Windows XP as an E-mail Client
Pay close attention to the Appointment dialog box; you use the same window to enter meetings, appointments, and events.The only differences are the options you select.To make an appointment an event, click the All Day Event check box.To make an appointment a meeting, select Attendee Availability and add the names of people you want to invite to the meeting.The calendar automatically sends an e-mail message to the people you want to include in your meeting. If you cancel the meeting, you can use this function to send a cancellation notice. Outlook has a powerful but largely overlooked feature for converting one type of entry into another simply by dragging and dropping. For example, if someone sends you a message suggesting that you meet for lunch, you can drag that message and drop it on your Calendar folder. It opens the Appointment dialog box with the subject filled in and the text of the message displayed. Just set the date and time details, and save. In addition, it works the other way around: Dragging an appointment, task, or note to the inbox creates a new message and inserts the subject and text for you.
Building Outlook Applications Outlook 2002 is a powerful application. However, Microsoft has made it extensible, in that you can build applications based on the Outlook engine. Outlook includes a form development environment so that users can use its drag-and-drop capabilities to add custom fields to forms. Outlook also supports VBScript, a subset of Visual Basic that enables Outlook developers to add custom functionality (such as accessing a database, hiding controls, and so on) to any Outlook form. Outlook events are made available through VBScript, so developers can control Outlook forms and actions. Outlook supports events such as when an item opens, when an item is saved, when a user changes a property (such as subject or categories), and when an item is read. Outlook also supports ActiveX controls in custom forms.This means developers can take advantage of thousands of third-party controls in their Outlook applications.VBScript is included with Windows XP. Instructions on how to build a full-blown Outlook application would fill a book, and quite a few books are already available. (See the section “For More Information” at the end of this chapter for details.) In this section, you see how to make some small changes to an existing form to introduce the Outlook 2002 forms development environment. For example, say you want to build a small customer-tracking system using Outlook.The basic Outlook Contact form has some of the information you want but has more fields than you need.You can use the Contact form as a base and modify it to suit your needs. To get into the development environment, choose Tools, Forms, Design a Form from the main menu. Notice that you have the option of looking in several form libraries and all your Outlook folders. Select the Contact entry, and then click the Open button to open the form in Design mode (see Figure 28.9).
Integrating Newsgroups and Mailing Lists
Figure 28.9 Designing a custom Contact form.
To get rid of the fields you don’t want, select them and press the Delete key.To move the remaining fields around, just click to select them, and then drag and drop.You can also resize the fields by selecting and dragging the corners.To add fields, you can select predefined fields by clicking on them in the Field Chooser dialog box.You can also add text and other controls to the form from the Toolbox.To access the Toolbox, choose Form, Control Toolbox from the main menu. When you have added and positioned everything, save the new form, and then choose Form, Run from the menu.You can fill in the form and save it in your Contacts list.You can also create a new Contacts folder in which to save all your custom forms. .
For more information on VBScript and scripting on the Windows XP platform, see Chapter 21, “Scripting and Automation,” p. 457.
Integrating Newsgroups and Mailing Lists The Outlook Express Newsreader is used to access newsgroups. A newsgroup is like a public bulletin board (or a private one, if a newsgroup is posted on your intranet). Users can post messages, and download and read messages from other users.You configure the Newsreader with the Internet Connection Wizard, and you need most of the same information you used to configure your e-mail account as well as the name of the news server you want to connect to. (See the section “Configuring E-mail Access,” earlier in this chapter.)
661
662
Chapter 28
Windows XP as an E-mail Client
Newsgroups After you have configured the Outlook Newsreader and made your initial connection to the news server, you are prompted to download the list of available Usenet groups. Literally thousands of groups are available, and more are added every day.The topics range from quantum physics to reruns of Gilligan’s Island. Microsoft, Symantec, Netscape, and other companies are setting up their own news servers to deliver tech support and service to customers. If you want to find out what other people think of a product you’re about to purchase, check the company’s news server or one of the Usenet public newsgroups.To search newsgroups for a specific topic, choose Tools, Newsgroups from the Outlook Express menu to open the Newsgroup Subscriptions dialog box (see Figure 28.10). Enter your search argument text (which is not case sensitive) into the Display Newsgroups Which Contain text box to find the word or words in any part of the newsgroup name.
Figure 28.10 The Newsgroup Subscriptions dialog box showing a newsgroup search.
In the Newsgroup Subscriptions dialog box, you can subscribe or unsubscribe to newsgroups, review a list of your subscriptions, and view a list of newsgroups that have been added since the last time you downloaded the list.You can go directly to a newsgroup by highlighting it and clicking the Go To button. To view a newsgroup, double-click the newsgroup name in the left pane to download the message headers and display them in the upper-right pane.To view a message, double-click it to download and display it in the lower-right pane. By default, the Newsreader downloads only message headers, which is often helpful because some newsgroups are heavily used and the number of messages can get quite large.You have the option of selecting one message at a time or marking a group to be downloaded.
Integrating Newsgroups and Mailing Lists
The feature set in the Newsreader is similar to the Outlook Express e-mail client.You are given the following options: n n n n
Compose Messages Reply to Group Reply to Sender Forward Message
The editor you use to compose responses is the same editor you use for e-mail, so it includes the same features (spell checker, HTML support, and so on). It also offers a Find Message feature and even a News Rules feature, similar to the Message Rules feature discussed earlier.You can use the News Rules feature to configure rules that will block postings according to the following criteria: n n n n n
Newsgroup or server Sender Subject Message size Age of message
After the newsgroup posting is identified, any of the following can be done automatically: n n n n n n
Delete Highlight with color Flag Mark as read Mark as watched or ignored Mark for download
Unfortunately, when you post to a newsgroup, your e-mail address is displayed.This is where some spammers get names to add to their mailing lists.They have computer programs that can pull your e-mail address from the messages you send.To make it more difficult for them, highlight the name of your news server in the left pane and select Properties. Insert illegal characters or spaces in the e-mail address field listed under User Information. If a legitimate user wants to reply to you, he will recognize what you have done and remove the extra characters; however, the automated programs cannot do that. This method doesn’t offer a lot of extra protection from spam, but every little bit helps.
Mailing Lists Mailing lists represent another informational offering available on the Internet. However, instead of having to use the Outlook Newsreader to sort through a newsgroup’s
663
664
Chapter 28
Windows XP as an E-mail Client
messages, you can read messages from a mailing list directly from your inbox.This is how it works: Someone on the Internet sets up a program called a listserver, which accepts subscription requests and sends updates to subscribed users at a predefined time, usually daily. Here are a few common commands used with listservers: n n
n
To join: Send a message with the word “Subscribe” in the body of the message. To leave: Send a message with “Unsubscribe” or “Remove” in the body of the message. To list commands: Send a message with “List” in the body of the message.This returns a message to you with a list of all possible commands.
Like newsgroups, literally thousands of listservers are available, covering every topic you can think of. Most listservers use the common commands, but you must be aware of individual differences. Some listservers allow you to contribute messages just like a newsgroup, whereas others are informational only. To keep track of your subscriptions, create a folder in Outlook to store the mailing list introductory messages that you receive after joining a mailing list.This message tells you how to unsubscribe, contact the list administrator, and so on. On occasion, some listservers lose their subscription lists, and you must subscribe again. In addition, you might need to leave the list while you are on vacation, a business trip, and so on, or you might just lose interest after a while. Some of these lists can fill your inbox with a lot of information in a very short time. For a directory of some sample listservers, go to http://www.lsoft.com/.
Troubleshooting E-mail Problems E-mail is a great feature, but it’s not so great if it doesn’t work.The following sections summarize some common e-mail problems and explain which areas you should check to fix them.
E-mail Messages Stay in the Outbox If you edit a message in the Outbox, you must explicitly click Send from within the message to send it.To check, notice that messages that are queued to be sent are located in the Outbox folder and shown in italics. If an outgoing message is not italicized, open it and click Send again. Make sure you have an address book entry for the recipient if the message was addressed to an alias.This should never be a problem, but sometimes it does sneak through. If only one message is stuck, delete and re-create it.
Third-Party E-mail Tools
Also, if you want to forward a message in a private folder, the message is sent to that folder instead of to the recipient.To send to the recipient, choose Options, Have Messages Sent To from the menu, and then select the Sent folder.Your message can now be sent.
General Problems Sending E-mail For general problems sending e-mail, try the following solutions: n
Check your modem and telephone line for proper operation (see Chapter 17).
n
Check your broadband connection for proper operation (see Chapter 17). See if you can ping your e-mail provider. Reboot your PC and your modem (if it’s external)—a simple solution, but sometimes it’s all that’s needed.
n n
n
Send the problem e-mail using another e-mail program. If you are using Outlook 2002, try Outlook Express.
n
Reinstall the current Windows XP service pack.This solution has fixed a lot of strange problems, not just e-mail-related ones.
n
Install the latest Outlook version or patches. If all else fails, uninstall and reinstall your version of Outlook.
n
Corrupted E-mail Some of your e-mail might appear corrupted, or your inbox might appear to be empty. Try the following tips to determine the problem: n
Run Chkdsk against the drive where your e-mail is stored.You might be having a disk problem.
n
Verify that your virus software is compatible with XP and your version of Outlook. Some older versions of virus software have been known to corrupt Outlook files.
n
Check for viruses. Some viruses specifically target Outlook because it’s the most common e-mail client.
Third-Party E-mail Tools Although the various versions of Outlook are capable applications by themselves, you can always make a good thing better. Because of the popularity of Outlook, a number of add-on products are available.The following list describes some of the better third-party e-mail tools we’ve found:
665
666
Chapter 28
n
n
n
n
n
n
n
Windows XP as an E-mail Client
Address Book Swapper. This tool, for use with Outlook Express, enables you to switch between and add address books without having to restart Outlook.You can also open, view, and edit multiple books; drag and drop entries; and remove books when they are no longer needed. For more information or to download Address Book Swapper, visit http://www.ofori-boateng.clara.net/ethereal. Attachment Options. This shareware add-in for Outlook 2002 provides a GUI interface for configuring which attachments are blocked. Additionally, it can be configured to read incoming HTML e-mail as plain text, which can reduce your exposure to e-mail viruses and worms. Attachment Options is available from Slovak Technical Services at http://www.slovaktech.com/ attachmentoptions.htm. MAIL SPY. This tool enables you to monitor your e-mail for an important message without interrupting your work to check your inbox.Tell this free utility how often to look, and it dials up your mail server in the background, checks for new mail, and notifies you when new messages arrive. For more information or to download the program, visit http://www.saberquest.com. MsgParse. This powerful utility for processing your e-mail enables you to transfer data from your e-mail to other applications. It pulls data from e-mail based on user-defined parameters and exports the messages to a plain file configured to your specifications and ready to be imported into a spreadsheet, database, or other application. MsgParse supports multiple POP3 accounts or Messaging Application Programming Interface (MAPI) mail clients and features a template creation wizard for ease of use. For more information or to download MsgParse, visit http://www.cypressnet.com. Outlook Express Mail Manager. This tool sets up and configures multiple dialup networking connections, address books, mailboxes, signature files, and many other items used by Outlook Express. It enables you to easily manage multiple e-mail accounts. For more information or to download it, visit http://www.ofori-boateng.clara.net/ethereal. InvisiMA. This e-mail service provides digitally signed, encrypted, and virusscanned e-mail. InvisiMA is completely transparent, quietly monitoring your incoming and outgoing e-mail messages and automatically encrypting and decrypting them using the appropriate public keys.You can add keys to your database as needed, and InvisiMA automatically adds the right key to each message you send. InvisiMA uses worldwide strong encryption that is not subject to U.S. government regulation.You can access your e-mail from any popular client or via a Web browser. For more information, visit http://www.invisimail.com. R-Mail. This shareware tool for Outlook Express restores accidentally deleted messages or recovers damaged .dbx files.You can download R-Mail from the R-tools Technology Web site at http://www.r-tt.com/RMail.shtml.
For More Information
n
Talking Email. This utility notifies you when you’ve received e-mail and can read the message to you. In addition, you can enable talking animated characters, such as E-Man. Additional features include Talking Clock and Talking Reminders. It supports plain text, HTML, and .RTF formats. For more information or to download a demo, visit http://www.4developers.com/talkmail/ index.htm.
For More Information If you are interested in finding out more information about Outlook Express and Outlook 2002, consult the following references: Web Resources n
Microsoft Outlook Express home page: http://www.microsoft.com/ Windows/oe/.
n
n
n
Microsoft Outlook home page: http://www.microsoft.com/office/ outlook/default.htm. Slipstick Systems has one of the best third-party Web sites covering Outlook solutions: http://www.slipstick.com/. Woody’s Office Watch publishes several free weekly newsletters that cover all the Office products and Windows versions. Sign up at http:// www.woodyswatch.com/index.asp.
Books n
Barich,Thomas. Outlook 2002:The Complete Reference. Osborne McGraw-Hill, 2001. ISBN: 0072132744.
n
Boyce, Jim. Microsoft Outlook Version 2002 Inside Out. Microsoft Press, 2001. ISBN: 073561282X.
n
Byrne, Randy. Building Applications with Microsoft Outlook 2002. Microsoft Press, 2001. ISBN: 0735612730.
n
Courter, Gini. Mastering Microsoft Outlook 2002. Sybex, 2001. ISBN: 0782140017. Dyszel, Bill. Microsoft Outlook 2002 for Windows For Dummies. John Wiley and Sons, 2001. ISBN: 0764508288.
n
n n
Mosher, Sue. Microsoft Outlook Programming. Digital Press, 2002. ISBN: 1555582869. Padwick, Gordon. Special Edition Using Outlook 2002. Que, 2001. ISBN 0789725142.
667
29 Internet Services from Windows XP Professional
W
INDOWS XP PROFESSIONAL CAN FUNCTION as a Web server and offer custom content to an intranet or the Internet. It offers an easy way for small businesses and home offices to publish content on the Internet or on an intranet.Windows XP Professional running Internet Information Services (IIS) can host a Web site, but because of some of the limitations discussed in this chapter, it is more commonly used as a development environment and test bed.This chapter covers IIS along with basic Web creation, tools, and troubleshooting.
IIS Limitations and Options in Windows XP Although Windows XP Professional uses IIS as its Web server, the product is limited to 10 simultaneous connections.The Windows XP Professional End User License Agreement (EULA) states: You may install, use, access, display and run one copy of the Product on a single computer, such as a workstation, terminal or other device (‘Workstation Computer’). A ‘License Pack’ allows you to use, access, install, display, and run additional processors at one time on any single Workstation Computer.The Product may not be used by any more than two processors at any one time on any single Workstation Computer.You may permit a maximum of ten (10) computers or other electronic devices (each a ‘Device’) to connect to the Workstation Computer to utilize the services of the product solely for file and print services, Internet Information Services, and remote access (through connection sharing and telephony services).
670
Chapter 29
Internet Services from Windows XP Professional
That means IIS on Windows XP Professional cannot legally support more than 10 visitors at a time; this user connection limit is built into IIS and cannot be modified. A second limitation is that a workstation running Windows XP Professional and IIS can host only a single Web and File Transfer Protocol (FTP) site. If you need multiple sites, you can achieve this functionality only by upgrading to Windows Server 2003. Keep in mind that Microsoft specifically limited the design and capabilities of IIS to force Web site developers to use the Windows Server 2003 platform to host Web sites of consequence.Therefore, you’ll find that IIS on Windows XP Professional is useful for small intranets and site development, but is not as useful a Web host as Windows Server 2003 is for Internet sites. The Windows XP Professional initial setup enables you to install the IIS 5.1 version included on the distribution CD. IIS, designed for use on Windows XP and Windows .NET, is primarily a Web and an FTP server.This means you can host Web pages and FTP sites that users elsewhere on the network can access.When a Windows XP Professional system hosts IIS, you can also take advantage of the security and access controls inherent to Windows XP Professional. Some of the features, capabilities, and benefits of IIS 5.1 include the following: n
HTTP 1.1 support, which adds pipelining, persistent connections, chunked transfers, and proxy support to Web document distribution
n
Flexible management and administration tools Content control based on users and groups Support of 128-bit encryption Microsoft Management Console (MMC) Activity logging Content expiration settings Custom error messages Access control based on IP addresses, domains,Windows XP authentication, and NTFS permissions
n n n n n n n
Internet Information Services (IIS) IIS 5.1 is included with Windows XP. It replaces the Personal Web Server that was included with previous versions of Windows. It provides basic Web server functionality, including WWW, Network News Transfer Protocol (NNTP), FTP, and Simple Mail Transfer Protocol (SMTP) services. Although it is not installed by default, it can be installed by using the Add/Remove Programs applet in Control Panel. (Not all components of IIS just listed are installed; you might need to revisit the Control Panel applet after the service is installed to add components.) Before you install the service as well,
Internet Information Services (IIS)
keep in mind that configuring a workstation as a Web server could mean a decrease in performance, depending on usage. Be sure to take a look at your current hardware to ensure that the workstation can perform under the expected load.You might want to consider upgrading the workstation before configuring it as a Web server.
IIS Management IIS offers four management and administration tools: the Internet Information Services MMC, the HTML version of the management console, FrontPage Server Administrator, and Windows Host Scripting. You can use the Internet Information Services console (also called the MMC with the IIS snap-in) to create, manage, and administer Web and FTP sites.You can manipulate the virtual structure of a Web or an FTP site from this Windows Explorer–like interface. You can manage the site as a whole or individual folders, virtual directories, and files by opening their associated Properties dialog boxes. (Select the item to be managed and then choose Action, Properties, or right-click the item and choose Properties from the shortcut menu.) The default settings for wwwroot (the default Web site) are adequate for hosting any Web site from Windows XP Professional because XP is not designed to function as a high-end Web server. If you are serious about hosting Web sites, you should upgrade to Windows Server 2003, in which IIS offers a broader range of capabilities without the license restrictions. The Web-based version of the Internet Information Services MMC is useful for performing remote administration of your Web servers across the Internet or intranet. Before you can use the HTML version, you must know the port number assigned to the site.This port number, between 2000 and 9999, is randomly assigned during installation. The FrontPage Server Administrator is a GUI interface used to install, upgrade, verify, and uninstall FrontPage Server Extensions (FPSE).This tool is also used to enable or disable Web publishing for certain users—that is, it determines who can alter Web files. Windows Host Scripting (WSH) is used to run VBScript and JScripts from a commandline or the desktop to perform administrative tasks.
Setting Up a Web Site with IIS IIS is an easy-to-use Web server. After it is installed, all you need to do is drop your Web documents into the proper folder, and they are instantly accessible to Web clients.The default IIS installation puts the main service files in the \Windows\System32\Inetsrv folder.The installation process creates a new root-level folder called \Inetpub.The following subfolders reside within this folder:
671
672
Chapter 29
n n n n n n
Internet Services from Windows XP Professional
Ftproot. The root folder for FTP access Iissamples. A Web folder hosting a sample Web site Scripts. The scripts folder (also known as cgi-bin) AdminScripts. A folder containing VBScripts for managing IIS Mailroot. A folder for sending and receiving mail Wwwroot. The root folder for Web access
The wwwroot folder contains the following subfolders: n
_private, _vti_bin, _vti_cnf, _vti_log, _vti_pvt, and _vti_txt. These special FrontPage folders are used only if FPSE is installed on the Web server.The _private folder is used to house files that should be hidden from users but retained on the Web site.The _vti folders are all FPSE special-use folders.
n
cgi-bin. This is another scripts folder for the Web site. Images. This subfolder contains graphics used in the Web site.
n
You can use the directory structure that the installation routine creates, or you can use your own. However, if you create a custom layout, be sure to define it in the Internet Information Services MMC.This procedure mainly involves defining virtual directories (discussed later in the “Creating Virtual Directories” section) to folders located outside the wwwroot folder. Serving Web pages from IIS requires a TCP/IP network connection to an intranet or the Internet (or both). Because IIS can host only a single Web site, it automatically uses any or all IP addresses assigned to the host Windows XP Professional system.Therefore, users accessing the Web site with a NetBIOS name, an IP address, or even a domain name (assuming DNS is present) can access the Web site. By default, anonymous Web access is enabled. IIS uses a special user account to grant anonymous access to hosted Web sites.The IUSR_<systemname> account is granted Read and Scripts privileges to the wwwroot, ftproot, and scripts folders.To prevent anonymous access and to require enumerated user accounts to gain access to the Web site, from the Web sites folder in the Internet Information Services MMC, change the Web site’s Authentication Methods configuration by clicking the top Edit button in the Directory Security tab of the Web site’s Properties dialog box. Serving Web pages from IIS is almost too simple. All you need to do is place the Web documents in the correct folders and make sure the initial document name is correct (Default.htm, by default).That’s it. Obviously, more complex layouts and dynamic content creation require additional settings, administration, and add-on products. If you are going to deploy a Web site, you should deploy it on a Windows Server 2003 system and reserve use of IIS on Windows XP Professional as a development platform (if at all).
Creating and Managing Content
Creating and Managing Content After IIS is installed, you might want to organize and manage your Web content.Web content can be placed in the default folder (wwwroot) or in virtual directories. (If you are running IIS on Windows Server 2003, you can also create virtual servers.) After organizing the Web content, you can use one of the administrative tools to perform tasks such as configuring directory security and permissions.You can configure parameters at the Default Web Site level so that settings apply to all virtual directories, or you can configure virtual directories individually.
Creating Virtual Directories Web content can be organized into virtual directories, which allow you to publish content that is not stored in the wwwroot directory.The virtual directory is assigned a userfriendly alias name for users to access the directory from a Web browser. From the user’s point of view, it appears as though the content is physically stored on the Web server, but the content could be stored on a remote workstation as well on the Web server. You can create virtual directories by using the Internet Information Services MMC to perform these steps: 1. Click Start, Control Panel, Administrative Tools, and then click Internet Information Services. 2. In the Internet Services Manager, expand the server name by clicking the plus sign. 3. In the left pane, right-click Default Web Site, and then choose New,Virtual Directory from the shortcut menu. 4. When the Virtual Directory Creation Wizard appears, click Next. 5. In the Virtual Directory Alias window, enter a name for the virtual directory, and click Next. 6. In the next wizard window, click the Browse button to find the folder you created to hold the Web content, and then click Next. 7. In the final window, Access Permission (see Figure 29.1), select any options you want to run—for example, Read and Run Scripts (such as ASP). Click the Finish button. When configuring permissions on a virtual directory, you can allow or deny the following: n n n n n
Read access Run scripts Execute Write access Browse
673
674
Chapter 29
Internet Services from Windows XP Professional
Figure 29.1 You can configure virtual directory access settings in the Virtual Directory Creation Wizard.
By default, the Read and Run scripts permissions are enabled on virtual directories.
Managing Virtual Directories After a virtual directory is created, it can be managed through the Internet Information Services MMC (or through Windows Host Scripting or the HTML console). If you do not configure the properties for a virtual server, they are inherited from the Properties dialog box for the Web site. (See the following section, “Managing the Default Web Site,” to configure a Web site’s Properties dialog box.) To manage a virtual directory, right-click the directory under the Default Web Site item and click Properties to open the Properties dialog box shown in Figure 29.2.
Figure 29.2 You can configure where Web content comes from and what application is used to view it via the virtual directory’s Properties dialog box.
Creating and Managing Content
Configurable items in the various tabs of the virtual directory’s Properties dialog box include the following: n
n
n
Virtual Directory. In this tab, you can change the path to the content and change the permissions on the virtual directory. Documents. In this tab, you define the default Web page displayed on the site and add a footer to the site’s document. Directory Security. In this tab, you configure anonymous access, authentication, IP address and domain name restrictions, and server certificates.
n
HTTP Headers. In this tab, you can enable and configure content expiration, create custom headers, configure a rating for the Web site’s content, and configure additional MIME types.
n
Custom Errors. In this tab, you can customize the HTTP errors that Web clients receive when errors occur.
