Microsoft Operating Systems

Document Sample
Microsoft Operating Systems Powered By Docstoc
					                  Nutshell:
              Microsoft XP
          Operating System




Date of course: _____________________________________

Name of Student: ___________________________________
Rev 1.1
                                Page |2




Microsoft XP Operating System
                                                                                                                                                  Page |3

Contact Information : michaelmarch@gmail.com

Not to be reused or copied in anyways without the explicit written agreement between Michael March and the requester,
until so granted permission.



Contents
Installing Windows Facts........................................................................................................................... 6
Upgrading to Windows XP Facts ............................................................................................................. 7
Network Installation Facts ......................................................................................................................... 7
Automated Installation Facts .................................................................................................................... 8
Troubleshooting Installation Facts ........................................................................................................... 9
Accessibility Options ................................................................................................................................ 10
Regional and Language Options ........................................................................................................... 10
Built-in and Predefined User Accounts ................................................................................................. 11
Local User Account Best Practices ....................................................................................................... 11
Built-in Local Groups ............................................................................................................................... 12
Implicit Local Groups................................................................................................................................... 13
Local Group Facts ........................................................................................................................................ 14
Folder Redirection Facts ............................................................................................................................. 15
Group Policy Facts....................................................................................................................................... 15
Installing Devices......................................................................................................................................... 16
IDE Devices .................................................................................................................................................. 16
SCSI Devices ................................................................................................................................................ 16
Parallel Devices ........................................................................................................................................... 17
Serial Devices .............................................................................................................................................. 17
USB Devices................................................................................................................................................. 17
FireWire Devices ......................................................................................................................................... 17
Wireless Devices ......................................................................................................................................... 18
Drivers ......................................................................................................................................................... 18
File Verification Programs ........................................................................................................................... 19
Multiple Monitors ....................................................................................................................................... 19
Multiple Processors .................................................................................................................................... 20
Power Management ................................................................................................................................... 20
Hardware Profile Considerations ................................................................................................................ 20


Microsoft XP Operating System
                                                                                                                                                 Page |4


Network Components ................................................................................................................................. 22
   Protocols ................................................................................................................................................. 22
   Clients...................................................................................................................................................... 22
   Services ................................................................................................................................................... 22
   TCP/IP Configuration Settings ................................................................................................................. 22
Name Resolution Facts ............................................................................................................................... 24
Dial-up Connection Facts ............................................................................................................................ 24
Remote Authentication Protocols .............................................................................................................. 25
VPN Tunneling Protocols ............................................................................................................................ 25
Common Port Numbers .............................................................................................................................. 26
ICS and ICF Facts.................................................................................................................................... 26
Remote Services Facts ........................................................................................................................... 27
File System Facts ..................................................................................................................................... 28
Basic and Dynamic Disks ....................................................................................................................... 28
Volume Characteristics ............................................................................................................................... 29
Volume Mount Point Facts ......................................................................................................................... 30
Designing Disks for Multiple Operating Systems ........................................................................................ 30
Boot.ini Facts............................................................................................................................................... 31
File Compression Facts................................................................................................................................ 32
Encryption Facts .......................................................................................................................................... 33
Disk Quota Facts ......................................................................................................................................... 34
NTFS Permission Facts ................................................................................................................................ 35
Shared Folder Facts ..................................................................................................................................... 36
Offline File Facts .......................................................................................................................................... 37
Internet Information Services (IIS) .............................................................................................................. 37
Printing Facts............................................................................................................................................... 38
UNIX Printing Facts ..................................................................................................................................... 38
Managing Printing ....................................................................................................................................... 39
Printer Pooling ............................................................................................................................................ 40
Multiple Printers ......................................................................................................................................... 40
Faxing Facts ................................................................................................................................................. 41
Internet Explorer URLs ................................................................................................................................ 42


Microsoft XP Operating System
                                                                                                                                                Page |5