Managing the Default Web Site You can also manage the default Web site. One of the first things you might want to do is rename the site by right-clicking Default Web Site in the Internet Information Services MMC and clicking Rename on the shortcut menu. The Default Web Site Properties dialog box displays several tabs. In addition to those described in the previous list (except the Virtual Directories tab), the Default Web Site Properties dialog box includes the following tabs (see Figure 29.3): n n
Server Extensions. This tab lists the server extensions installed. Web Site. You can assign an IP address to the Web site and change the default port number. Using this tab, you can also configure connection settings and enable logging.
n
ISAPI Filters. This tab lists the filters enabled for the Web site and allows you to change the order in which they are executed.
n
Home Directory. This tab enables you to change the location of the Web site’s home directory and configure directory permissions.
675
676
Chapter 29
Internet Services from Windows XP Professional
Figure 29.3 The Default Web Site Properties dialog box enables you to configure items such as IP address, port number, and timeout and logging settings.
Tools for Web Success If you are sticking with IIS on Windows XP Professional as your Web host, you can use a handful of other Microsoft products, described in the following sections, in your Web development process.
Microsoft Office As a power user, you are probably familiar with the Microsoft Office suite of productivity applications:Word, Excel, PowerPoint, Access, and Outlook.With the release of Microsoft Office XP, Microsoft Office productivity applications now include Internet capabilities. For the most part, this means you can export Microsoft Office data into a Web document–compatible form (typically, .htm files).This integration can enable nonHTML programmers to quickly publish Office documents to the Web with little more than the Save As command. Office documents need not be converted or saved to HTML format to be distributed on the Web. Internet Explorer 5.x includes components that can read and display Office documents in its display window. Netscape Navigator supports several plug-ins that perform the same function. In addition, even if a visitor does not use a browser that can display Microsoft Office documents, Microsoft offers downloadable document viewers at http://officeupdate.microsoft.com/index.htm.
Static Versus Dynamic Content
FrontPage FrontPage is a multifunctional Web site creation and management utility. It is considered an integral part of the Web-production environment from Microsoft that includes IIS and Microsoft Office. FrontPage is a full-featured What You See Is What You Get (WYSIWYG) Web document editor that can modify existing materials or create new documents and sites. In addition to Web document authoring, FrontPage is a rich administration and management utility. It can be used to automate content creation, verify hyperlinks, integrate Web technologies, create push channels, track tasks for multiple authors, remotely administer sites, publish materials from development to production sites, and more. FrontPage is designed for the non-programmer as well as the Web expert and offers capabilities to simplify Web development and publishing on many levels.With the use of FrontPage Server Extensions, IIS (and other Web servers) can add several FrontPageexclusive features to your Web sites.
Visual Studio Visual Studio is Microsoft’s premier developer tool suite for creating applications for intranet deployment.This professional programmer-grade suite includes Visual Basic, Visual C++,Visual FoxPro,Visual InterDev,Visual J++,Visual SourceSafe, and the Microsoft Developer Network (MSDN) Library. If you are creating a Microsoft network solution, this is the only programming suite you’ll ever need.When combined with SQL Server and other Microsoft BackOffice products, there is nothing you cannot accomplish.
Site Builder Site Builder is a tool that comes with Content Management Server. It’s basically the interface for managing files in a content management server environment. If you’re running Content Management Server, the Site Builder tool needs to be installed to actually work with and edit files.The reason is that Content Management Server puts all Web files in an SQL database, so there are no physical directories. Site Builder uses a Windows Explorer–type interface for editing files.You can use this interface to, for example, set permissions and configure when pages should be shown on the Web site.
Static Versus Dynamic Content Content is the core of the Web.Without content, there would be no purpose for the Web’s existence and no reason to visit it. Fortunately, there is content—lots and lots of content (often too much).The value of content lies in its applicability, its timeliness, and its accessibility. On a basic level, all content on the Web can be divided into two categories: static and dynamic. Static content does not change; dynamic content does.
677
678
Chapter 29
Internet Services from Windows XP Professional
Static content includes Web documents (typically, plain HTML) and their related objects (text files, graphics, sounds, movies, and so on) that do not change. By change, we mean that the information, data, or entertainment presented is hard-coded into the files and, therefore, is always the same.The only way static content changes is if the author makes physical changes to the files or replaces the existing files with new ones. Static-content Web sites, the most common type, are the easiest to create.They involve little beyond a basic knowledge of HTML and directory structures. Dynamic content is any information, data, or entertainment that changes based on any number of variables, such as the identity of the user, browser type, time, date, speed of connection, level of security access, server load, user input, available database information, and so on. Anything that could be used as a variable to present content can be and is being used somewhere on the Web. Dynamic Web sites are not always (and actually rarely are) 100% dynamic. Most often, a dynamic object or component is added to a static document. Some common added objects include counters, timestamps, chat applications,ToolTip-type pop-up messages, and mouseover animation. Add forms, background CGIs, JavaScript flourishes, and Java applets—all are characteristics added to static documents to hide their staleness. True dynamic content is created on-the-fly each time a user visits. A database is often used to provide content with Active Server Pages (ASP) or common gateway interface (CGI) scripts used to manage layout. Creating a fully dynamic Web site is not a simple task. It requires extensive knowledge of Web communications, CGI scripts, databases, and programming, often in multiple programming languages—Perl, ASP, Dynamic HTML (DHTML), cascading style sheets (CSS), Java, JavaScript, Extensible Markup Language (XML),Visual Basic,Visual C++, and so on.The benefits of dynamic content are relevance, timeliness, and user-specific displays. IIS can host both static and dynamic content. Some functions of dynamic content, however, require additional third-party products. Generally, dynamic Web sites are hosted from Windows Server 2003 using IIS because it includes several more dynamic-oriented services, such as Index Server, Site Server, and Certificate Server.
Push Versus Pull Publishing Push publishing is a method of distributing content to users automatically. It is different from standard methods in which users must visit a site to obtain content (called pull when discussed with push). Push publishing focuses on reducing users’ time spent locating relevant content by preloading their computers with data. Often-visited sites are much easier to visit if they are sitting on your local hard drive instead of having to access them over a clogged Internet or a slow connection. Push publishing comes in two forms.The first is a true push, in which a Web site sends out data packets to subscribed users on a scheduled basis.The second is a quasi–push-pull
Personal Web Site Tools
method in which a user uses a client utility that automatically pulls data from a site on a scheduled basis. Either way, the end result is similar: preloaded content. With the ever-expanding content on the Internet and intranets, the concepts developed under the guise of push publishing might evolve into a true timesaving technology. Until then, push publishing offers Internet users with slow connections or limited connection time the ability to preload content during off-hours (such as overnight or while they are at work or home). Preloaded content offers the benefit of instant display, but it has the drawback of being out-of-date within hours or days, depending on the time lag between content download and user review. Any activated links to non-preloaded content use the Internet connection to obtain new data. Preloaded content might not suit your needs if you often stray from the central topic or navigation path of a subscribed site. Push publishing is not limited to preloading Web sites. It can also be used in virus update distribution, software installation, multimedia, user communications, scheduling, and more. As a Web surfer, you can use Internet Explorer 4.0 and later to subscribe to push and non-push channels. A non-push channel is any Web site that you instruct Internet Explorer to download to your local drive on a regular basis.This feature is known as subscriptions. For complete details, view Internet Explorer Help files or the Internet Explorer Web site at http://www.microsoft.com/windows/ie/_default.htm. Microsoft, along with several partners, has developed a standard for creating and distributing push content. It’s called the Channel Definition Format (CDF) and is explained at http://msdn.microsoft.com/library/default.asp?url=/workshop/ delivery/cdf/reference/CDF.asp. Netscape, with other partners, is developing
NetCaster, a rival standard that is not new, but a compilation of existing technologies. It’s described at http://wp.netscape.com/communicator/netcaster/v4.0/. For more information about push publishing, visit the Microsoft and Netscape Web sites to learn more and find examples. IIS can host push channels, but they must be created using FrontPage (98 and later) or another tool. FrontPage creates a subscription service for your Web site (or just a portion of the site) that is sent out regularly to subscribers.You can update and modify the Web site independently of the push channel definition. If your Web site hosts content that is updated regularly, offering a push channel might attract more visitors and doesn’t involve much work.
Personal Web Site Tools Microsoft offers a variety of Web tools that content developers and Web server administrators can use.Two of the most common tools that have already been mentioned are FrontPage and Office XP. Other useful development and administrative tools include the following:
679
680
Chapter 29
n
n
n
n
n
n
Internet Services from Windows XP Professional
Windows Media Services. This tool complements IIS and allows Windows media files (even live stream) to be made available to Web users: http://www.microsoft.com/windows/windowsmedia/default.asp. Visual InterDev. This advanced tool is used to build Web applications: http://msdn.microsoft.com/vinterdev/default.asp. Bcentral. A variety of tools for maintaining Web sites, such as a bad link finder and a spell checker: www.bcentral.ca. Microsoft Publisher. A desktop publishing application with numerous built-in templates and designs geared toward creating printed marketing materials: http://www.microsoft.com/office/publisher/default.asp. Microsoft Visio. This tool provides a way of organizing ideas into flowcharts, diagrams, and floor plans: http://www.microsoft.com/office/visio/ default.asp. Microsoft PictureIt: A digital imaging package that enables you to create custom designs from your own digital images: http:// pictureitproducts.msn.com/default.asp.
Third-Party Personal Web Tools Web tools available from non-Microsoft sources range from full-blown Web servers to content developers to site management and administration.There are so many tools around that it is nearly impossible to list them all.The following are a few of our favorites, and we’ve also included several archive sites to help you locate more on your own: n
Adobe PageMill. http://www.adobe.com/products/pagemill/ main.html
n
Alchemy Mindworks, Inc.’s GIF Construction Set. http://www. mindworkshop.com/alchemy/gifcon.html
n
Floersch Enterprise’s Search and Replace and Find String. http://www.sky.net/~floersch/
n n n n
n n n
InfoAccess, Inc.’s HTML Transit. http://www.infoaccess.com Jasc Inc.’s Paint Shop Pro. http://www.jasc.com/ LView Pro. http://www.lview.com/ Macromedia’s Flash, Fireworks, Freehand, DreamWeaver, Director, and Generator. http://www.macromedia.com/ MediaTech’s LiveImage. http://www.liveimage.com/ NetObjects Fusion. http://www.netobjects.com/ O’Reilly & Associates’ WebBoard. http://webboard.oreilly.com/
Troubleshooting Personal Web Sites
n
Sausage Software’s HotDog Professional. http:// www.sausagetools.com/
n n
SoftQuad’s HoTMetaL PRO. http://www.sq.com/ Symantec’s Visual Café. http://www.symantec.com/
If what you want or need is not in this list, you can locate Web-related software on your own using the following sites; remember, the more specific your keywords, the more likely you’ll locate what you really want: n
http://www.search.com/ is a database of more than 300 search engines. It’s
n
http://www.metacrawler.com/ is a search engine that uses several other
sure to have the right search for you. engines to do its dirty work. n n
http://www.webdeveloper.com/ is a Web developer. http://www.w3.org/pub/WWW/Tools/ is the World Wide Web Consortium’s
(W3C) list of tools.
Troubleshooting Personal Web Sites Web site troubleshooting can be a broad topic. Every unique technology incorporated into your Web site can be a point of failure.The more complex your design is, the more possibilities for problems. Generally, IIS is fairly robust. One of the best ways to flush out a problem is to restart the system. If this fails to solve the problem, investigate the following items: n
Make sure the host computer can communicate with the network or Internet, and vice versa.You can do this by using PING and TRACERT from the Web host and from various clients on the network.
n
Check security permissions. If you want anonymous access, it must be enabled. The IUSR account must be assigned at least Read permissions to folders and files on the Web site.
n
Make sure the IP address assigned to the Web site is either (All Unassigned) or a correct IP address.
n
If DNS is in use, make sure the domain name is properly associated with the Web host’s IP address.
n
Make sure the TCP port in use is 80 (the default) or is included in the URL accessing the site (for example, http://www.mydomain.com:1892/).
n
If sessions fail before transactions are complete (such as when working with scripts or other dynamic components), set the Connection Timeout value and select the HTTP Keep-Alives Enabled check box.
681
682
Chapter 29
n
n
n
Internet Services from Windows XP Professional
If scripts will not run, verify that the scripts folder is defined with Script or Execute permissions via the Internet Information Services MMC, and that the NTFS-level permissions are set to Read and Execute for the IUSR account. If a Web site contains redirected links, virtual directories, or network share links, verify that the required network connections are active and enabled. If a list of the Web site’s files is displayed instead of the introductory document, check to see whether the Directory Browsing and Default Documents options are enabled and whether default documents are named correctly.
If these actions do not resolve the error, you have two other options: Reinstall Windows XP Professional and IIS (a drastic solution that is not guaranteed to work and causes your existing setup and configuration to be lost), or look at the coding of your Web documents and objects. If you can eliminate IIS as the point of failure along with Windows XP Professional, the remaining possibilities include the content or the viewer. Resolving viewer problems typically means testing different clients from different addresses and subnets. In some cases, updating the client browser or operating system can resolve the problem. If content is the culprit, you need to perform a line-by-line or object-by-object inspection of your Web contents. If you are using plain HTML, you can use one of the HTML validation tools found at http://www.stars.com/Authoring/HTML/ _Validation/. If you are using any programming language or advanced or dynamic HTML, you need to perform validation manually. Some programming languages offer debuggers or error logs to help locate problems.When all else fails, re-create the content from scratch, checking yourself as you go.
For More Information If the information about IIS and general Web issues presented in this chapter has increased your desire to learn more, you can use the following resources: n
Bogue, Robert and Barker, Gord. MCSE Training Guide (70-270):Windows XP Professional. Que, 2002. ISBN: 0789727730.
n
Cowart, Robert and Knittel, Brian. Special Edition Using Microsoft Windows XP Professional. Que, 2002. ISBN: 0789726289.
n
Microsoft TechNet: http://www.microsoft.com/technet/. If you need more general information about IIS, visit the IIS Web area on the Microsoft Web site: http://www.microsoft.com/iis/. For more information about Microsoft Office and how it can be used in a Web production environment, visit the Microsoft Office Web area at http://www._microsoft.com/office/.
n
n
For More Information
n
n
n
For more information about FrontPage, visit the Microsoft FrontPage Web area at http://www.microsoft.com/frontpage/. For information about Visual Studio, visit the Visual Studio Web area at http://_msdn.microsoft.com/vstudio/. For more information about Site Builder, visit http://www.microsoft.com/ cmserver/techinfo/doc_help.htm.
If you want more information about dynamic content, you need to decide what type of dynamic content you are interested in.The following are several resources you can use to find out more: n n n n n n n n
Internet.com: http://www.internet.com/. Java: http://java.sun.com/. JavaScript: http://www.javascript.com/. Perl: http://www.perl.com/. The Web Developer’s Virtual Library: http://www.stars.com/. WebReview.com: http://www.webreview.com/. World Wide Web Journal: http://www.w3j.com/. XML.com: http://www.xml.com/.
683
30 Sharing an Internet Connection
N
ETWORKING HAS BEEN A POWERFUL TOOL in the business environment for quite some time and is now becoming more popular with home users as second and third PCs are added. Networks offer an easy way to share resources among users, and with the Internet’s popularity, an Internet connection is definitely a resource that users want to share.
With Internet Connection Sharing (ICS),Windows XP offers home users and small businesses a quick, simple, and inexpensive way to connect multiple computers to the Internet, allowing more than one user to access the Internet simultaneously with a single connection.This chapter examines the fundamentals behind ICS, how to enable and configure it, and some benefits and drawbacks of sharing an Internet connection.
Using XP as a NAT Proxy Home networks are becoming increasingly popular as the need for sharing resources increases.Windows XP makes it easy for users to set up a home network and share resources, such as folders, files and printers. One of the resources that is most likely to be shared is an Internet connection. Internet gateways allow multiple computers to access the Internet through a single Internet connection. Using Network Address Translation (NAT), a gateway can connect multiple computers to the Internet using only a single public Internet Protocol (IP) address.The computers on the internal network are assigned private IP addresses (for example, 10.0.x.x, 172.16.x.x through 172.31.255.x, and 192.168.x.x).The gateway’s Internet connection is assigned a public IP address, which is the only IP address visible to the public network. NAT is the technology used by Internet Connection Sharing in Windows XP.
686
Chapter 30
Sharing an Internet Connection
What Are the Benefits of NAT? With the Internet continually growing in popularity, there is now a shortage of Internet Protocol version 4 (IPv4) addresses.With many home users now having multiple computers, it would be impossible for each computer to have a valid Internet IP address. NAT offers a solution to the shortage problem because internal computers need to be assigned only a private IP address. NAT also offers some level of security (although not as much as a firewall or proxy server) by masking the internal IP addresses. All Internet communication occurs through the public IP address. As mentioned, all clients behind the gateway are assigned a private IP address.This can be done through Dynamic Host Configuration Protocol (DHCP) or statically by configuring the TCP/IP properties for the local area connection.When an application on an internal client needs to communicate with a computer outside the local network, the request is forwarded to the gateway.The gateway then performs a translation to pass the packets from one network to another. For each session, the gateway assigns a dynamic port number to replace the source port within the IP packet.The client’s internal IP address within the IP packet is replaced with the public IP address assigned to the gateway’s external interface. A mapping is then created, linking the source port and IP address with the dynamic port assigned to the session.The mapping allows the gateway to return responses to the correct internal client. NAT provides some level of firewall services by not allowing traffic initiated on the Internet to connect to internal computers. It allows only requests that are initiated internally. For example, an internal client can connect to an FTP server on the Internet, but an external client cannot connect to an internal FTP server (unless a service definition exists and access to the service is permitted).
Internet Connection Sharing Connecting a small business or home office to the Internet is relatively simple with Windows XP. ICS enables you to connect multiple computers to the Internet with a single Internet connection. It’s simple to set up and offers a reliable way of connecting to the Internet. Enabling ICS on a computer essentially means you are creating a gateway that enables sharing that Internet connection with other computers on the network. All other computers on the network access the Internet via the ICS-enabled computer, which is known as the host.With ICS enabled, the host essentially becomes a DHCP server, a DNS server, and a NAT server. The host computer must have two network connections: one to the internal network and the other to the Internet. After ICS is enabled, the internal interface is assigned an
Internet Connection Sharing
IP address of 192.168.0.1. For this reason, only one computer on the network can be ICS enabled. If there are two or more local area networks (LANs), such as a wireless network and a wired network, you can configure a network bridge, essentially creating a single logical network.You can bridge two network connections by opening the Network Connections applet, selecting the two network connections you want to bridge while holding down the Ctrl key, right-clicking one of the connections, and clicking Bridge Connections on the shortcut menu. Windows XP ICS can provide Internet connectivity to a number of different operating systems. As long as the platform supports TCP/IP, it can take advantage of ICS.The built-in DHCP server that comes with ICS when it is enabled can manually or automatically assign IP parameters to the ICS client.The DHCP server assigns DHCP clients IP addresses in the range of 192.168.0.x. Keep in mind that you cannot change the range of addresses that the DHCP server allocates to clients. After ICS is enabled on a computer, the following actions occur: n n n
n
The IP address of the internal interface is set to 192.168.0.1. The host computer acts as a network address translator. A DNS proxy service is installed that allows the ICS-enabled computer to pass DNS requests from ICS clients to the DNS server on the Internet. The AutoDHCP service is installed to issue IP addresses to DHCP clients.
Enabling ICS There are two ways of enabling ICS on a computer.You can use the Network Setup Wizard, or you can configure the properties of an existing Internet connection within the Network Connections applet. You can use the Network Setup Wizard to configure the following features on your computer for home or small office networking: n
Internet connection sharing
n
Internet connection firewall File and folder sharing Printer sharing
n n
To enable ICS on the host computer using the Network Setup Wizard, follow these steps: 1. Click Start, Programs, Accessories, Communications, Network Setup Wizard. 2. Click Next in the Welcome to the Network Setup Wizard window. 3. Review the checklist for creating a network, and click Next.
687
688
Chapter 30
Sharing an Internet Connection
4. In the Select a Connection Method window (see Figure 30.1), click the first option, which is This Computer Connects Directly to the Internet.The Other Computers on My Network Connect to the Internet Through This Computer. Click Next. 5. In the list of available connections configured on the computer, select the connection that will be shared. Click Next. 6. If there are multiple connections, the wizard must determine which ones are for your network.The default option is to allow the wizard to determine which connections to use. Click Next. 7. Type in a description and name for the computer, and then click Next. 8. Type in a workgroup name, and click Next. 9. Verify the settings that will be applied (making sure Internet Connection Sharing is enabled), and click Next. 10. If you are sharing the Internet connection with computers not running Windows XP, select the option to create a Network Setup Disk. Click Next. 11. Click Finish.
Figure 30.1 You select an Internet connection method through the Network Setup Wizard.
If the ICS installation fails, try verifying the following before attempting to install it a second time: n
n
Make sure you can connect to the Internet from the computer that will act as the ICS host. Make sure the correct interface is being designated as the shared connection. Obviously, it should be the interface that connects directly to the Internet.
Internet Connection Sharing
n
n
Verify the IP parameters that the ISP assigned. Check to see if the internal interface is assigned the IP address of 192.168.0.1. Check Event Viewer for any error messages.
As mentioned, ICS can be enabled in the Properties dialog box of an existing Internet connection by following these steps: 1. 2. 3. 4. 5.
Click Start, Settings, Control Panel. Open the Network Connections applet. Right-click the Internet connection you want to share, and click Properties. Select the Advanced tab. Under Internet Connection Sharing, click the check box labeled Allow Other Network Users to Connect Through This Computer’s Internet Connection (see Figure 30.2). 6. In the Home Networking Connection drop-down list, select the local area connection to be used for ICS. Click OK. If you are unable to configure ICS manually, verify that the Windows Internet Connection Firewall is not enabled. If it is, you must disable it or install ICS by using the Network Setup Wizard.
Figure 30.2 Configuring ICS through a connection’s Properties dialog box.
689
690
Chapter 30
Sharing an Internet Connection
Configuring the ICS Client How you enable ICS on the client depends on the operating system running on the workstation. On a Windows XP computer, you can use the Network Setup Wizard to configure it as an ICS client.The process is almost identical to that outlined for enabling ICS on the host computer. During the Network Setup Wizard, you select the This Computer Connects to the Internet Through Another Computer on My Network or a Residential Gateway option (see Figure 30.3).
Figure 30.3 Configuring Windows XP as an ICS client in the Network Setup Wizard.
For computers running Windows 98,Windows 98 SE, or Windows Me, you can also use the Network Setup Wizard to configure ICS.To run the wizard on these platforms, you need the Network Setup Disk you created when enabling ICS on the host computer, or you can run the wizard directly from the Windows XP CD.To run the wizard using the floppy disk, insert the disk and double-click netsetup.exe in a File Explorer window.To start the wizard from the XP CD, insert the CD, open the I386 directory, and doubleclick netsetup.exe in a File Explorer window. You can enable a computer running Windows 2000 as an ICS client by configuring the TCP/IP properties for the local area connection.The easiest way to configure the client is to let the DHCP server included with ICS automatically assign IP parameters.This is as simple as configuring the TCP/IP properties and selecting the options Obtain an IP Address Automatically and Obtain DNS Server Address Automatically. To manually configure Windows 2000 as an ICS client, follow these steps: 1. On the desktop, right-click My Network Places and click Properties to open the My Network and Dial-up Connections applet. 2. Right-click the local area connection and click Properties.
Tradeoffs of Sharing a Link
3. In the list of components, select Internet Protocol (TCP/IP) and click the Properties button. 4. Configure a unique IP address within the range of 192.168.0.2 to 192.168.0.254. (Remember, the ICS computer is assigned the IP address of 192.168.0.1.) 5. Configure the IP address of the default gateway to 192.168.0.1. 6. Configure the IP address of the DNS server to 192.168.0.1. Click OK. 7. Configure the subnet mask to 255.255.255.0. Click OK. Be sure to check the properties of Internet Explorer. Click the LAN Settings Button in the Connections tab and make sure the Automatically Detect Settings check box is not selected. Under the Proxy Server, clear the Use a Proxy Server for Your LAN check box. After ICS is enabled and the clients have been configured, you can monitor the shared connection by using Internet Connection Sharing Discovery and Control.This feature allows clients to discover the link’s connection status and control the shared connection. When an ICS client has been configured, a shared Internet connection icon appears.You can double-click the icon, or if you are on a Windows 98 or Windows Me computer, you can use the Internet Gateway option and perform the following tasks: view basic statistics, monitor the status of the shared connection, and connect or disconnect the link.
Tradeoffs of Sharing a Link As with most things, there are benefits and drawbacks associated with sharing an Internet connection among multiple computers. One of the most obvious benefits of using ICS is it eliminates the need for all computers to have their own Internet connection, which in turn reduces costs. ICS also provides some level of protection because only certain traffic is allowed to pass through to the internal network based on service definitions, unless an internal client initiates the connection. By assigning the external interface’s public IP address to all outgoing IP packets, ICS hides the internal IP addresses.Without the need for multiple connections, you reduce the points of entry for external intruders. The main disadvantage is that for ICS clients to connect to the Internet through the shared connection, the ICS host must be running. Obviously, more people using a single connection means more traffic and less available bandwidth. Depending on the amount of Internet traffic, you may see a decrease in download and upload speeds. Also, the ICS host might experience a decrease in performance, depending on the number of ICS clients, the amount of network traffic, the demand of applications running on the computer, and the computer’s capabilities. For each request, the host computer must perform the translation, send the request to the appropriate destination, and handle all in-and-out traffic.
691
692
Chapter 30
Sharing an Internet Connection
Controlling the Flow of Data After ICS is enabled, you have some level of control over the type of data that can pass through the gateway. By default, when ICS is installed, certain types of traffic are allowed to flow through the gateway from the Internet. (Keep in mind that traffic initiated from the Internet cannot pass through the computer running ICS; ICS allows only connections that are initiated internally.) You can configure the properties of the shared connection to permit certain traffic to flow from the Internet to the internal network, however. For example, you might have certain services, such as a Web server, running on the internal network that you want to make available to users on the Internet.To permit traffic to flow from the Internet to the internal computer running the service, the service must be added to the list of allowed services for the shared connection. ICS already comes with predefined services, as shown in Figure 30.4.
Figure 30.4 You can configure which predefined services are running on your network via the Advanced Settings dialog box.
Clear the check box beside any services that are not running on the internal network or any services that external users should not be permitted to access.The more services you make available to external users, the more vulnerable you make the internal network to malicious attacks. To allow other services to flow through the ICS host computer, they must be added to the list of services that ICS clients are permitted to use. Adding a new service means
Controlling the Flow of Data
creating a service definition, which defines the settings for the application. It includes a general description, the IP address or name of the computer on the network hosting the service, and the TCP or UDP port numbers that the service uses. Essentially, this tells the ICS host where on the internal network to send requests for a specific service. For example, an FTP request would be sent to the internal computer acting as the FTP server.
Creating a Service Definition You can add a new service definition to the predefined list to allow users access to the service through the ICS host. Before adding a new service definition, you must know the port number it uses.You can determine this by checking the documentation for the service or on the vendor’s Web site. If you are unable to determine the port number this way, you can try using a network analyzer, such as Network Monitor. After you’ve determined the port number, use the following steps to add a new service definition: 1. Click Start, Settings, Control Panel. Double-click the Network Connections applet. 2. Right-click the shared connection and click Properties. 3. Select the Advanced tab and click the Settings button to open the Advanced Settings dialog box. 4. Click the Add button to configure the settings for the new service (see Figure 30.5). 5. Enter a description for the service, the IP address or name of the computer hosting the service, and the internal and external port numbers used by the service. Click OK.The new service will be listed along with the predefined services.To deny users access to any of the services listed, clear the corresponding check box for the service.
Figure 30.5 You can configure a service definition via the Advanced Settings dialog box of a network connection’s properties.
693
694
Chapter 30
Sharing an Internet Connection
You can also access the Windows XP Services tab from a computer running Windows 98,Windows 98 SE, or Windows Me after running the Network Setup Wizard.To do so, click Start, Accessories, Communications, Internet Gateway. In the status window, click Properties, and then select the Services tab.
For More Information If you want to know more about Internet Connection Sharing, the following resources provide more information: n
Bogue, Robert and Barker, Gord. MCSE Training Guide (70-270):Windows XP Professional. Que, 2002. ISBN: 0789727730.
n
Cowart, Robert and Knittel, Brian. Special Edition Using Microsoft Windows XP Professional. Que, 2002. ISBN: 0789726289.
n
Microsoft KnowledgeBase: http://support.microsoft.com/. TechNet (the technical subscription service from Microsoft): http:// technet.microsoft.com/. Windows XP FAQ: http://www.ntfaq.com.
n
n
31 Maintaining Internet Security
W
E ALL KNOW THAT THE Internet is a powerful tool that enables home users and businesses to expand their networks beyond the local intranet. However, expanding networks also makes them more susceptible to external intrusion.
As more businesses and home users connect to the Internet, security becomes an important issue. Giving users on the internal network access to the Internet also means looking for ways to keep internal data safe and secure from unauthorized external users. Although larger businesses have more complex security requirements than home users, both need to take measures to protect internal resources. Fortunately,Windows XP comes with a built-in firewall service. Although it might not be robust enough for business environments, it does offer a simple firewall solution for home users and small businesses. Most Windows professionals, however, feel that it does not eliminate the need for third-party hardware and/or software.This chapter introduces you to Internet firewalls and the Internet Connection Firewall service that comes with Windows XP and explains how to protect your computer from external intrusion and attacks.
Using Firewalls Connecting to the Internet has many advantages and benefits, but also makes your computer vulnerable to external intrusions and viruses.The Internet is plagued with people looking for, and waiting to exploit, ways to maliciously attack unsuspecting users. By implementing a firewall solution, you can create a barrier between the Internet and your local computer or network while still having the benefit of accessing Internet resources. Many people think they do not need a firewall on their personal computer. However, with so many tasks becoming automated, it’s not uncommon for people to have bank information, tax information, and so forth stored on a personal computer. Not
696
Chapter 31
Maintaining Internet Security
implementing a firewall increases the chance of someone accessing these personal files stored on your computer or network or even bringing down your network with, for example, a denial-of-service attack. Intruders can find their way into your system or network in a number of ways, such as causing you to inadvertently download malicious code while browsing the Internet or by installing a Trojan horse that arrives via an e-mail attachment.The goal of implementing a firewall is to close the door to your local network or computer so that you can get out but intruders cannot get in. Firewalls are software or hardware devices that filter information coming through the Internet connection to the local computer or network. A software-based firewall solution runs on the computer in the background and intercepts IP packets to determine whether they are valid. Software-based firewall solutions offer the following advantages and disadvantages: n
n
n
They are fairly inexpensive, and some operating systems, such as Windows XP, come with a built-in software firewall. Software-based firewalls are usually easy to configure, and some require no configuration at all. Because the software runs on the computer, it does, unfortunately, require system resources.
A hardware-based firewall solution places a device, usually a small box of some sort, between your computer and your modem. Hardware solutions offer the following advantages and disadvantages: n n
n n
They tend to provide more protection than software-based solutions. Because the hardware device is separate from the local computer, no system resources are being used. Hardware devices tend to be more expensive. They can be more difficult to configure than some of the software solutions.
Basically, two types of firewalls operate at different levels of the Open Systems Interconnect (OSI) Reference Model, thus providing varying levels of protection. A firewall operating at the Network layer determines whether to allow or deny received packets based on source and destination IP addresses and ports. More advanced firewalls at this level also maintain an internal table of session information (like the firewall component included with Windows XP). Firewalls that operate at the Application layer are considered proxy servers and provide more sophisticated firewall services, such as advanced auditing and logging.They can receive requests for specific applications and then forward or block the request. Firewalls at this level are often referred to as application gateways and are more geared toward large business environments.
Internet Connection Firewall
Note A proxy server is a computer positioned between a client application, such as an e-mail or Web client, and an actual server. It is able to intercept requests to the server and fulfill them, if able, or forward them to the actual server.
The concept of firewalls is relatively straightforward (although implementing some of the solutions can be difficult). Firewalls basically intercept inbound traffic before it reaches the internal network and apply rules to the traffic.Through packet filtering, a firewall can allow or deny traffic to pass to the internal network based on the information in the packet header.You can create rules to allow or deny traffic based on criteria such as TCP/IP addresses (source and destination) and port numbers. Firewalls can use one or more of the following methods to filter traffic: n
Packet filtering. Each packet is compared against a set of rules or filters. Packets that are permitted to pass are sent directly to the requesting computer.
n
Proxy service. The information requested by an internal client is retrieved by the proxy and returned directly to the client.
n
Stateful inspection. All outgoing traffic is monitored for specific information. Incoming packets are then compared against the information. If there is a match, the packet is returned to the requesting computer. If there is no match, the packet is dropped.
The type of firewall you choose to implement on your network will be determined by the level of security you require, the number of users on the network, cost, and, of course, your own level of expertise. Fortunately, those users who want a fast, inexpensive, easy-to-configure firewall solution can take advantage of the firewall component included with the Windows XP operating system.
Internet Connection Firewall Internet Connection Firewall (ICF) is a software-based firewall solution included with Windows XP that enables you to restrict the information allowed to flow between the Internet and the local network. Firewall solutions can be difficult to implement and configure, but ICF offers an easy way for users to protect their network or computer and requires little or no configuration. ICF can be used to secure a network running Internet Connection Sharing (ICS) or to secure a single computer with an Internet connection. ICF is a stateful firewall, meaning it inspects each incoming packet and filters information based on packet state and session information. ICF maintains a connection table that it uses to determine whether inbound requests were initiated locally.When ICF receives an
697
698
Chapter 31
Maintaining Internet Security
inbound packet, it compares it against the table. If the request was not initiated by the local computer or if ICS is enabled by a computer on the local network, it is not allowed to pass. Stateful packet filtering in ICF uses the following rules to determine whether to drop a packet: n n
n
If a received packet matches an established connection, it is allowed to pass. If a received packet does not match an already established connection, the packet is dropped. If a packet does not match an established connection but creates a new entry in the table, it is allowed to pass.
These are the default rules of ICF.You can also define static rules by creating service definitions that allow certain ports to be open. If you have an internal File Transfer Protocol (FTP) service that external users need access to, you can create a rule that forwards all incoming requests for port 21 to the FTP server on your local network. When determining whether to enable ICF, keep the following points in mind: n
ICF can be enabled only on computers with a direct connection to the Internet. If your computer connects through a hardware-based firewall or another computer acting as a firewall, ICF should not be enabled.
n
Enabling ICF on the local area connection interferes with File and Printer Sharing. ICF can control only incoming traffic. If you want to block certain outgoing traffic, you need to consider a more advanced firewall solution.
n
ICS and ICF Chapter 30, “Sharing an Internet Connection,” explained how to implement ICS to share an Internet connection. If you are using ICS, you should enable ICF to protect the local network. Enabling ICF on the computer with the shared Internet connection is one of the easiest and least expensive ways to implement a firewall solution for a small business or home network. When ICF and ICS are used together, your network or local computer is much more secure.The ICF computer intercepts all inbound traffic to determine whether the session was initiated by an internal ICS client on the network. If you are using ICS and ICF together, keep in mind that ICF cannot be enabled on the LAN connection because it interferes with normal network communications.
Enabling ICF ICF can be enabled automatically by using one of the wizards or manually through the Network Connections applet.When you initially install Windows XP, ICF can be
Internet Connection Firewall
enabled through the Welcome to Windows Wizard. If you run the Network Setup Wizard and the computer has a direct connection to the Internet, ICF is automatically enabled. ICF is also automatically enabled if you use the New Connection Wizard to connect directly to the Internet. To enable ICF manually, follow these steps: 1. Click Start, Control Panel. (The following steps assume that Control Panel is in Classic view.) 2. Double-click the Network Connections applet. 3. Select the Internet connection you want to protect, and click the Change Settings of This Connection link under the Network Tasks list. 4. In the Properties dialog box for the connection, click the Advanced tab. 5. Click the Protect My Computer and Network by Limiting or Preventing Access to This Computer from the Internet check box (see Figure 31.1). Click OK.
Figure 31.1 You can enable the Internet Connection Firewall in the Advanced tab of the Local Area Connections Properties dialog box.
After enabling ICF, you can use the Settings button in the Advanced tab of the Properties dialog box to control the flow of data. (See “Controlling the Flow of Data” later in this chapter for more information on configuring ICF.)
699
700
Chapter 31
Maintaining Internet Security
Third-Party Firewall Options If the firewall service included with Windows XP does not meet your needs, many third-party firewall solutions are available. A few are described in the following list: n
BlackICE firewall from Internet Security Systems provides firewall services and intrusion detection to protect individual computers (http://www.iss.net/ products_services/hsoffice_protection/blkice_protect_pc.php).
n
n
n
n
n
n
n
ZoneAlarm is an easy-to-configure personal firewall that provides users with the basic security needed to protect their computers (http://www.zonelabs.com/ store/content/home.jsp). Norton Personal Firewall provides strong firewall services and intrusion detection as well as configurable settings for more advanced users (http://www. symantec.com/sabu/nis/npf/). Network Associates McAfee Firewall 4.0 protects your computer by making it invisible on the network and prevents unauthorized applications, both inbound and outbound, from accessing the Internet (http://www.mcafee-athome.com/products/firewall/default.asp?m=2). Sygate Personal Firewall 5.0 is an easy-to-use firewall product that protects your computer from a variety of Internet attacks.This product is free for home users (http://soho.sygate.com/products/shield_ov.htm). Linksys has a hardware solution that’s a small four-port wireless router with firewall capabilities (http://www.linksys.com). Netgear offers a line of Web-safe routers with built-in firewall capabilities (http://www.netgear.com). SMC Networks makes hardware firewall solutions for both home users and business environments (http://www.smc.com).
Controlling the Flow of Data The firewall service included with Windows XP drops all inbound packets that do not match an entry in the connection table.This will cause problems if you have specific services, such as Web services, running behind the firewall that you want to make available to Internet users. If you have a Web server running on the internal network, you can create a port mapping for port 80 that allows inbound traffic to this port to flow through the ICF computer. (Keep in mind that incoming traffic can be redirected only to a local computer if both ICS and ICF are enabled.) Like ICS, ICF has default predefined port mappings (or service definitions) when the service is enabled.You can view and enable the default port mappings (as well as create
Controlling the Flow of Data
new ones) by using the Advanced tab in the connection’s Properties dialog box. For a step-by-step procedure on creating a new port mapping, see Chapter 30. Allowing traffic to a specific service to pass through the ICF computer is as simple as selecting the check box beside the associated service or adding a new definition, specifying the name of the computer hosting the service and the port numbers. Keep in mind that if you are using ICS and ICF together on the same computer, the port mappings for the connection are shared between the two services. With ICF, you can also control how your computer responds to Internet Control Message Protocol (ICMP) requests. ICMP is used for diagnostic and troubleshooting purposes. Using ICMP, two hosts can exchange status information and report errors. When ICF is enabled, your computer by default does not respond to any ICMP messages. So if someone on the Internet pings your computer, he or she will get no response. For security purposes, this is a good thing. To change how your computer responds to different ICMP messages, open the Properties dialog box for the connection, select the Advanced tab, and click the Settings button. In the Advanced Settings dialog box, select the ICMP tab (see Figure 31.2).To enable your computer to respond to certain ICMP messages, select the check box beside the corresponding option.
Figure 31.2 Enabling the ICMP requests to which your computer will respond.
701
702
Chapter 31
Maintaining Internet Security
Watching Out for Violations and Vulnerabilities ICF does not notify you every time someone from the Internet attempts a connection with your computer. If ICF is left with the default configuration settings, it does not allow any unsolicited connection attempts from external computers.Therefore, notification of connection attempts should not be an issue. Anyone from the Internet would not see any open ports on your computer. However, logging connection attempts is still a good idea, especially if you do have ports open. By enabling the logging option with ICF, connection attempts can be written to the pfirewall.log file stored in the Windows folder.Viewing the contents of the log file regularly can give you an idea of who is making connection attempts. ICF security logging can log the following information: n
n
Log dropped packets. When this option is selected, ICF logs information about every packet that is denied access through the firewall. Log successful outbound packets. When this option is selected, ICF logs information about each successful connection attempt that passes through the firewall.
To enable logging, follow these steps: 1. Click Start, Settings, Control Panel. 2. Double-click the Network Connections applet. 3. Right-click the connection with ICF enabled, select the Advanced tab, and click the Settings button. 4. Click the Security Logging tab (see Figure 31.3). 5. To enable logging, click one or both of the following options: Log Dropped Packets and Log Successful Connections. 6. In the Name text box, change the log file’s default name and location. 7. Click OK. After you’ve enabled logging, you can view the log’s contents by navigating to the Windows folder and opening the log file with Notepad. Figure 31.4 shows a sample of the pfirewall.log file. Aside from enabling logging, you can also use the online security tools listed in the “Testing for Weakness” section later in this chapter to pinpoint any weaknesses. It’s a good idea to use these free tools on a regular basis as new Internet attacks are introduced.
Watching Out for Violations and Vulnerabilities
Figure 31.3 Enabling ICF logging.
Figure 31.4 Viewing the contents of the pfirewall.log file.
Watching Out for Attacks Intruders can access your internal network or computer in many ways.Whether the intrusion is through an open port or a virus sent via e-mail, watching out for any abnormalities is another way of protecting your computer and network.There are many
703
704
Chapter 31
Maintaining Internet Security
different Internet attacks and viruses out there, and new ones are constantly being introduced.Table 31.1 outlines a few of the more common ones. Table 31.1 Common Internet Attacks Type of Attack
Description
Ping of death
A remote machine sends PING requests that are larger than 64KB, thus overflowing the internal buffer. A remote computer attempts to scan ports on your computer to detect services running on these ports. The source address in the IP packet is spoofed to be the same as the destination address. Prevents normal use of your computer or network by flooding it with a long stream of useless traffic. UDP packets containing illegal values in some fields are sent. Consists of malicious programs or software code that appears to be a normal program. Programs that spread from computer to computer throughout a network.Worms are usually spread via e-mail.
All port scan attack Land attack Denial-of-service attack UDP bomb attack Trojan horses Worms
One of the best ways to watch for attacks on your system is to enable ICF logging and review the log file contents on a regular basis. For example, a number of ICMP “port unreachable” messages in the log file containing the same source and destination IP address could indicate an attempt at a denial-of-service attack. To help protect your system, you should also stay up to date on the latest Internet attacks and viruses. Most Web sites dealing with Internet security (such as Norton and Sygate) post information about new Internet attacks and viruses as they appear on the Internet.
Closing Down Common Access Points Common access points are open doors that hackers can use to gain access to your computer or local network. Hackers are constantly looking for new ways to break into computers and networks. As the first line of defense, a well-configured firewall service and antivirus software will thwart off most hacker attempts.You can also use the following tips and recommendations to make your computer and network more secure: n
One of the best measures to protect your computer against attacks is to keep your system up to date by downloading the latest security patches.You can go to the Microsoft Baseline Security Analyzer page (http://www.microsoft.com/ technet/treeview/default.asp?url=/technet/security/tools/ Tools/MBSAhome.asp) to determine the patches you have installed and those
that should be installed.
Watching Out for Violations and Vulnerabilities
n
n
n
n
Configure a single computer with a direct connection to the Internet, and use ICS to share the connection among multiple computers.The more computers you have with Internet connections, the more access points there are for intruders. Do not configure any service definitions if you aren’t running any internal services that external users need access to. Disable File and Printer Sharing on the Internet connection so that shares are not visible to external users. Disable all services that are not in use.
n
Remove any advertising protocols, such as Service Advertising Protocol (SAP), on the Internet connection.
n
If possible, use a bastion host to connect to the Internet.This host is basically an empty computer with no shares, used solely for connecting computers on the local network to the Internet.
n
Wireless networks introduce a number of access points for intruders. If you have a wireless network, consult this KnowledgeBase article to secure the network: http://support.microsoft.com/default.aspx?scid=KB;ENUS;Q309369&.
n
Ensure that ICF is enabled on every computer with a direct connection to the Internet.
Testing for Weakness After you have ICF configured, you might want to test the integrity of its security to ensure there aren’t any weaknesses. One of the easiest ways to identify weaknesses in your security configuration is by enlisting the help of a trusted online source.With different online services (many of which are free), you can have your computer’s defenses put to the test without doing any harm. Many Web sites offer online tools that scan your system and pinpoint security weaknesses so that you can take steps to prevent real hackers from gaining access to your computer. One of the best ones for testing the security of ICF is called Probe my Ports (http://www.grc.com).The online test attempts to gain access to your computer through various ports. After the test is finished, it reports the results back to you. Many other Web sites, such as the following, offer online security checks: n
http://www.grc.com. Use the Shields Up tool to test the security of your fire-
wall. n
http://www.symantec.com. Symantec Security Check automatically scans
your system and determines any security threats it might be exposed to. n
http://www.scan.sygate.com. Sygate Online Services can provide a variety
of scans against your system to identify any security weaknesses.
705
706
Chapter 31
Maintaining Internet Security
n
http://www.vulnerabilities.org. The free online analysis will scan your
n
system for any Internet vulnerabilities. http://www.hackerwacker.com. This site offers two free scans (one for registered users) that identifies security problems that other online scans often miss.
For More Information If you want to know more about Internet firewalls and security, the following resources provide more information: n
Bogue, Robert and Barker, Gord. MCSE Training Guide (70-270):Windows XP Professional. Que, 2002. ISBN: 0789727730.
n
Cowart, Robert and Knittel, Brian. Special Edition Using Microsoft Windows XP Professional, Bestseller Edition. Que, 2002. ISBN: 0789728524.
n
Microsoft KnowledgeBase: http://support.microsoft.com/. TechNet (the technical subscription service from Microsoft): http://technet.microsoft.com/. Windows XP FAQ page: http://www.ntfaq.com.
n
n
VI Appendixes A
Windows XP Information Resources, Online and Off
B
Key Windows XP Utilities: Native, Resource Kit, and Downloads
C
Windows XP Command-Line Reference
D
Windows XP Performance Monitor Objects and Counters
E
Windows XP Keyboard Command and Shortcuts
F CD-ROM Contents
A Windows XP Information Resources, Online and Off
O
VER THE YEARS,WINDOWS HAS BEEN gradually transformed from a quirky DOS add-on to a full-blown, world-class operating system, capable of supporting mission-critical applications.The release of Windows XP is a significant milestone in the history of Windows because it is the first release to support a common code base for the consumer and professional versions.
Although this accomplishment is significant, the release is not without problems.To prepare you to handle the new challenges of Windows XP, Microsoft and others have developed numerous sources of information and support.There are resources available to help you get up to speed on the new platform and to support it after you have implemented it. There are many Windows XP information resources on the Internet and nearly as many in print. Here are the ones that we recommend—a collection of the best of the best.The list of online resources that follows is also included on the companion Windows XP Power Toolkit CD-ROM for easier browsing.