Applications Facts ....................................................................................................................................... 42
Processes and Services Facts ...................................................................................................................... 43
Installer Package Facts ................................................................................................................................ 43
System Monitor .......................................................................................................................................... 44
Mobile Performance Facts .......................................................................................................................... 45
Backup Facts ............................................................................................................................................... 45
Backup Devices Facts .................................................................................................................................. 46
System Recovery Facts ................................................................................................................................ 47
Account Policies Facts ................................................................................................................................. 48
Auditing Facts.............................................................................................................................................. 49
Security Templates Facts ............................................................................................................................ 50
IE Security Facts .......................................................................................................................................... 50
IE Certificates .............................................................................................................................................. 51




Microsoft XP Operating System
                                                                                          Page |6




Installing Windows Facts

Windows 2000 Professional requires the follow for a successful installation:

        Pentium 133 MHz or greater (233 MHz recommended)
        650 MB free disk space
        32 MB RAM (64 recommended)
        VGA (Super VGA recommended)
        CD-ROM or DVD drive
        Keyboard and mouse

Windows XP requires the following for a successful installation:

        Pentium 233 MHz or greater (300 MHz recommended)
        1.5 GB free disk space
        64 MB RAM (128 recommended)
        Super VGA
        CD-ROM or DVD drive
        Keyboard and mouse

To start the installation, use:

        Winnt.exe to start installation from a DOS environment.
        Winnt32.exe to start installation from within a 32-bit environment.

The following table lists common switches to use with the installation programs.

Switch                          Purpose
/makelocalsource                Copies installation files from the CD-ROM
/dudisable                      Disables dynamic updates during installation
/duprepare                      Prepare downloaded update files for use during installation
/dushare                        Start the installation with downloaded update files
/u                              Indicates use of an unattended answer file
/udf                            Indicates the use of a uniqueness database file
/s                              Specifies a path to source files
/checkupgradeonly               Verifies upgrade compatibility with XP
/debug[level]:XPdebug.log Creates a debug log for an XP Professional installation

Keep in mind the following facts about performing an installation:

        Before starting the installation, disable virus checking in the BIOS.
        Gather all information about the computer and the network (such as the domain name)
         before starting the installation.


Microsoft XP Operating System
                                                                                        Page |7


       During installation, press F5 to install a custom HAL.
       During installation, press F6 to install a custom SCSI driver.
       For Windows XP, after the installation is complete you must activate your copy of
        Windows within 30 days. Activation does not send personal information to Microsoft (it
        isn't the same as registration). Activation can be done through the Internet or over the
        phone.


Upgrading to Windows XP Facts

Before beginning the installation, run Winnt32.exe /checkupgradeonly to verify the system
compatibility with Windows XP. The results of the check are saved in the
%systemroot%\upgrade.txt file.

To preserve system settings during a clean install, use:

       Files and Settings Transfer Wizard: A GUI tool for saving and restoring personal
        settings.
       Scanstate and Loadstate utilities: Use Scanstate to save the settings to a network folder.
        Use Loadstate to load the saved settings on the new machine.

The following operating systems can be upgraded to Windows XP Professional:

       Windows 98 (including SE)
       Windows ME
       Windows NT 4.0 Workstation (load the latest service pack before upgrading)
       Windows 2000 Professional
       Windows XP Home Edition


Network Installation Facts

You should know the following facts about Remote Installation Services:

       An RIS server must have the following components installed on it:
            o DHCP
            o DNS
            o RIS
            o Active Directory
       Use the Rbfg.exe (Remote Boot Disk Generator) file to create a boot disk for non-PXE
        compliant network adapters. The boot disk simulates the PXE boot process. The file is
        located in the RemoteInstall\admin\i386 folder on the RIS server.
       On the workstation, be sure to enable network boot in the BIOS.
       Use the Riprep.exe file to create the image of the reference computer.

To perform a network installation without RIS:

    1. Copy the source installation files to a shared network drive.
    2. If necessary, update the installation files with service packs or hotfixes.
    3. Execute Winnt or Winnt32 from the network share.