Internet Resources The Internet has always been known for its sense of community, so it should come as no surprise that a wealth of Windows XP information is available—most of it free. n
@stake. (Formerly L0pht Heavy Industries) A security-oriented Web site with the latest news on vulnerabilities in Windows 2000 and other operating systems. http://www.atstake.com/
710
Appendix A
n
Windows XP Information Resources, Online and Off
Ask a Question of the Experts. AllExperts is the oldest and largest free question-and-answer service on the Internet. It features a roster of volunteers who will attempt to answer your computer-related questions. http://www.allexperts. com/getExpert.asp?Category=2073
n
The Association of Windows NT System Professionals (NT*Pro). NT*Pro is a professional association that provides a technical, educational, and support forum for computer professionals with an interest in Windows Server, BackOffice technologies, and related server and development issues. Membership is free. http://www.ntpro.org
n
BHS Software. A comprehensive Windows site that includes freeware, shareware, job listings, technical forums, white papers, and more. http://www.bhs.com/
n
Bink Windows XP. A site in Amsterdam that features Windows XP news, downloads, and how-to articles. http://www.windowsxp.nu/
n
Brainbuzz. A comprehensive site with forums, discussion groups, white papers, and a job database. http://www.brainbuzz.com
n
C|Net’s Download.COM. A great repository of downloadable tools. http://www.download.com/
n
C|Net’s Shareware.COM. Although the C|Net sites are light on technical content, they are a great source for finding the latest freeware and shareware. http://www.shareware.com/
n
Computerwire. A subscription-based, custom news and market research service that allows you to select your daily technical news. http://www. computerwire.info
n
ComputerWorld. The online site of one of the industry’s oldest news and technical subscription newspapers. Features industry profiles, technical articles, and product reviews for various platforms. http://www.computerworld.com/
n
CramSession. A great Windows site with forums and a job database. http://www.cramsession.com
n
Enterprise Computing. A biweekly magazine available in print and online versions that features product reviews and technical articles. A subscription newsletter is also available. http://www.entmag.com/
n
eWeek. A weekly technical newspaper featuring industry news, product reviews, and technical articles. Available online or via subscription. http://www.zdnet.com/eweek/
n
Google Groups. The Google newsgroups site features a search engine that enables you to search for discussion threads in previous newsgroup postings.The content is available for a four-year period. http://groups.google.com
Internet Resources
n
InfoWorld. A weekly technical newspaper featuring industry news, product reviews, and technical articles. Available online or via subscription. http://www.infoworld.com/
n
n
n
n
Kelly’s XP Korner. A good XP-specific site that contains lots of articles, troubleshooting tips, and registry hacks. http://www.kellys-korner-xp.com/ Microsoft Certified Professional Magazine. A good site that features articles, forums, and online chats pertaining to certification topics. Private area is available to MCSEs. http://www.mcpmag.com/ Microsoft KnowledgeBase. An online database of known problems and solutions for Microsoft products. http://support.microsoft.com Microsoft Security Advisor & Notification Service. An up-to-date source of security information pertaining to Microsoft products. http://www.microsoft.com/security/
n
Microsoft Security reporting email. Report a security exposure to Microsoft.
[email protected] n
Microsoft’s service pack and hotfix FTP site. All the latest Microsoft fixes and service packs are available for download. ftp://ftp.microsoft.com/bussys
n
Microsoft TechNet. TechNet features technical articles on most Microsoft business products and operating systems. http://www.microsoft.com/technet/
n
Microsoft Windows XP home page. The Microsoft home page for Windows XP features many white papers, articles, and links to online seminars. http://www.microsoft.com/windowsxp/default.asp
n
Microsoft Windows XP Power Toys home page. These are utilities that Microsoft didn’t include with XP. Lots of good stuff here. http:// www.microsoft.com/windowsxp/pro/downloads/powertoys.asp
n
Microsoft Windows XP Technical Resource Page. Microsoft has put together a series of articles and white papers on various topics concerning Windows XP. http://www.microsoft.com/windowsxp/pro/techinfo/default.asp
n
Net Admin Tools. A compendium of tips, tricks, white papers, and freeware for network administrators. http://www.netadmintools.com/
n
Netmation’s Index of Windows Resources. An index of links to Windows Web sites. http://www.netmation.com/listnt.htm
n
Paperbits’ Support Center for Windows NT. This site has hints, technical tips, and drivers for various Windows versions. http://www.paperbits.com/
n
Paul Thurrott’s SuperSite for Windows. This site features breaking news on Windows, product reviews, and a detailed Windows FAQ. http://www. winsupersite.com/
711
712
Appendix A
n
n
n
Windows XP Information Resources, Online and Off
SavillTech. Offers several Windows XP utilities to aid in administering and using the operating system. http://www.savilltech.com/ SearchWin2000.com. TechTarget runs this Windows-specific portal. Its home page features current Windows news summaries with links to the original articles. There are also links to Windows XP articles and a selection of Windows XP– related white papers.The portal also sponsors a chat session with IT industry insiders, usually about once a week, and features a subscription newsletter. TechTarget runs a line of similar portals for Solaris, HP IBM AS/400, S/390, and other platforms. http://searchwin2000.com Slaughterhouse. Advanced Windows XP and Linux freeware/shareware utilities. http://www.slaughterhouse.com/
n
Somarsoft. Free utilities for reporting security, directory, Registry, and event information under Windows NT/2000/XP. http://www.somarsoft.com/
n
Sunbelt Software. A large selection of tools and utilities for Windows XP. http://www.sunbelt-software.com/
n
Symantec Security Response. A listing of the latest virus threats and security vulnerabilities. http://www.symantec.com/avcenter/
n
Sysinternals. Features advanced utilities, technical information, and source code for Windows NT/2000/XP internals. http://www.sysinternals.com
n
TechRepublic. Lots of articles on Windows and networking in general. http://www.techrepublic.com
n n
TechWeb. High-tech industry news. http://www.techweb.com/ Tek-Tips. Online forums for Windows and other platforms. http://www.tektips.com/
n
The Thin Net’s Windows Links. An online repository of Windows-related links and FAQs. http://thethin.net/winnt.cfm
n
TUCOWS. Arguably the best download site on the Web.TUCOWS has mirror sites just about everywhere. http://www.tucows.com/
n
TweakXP. A site dedicated to customizing Windows XP. http://www.tweakxp.com/tweakxp/
n
Windows 2000 and .NET Magazine. A monthly hardcopy magazine that adds articles online for subscribers. http://www.win2000mag.com/
n
Windows 2000 Secrets. Hints, tips, and news about Windows 2000 and XP. http://www.win2ksecrets.com/
n
Windows 2000 Tips, Registry Hacks, and More. A wide variety of tips for Windows users. http://www.jsiinc.com/reghack.htm
n
Windows NT and Windows 2000 FAQ. One of the older Windows help sites around, now affiliated with Windows and .NET Magazine. http://www.ntfaq.com
Listservers
n
Windows Tips. A large index of tips for Windows users. http://www.chami.com/tips/windows/
n
Windows XP Expert Zone. Microsoft has an expert community area on its Web site. http://www.microsoft.com/windowsxp/expertzone/default.asp
n
WinPlanet. Windows tips, news, and technical articles. http://www. winplanet.com/
n
WinSite. Windows freeware and shareware of all kinds. http://www.
n
WinXP News. The world’s first and largest e-zine for Windows XP power users and IT people. http://www.winxpnews.com
n
World of Windows Networking. Lots of Windows XP tips, downloads, and technical articles. http://www.wown.com/j_helmig/winxppro.htm
n
WUGNET. The Windows Users Group Web site features news, tips, and articles about Windows XP. http://www.wugnet.com/
n
X-Force’s Computer Threats and Vulnerabilities. Security news, including a searchable database. http://www.iss.net/
n
ZDNet. The online home of PC Magazine and other Ziff-Davis publications.
winsite.com/
http://www.zdnet.com/
Listservers Listservers are a valuable resource for system administrators.They give you access to others who are also working with Windows XP. Most of these lists are open to anyone who is interested.This interaction is free and can be very helpful. Caution Some of the mailing lists can get busy in terms of message volume per day; you might want to consider subscribing in “digest” mode.
n
Internet Security Systems (ISS) mailing lists. ISS sponsors several mailing lists that feature “hot off the press” security exposures for Windows products. http://www.iss.net/security_center/maillists/
n
NTBugtraq. This is a mailing list for the discussion of security exploits and security bugs in Windows and related applications. http://www.ntbugtraq.com/
n
NT-Tools. Sunbelt Software hosts this site. In addition to the Windows XP listserver, there are listservers for other subjects, including Microsoft Exchange and Windows system administration.There’s also a list where you can post your resume. http://www.sunbelt-software.com/community.cfm
713
714
Appendix A
n
n
Windows XP Information Resources, Online and Off
Saluki. This site features listservers covering a variety of technical issues, including Windows 2000. http://www.saluki.com Security Mailing List. A list of security-related mailing listservers for Windows XP and other Microsoft products. http://oliver.efri.hr/~crv/ security/mlist/mlist.html
Newsletters There are a variety of newsletters covering Windows XP and associated technologies. Most are delivered to your inbox weekly, in text or HTML. n
Connected Home Express is a newsletter sponsored by Connected Home Magazine.The newsletter features the latest news and tips for the high-tech home user. http://www.connectedhomemag.com/Email/
n
Internet Security Systems (ISS) sponsors the Connections newsletter that features new security threats and information protection tips. http://www.iss.net/security_center/maillists/
n
Microsoft Certified Professional Magazine sponsors a weekly newsletter that includes links to articles on its Web site, breaking news in the certification world, and a schedule of its certification online chats. http://mcpmag.com
n
TechRepublic sponsors several weekly and biweekly newsletters related to Windows and networking in general. http://www.techrepublic.com
n
Techtarget sponsors a multitude of newsletters featuring just about any information technology–related topic. http://www.techtarget.com
n
Windows and .NET Magazine sponsors newsletters on the Windows environment. http://email.winnetmag.com/winnetmag/ winnetmag_prefctr.asp
n
WinInfo is the newsletter run by Paul Thurrott, also called SuperSite for Windows. http://www.winsupersite.com/
n
Woody’s Office Watch publishes several free weekly newsletters that cover all Office products and Windows versions. http://www.woodyswatch.com/ index.asp
Publications This is a list of recommended publications. Most are specifically for Windows XP, whereas others are included because they provide general networking knowledge.
Publications
Magazines Connected Home Magazine. An online and print magazine that focuses on using Windows and related technologies in the home environment. n
http://www.connectedhomemag.com/ n
Microsoft Certified Professional Magazine. A magazine that focuses on Microsoft-related certification topics, but also includes good technical information. http://mcpmag.com/
n
Windows and .NET Magazine. A monthly magazine that focuses on the latest technology in the Windows platform. http://www.winnetmag.com/
Books Borge, Stein. Managing Enterprise Systems with the Windows Script Host. APress, 2001. ISBN: 1893115674. Boswell,William. Inside Windows .NET Server. New Riders, 2003. ISBN: 0735711585. Carl-Mitchell, Smoot and John S. Quarterman. Practical Internetworking with TCP/IP and UNIX. Addison-Wesley, 1993. ISBN: 0201586290. Charles, Kackie. Windows 2000 Routing and Remote Access Services. New Riders, 2000. ISBN: 0735709513. Cheswick,William and Steven M. Bellovin. Firewalls and Internet Security: Repelling the Wily Hacker. Addison-Wesley, 2001. ISBN: 0201633574. Comer, Douglas E. Internetworking with TCP/IP: Principles, Protocols, and Architecture, vols. I-III. Prentice Hall, 1995, 1996, 1997. ISBNs: 0132169878, 0139738436, 0138487146. Cowart, Bob and Knittel, Brian. Special Edition Using Windows XP Professional, Bestseller Edition. Que, 2002. ISBN: 0789728524. Eck,Thomas. Windows NT/2000 ADSI Scripting for System Administration. New Riders, 2000. ISBN: 1578702194. Graham, Jeffrey, et al. Windows 2000 DNS. New Riders, 2000. ISBN: 0735709734. Hipson, Peter D. Mastering Windows XP Registry. Sybex, 2002. ISBN: 0782129870. Internet Security Systems, Inc. Microsoft Windows 2000 Security Technical Reference. Microsoft Press, 2000. ISBN: 073560858X. Kokoreva, Olga. Windows XP Registry: A Complete Guide to Customizing and Optimizing Windows XP. A-List Publishing, 2002. ISBN: 193176901X. Knittel, Brian. Windows XP Under the Hood: Hardcore Windows Scripting and Command Line Power. Que, 2002. ISBN: 0789727331. Liu, Cricket, et al. DNS and Bind (4th edition). O’Reilly & Associates, 2001. ISBN: 0596001584. n
n
n
n
n
n
n
n
n n n
n
n
n
715
716
Appendix A
n
n
n
n
Windows XP Information Resources, Online and Off
McClure, Stuart. Hacking Exposed: Network Security Secrets and Solutions. Osborne McGraw-Hill, 2001. ISBN: 0072193816. Microsoft Windows XP Professional Administrators Pocket Consultant. Microsoft Press, 2001. ISBN: 0735613818. Microsoft Windows XP Professional Resource Kit. Microsoft Press, 2001. ISBN: 0735614857. Minasi, Mark, et al. Mastering Windows .NET Server. Sybex, 2002. ISBN: 0782129811.
n
Mulcare, Mike, et al. Active Directory Services for Microsoft Windows .NET Server Technical Reference. Microsoft Press, 2002. ISBN: 0735615772.
n
Nowshadi, Farshad and Norman Buskell. Managing Windows NT/NetWare Integration. Addison-Wesley, 1998. ISBN: 0201177846.
n
Peikari, Cyrus. Windows .NET Server Security Handbook. Prentice Hall, 2002. ISBN: 0130477265.
n
Perlmutter, Bruce. Virtual Private Networking: A View from the Trenches. Prentice Hall, 2000. ISBN: 0130203351
n
Ruth, Andy and Collier, Bob. Windows 2000 Dynamic DNS: Concise Guide. Que, 2000. ISBN: 0789723352.
n
Shanmugam, Padmini, Nivedita, NIIT. Special Edition Using TCP/IP, 2nd Edition. Que, 2002. ISBN: 0789727099.
n
Shema, Mike, et al. Anti-Hacker Tool Kit. Osborne McGraw-Hill, 2002. ISBN: 0072222824.
n
Shinder, Debra L. Scene of the Cybercrime: Computer Forensics Handbook. Syngress Media, Inc., 2002. ISBN: 1931836655.
n
Shinder,Thomas W., et al. Configuring Windows 2000 Server Security. Syngress Media, Inc., 2000. ISBN: 1928994024.
n
Simmons, Curt. Windows XP Headaches: How to Fix Common (and Not So Common) Problems in a Hurry. Osborne McGraw-Hill, 2002. ISBN: 0072224614.
n
Simmons, Curt. Windows XP Secrets. John Wiley & Sons, 2001. ISBN: 0764548522. Stevens,W. Richard. TCP/IP Illustrated, vols. I, II, and III. Addison-Wesley, 1994. ISBNs: 0201633469, 020163354X, 0201634953.
n
n
Stanek,William. Essential Windows XP Command Reference. Self-published, 2002. ISBN: 1575450461.
n
Tyler, Denise. Windows XP Home and Professional Editions Instant Reference. Sybex, 2001. ISBN: 0782129862.
n
Wong,William. Windows 2000 DNS Server. Osborne McGraw-Hill, 2000. ISBN: 0072124326.
Training
Training These companies offer Windows XP information, online training, computer-based training, or live training that will help prepare you for working with Microsoft Windows XP: n
Global Knowledge. One of the largest training providers, with worldwide locations. It offers online and classroom training covering a variety of technologies. http://www.globalknowledge.com
n
n n
Hallogram Publishing. Publisher of Keystone training videos and CDs. It offers a wide variety of training materials that include Windows XP Home Edition and Professional. http://www.hallogram.com/keystone/ Learn 2 Store. Online training site. http://www.tutorials.com/ Microsoft Training and Certification Web site. The Microsoft Official Curriculum (MOC) for Windows .NET/XP is more varied and in depth than for previous versions of Windows. Contact Microsoft for a complete listing of courses, along with course outlines and an education provider locator. http://www.microsoft.com/train_cert
n
n
Pinnacle Training. Offers both online and classroom training in a variety of technologies. http://www.pinnacletraining.com/ Wave Technologies. Offers both online and classroom training at various locations. It also has an intensive boot camp for those seeking certification training. http://wave.netg.com/
717
B Key Windows XP Utilities: Native, Resource Kit, and Downloads
I
N PREVIOUS RELEASES OF WINDOWS, Microsoft would supply a resource kit that included a book, or set of books, that covered the operating system in far more detail than the included manual or the online help. It would also include a CD filled with lots of scripts and utilities to better manage the system.
For some reason, Microsoft has decided to discontinue this tradition with Windows XP. The Windows XP Resource Kit includes a CD, but the only thing on it is an HTML copy of the manual.There are no longer any scripts or utilities included with the kit. Fortunately, most of the tools and utilities included with the Windows 2000 Resource Kits run on Windows XP.Two different resource kits are available for Windows 2000: Windows 2000 Professional Resource Kit and Windows 2000 Server Resource Kit.The tools included with the Windows 2000 Professional Resource Kit are the most applicable to Windows XP Professional. This appendix first covers the tools included on the Windows XP CD, and then moves on to the tools in the Windows 2000 Professional Resource Kit. It wraps up by listing some additional tools you can download from the Microsoft Web site.
Windows XP Support Tools The Windows XP Support Tools are an optional set of utilities supplied on the Windows XP CD in the drive:\SUPPORT\TOOLS folder.These tools are useful for managing and troubleshooting Windows XP.
720
Appendix B
Key Windows XP Utilities: Native, Resource Kit, and Downloads
All support tools are listed as the name given to them followed by the executable file in parentheses, as shown in this example: Some Support Tool (sst.exe)
In this example, a utility called Some Support Tool uses the executable file sst.exe.
Active Directory Tools Here is a list of the Active Directory utilities available with the Support Tools: n
ACL Diagnostics (acldiag.exe). Tests, displays, and changes the Access Control List (ACL) entries for Active Directory objects.
n
Display ACLs (dsacls.exe). Displays and changes the ACL entries for Active Directory objects.
n
AD Administration Tool (ldp.exe). Displays and modifies Active Directory objects and their attributes.
n
AD Object Manager (movetree.exe). Used to move Active Directory objects between domains in the same forest.
n
Replication Diagnostics Tool (Repadmin.exe). Used to view the replication topology in an Active Directory forest.
n
AD Replication Monitor (replmon.exe). Used to monitor and control the status and performance of replication in an Active Directory forest.
Computer Management Tools Here is a list of the Computer Management utilities available with the Support Tools: n
Dependency Walker (depends.exe). Reads a Windows system file (.exe, .dll, .ocx, and so on) and builds a dependency tree of other files called by an application.
n
Global Flags Editor (gflags.exe). Turns on internal system diagnostics for troubleshooting purposes.
n
Memory Profiling Tool (memsnap.exe). Takes a snapshot of all running processes and saves it to a log file.
n
Windows Installer Cleanup Utility (msicuu.exe). Used to manually delete the remnants of a failed installation performed by the Windows Installer.
n
Windows Installer Zapper (msizap.exe). Used to manually delete the remnants of a failed installation performed by the Windows installer, when the Windows Installer Cleanup Utility fails.
n
Open Handles (oh.exe). Shows the handles of all open windows and information relating to processes and objects.
Windows XP Support Tools
n
n
n
n
n
Pool Byte Monitor (poolmon.exe). Monitors memory tags for the purpose of diagnosing memory leaks. Process and Thread Status (pstat.exe). Displays the status of all running processes and threads. Set Environment Variables (setx.exe). Sets system or environment variables from information entered on the command line or from the Registry. Service Pack Checker (spcheck.exe). Determines what service pack is installed at the component level. Requires special .ini files from the Microsoft Support site. Set ACLs (xcacls.exe). Sets and modifies the ACL for files or folders.
Deployment Tools Here is a list of the deployment utilities available with the Support Tools: n
Application Deployment Diagnosis (addiag.exe). Shows status of software deployed by IntelliMirror.
n
Compatibility Administration Tool (compatadmin.exe). Used to manage the application compatibility database and create custom fixes that can be deployed to other machines.
n
Page Heap (pageheap.exe). Used to set page heap flags to assist in diagnosing heap-related bugs and memory leaks.
n
Quick Fix Application (qfixapp.exe). A GUI tool used to add a defined set of compatibility fixes to a file.
n
Sidwalker Security Administration Tools (sidwalker.exe). A set of tools used to migrate ACLs and security identifiers (SIDs).
File and Disk Tools Here is a list of the file and disk utilities available with the Support Tools: n
Distributed File System Utility (dfsutil.exe). Used to perform maintenance on the Distributed File System.
n
Directory Disk Usage (diruse.exe). Used to determine actual space used; can be used with normal or compressed files and folders.
n
Disk Manager Diagnostics (dmdiag.exe). Displays detailed disk configuration. Encrypting File System Information (efsinfo.exe). Displays information about encrypted files.
n
n n
File Version (filever.exe). Used to determine the binary build of files. Fault Tolerant Disk Mounter (ftonline.exe). Used to mount and recover files from disks created in previous versions of Windows.
721
722
Appendix B
Key Windows XP Utilities: Native, Resource Kit, and Downloads
Network Management Tools Here is a list of the Network Management utilities available with the Support Tools: n
DHCP Server Locator Utility (dhcploc.exe). Displays the Dynamic Host Configuration Protocol (DHCP) servers on the subnet and captures their packets.
n
DNS Server Troubleshooting Tool (dnscmd.exe). Used to configure and manage Domain Name System (DNS) servers from the command line. Network Monitor Capture Utility (netcap.exe). Used to capture packets on the local segment. Network Connectivity Tester (netdiag.exe). Used to diagnose connectivity problems.
n
n
n
Windows Domain Manager (netdom.exe). Used to create and manage computer accounts and trusts.
n
NLTest (nltest.exe). Used to query and test trust relationships. Point-to-Point Tunneling Protocol Ping Utilities (pptpclnt.exe, pptpsrv.exe). A set of utilities used to verify a PPTP connection.
n
n
SNMP Graphical Query Tool (snmputilg.exe). A GUI tool used to perform basic Simple Network Management Protocol (SNMP) operations.
Performance Tools Here is a list of the Active Directory utilities available with the Support Tools: n
Extensible Performance Counter List (exctrlst.exe). Used to list and enable performance counters on applications and services.
n
Page Fault Monitor (pfmon.exe). Used to monitor and trace the source of page faults.
n
Process Resource Monitor (pmon.exe). Monitors the memory and processor use of processes.
n
Performance Data Block Dump Utility (showperf.exe). Used to test performance counters.
Security Tools Here is a list of the security utilities available with the Support Tools: n
n
Get Security ID (getsid.exe). Compares account SIDs between two domain controllers. Security Descriptor Check Utility (sdcheck.exe). Displays the security descriptor for Active Directory objects.
Windows 2000 Professional Resource Kit
Windows 2000 Professional Resource Kit This section details the tools from the Windows 2000 Professional Resource Kit that can be used in Windows XP Professional. All tools in the resource kit are listed with the name given to them in the resource kit, followed by the executable file in parentheses, as in this example: Some Resource Kit Utility (srku.exe)
In the preceding example, a utility called Some Resource Kit Utility uses the executable file srku.exe.
Administration Scripts Here is a list of administration scripts available in the resource kit: n n n n
n n n n n n n
n n n n n n
n n n
bootconfig.vbs. Returns the boot configuration of the system. bus.vbs. Returns the system bus information for a system. cacheinfo.vbs. Returns the cache information of a system. cdromdrives.vbs. Returns information on the CD-ROM drive(s) installed in a system. checkbios.vbs. Returns information about a system’s BIOS. chkusers.vbs. Searches a domain for a user with specific properties or attributes. codecfile.vbs. Returns information from the Codec files installed in a system. compsys.vbs. Returns the properties of a system. createusers.vbs. Creates new users and can be used with Active Directory. desktop.vbs. Returns the desktop properties of a system. device.vbs. Controls all devices installed on a system; can be used to list devices as well as to start, stop, and pause them. devicemem.vbs. Returns the memory ranges used by installed devices. diskpartition.vbs. Returns information about the disk partitions on a system. dmachan.vbs. Returns the direct memory access (DMA) channels on a system. drives.vbs. Returns information about the physical drives installed on a system. enabledhcp.vbs. Enables DHCP on a system. enumclasses.vbs. Enumerates the Windows Management Instrumentation (WMI) classes on a specified system. enuminstances.vbs. Enumerates the instances in the WMI classes. enumnamespaces.vbs. Enumerates the WMI namespaces. eventlogmon.vbs. Monitors system events.
723
724
Appendix B
n n n n n n n n
n n n n n n
Key Windows XP Utilities: Native, Resource Kit, and Downloads
exec.vbs. Carries out a command or commands. fileman.vbs. Performs a number of simple file operations. group.vbs. Returns a list of the groups contained in a specific domain. groupdescription.vbs. Returns the description assigned to a specified group. irqres.vbs. Returns the interrupt request (IRQ) information for a system. keyboard.vbs. Returns the keyboard configuration on a system. ldordergrp.vbs. Returns the service dependencies on a specified system. listadapters.vbs. Returns information about the network adapters installed in a system. listdcs.vbs. Returns all the domain controllers within a specified domain. listdisplayconfig.vbs. Returns the display configuration on a system. listdomains.vbs. Returns a list of all domains within a specified namespace. listfreespace.vbs. Returns the free space on all drives on a specified system. listmembers.vbs. Returns a list of the members of an Active Directory group. listos.vbs. Returns the properties of the operating system installed on a specified system.
n
listprinters.vbs. Returns all the printers and their properties for a specified system.
n
listproperties.vbs. Returns the properties of a WMI object. listspace.vbs. Returns the size of the drives installed on a system. logmeminfo.vbs. Returns the configuration of the logical memory on a specified system.
n n
n
lstdpconinfo.vbs. Returns the properties of the display adapter installed on a system.
n
modifyldap.vbs. Controls Lightweight Directory Access Protocol (LDAP) administration policies.
n
modifyusers.vbs. Modifies multiple user accounts on a domain or system. motherboard.vbs. Returns the motherboard properties for a system. netconnections.vbs. Returns a list of the current network connections on a system.
n n
n
networkprotocol.vbs. Returns the properties of the installed protocols on a system.
n
osreconfig.vbs. Controls the operating system recovery configuration for a specified system.
n
pagefile.vbs. Modifies the page file on a system. parallelport.vbs. Returns the parallel port properties on a system.
n
Windows 2000 Professional Resource Kit
n n n n n
n
n n n n n
n n n n
n n
n n n n
pointdev.vbs. Returns the pointing device properties on a system. processor.vbs. Returns the properties of the processor installed in a system. programgroups.vbs. Returns the program groups on the system. protocolbinding.vbs. Returns the protocol binding configuration on a system. ps.vbs. Returns a list of all currently running processes for a system. (This is similar to the Unix command of the same name.) pstop.vbs. Returns a list of all currently running processes for a system according to CPU usage. query.vbs. Runs a query against the WMI. regconfig.vbs. Views and modifies the Registry configuration on a system. restart.vbs. Restarts or shuts down a system. schemadiff.vbs. Compares the schema on two different forests. scsicontroller.vbs. Returns the SCSI controller configuration on a specified system. serialport.vbs. Returns the serial port properties on a specified system. service.vbs. Manages (starts, stops, pauses) services on a specified system. share.vbs. Creates and modifies shares on a specified system. sounddevice.vbs. Returns the properties for the installed sound card on a specified system. startup.vbs. Returns a list of the startup programs on a specified system. systemaccount.vbs. Returns the configuration information for the system account on a system. tapedrive.vbs. Returns the tape drive properties on a specified system. thread.vbs. Returns a list of all threads currently running on a system. useraccount.vbs. Returns the information contained in a user account. usergroup.vbs. Adds or removes multiple users from a group.
Debugging Utilities Here is a list of debugging utilities in the resource kit: n
Startup Hardware Detector (installd.cmd). Installs a debug version of NTDetect.com.
n
Windows NT 4.0 OEM Support Tools. Works with Windows NT and OEM and contains four components: Kernel Debugger Extensions, Kernel Memory Space Analyzer, Pool Enhancements, and User Mode Process Dump.
725
726
Appendix B
Key Windows XP Utilities: Native, Resource Kit, and Downloads
Deployment Utilities Here is a list of deployment utilities in the resource kit: n
Automated Installation Tool (sysdiff.exe). Installs applications as part of an unattended installation.
n
Group Policy Migration (gpolmig.exe). Migrates information from Windows NT policies to Windows 2000 Group Policies. L-Bridge (lbridge.cmd). Migrates from the Windows NT LMRepl to the Windows 2000 File Replication Service. Setup Manager (setupmgr.exe). Generates the unattended setup answer files. System Preparation Utility (sysprep.exe). Prepares a newly installed system to be cloned.
n
n n
n
Unattended Setup Parameters Guide (unattend.doc). Explains the unattended setup parameters.
Desktop Management Utilities Here is a list of desktop management utilities in the resource kit: n
Clipboard Organizer (cliptray.exe). Organizes information copied from applications.
n
Command Prompt Here (cmdhere.inf). Places a Command Prompt Here option when a user right-clicks on a folder.
n
Link Check Wizard (chklnks.exe). Checks all shortcut links on a system and allows the removal of dead links.
n
Net Connections (netcons.exe). Displays the current network connections. Quick Resolution Changer (quickres.exe). Quickly changes the display resolution and color depth without resetting the system.
n
n
Quick Tray (quiktray.exe). Organizes the applications running on the Windows Quick Tray.
n
Remap Windows Keyboard Layout (remapkey.exe). Remaps the keyboard keys for different languages and applications.
n
Run Extension (runext.exe). Adds a Run command to the Explorer menu. Soft Input Panel (sipanel.exe). Enables pen computers to use a pen as the input device. Telephony Location Manager (tlocmgr.exe). Configures and controls locations for telephony services. Windows Exit Screen Saver (winext.scr). Logs the user out of the system after a predetermined amount of time.
n
n
n
Windows 2000 Professional Resource Kit
File and Disk Utilities Here is a list of file and disk utilities in the resource kit: n
Associate File Extensions (associate.exe). Adds a file extension association to the Registry.
n
Clip To Clipboard (clip.exe). Dumps the Standard Input (STDIN) to the Clipboard. Create File (creatfil.exe). Creates a file with a specific file size. Delete File and Reparse Points (delrp.exe). Deletes files or folders and their reparse points. Directory Disk Usage (diruse.exe). Returns the amount of disk space used by a folder.
n n
n
n
n
Disk Manager Diagnostics (dmdiag.exe). Returns the system state and configuration of the system storage. Disk Map Display (diskmap.exe). Displays information about a disk and its partition table.
n
Disk Use Display (diskuse.exe). Displays a directory tree and the amount of space each user is using.
n
Dump Config (dumpcfg.exe). Dumps the storage configuration on the system. Duplicate File Finder (dupfinder.exe). Finds duplicate files on the system. Extract Cabinet Files (extract.exe). Extracts compressed files from an installation .cab file (can also be run from the command prompt).
n n
n
File Compression Utility (compress.exe). Compresses files or folders on an NTFS volume with compression enabled (can also be run from the command prompt).
n
File Expansion Utility (expand.exe). Expands a compressed file or folder.
n
File Spy (filespy.exe). Monitors file I/O activity on local or remote systems. Free Disk Space (freedisk.exe). Returns the amount of free disk space on the installed disks.
n
n
FT Registry Information Editor (ftedit.exe). Edits the fault tolerance configuration of the system in the Registry.
n
n
Link Directory (linkd.exe). Links an NTFS folder to another object. List (list.exe). Searches and displays text files. Microsoft Tape Format Verification Tool (mtfcheck.exe). Verifies that a tape is compliant with the Microsoft Tape format. Multiple Copy (mcopy.exe). Copies multiple files while logging the progress.
n
Multiple Tree Copy (mtc.exe). Copies entire folder trees.
n n
727
728
Appendix B
n n
n
n
n
n n n
n
Key Windows XP Utilities: Native, Resource Kit, and Downloads
QGrep (qgrep.exe). Searches text files (similar to the Unix Grep command). Removable Storage Manual Configuration Wizard (rsmconfig.exe). Manually configures robotic library changers. Removable Storage Database Utility (rsm_dbutil.exe). Manages the Removable Storage Database. Removable Storage Integrity Checker (rsm_dbic.exe). Checks the integrity of the Removable Storage Database. Robust File Copy Utility (robocopy.exe). Maintains mirror images of large folder trees on multiple network servers. Take Ownership (takeown.exe). Takes ownership of files and folders. Text Viewer (textview.exe). Edits text. Visual File Information (vfi.exe). Displays attributes and other information about files on the system. Where (where.exe). Searches for a file or files on local and remote systems.
Management Utilities Here is a list of management utilities in the resource kit: n
Application as Services Utility (srvany.exe). Runs applications as a Windows 2000/XP service.
n
Batch File Wait (sleep.exe). Causes a batch file to wait for a predetermined amount of time.
n
Command-Line Environment Variable Tool (setx.exe). Sets command-line environment variables.
n
Command-Line Service Controller (netsvc.exe). Controls services remotely. Default Printer (defptr.exe). Specifies the default printer for the user. Delete Service (delsrv.exe). Removes a service from the system. Event Log Dump (elogdmp.exe). Dumps the event log file to a tab-separated text file.
n n n
n
File-In-Use Replace Utility (inuse.exe). Replaces files that the operating system is currently using.
n
Java/COM Registration Utility (javareg.exe). Registers Java classes on the system.
n
Near-Future Command Scheduler (soon.exe). Schedules commands to occur within the next 24 hours.
n
Now (now.exe). Echoes the current date and time. Offline Files Cache Mover (cachemove.exe). Moves the Offline Files Cache to another location or drive.
n
Windows 2000 Professional Resource Kit
n n
n
n
Path Manager (pathman.exe). Controls the system and user path. Process Tree (ptree.exe). Maps out the processes running on the system and kills them. Process List by User (pulist.exe). Displays all the processes on the system that the user has organized. RAS Trace Enable (traceenable.exe). Enables the tracing capabilities for the Remote Access Service (RAS) and is used to troubleshoot RAS connection failures.
n
Reduce Trace Data (reducer.exe). Processes log files to produce per-thread and per-process reports.
n
Registry Find (regfind.exe). Finds Registry entries. Registry Backup (regback.exe). Backs up all or part of the Registry. Registry Change by Script (regini.exe). Uses batch files to modify the Registry.
n n
n
Registry Dump (regdmp.exe). Dumps all or part of the Registry into a readable text file.
n
Registry Restoration (regrest.exe). Restores all or part of the Registry (the opposite of the Registry Backup utility).
n
Registry Scan (scanreg.exe). Searches through the Registry for keys, values, and value data.
n
Registry Size Estimator (dureg.exe). Estimates how much information is stored in a part of or the entire Registry.
n
Service List (sclist.exe). Displays all the installed services and their current status.
n
Service Controller Tool (sc.exe). Queries the Service Controller about a specific service and then controls that service.
n
Service Installation Wizard (srvinstw.exe). Installs and deletes services on a local or remote system.
n
Service Installer (instsrv.exe). Installs services on a system. Service Monitoring Tools (svcmon.exe). Monitors services on local or remote systems; enables administrators to configure notifications should the status of the monitored services change.
n
n
Show Privilege (showpriv.exe). Displays the permissions assigned to users and groups on the local system.
n
Time Update Utility (timezone.exe). Updates daylight saving time information in the Registry.
n
Time Zone Editor (tzedit.exe). Creates new time zones (should a specific time zone be required).
729
730
Appendix B
n n
n n
n
Key Windows XP Utilities: Native, Resource Kit, and Downloads
Time This (timethis.exe). Measures how long an application runs. Trace Dump (tracedmp.exe). Converts trace logs into a comma-separated values (.csv) file. Trace Log (tracelog.exe). Controls trace logging. Up Time (uptime.exe). Displays the amount of time a system has been up and running. User Profile Deletion Utility (delprof.exe). Deletes Windows 2000 user profiles for the system.
Network Utilities Here is a list of network utilities in the resource kit: n n n
Add Users (addusers.exe). Creates user accounts. Add Users to a Group (usrtogrp.exe). Adds created users to groups. Check User Group (ifmember.exe). Checks whether a user belongs to a group.
n
Clip Pool (clippool.exe). Shares the Clipboard between multiple systems on the network.
n
Con-Current Connection Limiter (cconnect.exe). Monitors user connections to servers and which systems they are logging in to.
n
Console User Manager (cusrmgr.exe). Configures many user properties. DHCP Server Locator Utility (dhcploc.exe). Locates DHCP servers on the network.
n
n
DHCP Objects (dhcpobjs.exe). Exposes the different DHCP objects so that DHCP administration can be automated.
n
Dump FSMO Roles (dumpfsmos.cmd). Dumps the Floating Single Master Operation roles from a Windows 2000 Active Directory network. Enumerating Remote Access Users (rasusers.exe). Returns the remote access users on a system.
n
n
File Access Permissions per User (perms.exe). Displays the permissions granted to a user for a file or folder on the system.
n
Find Group (findgrp.exe). Finds a user’s direct and indirect group membership. Get Security ID (getsid.exe). Obtains and compares the SIDs of two users. Group Policy Results (gpresult.exe). Returns the Group Policy changes made to the current system or user.
n n
n n
Group Copy (grpcpy.exe). Copies a group in the same domain. Group Policy Objects (gpotool.exe). Monitors Group Policy objects.
Windows 2000 Professional Resource Kit
n
n n n
n n n n n
Internet Protocol Security Policies Tools (ipsecpol.exe). Configures how systems handle IPSec; can be used both locally and on remote systems. Kerberos List (klist.exe). Views and deletes Kerberos tickets for the system. Local Groups (local.exe). Lists the members of local groups within domains. Lock Floppy Drive (lockflop.exe). “Locks” the floppy drive so that users cannot read floppy disks. LogOff (logoff.exe). Logs off a user. Move Users (moveuser.exe). Moves users between containers and domains. NL Monitor (nlmon.exe). Tests and debugs trust relationships between domains. NT Rights (ntrights.exe). Grants or revokes user rights. OID Generator (oidgen.exe). Generates Object ID (OID) pairs for use in extending the Active Directory Schema.
n
Permission Copy (permcopy.exe). Copies share and file-level permissions to another share.
n
Printer Administration Objects (prnadmin.dll). Manages and controls printers on local and remote systems.
n
RAS List (raslist.exe). Receives RAS server announcements on the network. Remote Clipboard Viewer (netclip.exe). Views the Clipboard on a remote system. (Information contained in that Clipboard can be copied to the local Clipboard.)
n
n
Remote Command Service (rcmd.exe). Performs command-line commands on local and remote systems.
n
Remote Process Kill (rkill.exe). Terminates processes running on a remote system.
n
Remote Shutdown (shutdown.exe). Shuts down or reboots a remote system. Server Manager (srvmgr.exe). The Windows NT 4.0 Server Manager administration tool.
n
n
Server Share Check (srvcheck.exe). Lists the non-administrative shares on a remote system and returns the ACLs on those shares.
n
Show ACLs (showacls.exe). Returns the access rights for objects on the system. Show Groups (showgrps.exe). Lists all the groups of which a user is a member. Show Members (showmbrs.exe). Shows the members of a specified group. SubinACL (subinacl.exe). Migrates ACL permissions between users and groups. Subnet Objects (subnet_op.vbs). Controls subnet objects in the directory. Switch Users (su.exe and suss.exe). Switches a user’s security context to that of another; similar to the Unix SU command. (For example, a regular user who has an administrative account can call the su.exe command to temporarily become the administrator.)
n n n n n
731
732
Appendix B
n
n
n
n
Key Windows XP Utilities: Native, Resource Kit, and Downloads
TCP/IP Remote Shell Service (rshsvc.exe). Allows remote commands to be performed on a system. Third-Party QOS Control Agent (tpc.exe). Controls quality of service on a network. User Manager for Domains (usrmgr.exe). The Windows NT 4.0 User Manager for Domains administrative tool. User Statistics (usrstat.exe). Lists user information (username, full name, last logon time) in a domain.
n
Whoami (whoami.exe). Displays the domain name and username of the currently logged-on user.
n
WINS Administration Tools (winscl.exe). Administers Windows Internet Naming Service (WINS) database information.
n
WINS Check (winschk.exe). Checks the WINS database for inconsistencies and replication activity.
n
Xcacls.exe (xcacls.exe). Controls the security options set on system folders.
Performance Tuning Utilities Here is a list of performance management utilities in the resource kit: n n
n n
n
n
Clear Memory (clearmem.exe). Clears pages from the system memory. Counter List (ctrlist.exe). Returns a list of all counters and objects installed on the system. CPU Stress (cpustres.exe). Simulates CPU usage. CPU Usage by Processes (qslice.exe). Displays CPU usage by each individual process. Disk Alignment Tool (diskpar.exe). Modifies the starting sector on a disk and is used to improve performance. Empty Working Set (empty.exe). Frees the working set for a task.
n
Extensible Performance Counter List (exctrist.exe). Displays performance counter DLLs installed in the system.
n
Leaky Application (leakyapp.exe). Simulates a leaky application to test system performance in low memory situations.
n
List Loaded Drivers (drivers.exe). Displays the drivers loaded on the system. Page Fault Monitor (pfmon.exe). Displays the page faults on the system. PerfMon Chart Setting Editor (setedit.exe). Edits the files used by the Performance Monitor chart.
n n
n
Performance Data Block Dump Utility (showperf.exe). Dumps Performance Data Block into RAW data.
Windows 2000 Professional Resource Kit
n
n
n
n n n
n
n
Performance Data in the Command Window (typeperf.exe). Displays realtime performance data in a command window. Performance Meter (perfmtr.exe). Creates management information bases for performance counters to be used with SNMP. Performance Monitor 4 (perfmon4.exe). The Windows NT 4.0 Performance Monitor administrative tool. Perf Monitor (wperf.exe). A performance monitor utility. Program Timer (ntimer.exe). Measures the time a program runs. Time-Ordered Processes (top.exe). Lists processes on the system ordered by the most CPU-intensive ones. Total Processors (totlproc.exe). Measures the total amount of memory used by all processors in the system. Virtual Address Dump (vadump.exe). Lists the state and size of the virtual address space.
Scripting Utilities Here is a list of scripting utilities in the resource kit: n
n n
n n
n n
n
Active Perl Scripting Language (activeperl.exe). The Perl scripting language for Windows 2000. ForFiles (forfiles.exe). Enables batch processing. Get Type Version Information (gettype.exe). Returns the operating system version running on the system and is useful for ensuring that the right batch file runs. KiXstart 95 (kix32.exe). Creates logon scripts. LogTime (logtime.exe). Logs the start and stop times of programs run from within a batch file. Timeout (timeout.exe). Pauses an application for a set amount of time. User Input for Batch Files (choice.exe). Waits for the user to make a choice within the batch file. Wait For (waitfor.exe). Synchronizes events between multiple systems.
Security Utilities Here is a list of security utilities in the resource kit: n
n
Encrypted File System Information (efsinfo.exe). Displays information about encrypted files on NTFS partitions. Manipulate Service Principal Names for Accounts (setspn.exe). Controls the service principal names for an account.
733
734
Appendix B
Key Windows XP Utilities: Native, Resource Kit, and Downloads
System Diagnostic Utilities Here is a list of diagnostic utilities in the resource kit: n
API Monitor (apimon.exe). Monitors all application programming interface (API) calls.
n
AppleTalk Network Device Analyzer (atanlyzr.exe). Monitors and analyzes AppleTalk devices on the network. Application Deployment Diagnosis (addiag.exe). Returns information about whether software is installed or available to be installed by IntelliMirror. Audit Policy (auditpol.exe). Modifies the audit policy on a local or remote system.
n
n
n
Browser Monitor (browmon.exe). Monitors the browsers on different domains.
n
DH Compare (dhcmp.exe). Compares two display heap results. Display Heap (dh.exe). Returns information about heaps in the system.
n n
Domain Monitor (dommon.exe). Monitors the status of domain controllers in the current domain and in trusted domains.
n
Dump Event Log (dumpel.exe). Dumps the event log into a tab-separated text file.
n
Enumerate Properties (enumprop.exe). Returns all properties set on an object in Active Directory.
n
Event Logging Utility (logevent.exe). Logs events to a local or a remote system.
n
Finding the Executable Type (exetype.exe). Finds out which processor is required to run an executable. Get MAC Address (getmac.exe). Returns the Media Access Control (MAC) address of a system. GUID to Object (guid2obj.exe). Correlates between an object’s globally unique identifier (GUID) and its distinguished name.
n
n
n n
n
n n
Heap Monitor (heapmon.exe). Displays the system heap information. Installation Monitor (instaler.exe). Tracks changes that setup programs make to the Registry and .ini files. Kernel Profiler (kernprof.exe). Returns profiles for the operating system Kernel on the system. Multicast Packet Tool (mcast.exe). Tests multicasting. OLE/COM Object Viewer (oleview.exe). Configures and tests Microsoft Component Object Model (COM) classes installed on the system.
Microsoft Power Toys for Windows XP
n
n
n n
n
n n
Open Handles (oh.exe). Returns the handles for open windows, objects, and processes. QOS Time Stamp (qtcp.exe). Measures the end-to-end network service quality. RAS Monitor (rasmon.exe). Monitors RAS statistics. RPC Connectivity Verification Tool (rpings.exe). Checks the Remote Procedure Call (RPC) connections between systems (also called RPC Ping). Server Information (srvinfo.exe). Displays information about a system (network, disk, and service information). SNMP Browser (snmputil.exe). Queries an SNMP host. SNMP MIB Compiler (mibcc.exe). Compiles management information base files for SNMP.
Microsoft Power Toys for Windows XP Beginning with the release of Windows 95, Microsoft has made available a collection of utilities nicknamed “Power Toys” that are specific to each operating system. Power Toys usually consist of various utilities to adjust the look and feel of the operating system. They enable you to achieve a more granular customization of the user interface. The Power Toys are available for download at http://www.microsoft.com/ windowsxp/pro/downloads/powertoys.asp. Caution Although these utilities can be freely downloaded from the Microsoft Web site, they are not supported by Microsoft. Use them at your own risk!
Some versions of the Power Toys include souped-up versions of some accessories included with Windows XP, such as a more sophisticated calculator. All the Power Toys in the list that follows are listed by name, followed by the executable file in parentheses, as in this example that shows a Power Toy called Cool Power Toy using the executable file cpt.exe: Cool Power Toy (cpt.exe) n
Alt-Tab Replacement (taskswitch.exe). Instead of just seeing an icon when using the Alt+Tab key combination, you will see a preview of the application window.
n
CD Slide Show Generator (slideshow.exe). Enables you to view stored images as a slide show.
735
736
Appendix B
n
n n
n
n
n
n
n
Key Windows XP Utilities: Native, Resource Kit, and Downloads
HTML Slide Show Wizard (htmlgen.exe). This wizard creates an HTML slide show for your Web site. Image Resizer (imageresizer.exe). Resize your image files. Open Command Window Here (cmdhere.exe). Adds an option to open a command window in the folder that you are viewing in My Computer or Windows Explorer. Power Calculator (powercalc.exe). Powerful calculator with conversion, graphing, and evaluation functions. Taskbar Magnifier (magnifier.exe). Used to magnify a selected part of the screen. Tweak UI (tweakui.exe). Gives you access to additional system settings for finer control of the user interface. Virtual Desktop Manager (deskman.exe). Enables you to use four separate desktops. Webcam Timershot (timershot.exe). Automatically takes pictures with your webcam at a specified interval.
C Windows XP Command-Line Reference
A
T TIMES IT IS FASTER AND more convenient to bypass the GUI interface of Windows XP and perform administrative tasks from the command line, especially if these tasks are scripted.You have learned previously that Windows XP supports more scripting options than Windows NT/2000 or Windows 9x/Me.
Because Windows XP is a result of the marriage between the Professional and the consumer versions of Windows,Windows XP supports the majority of command-line commands and utilities that were present in both Windows NT/2000 and Windows 9x/Me-DOS. However, the syntax and capabilities of some of these programs might have changed slightly from previous versions. In addition, later versions of Windows NT/2000 support a feature called Command Extensions, which adds options to the following commands: n
ASSOC
n
CALL
n
CHDIR (CD)
n
COLOR
n
DATE
n
DEL/ERASE
n
ENDLOCAL
n
FOR
n
FTYPE
n
GOTO
n
IF
738
Appendix C
Windows XP Command-Line Reference
n
MKDIR (MD)
n
PROMPT
n
PUSHD/POPD
n
TIME
n
SET
n
SETLOCAL
n
SHIFT
n
START
For more information about Command Extensions and how it affects individual commands, see the specific command entry in this appendix or in the Windows XP online help.You can turn off Command Extensions for backward-compatibility with older versions of Windows. This appendix lists some of the most common commands you can use to perform a variety of administrative tasks in the Windows XP environment. Most of these commands can be used in scripts to automate some of the repetitive tasks of system administration. Note When the filename or path contains spaces, most Windows XP commands require that you enclose it with quotation marks. For example, you would use quotation marks in the following: dir “c:\Program Files” .
For more information about scripting administrative tasks, see Chapter 21, “Scripting and Automation,” p. 457.