Microsoft XP Operating System
                                                                                           Page |8


To use dynamic updates during an installation, download the updates to a network share. Use
the following switches with the Winnt or Winnt32 command to apply dynamic updates during the
installation:

Switch                                       Function
/Duprepare:[path to downloaded
                                             Prepares the updates for use during installation.
updates]
                                             Starts the installation with the downloaded update
/Dushare:[path to downloaded updates]
                                             files.
/Dudisable                                   Prevents the dynamic update from occurring.

To apply a service pack to the source installation files, use the Update.exe –s:[network_share]
command and switch. This applies the service pack changes to the installation files in the
network share.


Automated Installation Facts

Windows provides the ability to perform an unattended installation from a CD-ROM. To perform
an unattended installation from a CD-ROM, the following conditions must be met:

        The computer must support booting from a CD-ROM, and must adhere to the El-Torito
         non-emulation specification.
        The unattended answer file must be renamed to Winnt.sif and copied to a floppy disk so
         Setup can access it. When Setup displays the message that it is examining the
         hardware configuration, insert the floppy disk containing the Winnt.sif file.
        The answer file must contain a valid [Data] section with the following entries to the
         unattended answer file:
            o UnattendedInstall=Yes - Value must be set to "yes".
            o MSDosInitiated=No - Value must be set to "no" or Setup will stop during the
                graphical portion of Setup.
            o AutoPartition=1 - If the value is set to 1, the installation partition is automatically
                selected. If the value is set to 0 (zero), you are prompted for the installation
                partition during the text portion of Setup.

You can also automate installation by preparing a disk image. You then duplicate the disk image
to a new hard drive and boot the system. Use the following files to prepare an automated
installation using an image:

File           Function
Sysprep.exe Prepares a system for duplication
Setupcl.exe Runs a mini-setup wizard when the duplicated drive is booted
               An optional answer file that automates the mini-setup wizard. Can be copied to a
Sysprep.inf
               floppy disk.

Note: These files belong in the Sysprep folder at the root of the system drive.



Microsoft XP Operating System
                                                                                             Page |9


Troubleshooting Installation Facts

Use the /debuglevel:logfile switch to create an installation debug log. The default debug level is
2. The default log file is C:\%systemroot%\Winnt32.log. The log levels are as follows:

Level Report
0      Severe Errors
1      Errors
2      Warnings
3      Information
4      Detailed information for debugging

You can use System File Checker (Sfc.exe) to verify the integrity of protected system files if an
installation appears unstable. You can use the following switches with the Sfc command:

Switch             Function
/Scannow           Perform a scan immediately
                   Configures the operating system to perform a scan every time the operating
/Scanboot
                   system boots
/Revert            Changes the scan behavior back to the default
/Cachesize =       Configures how much disk space can be used to store cached versions of
size               protected system files

To uninstall a service pack or hotfix from the command line, run Spuninst.exe from the service
pack or hot fix uninstall folder. Use the following switches with Spuninst:

Switch Function
-u        Unattended mode
-f        Force other apps to close at shutdown
-z        Do not reboot when complete
-q        Quiet mode (no user interaction)

You can revert to a previous operation system after upgrading to Windows XP. You can also
use Add/Remove Programs wizard to uninstall a Windows XP installation that was performed as
an upgrade on a Windows 98 computer.

To isolate a driver causing an installation to fail, add the /Sos switch to the Boot.ini file. This
loads the drivers individually, allowing you to isolate the bad driver.




Microsoft XP Operating System
                                                                                        P a g e | 10


Accessibility Options
The following table summarizes the accessibility features you can configure with the
Accessibility Options applet.

Option          Description
StickyKeys      Use Shift, Ctrl, or Alt in combination with other keys by pressing one key at a time
FilterKeys      Ignore repeated keystrokes
ToggleKeys      Associate sounds with Caps Lock, Num Lock, and Scroll Lock keys
SoundSentry Associate visual clues with sounds
ShowSounds Display captions for sounds made by programs
High            Change background and text colors to improve readability. You can also
Contrast        configure visual settings with the Display applet.
MouseKeys       Control the mouse pointer with the number keypad
SerialKey       Configure alternate mouse or keyboard input device

Regional and Language Options
One way to accommodate different languages in Windows XP is to select the correct version.
There are two general versions available:

        Localized Windows--Windows ships localized into a single language. All menus, dialogs,
         and buttons have been translated to the target language.
        Multilanguage Windows--Windows includes multiple languages, letting users switch
         between localized versions of Windows without reinstalling. In other words, users can
         see menus, dialogs, and buttons in their language of choice.