APPEND The APPEND command is used to make it appear that files in other folders are in the current folder. APPEND [[drive:]path[;...]] [/X[:ON | :OFF]] [/PATH:ON | /PATH:OFF] [/E]APPEND ;
Parameter No parameters APPEND ; [[drive:]path /X:ON
Explanation Displays the appended folder list. Clears all appended folders. Specifies the folder to append to the current folder. Specifies that the appended folders are to be used for running applications and file searches.
AT
Parameter
Explanation
/X:OFF
Specifies that the appended folders are to be used only for open file requests.This is the default option. Specifies that the appended folders are to be used for open file requests that already specify a path.This is the default option. Specifies that the appended folders are not to be used for open file requests that already specify a path.
/PATH:ON
/PATH:OFF
/E
Stores the list of appended folders in an environmental variable named APPEND.This option can be selected only the first time you run APPEND after system startup.
ASSOC The ASSOC command is used to associate specific file types with file extensions. ASSOC [.ext[=[fileType]]]
Parameter No parameters .ext fileType
Explanation Displays the current associations. The file extension to associate with a file type. The file type to associate with the file extension.
AT The AT command is used to schedule programs or batch files to run at a specified time. AT [\\computername] [ [id] [/DELETE] | /DELETE [/YES]] AT [\\computername] time [/INTERACTIVE] [ /EVERY:date[,...] | /NEXT:date[,...]] “command”
Parameter \\computername
Explanation Specifies the computer to run the command on. If blank, the local computer is assumed.
id
Identification number assigned by the system to the scheduled process.
/DELETE
Deletes all scheduled jobs. If a specific job ID is indicated, only that job is deleted.
/YES
Prevents the “Are You Sure?” prompt from appearing when you specify deleting all jobs.
739
740
Appendix C
Windows XP Command-Line Reference
Parameter
Explanation
time
Specifies the time that the job will run. Specifies that the job is able to interact with the user who is logged on when the job runs. Runs the job on the specified days of the week or month. If blank, the current date is assumed. Runs the job on the next occurrence of the specified day. If blank, the current data is assumed.
/INTERACTIVE
/EVERY:date[,....]
/NEXT:date[...]
“command” .
Command or batch file to be run.
Although the AT command is still supported in Windows XP, the SCHTASKS command provides more functionality. For more information about the AT and SCHTASKS commands, see Chapter 21, “Scripting and Automation,” p. 457.
ATTRIB This command is used to set, remove, or display the attributes assigned to a file or folder. ATTRIB [+R | -R] [+A | -A ] [+S | -S] [+H | -H] [[drive:] [path] filename] ➥[/S [/D]]
Parameter + R A S H [[drive:][path] filename]
/S
/D
Explanation Adds an attribute. Removes an attribute. Read-only. Archive. System file. Hidden file. The file or files to use.Wildcards (? or *) are permitted. Changes the files in the current folder and all subfolders. Sets the same attributes on the folders the files are in.
BOOTCFG The BOOTCFG command is used to display, add, change, or delete the settings in the boot.ini file. Using the BOOTCFG command, you can make changes or add new
CACLS
operating system (OS) entries to the boot.ini file to control how the operating system is started. BOOTCFG /parameter [arguments]
Parameter /Addsw /Copy
/Dbg1394 /Debug /Default /Delete /EMS
/Query /Raw /Rmsw /Timeout
Explanation Used to add switches to entries in the boot.ini file. Adds another OS boot selection to the boot.ini file (duplicates an existing entry that can then be modified). Used to configure port 1394 debugging. Used to specify the port and baud rate for a remote debugger. Used to change the default OS boot entry. Used to delete an OS entry. Used to change the Emergency Management Services (EMS) configuration. Displays the contents of the boot.ini file. Used to add optional OS load options to an OS entry. Used to remove OS load options from an OS entry. Changes the boot timeout value.
Note For more information about operating system load options and the contents of the boot.ini file, see the Microsoft KnowledgeBase article “Q170756: Available Switch Options for Windows NT Boot.ini File.”
CACLS The CACLS command is used to display or change the Access Control List (ACL) of the specified file. CACLS filename [/T] [/E] [/C] [/G user:perm] [/R user [...]] [/P user:perm [...]] [/D user [...]]
Parameter filename /T /E /C
Explanation The file to be displayed or changed. Changes ACLs in the current folder and all subfolders. Edits the ACL. Ignores errors.
741
742
Appendix C
Windows XP Command-Line Reference
Parameter
Explanation
/G user:perm
Assigns a user the specified rights: W—Write R—Read C—Change F—Full Control Revokes the user’s access rights. Must be used with /E. Replaces the user’s specified rights:
/R user /P user:perm
N—None W—Write R—Read C—Change F—Full /D user
Control Denies access to the specified user.
Tip Multiple users and files can be specified in a command. Wildcards are also allowed in the filename.
CALL You can use the CALL command to call a batch file from another batch file without ending the first batch file. In addition, the CALL command is capable of transferring control to a label in the same batch file, but in a new batch file context. CALL [drive:][path]filename [batch-parameters] CALL :label [arguments]
Parameter [drive:][path]filename
[batch-parameters] :label
Explanation The name and location of the batch file. It must have a .bat or .cmd extension. Any parameters needed by the batch file. The name of the label where control is transferred.
CHKDSK
CHDIR (CD) The CHDIR command changes the focus of the command line to a different folder or displays the name of the current folder. Either CHDIR or the abbreviation CD is acceptable. CHDIR [/D] [drive:][path] CHDIR [..] CD [/D] [drive:][path] CD [..]
Parameter No parameters [drive:][path] .. /D
Explanation Displays the current drive name and folder. The drive and folder you want to change to. Specifies that you want to change to the parent folder. Changes the current drive as well as the current folder.This switch is supported only when Command Extensions is enabled.
CHKDSK The CHKDSK command lists and corrects disk or file errors. Some of its functions require that the disk be locked. If it cannot be locked, the requested procedure is performed on the next system restart. CHKDSK [volume[[path]filename]]] [/F] [/V] [/R] [/X] [/I] [/C] [/L[:size]]
Parameter volume filename /F /V
/R /X /I /C /L:size
Explanation Specifies the drive, mount point, or volume. FAT only. Checks file(s) for fragmentation. Fixes any errors that are found. Verbose mode. NTFS: Displays any cleanup messages. FAT/FAT32: Displays the path and filename of every file. Finds and recovers bad sectors. Forces a volume dismount. Quick check of the index on NTFS. Skips cycle checking on NTFS. Changes NTFS log file size in kilobytes.
743
744
Appendix C
Windows XP Command-Line Reference
CHKNTFS The CHKNTFS command displays or changes the setting that indicates whether to run automatic disk checking at boot time. CHKNTFS CHKNTFS CHKNTFS CHKNTFS CHKNTFS
volume [...] /D /T[:time] /X volume [...] /C volume [...]
Parameter volume
No switches /D
/T:time /X /C
Explanation This required entry specifies the drive letter, mount point, or volume name you are working with. Shows the current CHKNTFS configuration for the specified volume and indicates whether it is dirty. Sets the computer to check all drives at boot and run CHKDSK on those that are dirty.This option is the default. Used to change the AUTOCHK countdown time. Used to exclude a drive from boot time checking. Used to schedule an individual drive to be checked at boot time.
CIPHER The CIPHER command is used to display or change the encryption of files or folders on an NTFS volume. CIPHER CIPHER CIPHER CIPHER CIPHER
[/E | /D] [/S:folder] [/A] [/I] [/F] [/Q] [/H] [pathname [...]] /K /R:filename /U [/N] /W:folder
Parameter No parameters /A
/D /E
Explanation Displays the encryption state of the current folder and its files. Specifies that the operation is to be performed on both files and folders. Decrypts the specified folder. Encrypts the specified folder.
CMD
Parameter
Explanation
/F
Forces encryption or decryption of the specified objects. Displays any files that have Hidden or System attributes.The default is for these files not to be encrypted. Ignores errors. Creates a new encryption key for the current user.This option cannot be used with any other switches. Used only with the /U switch to prevent keys from being updated.
/H
/I /K
/N
/Q /R:filename /S:folder /U /W:path
Displays only essential information. Generates a recovery agent certificate and private key. The folder to perform the specified operation in. Updates the user’s or recovery agent’s file encryption key. Removes data from unused portions of a volume.
CMD The CMD command starts a separate copy of the command interpreter. CMD [/A | /U] [/Q] [/D] [/E:ON | /E:OFF] [/F:ON | /F:OFF] [/T:fg]_ ➥[/V:ON | /V:OFF] [[/S] [/C | /K] string]
Parameter /C
Explanation Opens a new command window, performs the command, and then terminates.
/K
Opens a new command window, performs the command, and leaves the command window open.
/S
Changes the treatment of a string after /C or /K. Quiet mode; turns echo off. Turns off AutoRun commands from the Registry. All output will be in ANSI. All output will be in Unicode. Allows for delayed environment variable expansion, such as an execution time.
/Q /D /A /U /V:ON
/V:OFF /T:fg
Turns off delayed environment expansion. Configures the foreground and background colors. For available colors, see the COLOR command later in this appendix.
745
746
Appendix C
Windows XP Command-Line Reference
Parameter
Explanation
/E:ON
Turns on the Command Extensions feature. Turns off the Command Extensions feature. Turns on file and directory name-completion characters. Turns off file and directory name-completion characters. Specifies the command to be interpreted.
/E:OFF /F:ON /F:OFF string
COLOR The COLOR command sets the foreground and background colors of the current command-line session.The first digit represents the foreground color; the second is the background. If the COLOR command is entered without an argument, the system default is restored. COLOR [attr] attr
Parameter 0 1 2 3 4 5 6 7 8 9 A B C D E F
Explanation Black Blue Green Aqua Red Purple Yellow White Gray Light blue Light green Light aqua Light red Light purple Light yellow Bright white
COMPACT
COMP The COMP command compares the contents of two files byte by byte. COMP [data1] [data2] [/D] [/A] [/L] [/N=number] [/C] [/OFF[LINE]]
Parameter No parameters data1 data2 /D
/A /L /N=number /C /OFFLINE
Explanation Prompts for filenames. Name and location of first file. Name and location of second file. Displays the file differences in decimal format.The default is hexadecimal. Displays the file differences in ASCII format. Displays the line numbers of file differences. Compares only the first N lines. Ignores letter case when comparing. Forces a compare against offline files.
COMPACT The COMPACT command enables you to display or modify the compression state of files or directories on NTFS partitions. COMPACT [/C | /U] [/S[:folder]] [/A] [/I] [/F] [/Q] [filename [...]]
Parameter No parameters /C /U /S
/A /I /F /Q filename
Explanation Displays the compression state of the current folder and its contents. Compresses the specified file or folder. Uncompresses the specified file or folder. Performs the specified action in the current folder and all subfolders. Displays hidden or system files. Ignores errors. Forces the recompression of partially compressed files. Displays a summary of the file or folder’s compression state. Can specify multiple files or folders or use wildcards (* or ?).
747
748
Appendix C
Windows XP Command-Line Reference
Note The /F switch is used when a compression or uncompression operation is interrupted, and files are left in an intermediate state. Any files that have completed the operation successfully are ignored.
CONVERT The CONVERT command is used to convert FAT or FAT32 volumes to NTFS.To perform this operation, the drive must be locked. If it cannot be locked, the operation is performed on the next restart.The conversion process is non-destructive. However, it cannot be reversed without backing up the drive and reformatting and restoring the files. CONVERT volume /FS:NTFS [/V] /cvtarea:filename /nosecurity /X
Parameter
Explanation The drive letter, mount point, or volume name to be converted.
volume
Specifies that the volume is to be converted to NTFS. Verbose mode.This option displays all system messages during conversion.
/FS:NTFS /V
/cvtarea:filename
Forces the Master File Table and other NTFS metadata files to be written to the specified contiguous placeholder file.
/nosecurity
Assigns permissions for the converted volume to the Everyone group.
/X
Forces a volume dismount.
COPY The COPY command is used to copy one or several files to a new location, with the existing or a new filename. COPY [/V] [/N] [/Y | /-Y] [/Z] [/A | /B ] source [/A | /B] [+ source [/A | /B] [+ ...]] [destination [/A | /B]]
Parameter source destination /V /N
Explanation The name and path of the files to be copied. The name (optional) and folder that the files are to be copied to. Verifies that the file has been copied correctly. Converts the destination filename to an eight-dot-three name.
DATE
Parameter
Explanation
/Y
Does not prompt when overwriting an existing file. Forces prompting when overwriting an existing file. Copies files in restartable mode.This allows a file copy interrupted by network problems to resume.This option is useful when copying large files across a network. Specifies that the file is ASCII. Specifies that the file is binary. Copies a source file so that it can be decrypted.
/-Y /Z
/A /B /D
The COPY command can also be used to concatenate multiple text files.To do this, specify multiple files for the source in the format file1+file2+file3 and specify a single destination. Note When using the COPY command in a batch file, the default is to overwrite existing files without prompting. This behavior can be changed by using the /-Y switch on the command line or in the COPYCMD environment variable.
DATE The DATE command is used to display or set the date. date [mm-dd-yy] date [/t]
Parameter [mm-dd-yy]
/t
Explanation Sets the date.Values must be separated by periods (.), hyphens (-), or slash marks (/): mm can be 1 through 12. dd can be 1 through 31. yy can be 80 through 99 or 1980 through 2099. Displays the date without prompting for a new date. Requires Command Extensions.
749
750
Appendix C
Windows XP Command-Line Reference
DEFRAG The DEFRAG command reorganizes fragmented files into contiguous clusters to improve read performance. defrag [-a] [-f] [-v]
Parameter volume -a -f
-v
Explanation The drive letter or mount point to be defragmented. Performs an analysis of the volume. Forces the defragmentation to run even when there is insufficient free space. Runs in verbose mode.
Tip The DEFRAG utility requires the volume to have at least 15% free space to be completely defragmented.
DEL/ERASE The DEL and ERASE commands can be used to delete specified files or folders. DEL [/P] [/F] [/S] [/Q] [/A[[:]attributes]] names ERASE [/P] [/F] [/S] [/Q] [/A[[:]attributes]] names
Parameter names
/P /F /S
/Q /A
Explanation The names of one or more files and/or folders.Wildcards are permitted. Prompts for confirmation before deleting. Forces the deletion of read-only files. Deletes the specified files from the current folder and all subfolders. Displays the filenames that were not found. Quiet mode; does not ask for confirmation. Deletes files based on attributes: R—Read-only A—Archive S—System H—Hidden -—Removes
an attribute
DIR
Tip When Command Extensions is enabled, the /S switch displays the names of files being deleted.
DIR The DIR command is used to list files and folders in a variety of different formats. DIR [drive:][path][filename] [/A[[:]attributes]] [/B] [/C] [/D] [/L] [/N] _[/O[[:]sortorder]] [/P] [/Q] [/S] [/T[[:]timefield]] [/W] [/X] [/4]
Parameter No parameters
Explanation When DIR is entered without parameters, a list of files and folders is displayed for the current path. Included are the name, size, and date the object was last modified. DIR also presents a summary of the total number of files and folders listed, the total size, and any free space remaining. By default, hidden or system files are not listed.
[drive:][path][filename]
Specifies the folders and/or files to list.Wildcards (* or ?) are accepted.
/A:attributes
When this switch is used without any attributes, all files and folders are displayed, including hidden and system files.When an attribute is present, DIR displays the files and folders with that attribute.You can use multiple attributes, but do not separate them with spaces. Attributes are the following: D—Directories H—Hidden S—System R—Read-only A—Archived -—Not
/P
/B
Displays a screen of information and then pauses.To see the next screen, press any key. Bare format; no headers or summary information is listed.
751
752
Appendix C
Windows XP Command-Line Reference
Parameter
Explanation
/C
Displays the thousands separator in file sizes.This is the default setting. Sorts files by column. Lists files in the designated order: N—Name E—Extension G—Directories first
/D /O:sortorder
S—Smallest
first D—Oldest first -—Reverse order Wide format; displays in multiple columns. Displays the eight-dot-three name with the long name.
/W /X
Displays the owner of the file. Displays files in the current folder and all subfolders. Specifies which time value is used for display and sorting:
/Q /S /T:timefield
A—Access C—Creation W—Last
written Displays in lowercase. Displays filenames on the right side of the screen. Displays four-digit years.
/L /N /4
To change the default behavior of the DIR command, add the desired switches to the DIRCMD environment variable.
DISKCOMP The DISKCOMP command compares the contents of two floppy disks. DISKCOMP [drive1: [drive2:]]
Parameter No parameters drive1 drive2
Explanation Uses the current drive for both floppy disks. The drive for the first floppy disk. The drive for the second floppy disk.
DOSKEY
DISKCOPY The DISKCOPY command makes a copy of a floppy disk. DISKCOPY [drive1: [drive2:]] [/v]
Parameter No parameters drive1 drive2 /v
Explanation Uses the current drive for both floppy disks. The drive for the source disk. The drive for the second floppy disk. Verifies the copied information.
DISKPART DISKPART enables you to create and manage disk, disk partitions, or volumes by using a
script. diskpart [/s script]
Parameter /s script
Explanation The script with the desired configuration.
DOSKEY The DOSKEY command is used to store and recall the command history when working from the command prompt.You can also use it to create macros that you can use when running specific programs.The DOSKEY program is automatically loaded in commandprompt sessions. DOSKEY [/REINSTALL] [/LISTSIZE=size] [/MACROS[:ALL | :exename]] [/HISTORY] _ [/INSERT | /OVERSTRIKE] [/EXENAME=exename] [/MACROFILE=filename] _[macroname=[text]]
Parameter /REINSTALL /LISTSIZE=size
/MACROS /MACROS:ALL /MACROS:exename
Explanation Clears the command history buffer. Specifies the number of entries to save in the command history buffer. Lists all the currently loaded DOSKEY macros. Lists all the currently loaded .exe macros. Lists all macros for the executable.
753
754
Appendix C
Windows XP Command-Line Reference
Parameter
Explanation
/HISTORY
Displays the command history. Configures the command line to be in insert mode. Configures the command line to be in overstrike mode. Specifies the program name the macro will work with. Specifies the name of the macro file to load. The name of the macro you create. The macro commands.
/INSERT /OVERSTRIKE /EXENAME=exename /MACROFILE=filename macroname text Up Arrow Down Arrow ESC F7 Alt+F7 F8 F9 Alt+F10
Previous command. Next command. Clears the command line. Displays the command history. Clears the command history. Searches the command history. Selects a command by number. Clears macros.
Note For more information about the DOSKEY command and instructions and examples for creating and configuring macros, see the Windows XP online help.
DRIVERQUERY The DRIVERQUERY command lists installed device drivers. DRIVERQUERY [/S system [/U domain\username [/P [password]]]] [/FO format] [/NH] [/SI] [/V]
Parameter No parameters /S system /U domain\username
/P password /FO {Table|List|CSV}
Explanation Displays driver information. The name or IP address of a remote computer. Runs the command with the user rights of the specified user.The default is to run as the logged on user. The password of the account specified by /U. Specifies the output format. Table is the default.
ENDLOCAL/SETLOCAL
Parameter
Explanation
/NH
Omits the header row when the output format is Table or CSV. Displays digital signature information. Verbose mode.
/SI /V
ECHO The ECHO command is used to control command-line echoing and can be used to display messages from a batch file. ECHO [ON | OFF] ECHO [message]
Parameter No parameters [ON | OFF] [message]
Explanation Displays the current ECHO setting. Turns the ECHO command on or off. The message you want displayed onscreen.
ENDLOCAL/SETLOCAL The ENDLOCAL/SETLOCAL commands can be used to isolate environment variables inside batch files. Any changes to the environment set after the SETLOCAL statement will be restored to the original state after the ENDLOCAL statement is encountered or the batch file has ended. ENDLOCAL SETLOCAL[/P] [/F] [/S] [/Q] [/A:attribute]
Parameter /P /F /S /Q /A
Explanation Confirms before each deletion. Deletes read-only files. Deletes specified files. Quiet mode; does not ask for confirmation. Deletes files based on attributes: R—Read-only A—Archive
755
756
Appendix C
Windows XP Command-Line Reference
Parameter
Explanation S—System H—Hidden -—Removes +—Adds
an attribute
an attribute
EXPAND The EXPAND command extracts files from the distribution disks shipped with Windows XP. EXPAND [-r] source [destination] EXPAND -d source.cab [-f:files] EXPAND source.cab -f:files destination
Parameter -r source
and
source.cab
-d -f:files destination
Explanation Specifies that the expanded file is to be renamed. Specifies the source file(s) to be expanded.Wildcards (* or ?) are accepted. Displays a list of the source files. Specifies which files in a .cab file are to be expanded. Specifieswhere the expanded files are to be placed.
FC The FC command compares the contents of two files. FC [/A] [/C] [/L] [/LB n] [/N] [/OFF[LINE]] [/T] [/U] [/W] [/nnn][drive1:] [path1]filename1 [drive2:][path2]filename2 FC /B [drive1:][path1]filename1 [drive2:][path2]filename2
Parameter No parameters drive1 drive2 /A /B
Explanation Prompts for filenames. Name and location of first file. Name and location of second file. Displays only the first and last line of file differences. Performs a binary comparison.
FORMAT
Parameter
Explanation
/C
Ignores letter case when comparing. Compares as ASCII text. Compares only the first N lines. Displays the line numbers. For ASCII comparisons only. Does not convert tabs to spaces.The default is to treat tabs as spaces. Compares as Unicode.
/L /LB n=number /N /T
/U
/nnn
Compresses whitespace. The number of consecutive lines that must match after a mismatch.
/OFFLINE
Forces a compare against offline files.
/W
FIND The FIND command is used to locate a string of text in a file. FIND [/V] [/C] [/N] [/I] “string” [[drive:][path]filename[ ...]]
Parameter
Explanation Displays all lines in the file that do not contain the text string.
/V
/C
Displays the number of lines that contain the text string.
/N
Displays line numbers for the displayed lines of text. Performs a search that is not case sensitive. The string to find. Must be enclosed in quotation marks.
/I “string”
[drive:][path]filename
The location and names of the files to search.
FORMAT The FORMAT command is used to prepare CDs or floppy disks for storing information. FORMAT FORMAT FORMAT FORMAT FORMAT
volume volume volume volume volume
[/FS:filesystem] [/V:label] [/Q] [/A:size] [/C] [/X] [/V:label] [/Q] [/F:size] [/V:label] [/Q] [/T:tracks /N:sectors] [/V:label] [/Q] [/1] [/4] [/Q] [/1] [/4] [/8]
757
758
Appendix C
Windows XP Command-Line Reference
Parameter volume /FS:filesystem
/V:label
/Q
/C
/X /A:size
/F:size
/T:tracks
/N:sectors
Explanation Specifies the mount point, volume, or drive letter to format. Specifies the type of file system to format the disk.The choices for hard drives are NTFS, FAT, and FAT32. Disks can be formatted only in FAT, unless you use a third-party tool. Allows you to enter a volume label. If you enter /V without a name, the disk is formatted without a label. If you omit the /V, you are prompted for a label after the format is finished. Performs a quick format and does not scan for bad areas. Never use this option on a disk that was not previously formatted. Configures the formatted drive to use compression. For NTFS only. Forces a volume dismount before format. Allows you to specify a custom allocation unit size, using the following options: 512 bytes per cluster 1024 bytes per cluster 2048 bytes per cluster 4096 bytes per cluster 8192 bytes per cluster 16KB per cluster 32KB per cluster 64KB per cluster The formatted size of the disk.Values are 160, 180, 320, 360, 720, 1200, 1440, 2880, and 20800. The number of tracks on the disk; mutually exclusive with the /F switch.You must use the /N switch with the /T switch. The number of sectors on the disk; mutually exclusive with the /F switch.You must use the /T switch with the /N switch.
Tip Not all file systems support all cluster sizes. For general use, the default cluster sizes are recommended. NTFS compression does not support allocation unit sizes above 4096.
GOTO
FSUTIL The FSUTIL command is used to configure the Windows XP file system from the command line. FSUTIL subcommand parameters
Parameter Behavior
Dirty File Fsinfo Hardlink Objectid Quota Reparsepoint Sparse USN
Volume
Explanation Used to display or change the settings that control how files are displayed and events are logged. Used to display or configure a volume’s dirty bit. Used to manipulate low-level settings for a file. Used to display detailed file system information. Used to manually create a directory entry for a file. Used to manage object identifiers for the file system. Used to manage disk quotas. Used to display or delete reparse points. Used to manage sparse files. Used to manage the Update Sequence Number (USN) change journal for the file system. Used to mount/dismount or query a volume.
GOTO The GOTO command is used in a batch file to redirect Windows XP to the line in the batch file after the label specified as a GOTO argument.The Command Extensions feature adds several options to the GOTO command, allowing it to interact with the CALL command. For more information, see the section on the CALL command earlier in this appendix. GOTO label
Parameter label
Explanation The text string preceded with a colon to signify the beginning of a section of batch code.
759
760
Appendix C
Windows XP Command-Line Reference
GPRESULT The GPRESULT command displays the Resultant Set of Policies (RSOP) for a user or computer. GPRESULT [/S system [/U username [/P [password]]]] [/SCOPE scope] [/USER username] [/V | /Z]
Parameter No parameters /S system /U username /P password /USERNAME /SCOPE {USER|COMPUTER}
/V /Z
Explanation Displays Group Policies for the current user and computer. The remote system to connect to. The user context to run the command in. The password for the user context. The user whose Group Policy data will be displayed. Can be USER or COMPUTER; the type of policies to be displayed. Verbose mode. Super verbose mode.
GPUPDATE The GPUPDATE command refreshes the Group Policy settings for a user and/or computer. gpupdate [/target:{computer|user}] [/force] [/wait:] [/logoff] [/boot] [/sync]
Parameter /target:{computer|user}
/force
/wait:value
/logoff
/boot
/sync
Explanation Which settings to process.The default is to process both. Forces all policy settings to be reapplied.The default is to apply only changed or new settings. The number of seconds to wait for policy processing to complete.The default is 600 seconds. Will log off after policy processing has completed, if any policies require it. Will reboot after policy processing has completed, if any policies require it. Applies the policies synchronously.
IF
HOSTNAME The HOSTNAME command returns the TCP/IP name of the computer it is running on. This output can be directed to a file.This command is available only if TCP/IP is installed.There are no switches for this command.
IF The IF command is used to perform conditional processing in a batch file.This means if a condition is true, the command is performed; if the condition is false, the command is ignored or a different command is performed. IF [NOT] ERRORLEVEL number command IF [NOT] string1==string2 command IF [NOT] EXIST filename command
Parameter NOT ERRORLEVEL number
EXIST filename string1==string2
command
ELSE
Explanation The command is performed only if the condition is false. The command is performed only if the last program or command performed returned an exit code equal to or greater than the specified number. If the file exists, the command is performed. Performs a compare on the entered strings; if they are identical, the command is performed. This command is performed if the specified condition has been met. If the specified condition was not met, any commands after the ELSE clause are performed.
If Command Extensions is enabled, the IF command can use the following format: IF [/I] string1 compare-op string2 command IF DEFINED variable command
Parameter /I
compare-op
Explanation Tells the IF command to perform string compares that are not case sensitive. Specifies the type of comparison to perform: EQU—Equal NEQ—Not equal LSS—Less than
761
762
Appendix C
Windows XP Command-Line Reference
Parameter
Explanation LEQ—Less
DEFINED variable
than or equal GTR—Greater than GEQ—Greater than or equal The DEFINED option is equivalent to EXIST, except it tests for the existence of an environment variable.
LABEL The LABEL command creates or modifies the volume label on a drive, volume, or mount point. LABEL [drive:][label] LABEL [/MP] [volume] [label]
Parameter drive: label /MP
volume
Explanation The drive to be configured. The new label. Indicates that you are working with a mount point or volume. Not necessary if the volume name is specified. Can be a drive letter, mount point, or volume name.
MKDIR (MD) The MKDIR command creates a folder or subfolder in Windows XP. Either MKDIR or the abbreviation MD is acceptable. MKDIR [drive:]path MD [drive:]path
Note If Command Extensions is enabled, any intermediate folders specified in the MKDIR command are created. The maximum length of the path varies, depending on which file system the folders are being created.
MORE The MORE command is used with other commands or programs to display information one screen at a time.Typically, the output of a command is piped into the MORE command.You can use the MORE subcommands to control how the information is viewed.
MOUNTVOL
MORE [/E [/C] [/P] [/S] [/Tn] [+n]] < [drive:][path]filename command-name | MORE [/E [/C] [/P] [/S] [/Tn] [+n]] MORE /E [/C] [/P] [/S] [/Tn] [+n] [files]
Parameter /E
Explanation This switch enables the extended features.When they are enabled, the following commands are available from the MORE prompt: Spacebar—Show next page Enter key—Show
next line line number ? —Show help P n—Show next n lines S n—Skip n lines F—Show next file Q—Quit Clears the screen. Expands form feed characters. Displays multiple blank lines as a single blank line. Displays tabs as n spaces.The default is 8. Displays the first file beginning with line n. The file to be displayed. The command that has its output piped into MORE. One or more files to be displayed. Separate multiple filenames with spaces. =—Show
/C /P /S /Tn +n [drive:][path]filename command-name files
MOUNTVOL A mount point allows you to link a volume partition to an NTFS folder, meaning you can increase space on a system or network without using another drive letter.The MOUNTVOL command enables you to create, delete, or list the volume mount points in use. MOUNTVOL [drive:]path VolumeName MOUNTVOL [drive:]path /D MOUNTVOL [drive:]path /L
763
764
Appendix C
Windows XP Command-Line Reference
Parameter [drive:]path VolumeName /D /L
Explanation The location of the NTFS folder to be used as the mount point. The volume name that will be linked to the mount point. Deletes the mount point. Lists any mounted volumes linked to the specified folder.
MOVE The MOVE command moves files from one folder to another or is used to rename a folder. To move one or more files, use this command: MOVE [/Y | /-Y] [drive:][path]filename1[,...] destination
To rename a folder, use this command: MOVE [/Y | /-Y] [drive:][path]foldername1 foldername2
Parameter /Y
/-Y
[drive:][path]filename1 destination [drive:][path]foldername1 foldername2
Explanation Quiet mode; does not prompt for confirmation if you want to overwrite a file. Prompts for confirmation if you want to overwrite a file. The files you want to move. The new location of the files. The folder you want to rename. The new name for the folder.
Tip When using the MOVE command in a batch file, the default is to overwrite existing files without prompting. This behavior can be changed by using the /-Y switch on the command line or in the COPYCMD environment variable.
MSINFO32 See the description for WINMSD.
NET ACCOUNTS
NET There are numerous NET commands available in Windows XP for performing such tasks as mapping drives, starting and stopping services, adding user accounts, and connecting printers. NET [ ACCOUNTS | COMPUTER | CONFIG | CONTINUE | FILE | GROUP | HELP |_ HELPMSG | LOCALGROUP | NAME | PAUSE | PRINT | SEND | SESSION | SHARE |_ START | STATISTICS | STOP | TIME | USE | USER | VIEW ]
NET ACCOUNTS The NET ACCOUNTS command changes the user account configuration for all accounts. NET ACCOUNTS [/FORCELOGOFF:{minutes | NO}] [/MINPWLEN:length] [/MAXPWAGE:{days | UNLIMITED}] [/MINPWAGE:days] [/UNIQUEPW:number] [/DOMAIN]
Parameter FORCELOGOFF:{minutes | NO}]
/MINPWLEN:length
/MAXPWAGE:{days | UNLIMITED}
/MINPWAGE:days
Explanation Specifies how long the system waits before automatically logging the user off when the user account or the logon time has expired. The default option of NO prevents any forced logoffs. Specifies the minimum number of characters accepted as a user password.The default is 6 characters and can be configured from 0 to 127. Specifies the maximum number of days before a user has to change his or her password.The default is 90 days and can be configured from 1 to 999.This option must be greater than MINPWAGE. Specifies the minimum number of days before a user can change his or her password.The default is 0 days and can be configured from 1 to 999.
765
766
Appendix C
Windows XP Command-Line Reference
Parameter
Explanation
/UNIQUEPW:number
Sets the number of password changes that must elapse before the user can reuse a password.The default is 5 changes and can be configured from 0 to 24. Applies the changes to the domain controller. If this option is omitted, all changes are performed on the local machine. Can have the /SYNC switch appended, which causes all domain controllers to perform a resync.
/DOMAIN
NET COMPUTER The NET COMPUTER command is used to add or delete computer accounts from the Windows 2000/Server 2003 Active Directory database.This command requires Domain Administrator privileges. NET COMPUTER \\computername [/ADD | /DEL]
Parameter \\computername
/ADD /DEL
Explanation The name of the computer account to perform the operation on. Adds the computer account to the domain database. Deletes the computer account from the domain database.
NET CONTINUE The NET CONTINUE command restarts a service that has been paused.The NET CONTINUE service can be used with the NET PAUSE service to reset a service without terminating user connections. NET CONTINUE service
NET GROUP The NET GROUP command is used to add, display, or modify Windows 2000/Server 2003 Global Groups in an Active Directory domain.This command requires Domain Administrator rights. NET GROUP [groupname [/COMMENT:”text”]] [/DOMAIN] groupname {/ADD [/COMMENT:”text”] | /DELETE} [/DOMAIN] groupname username [...] {/ADD | /DELETE} [/DOMAIN]
NET ACCOUNTS
Parameter No parameters
Explanation Displays a list of the groups on a server. The group to perform operations on.With no additional switches, this option displays a list of members in the group. Adds the group to the domain. Deletes the group from the domain. Adds a comment to a new or existing group. Up to 48 characters are permitted.
groupname
/ADD /DELETE /COMMENT:”text”
/DOMAIN
groupname username [...]
This option is required when running the command on a Windows 2000 Professional machine. It forces the command to look for the domain controller. Allows you to specify a username to add to or delete from a group. Multiple names can be listed, but they must be separated by spaces.
NET HELPMSG The NET HELPMSG command can be used to help interpret Windows XP error messages. Just enter the error message number you receive in the following command: NET HELPMSG message#
NET LOCALGROUP The NET LOCALGROUP command is used to add, display, or modify Windows XP local groups.This command requires Administrator or Power User rights. NET LOCALGROUP [groupname [/COMMENT:”text”]] [/DOMAIN] groupname {/ADD [/COMMENT:”text”] | /DELETE} [/DOMAIN] groupname name [...] {/ADD | /DELETE} [/DOMAIN]
Parameter No parameters groupname
/ADD /DELETE
Explanation Displays a list of the groups on a computer. The group to perform operations on.With no additional switches, this option displays a list of members in the group. Adds the username or global group to the local group. Deletes the username or global group from the local group.
767
768
Appendix C
Windows XP Command-Line Reference
Parameter
Explanation
/COMMENT:”text”
Adds a comment to a new or existing group. Up to 48 characters are permitted. Specifies that the command is to be performed on the domain controller. Allows you to specify a global group or username to add to or delete from a local group. Multiple names can be listed, but they must be separated by spaces.
/DOMAIN
groupname name [...]
NET PAUSE The NET PAUSE command is used to pause a service.The NET PAUSE service can be used with the NET CONTINUE service to reset a service without terminating user connections. NET PAUSE service
NET PRINT The NET PRINT command is used to control and display information about printer queues. NET PRINT \\computername\sharename [\\computername] job# [/HOLD | /RELEASE | /DELETE]
Parameter computername sharename job# /HOLD
/RELEASE /DELETE
Explanation The name of the computer hosting the print queue. The name of the print queue. The unique identification number assigned to a print job. Used with the job# to identify and hold a print job in the queue. Used to release a held print job. Used to delete a print job from the print queue.
NET SEND The NET SEND command is used to send messages to other users or computers on the network.To receive a message, the user must be logged in to the network on a computer running the Messenger service. NET SEND {name | * | /DOMAIN[:name] | /USERS} message
NET ACCOUNTS
Parameter name
* /DOMAIN[:name] /USERS message
Explanation The name of the user or computer to send the message to. Computer names with spaces must be enclosed in quotation marks. Sends the message to all names on the network. Sends the message to all names in the specified domain. Sends the message to all users logged on to the network. The text message to be sent; can be up to 128 characters.
NET SESSION The NET USER command is used to list or disconnect the active sessions between the local computer and the clients connected to it. NET SESSION [\\computername] [/DELETE]
Parameter No parameters \\computername /DELETE
Explanation Lists all active sessions with remote computers. The computer to list or disconnect sessions on. Disconnects the local computer’s session with \\computername. If \\computername is not specified, all sessions between the local computer and remote computers will be disconnected.
NET SHARE The NET SHARE command is used to display, create, or delete shared resources on the local computer. NET SHARE sharename sharename=drive:path [/USERS:number | /UNLIMITED] [/REMARK:”text”] [/CACHE:Manual | Documents | Programs | None] sharename [/USERS:number | /UNLIMITED] [/REMARK:”text”] [/CACHE:Manual | Automatic | No ] {sharename | devicename | drive:path} /DELETE
Parameter No parameters sharename devicename
Explanation Lists all shared resources on the local computer. The name of the shared resource. The name of the device.
769
770
Appendix C
Windows XP Command-Line Reference
Parameter
Explanation
drive:path
/DELETE
The path of the folder to be shared. Sets the maximum number of users who can concurrently connect to the resource. Sets the maximum number of users who can concurrently connect to the resource to unlimited. Adds a comment to the resource. Stops sharing the resource.
/CACHE
Configures caching for the shared resource.
/USERS:number
/UNLIMITED
/REMARK:”text”
NET START The NET START command is used to start a service.Typing NET START without any parameters displays a list of all currently running services. NET START [service]
NET STOP The NET STOP command is used to stop a service. NET STOP [servicename]
Caution When using the NET STOP command, be aware that stopping a service disrupts any users who are currently using the service, possibly resulting in data loss. Whenever possible, pause the service instead, or use the NET SEND command to send a message to users to advise them to discontinue their use of the service before you stop it.
NET TIME The NET TIME command synchronizes the local computer’s clock with another computer or the domain. NET TIME [\\computername | /DOMAIN[:domainname] | /RTSDOMAIN[:domainname]] [/SET] [\\computername] /QUERYSNTP [\\computername] /SETSNTP[:ntp “server list”]
NET ACCOUNTS
Parameter No parameters \\computername
/DOMAIN[:domainname]
/RTSDOMAIN[:domainname]
/SET
/QUERYSNTP
/SETSNTP[:ntp “server list”]
Explanation Displays the current time and date from the domain time server. The name of the server to obtain the time from. The name of the domain to synchronize the time with. The name of the domain containing a reliable time server to synchronize the time with. Synchronizes the local computer’s time with that of the selected time source. Displays the name of the configured Network Time Protocol (NTP) server. A list of NTP servers to use.They can be referenced by IP address or DNS names, but must be separated by spaces.
NET USE The NET USE command is used to connect a computer to shared resources. NET USE [devicename | *] [\\computername\sharename[\volume] [password | *]] [/USER:[domainname\]username] [/USER:[dotted domain name\]username] [/USER:[username@dotted domain name] [\savecred] [\smartcard] [[/DELETE] | [/PERSISTENT:{YES | NO}]] NET USE {devicename | *} [password | *] /HOME NET USE [/PERSISTENT:{YES | NO}]
Parameter No parameters devicename
* \\computername\sharename
\volume
Explanation Displays a list of current connections. Assigns a name to the connection, either a drive letter (D: through Z:) or a printer name (LPT1: through LPT3:). Uses the next available device name. The share name and computer name of the shared resource. The name of the NetWare volume to connect to. This option requires Client Services for NetWare or Gateway Service for NetWare.
771
772
Appendix C
Windows XP Command-Line Reference
Parameter
Explanation
password
The password required to access the shared resource. Used when a user account is required that is different from the one currently logged on. Needed only if the account is in a different domain. The user account for logging on to the shared resource. Uses the format
[email protected]. Saves the specified credentials for reuse. States that the network connection is to use the credentials on a SmartCard. Deletes the connection to the specified shared resource. If an asterisk is used, all connections are deleted. Connects users to their home directories. Specifies whether the connection is persistent. Persistent connections are saved across reboots.
/USER:
domainname
username
username@dotted domain name [\savecred] [\smartcard]
/DELETE
/HOME /PERSISTENT:{YES | NO}
NET USER The NET USER command is used to add or modify user accounts on the local computer or a domain controller. NET USER [username [password | *] [options]] [/DOMAIN] username {password | *} /ADD [options] [/DOMAIN] username [/DELETE] [/DOMAIN] username [/active {no|yes}] username [comment:”text”]
Parameter No parameters username password /DOMAIN
/ADD
Explanation Displays a list of the user accounts on the local computer. The name of the user account to work with. Used to assign or change the user account password. Performs the selected operation on a domain controller. Adds the specified user to the accounts database.
NET ACCOUNTS
Parameter
Explanation
/DELETE
Deletes the specified user from the accounts database. Adds a descriptive comment. Allows you to set the user to a country code different from the system default.The country code controls what language the user’s help and error messages are displayed in. Specifies the expiration date of the user account. Used to specify a user’s full name and must be enclosed in quotation marks. Used to set the path for the user’s home folder. Used to control whether a user can change his or her own password.The default is yes. Used to control whether the user account requires a password.The default is yes. Used to set the path for the user profile. Used to set the path for the user’s logon script. It must be located under C:\Winnt\System32\ Repl\_Export\Scripts. Used to control when the user can be logged on. Used to control what computers the user can be logged on to. Up to eight computers can be listed. States whether the user account is active. (The default is yes, or active.) Specifies additional information about the user’s account, up to 48 characters.
/comment:”text” /countrycode:nnn
/expires:{date | never} /fullname:”name”
/homedir:path /passwordchg:{yes | no}
/passwordreq:{yes | no}
/profilepath:[path] /scriptpath:path
/times:{times | all} /workstations:
/active {no|yes}
/comment:”text”
NET VIEW The NET VIEW command displays a list of computers, domains, or resources shared on the local computer. NET VIEW [\\computername /DOMAIN[:domainname]] NET VIEW /NETWORK:NW [\\computername]
773
774
Appendix C
Windows XP Command-Line Reference
Parameter No parameters \\computername
/DOMAIN[:domainname]
/DOMAIN /NETWORK:NW
Explanation Lists all computers in the domain. The name of the computer with resources that you want to view. The name of the domain you want to view resources in. Displays a list of domains. Displays a list of servers on a NetWare network.
PATH The PATH command is used to display or to tell the command interpreter what folders to search in to find an executable file. PATH [[drive:]path[;...][;%PATH%] PATH ;
Parameter No parameters [[drive:]path[;...] [;%PATH%] ;
Explanation The current search path is displayed. The path to search. Appends the current path to any new path settings. Clears the current path and adds the current folder to the search path.
PAUSE The PAUSE command pauses the processing of a batch file until the user presses a key.
PRINT The PRINT command displays the contents of the print queue or sends text files to the print queue. PRINT [/D:device] [[drive:][path]filename[...]]
REPLACE
Parameter No parameters [/D:device]
[[drive:][path]filename[...]]
Explanation Displays the contents of the print queue on the local machine. The name of the print device. It can be a symbolic name, such as LPT1, COM1, or PRN, or a sharename, such as \\servername\printer. The file you want to print. Multiple files, separated by spaces, can be entered on the command line.
RENAME (REN) The RENAME command is used to rename files; either RENAME or the abbreviation REN is acceptable. RENAME [drive:][path]filename1 filename2 REN [drive:][path]filename1 filename2
Parameter [drive:][path]filename1
filename2
Explanation The name and location of the files you want to rename. The new name for the files.
REPLACE The REPLACE command replaces files in the destination folder with files in the source folder.The REPLACE command can also be used to copy only the files in the source folder to the destination folder that do not exist in the destination folder. REPLACE [drive1:][path1]filename [drive2:][path2] [/A] [/P] [/R] [/W] REPLACE [drive1:][path1]filename [drive2:][path2] [/P] [/R] [/S] [/W] [/U]
Parameter [drive1:][path1]filename [drive2:][path2] /A
Explanation The source folder and files. The folder where the files are to be replaced. Specifies that only files that don’t exist in the destination folder will be copied.This switch cannot be used with the /S or /U switches.
775
776
Appendix C
Windows XP Command-Line Reference
Parameter
Explanation
/P
Specifies that the user will be prompted before overwriting a file in the destination folder or adding a new one. Forces the REPLACE command to replace read-only files. Performs the replace in the subfolders of the destination folder.This switch cannot be used with the /A switch.
/R
/S
Waits for the user to insert a disk before starting. Specifies that only those files older than those in the source folder will be replaced.This switch cannot be used with the /A switch.
/W /U
REXEC The REXEC command enables you to run commands on a remote machine that is running the REXEC service.TCP/IP must be used to support the REXEC service, and proper user authentication on the remote machine is required. REXEC host [-l username] [-n] command
Parameter host -l username
-n command
Explanation The remote computer you want to run commands on. A valid username with the appropriate rights that is present on the remote machine. Redirects the input of the REXEC command to NULL. The command to run on the remote machine.
RMDIR (RD) The RMDIR command deletes folders or subfolders in Windows XP; either RMDIR or the abbreviation RD is acceptable. RMDIR [/S] [/Q] [drive:]path RD [/S] [/Q] [drive:]path
RUNAS
Parameter [drive:]path /S /Q
Explanation The folder to delete. Removes the specified folder and all files and subfolders. Quiet mode; does not prompt for delete confirmation.
RSH The RSH command enables you to run commands on a remote machine that is running the RSH service.TCP/IP must be used to support the RSH service, and proper user authentication on the remote machine is required. RSH host [-l username] [-n] command
Parameter host -l username
-n command
Explanation The remote computer you want to run commands on. A valid username with the appropriate rights that is present on the remote machine. Optional: If omitted, the currently logged on user account is used. Redirects the input of the RSH command to NULL. The command to run on the remote machine.
RUNAS The RUNAS command enables you to run a command using an account other than that of the currently logged on user.With this command, system administrators can perform their normal tasks with a user-level logon and retain the ability to perform administrative tasks without having to log off the current session and log on to a new one. RUNAS [ [/noprofile | /profile] [/env] [/netonly] ] /user:<UserName> program RUNAS [ [/noprofile | /profile] [/env] [/netonly] ] /smartcard [/user:<UserName>] program
Parameter /profile
/noprofile /env
Explanation Enables you to specify the name of a user profile if it is needed to run the program. Forces the user profile to not be loaded. Forces the program to use the current user’s environment instead of generating a new one.
777
778
Appendix C
Windows XP Command-Line Reference
Parameter
Explanation
/netonly
This switch is used only if the user account is for remote access only. Used if the credentials are from a SmartCard. The user account that has the proper authority to run the program.The account name must be specified in the format user@domainname or domain\user. The program or command to be run.
/smartcard /user:UserName
program
Note The user@domain format cannot be used when the /netonly switch is included.
SCHTASKS The SCHTASKS command is used to work with scheduled tasks on a local or remote system. It is the replacement for the AT command. SCHTASKS subcommand
Parameter No parameters or
/Query
/Change /Create /Delete /End /Run
Explanation Used to display all scheduled tasks. Changes a task. Creates a new task. Deletes a task. Ends a currently running task. Starts a task.
SECEDIT The SECEDIT command is used to work with security templates.The subcommands are used to test, configure, and export template configurations. SECEDIT subcommand
Parameter No parameters or /Analyze
/Query
Explanation Used to display all scheduled tasks. Analyzes system security by comparing the configuration settings to a template.
SET
Parameter
Explanation
/Configure
Applies a template to your system. Exports a stored template to a file for use with other systems. Tests a security template’s configuration before it is imported into the security database.
/Export
/Validate
SET The SET command is used to create, change, display, or remove the system environment variables. Environment variables control the way Windows XP and running programs are displayed and operated.They can also be used in batch files to control the way the batch file runs. SET [variable=[string]]
Parameter No parameters variable string
Explanation Displays all the current environment variables. The name of the variable to be created or modified. The value to be assigned to the variable.
The behavior of the SET command is radically changed when Command Extensions is turned on. SET [any character] SET /A expression SET /P variable=[promptString]
Parameter [any character]
/A expression
Explanation When the SET command is entered with just a character after it, all environment variable names that start with that character are displayed. The /A switch indicates that the string following it is a numerical expression.The following operators are supported: ()—grouping * / % + -—arithmetic operators >—logical shift &—bitwise and ^—bitwise exclusive or
779
780
Appendix C
Windows XP Command-Line Reference
Parameter
Explanation |—bitwise or = *= /= %= += -=—assignment, expression &= ^= |= =—separator
/P variable=[promptString]
This switch enables you to prompt the user for a string to use for setting an environment variable.
In addition to the environment variables displayed with the SET command, the Command Extensions feature enables several additional variables that are not displayed. These variables, described in the following table, are determined dynamically as they are called. Parameter
Explanation
%CD%
The current folder. The current date. A random decimal number between 0 and 32767. The current ERRORLEVEL value. The current time. The Command Processor Extensions version number. The command-line entry that invoked the current command processor.
%DATE% %RANDOM% %ERRORLEVEL% %TIME% %CMDEXTVERSION% %CMDCMDLINE%
Tip The SET command can also be used to create and change variables in batch files. When reading an environment variable in a batch file, the variable name must be enclosed in percent signs (%variablename%).
SETLOCAL/ENDLOCAL The SETLOCAL/ENDLOCAL commands can be used to isolate environment variables inside batch files. Any changes to the environment set after the SETLOCAL statement are restored to the original state after the ENDLOCAL statement is encountered or the batch file has ended. When Command Extensions is enabled, the SETLOCAL command accepts the following command-line parameters: n
enableextensions
n
disableextensions
SORT
These parameters enable you to control the use of Command Extensions within the localized environment.
SFC The SFC (System File Checker) command is used to verify and, if necessary, replace protected system files. Backup copies of the system files are stored in %systemroot%\system32\dllcache. SFC [/SCANNOW] [/SCANONCE] [/SCANBOOT] [/REVERT] [/PURGECACHE] [/CACHESIZE=x]
Parameter /SCANNOW /SCANONCE /SCANBOOT /REVERT /PURGECACHE /CACHESIZE=x
Explanation Starts scan immediately. Scans once on the next reboot. Scans every time the system is started. Sets the SFC back to its default settings. Purges the Windows File Protection cache. Configure the size of the cache in megabytes.
SHIFT The Windows XP command interpreter supports up to 10 variables that can be used in a batch file and manipulated by using the replaceable parameters %0 through %9.The SHIFT command is used to shift or copy the contents of a replaceable parameter into the next lower-numbered one—that is, %6 will be copied into %5.This function can be used to support more than 10 variables by shifting the data in the higher numbered variables into the lower ones that Windows XP can use. SHIFT [/n]
When Command Extensions is enabled, the SHIFT command accepts the argument /n, which enables you to specify where the shifting will occur.This number can be between 0 and 8 and preserves the values in the parameters with lower numbers than the value entered.
SORT The SORT command takes input from a source, sorts it according to the selected parameters, and then outputs it to the screen, a file, or another output device.
781
782
Appendix C
Windows XP Command-Line Reference
SORT [/R] [/+n] [/M kilobytes] [/L locale] [/REC recordbytes] [[drive1:][path1]filename1] [/T [drive2:][path2]] [/O [drive3:][path3]filename3]
Parameter
Explanation Reverses the current sort order. Specifies the character position in the line where the sort should begin.The default is the first character.
/R /+n
/M kilobytes
/L locale
/REC recordbytes
[drive1:][path1]filename1 /T [drive2:][path2]
/O [drive3:][path3]filename3
The amount of memory to use for the sort.The minimum value is 160KB, and the defaults are 90% of available memory for file-to-file sorts and 45% for all other sorts. The default sort order in Windows XP is defined by the system default locale.This switch enables you to select a different locale. The maximum number of characters in a record. The default is 4096, and the maximum is 65,535. The file to be sorted. The temporary work space. If this option is missing, it defaults to the system temporary directory. The output file.
Any of the standard redirection symbols can be used to input data into the SORT command from other programs or the keyboard. In addition, the output of SORT can be redirected to the input of another program or command.
START The START command creates a new command session to run a program or command. START [“title”] [/Dpath] [/I] [/MIN] [/MAX] [/SEPARATE | /SHARED] [/LOW | /NORMAL | /HIGH | /REALTIME | /ABOVENORMAL | /BELOWNORMAL][/WAIT] [/B] [command/program][parameters]
Parameter “title”
/Dpath /I
Explanation The title to display in the command window’s title bar; must be in quotation marks. The folder to start the program in. Passes the original environment to the new session.
SUBST
Parameter
Explanation
/MIN
The command window starts minimized. The command window starts maximized. Used to start 16-bit Windows applications in a separate memory space. Forces all 16-bit Windows applications to share a memory space. Used to start the program in the IDLE priority class.
/MAX /SEPARATE
/SHARED
/LOW /NORMAL /HIGH /REALTIME /ABOVENORMAL
Used Used Used Used class.
to to to to
start start start start
the the the the
program program program program
in in in in
the NORMAL priority class. the HIGH priority class. the REALTIME priority class. the ABOVENORMAL priority
/BELOWNORMAL
Used to start the program in the BELOWNORMAL priority class.
/WAIT
Waits for the application to terminate. The program is started without opening a new command window. C processing is disabled.
/B
command/program parameters .
The command or program to run. The parameters passed to the program or command.
For more information on using the START command, see Chapter 23, “Managing Applications,” p. 509.
SUBST The SUBST command is used to assign a drive letter to a path. SUBST [drive1: [drive2:]path] SUBST drive1: /D
Parameter No parameters drive1: [drive2:]path
/D
Explanation Displays a listing of all virtual drives created by using SUBST. The virtual drive letter to be assigned. The physical path to be associated with the virtual drive letter. Deletes the selected virtual drive.
783
784
Appendix C
Windows XP Command-Line Reference
SYSTEMINFO The SYSTEMINFO command displays a detailed report of the system hardware and software configuration. It replaces MSINFO32. SYSTEMINFO [/S system [/U domain\user [/P [password]]]] [/FO {Table|List|CSV}] [/NH]
Parameter No parameters /S system /U domain\user
/P password /FO {Table|List|CSV} /NH
Explanation Displays information for the local system. The name or IP address of a remote computer. Runs the command with the user rights of the specified user.The default is to run as the logged on user. The password of the account specified by /U. Specifies the output format. Table is the default. Omits the header row when the output format is Table or CSV.
TIME The TIME command is used to display or set the time. TIME [/T | time] TIME [hours:[minutes[:seconds[.hundredths]]][A|P]]
Parameter No parameters hours:minutes[:seconds[.hundredths]]
/T
A|P
Explanation The current time is displayed, and the user is prompted to enter a new time. Sets the time.Values for the time must be separated by colons: hours can be 0 through 23. minutes can be 0 through 59. seconds can be 0 through 59. hundredths can be 0 through 99. Displays the time without prompting for a new time. Requires Command Extensions. In the 12-hour format, specifies a.m. or p.m. If not specified, a.m. is assumed.
VER
TITLE The TITLE command sets the title of the current command-prompt window. TITLE [string]
Parameter string
Explanation The title for the command window.
TREE The TREE command is used to graphically display the folder hierarchy of a drive or path. TREE [drive:][path] [/F] [/A]
Parameter No parameters [drive:][path] /F /A
Explanation Displays the current folder and its hierarchy. The folder you want to display. Displays the names of all files in all folders of the hierarchy. Forces the TREE command to use ASCII instead of graphics characters to display the tree.
TYPE The TYPE command displays the contents of a text file.The default is to display the file to the screen, but you can use redirection and other commands, such as MORE, to display it in other ways. TYPE [drive:][path]filename
Parameter [drive:][path]filename
Explanation The file or files to display. Multiple filenames can be listed separated by spaces.
VER The VER command displays the Windows XP operating system version number.
785
786
Appendix C
Windows XP Command-Line Reference
WINMSD The WINMSD command is used to collect and display your system configuration information and dump it to a text file. It is useful for record keeping or to send to remote support when diagnosing a problem.The WINMSD command is a quick and simple way to dump data displayed via the Computer Management snap-in. WINMSD is actually a shell for MSINFO32.EXE. WINMSD [/? |/msinfo_file= |/s |/nfo | /report _ ] [/computer ] [categories (+|-)(all|)_ [(+|-)()...] [/category ]]
Parameter /? /msinfo_file /nfo
or
/s
/report /computer /categories /category /showcategories
Explanation Displays help information. The NFO (system info) file to use as input. The file to output the NFO data to. Dumps a test format report to the specified file. The computer to run WINMSD on. The specified categories to display or dump to a file. A single category to use. Displays a list of category names.
XCOPY The XCOPY command is used to copy files and folders. XCOPY source [destination] [/A | /M] [/D[:date]] [/P] [/S [/E]] [/V] [/W][/C] _[/I] [/Q] [/F] [/L] [/G] [/H] [/R] [/T] [/U] [/K] [/N] [/O] [/X] [/Y] [/-Y] [/Z] _ [/EXCLUDE:file1[+file2][+file3]...]
Parameter source [destination] /A /M
Explanation The location and names of the file(s) to be copied. The destination of the file(s). Copies only files with the Archive attribute set. Copies only files with the Archive attribute set; then turns it off on the source files.
XCOPY
Parameter
Explanation
[/D[:date]]
Copies only the files that were changed on or after the specified date. If this option is omitted, only those files that have a source time newer than the destination are copied.The date entry must use the hyphen (-) as the separator. Prompts the user before copying each file in the destination folder. Copies all folders and subfolders. Any empty folder or subfolders are ignored.
/P
/S
/E /V
/W /C /I
/Q /F
/L /G
Copies all folders and subfolders, including any empty ones. Verifies each file as it is written to disk.This function is native to Windows 2000 and cannot be turned off. It is listed only for backward-compatibility. Prompts the user to press any key before copying a file. Indicates that errors are to be ignored. Forces XCOPY to create a folder if the destination folder does not exist. Quiet mode; does not display filenames while copying. Verbose mode; displays the full source and destination filenames and paths while copying. Used to list the files that will be copied. Allows encrypted files to be copied to a location that does not support encryption.
/H
Forces hidden and system files to be copied.They are not copied by default.
/R
Forces read-only files on the destination to be overwritten. The default is to skip read-only files. Creates the folder hierarchy on the destination without copying any files. Any empty folders or subfolders are ignored. Using /E and /T together will include empty folders and subfolders.
/T
/U
Copies only those files on the source that exist on the destination.
/K
Copies files with the attributes intact.The default behavior is to reset them.
/N
Copies files to the destination using the Windows XP– generated eight-dot-three names.
/O
Copies files with the ownership and ACL intact.
787
788
Appendix C
Windows XP Command-Line Reference
Parameter
Explanation
/X
Copies files with the associated audit information.The /O switch is assumed. Does not prompt when overwriting an existing file. Forces prompting when overwriting an existing file. Copies files in restartable mode, which allows a file copy interrupted by network problems to resume.This option is useful when copying large files across a network.
/Y /-Y /Z
Caution When using the XCOPY command in a batch file, the default is to overwrite existing files without prompting. This behavior can be changed by using the /-Y switch on the command line or in the COPYCMD environment variable
D Windows XP Performance Monitor Objects and Counters
T
HIS APPENDIX COVERS IN DETAIL some of the most important counters you should watch when monitoring performance, including counters on hard drives, the CPU, and memory. Each section highlights the counters that can be used to monitor the activity of a computer subsystem that might be causing a bottleneck. It’s essential to check all possible culprits before deciding which subsystem needs improvement. It’s possible, for example, for the CPU to operate at a high utilization level for an extended period because of a slow network interface. Always examine your entire system from several viewpoints before implementing any of the recommended bottleneck “cures.”You must isolate the true cause to find a real cure. After the discussion of the three most common areas of troubleshooting, a complete list of Performance Monitor counters is provided.
Hard Disk Counters Your computer’s hard drives are more than just repositories for user data.They also contain all the operating system files and the temporary paging file required to support virtual memory.The Windows XP storage subsystem is one of the most important areas to fine-tune. A slow disk subsystem drags down the performance of your entire computer.
Enabling Storage Counters Before you can monitor hard drive performance, you must turn on the counters that gather statistics for such devices. Because the very act of recording storage counters affects performance, they are not enabled by default. From the Run line or a command prompt, the following command enables disk counters: diskperf -y
790
Appendix D
Windows XP Performance Monitor Objects and Counters
Note Disk counters are permanently enabled in Windows XP and Windows Server 2003. The information here is presented for those situations when you use your Windows XP computer to run the Performance applet against a remote Windows 2000 or earlier computer.
This command starts both the physical disk counters and the logical disk counters.To start only the physical counters, use this command: diskperf -yd
To start the logical counters, you can use the following: diskperf -yv
You must restart the computer to activate these counters. After you finish storage monitoring, be sure to disable these counters with the following command: diskperf -n
This command disables all the counters.To disable the physical counters, use this command: diskperf –nd
To disable the logical counters, use the following: diskperf –nv
You can run the command remotely by including a remote computer name on the command line: diskperf –yd \\davespc
Again, you must reboot the machine to disable the counters.When disk counters are inactive, all counters for the PhysicalDisk and LogicalDisk objects always show zero values (0).This should occur only when the counters are inactive because even bootstrapping the operating system to start the machine creates substantial disk activity.
Identifying Storage Device Bottlenecks By watching the following counters, you can pinpoint bottlenecks in your storage disk subsystem: n
LogicalDisk: Disk Queue Length. Tracks the number of system requests waiting for disk access.The number of queued requests should not exceed double the number of spindles in use. Most drives have only a single spindle, but RAID arrays have more (and Performance Monitor views RAID arrays as a single logical drive). A large number of waiting items indicates that a drive or an array is not operating
Enabling Storage Counters
n
fast enough to support the system’s demands for I/O.When this occurs, you need a faster drive system. LogicalDisk: % Disk Time. Represents the percentage of time that the disk is actively handling read and write requests. It is not uncommon for this counter to regularly hit 100% on active servers. Sustained percentages of 90% or better, however, might indicate that a storage device is too slow.This is usually true when its Disk Queue Length counter is constantly above 2.
High levels of disk activity do not always indicate slow devices. Instead, they might be caused by too little physical RAM on a system.To decipher the amount of disk activity attributed to memory paging, perform the measurements and calculations shown in Table D.1. Table D.1 Calculating Disk Activity Line
Performance Counter or Calculation
Value
1 2 3
Memory: Pages/sec LogicalDisk: Avg. Disk sec/transfer Multiply line 1 by line 2
_____ _____ _____
If the value of line 3 is greater than 0.1 (10% of total disk activity), your system is probably suffering from a lack of RAM. After you add RAM to your computer, be sure to recheck the LogicalDisk counter to see if storage devices might be causing additional bottlenecks.
Disk Bottleneck Removal If your system suffers from a storage-device bottleneck, the following methods can alleviate or lessen performance degradation: n
Invest in faster drives with average seek times of 9ms or less. Drives search for data about 10 times as much as they actually transfer data; therefore, seek time is a crucial factor.
n
Upgrade from IDE to SCSI, from SCSI-1 to SCSI-2, or from SCSI-2 to Fast SCSI-2 or Fast-Wide SCSI-2. IDE and EIDE drives should not be installed on a high-utilization server.
n
Use a PCI bus mastering 32-bit SCSI controller card. Separate drives onto different controller cards or different channels on the controller card.
n
n
Use SCSI adapters that support asynchronous I/O.This enables multiple drives to operate in parallel, and it greatly improves performance of stripe sets and multiple page files.
791
792
Appendix D
n
n
n
n
Windows XP Performance Monitor Objects and Counters
Use RAID arrays to distribute drive load across multiple devices, or add more drives to an existing array. Consider hardware RAID devices. Although they’re more expensive, they offer considerably better performance. Use a disk defragmenter to decrease seek times. Symantec’s Norton Utilities 2003 (http://www.symantec.com/nu/nu_9x/) and Executive Software’s Diskeeper (http://www.execsoft.com/) are excellent products. Verify that diskperf is turned off by issuing the diskperf -n command and rebooting (Windows 2000 and earlier).
n
If security is not an issue, FAT is faster than NTFS on smaller disks (less than 2GB). By switching to FAT, however, you lose all capability to control access, most fault-tolerance support, and auditing.
n
Don’t use compression on files frequently accessed, especially any files within the Windows XP root folder and page files.
n
Place your swap file on a FAT drive. Place all swap files on fast drives (and distribute your swap file over multiple physical drives), or put your only swap file on a different drive than the one that includes the system files (the boot partition).The swap file should not be put on a RAID 1 or 5 array, even if they are the fastest drives in the system.
n
CPU Counters The CPU is the brain of your computer. Nearly everything that goes on within the confines of your computer must pass through the CPU.Therefore, CPUs can be a significant bottleneck.
Identifying CPU Bottlenecks By watching the following counters, you can pinpoint CPU bottlenecks: n
Processor: % Processor Time. Indicates the amount of time the CPU spends on non-idle work. It’s common for this counter to reach 100% during application launches or Kernel-intensive operations (such as SAM synchronization). If this counter remains above 90% for an extended period, however, you should suspect a CPU bottleneck. (Note that there is an instance of this counter for each processor in a multiprocessor system.)
n
Processor: % Total Processor Time. Applies only to multiprocessor systems. This counter should be used the same way as the single CPU counter. If any value remains consistently higher than 90%, at least one of your CPUs is a bottleneck.
Memory Counters
n
System: Processor Queue Length. Indicates the number of threads waiting for processor time. A sustained value of 2 or higher for this counter indicates processor congestion. Note that this counter is a snapshot of the time of measurement, not an average value over time.
CPU Bottleneck Removal If your system suffers from a CPU bottleneck, the following methods can alleviate performance degradation: n
Add a CPU (if your system supports it).This represents a bigger increase in processing power than the total boost provided by adding processors 3 through 8.The performance gain for each additional CPU, however, will be less than that for the previous CPU added. In other words, you do not get three times the processing speed if you have three processors; the processing speed will be slightly less, and performance per processor will decrease as you add more processors.
n
Configure processor affinity in multi-CPU systems. Alter or change priorities for non-Kernel processes. Replace the current CPU with a faster chip (if your system supports it). Increase the L2, on-board, or secondary cache (if your system supports it). Remove all 3D or graphics-intensive screensavers. Move CPU-intensive applications to other machines. Replace the motherboard with a faster model, especially if its bus operates at only 100MHz. (Upgrading to a motherboard that supports a 133MHz or faster bus offers a significant speed improvement.)
n n n n n n
Memory Counters The RAM in your computer is where data is stored before and after processing. Sufficient RAM enables your system to operate at peak efficiency. Insufficient RAM can cause severe performance degradation, I/O errors, and dropped network connections. Therefore, identifying and eliminating RAM bottlenecks is important.
Identifying Memory Bottlenecks By watching the following counters, you can pinpoint memory bottlenecks: n
Memory: Pages/sec. Indicates the number of virtual memory page swaps that occur every second. If this value averages more than 60, you probably need more RAM to get the best performance from your system.
793
794
Appendix D
n
n
n
n
Windows XP Performance Monitor Objects and Counters
Memory: Cache Faults/sec. Indicates how frequently the system is unable to locate data in the cache and must search for it on disk. If this number grows steadily over time, your system is headed into constant thrashing.This means every bit of information the system requires must be retrieved directly from the disk. Memory: Page Faults/sec. Similar to cache faults, except that it also measures faults when a requested memory page is in use by another application. If this counter averages above 200 for low-end systems or above 600 for high-end systems, excess paging is occurring. Memory: Available Bytes. Indicates the amount of free memory available for use. If this number is less than 4MB, you do not have sufficient RAM on your system. Paging File: % Usage Peak. Indicates the level of page file usage. If this number nears 100% during normal operations, the maximum size of your page file is too small. If you have multiple drives with multiple page files, be sure to view the Total instance of this counter.
Memory Bottleneck Removal If your system suffers from a memory bottleneck, the following methods can alleviate performance degradation: n
Add more RAM to your system. On most servers, it usually is most cost-effective to fill all memory slots with the largest supported memory modules and fully populate the motherboard with the largest increments of RAM you can find.
n
Make sure the speed of your memory meets or exceeds the speed of the memory bus. If the memory cannot handle the bus speed, your system will insert wait states for the memory to catch up with the data transfer.This slows down processing significantly.
n
Add faster hard drives to support the swap file, or move the swap file to a faster drive. Increase the maximum size of the swap file.
n n
Set the minimum size of the swap file equal to the maximum size. A significant amount of overhead is generated when changing the swap file size on-the-fly.
n n
Split the swap file across multiple fast disks. Uninstall unneeded applications or Windows XP services to reduce memory usage.
n
Add more cache to the motherboard.
Network Counters
Network Counters Network performance monitoring is done on a protocol basis.You should examine each protocol separately to isolate individual performance characteristics. If you suspect that one protocol might interfere with the operation of another, you should monitor related counters for both protocols simultaneously.
Identifying Network Bottlenecks Network performance problems usually result from three different causes: n
n
n
Server overload. A system that attempts to handle more traffic than it can manage usually boils down to inadequate system resources, such as memory capacity or speed, CPU capability, or NIC speed. Network overload. A network constantly at or near full capacity usually indicates that servers and workstations are trying to transmit data faster than the network architecture will allow. Data loss. Whenever data is lost outright, it usually indicates a network that contains one or more faulty devices or connections that are unable to deliver network packets properly.
To isolate protocol-specific issues, watch the error counters available for each protocol. Some error rate is to be expected, but sharp increases in error rates are a symptom of performance degradation.The only way to know when error counts are abnormal is to establish a regularly updated baseline for comparison purposes.You can also monitor demand for individual network resources that is higher than the demand for any or all other resources on or off the system. Such demand spikes can also help pinpoint bottlenecks. Performance Monitor offers the following counters that do not focus on single protocols, but act as general network identifiers: n
n
n
Network Interface: Bytes Total/sec. Indicates the rate at which data is sent to and received by a NIC (including framing characters). Compare this value with the device’s expected capacity. If the highest observed average is less than 75% of the expected value, communication errors or slowdowns might be occurring that limit the NIC’s rated speed. Network Interface: Current Bandwidth. Estimates a NIC’s current bandwidth, measured in bits per second (bps).This counter is useful only for NICs with variable bandwidth. Network Interface: Output Queue Length. Indicates the number of packets waiting to be transmitted by a NIC. If this averages above 2, your system is experiencing delays.
795
796
Appendix D
n
Windows XP Performance Monitor Objects and Counters
Network Interface: Packets/sec. Indicates the number of packets handled by a NIC.Watch this counter over a long interval of constant or normal activity. Sharp declines that occur while the Queue Length remains at nonzero can indicate protocol-related or NIC-related problems.
Network Bottleneck Removal If your system suffers from a network bottleneck, the following methods can mitigate performance degradation: n n n n n n
n n
n n n
Upgrade all NICs to 64-bit bus mastering cards. Upgrade all NICs and ports for 100MB or faster. Use switches instead of hubs wherever possible. Use VLANs to cut down on broadcast traffic. Set your NICs and switches for Full Duplex mode. Manually configure your switches and NICs for speed and duplex mode.The Autoconfigure feature doesn’t always work; when it doesn’t, it defaults to the lower speed and half-duplex. Make sure all NICs throughout your network are configured for the same speed. Make sure all switch ports throughout your network are configured for the same speed as your NICs. Add more RAM to your servers. Install only the protocols you actually use on your network. Adjust network binding to provide the fastest resolution of service selection—that is, bind the most commonly used or fastest protocols first.
Windows XP provides a handful of protocol-specific Registry tuning controls, but use caution when working with them. Editing the Registry is never something to be taken lightly. Each of the following sections lists a tuning control, its location, and definitions of the available settings. NetBEUI Frame HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NBF\Parameters has the following settings: n
AddNameQueryResults. Defines the maximum number of send retries for a private query.The default is 3, and the minimum is 1. Setting this value lower on small or low-use networks can reduce wait time.
n
AddNameQueryTimeout. Defines the length of time NBF (NetBEUI Frame) waits for a private query response.The default is 500 milliseconds (.5 seconds). Increasing this value on busy or large networks offers additional time for the response to occur. Do not set this value above 10 seconds.
Miscellaneous Counters
n
n
n
n
NBF Timer Parameters. These parameters should always have the relationship of T2