The following table summarizes the regional and language support for different Windows
versions.

                                                        Localized Windows         Multilanguage
Feature
                                                         (Single-language)          Windows
Change date, time, measurement display                           Yes                    Yes
Create, view, and edit documents in multiple
languages (including East Asian and right-to-left                Yes                    Yes
languages)
Display Windows menus and dialogs in multiple
                                                                 No                     Yes
languages




Microsoft XP Operating System
                                                                                     P a g e | 11




Built-in and Predefined User Accounts

Windows XP Professional includes two built-in user accounts:

       Administrator. Has all system rights and privileges to manage the local computer.
       Guest. Has very limited rights and privileges.

Keep in mind the following facts about the built-in user accounts:

       You cannot delete built-in user accounts.
       As a best practice, you should rename these accounts. This makes it harder for
        unauthorized users to guess a user account name to use.
       By default, the Guest account is disabled (it cannot be used for logon).

Predefined user accounts are created during the installation of certain software components.
These are normal user accounts with a specific name that are used by the software to perform
system or other functions. Although you can delete or rename these accounts, the software that
created them might not function properly if you do. Following is a list of some of the most
common automatically-created user accounts.

User Account Name          Purpose
HelpAssistant              Lets another user provide remote assistance.
                           Lets network users access the computer anonymously when the
IUSR_ComputerName
                           computer is acting as a Web server.
                           Used by the computer to run programs when it is acting as a Web
IWAM_ComputerName
                           server.
SUPPORT_IDNumber           A vendor user account used to provide help and support.


Local User Account Best Practices

As you create and manage local user accounts, keep in mind the following recommendations:

       When you create a new account, set a password to protect the account. Do not make
        the password something easy to guess (for example, do not use the logon name for the
        password).
       Force the user to change the password at next logon. This forces the user to replace the
        assigned password with one they choose.
       Disable accounts that won't be used for a while.
       If a user leaves and is replaced by someone else with similar access needs, rename the
        existing account (rather than deleting the old account and creating a new one).
       If you accidentally delete a user account, restore it from backup rather than creating a
        new one with the same name. Creating a new account results in a user account with a
        different SID.




Microsoft XP Operating System
                                                                                           P a g e | 12


Built-in Local Groups

When you install Windows XP, the following local groups are created automatically. These
groups have preassigned rights, permissions, and group memberships. You can rename these
groups, but cannot delete them.

Group Name                Capabilities
                          Members have complete and unrestricted access to the computer,
                          including every system right.
Administrators
                          The Administrator user account and any account designated as a
                          "computer administrator" is a member of this group.
                          Members can back up and restore files (regardless of permissions), log
Backup Operators          on locally, and shut down the system. Members cannot change security
                          settings.
                          Members can:

                                   Create user accounts and modify and delete accounts they
                                    create
                                   Create local groups and remove users from local groups they
                                    create
                                   Remove users from the Power Users, Users, and Guests groups
                                   Change the system date and time
                                   Install applications
Power Users
                                    Members cannot:

                                   Change membership of the Administrators or Backup Operators
                                    groups
                                   Take ownership of files
                                   Back up or restore files
                                   Load or unload device drivers
                                   Manage security and auditing logs

                          Members can use the computer but cannot perform system
                          administration tasks and might not be able to run legacy applications.
                          Members cannot share directories or install printers if the driver is not yet
                          installed.
                          Members cannot view or modify system files.
Users                     Any user created with Local Users and Groups is automatically a
                          member of this group.
                          User accounts designated as "limited use" accounts are members of this
                          group.
                          A user account created as a "computer administrator" is made a member
                          of this group.
                          Members have limited rights (similar to members of the Users group).
Guests
                          Members can shut down the system.




Microsoft XP Operating System
                                                                                      P a g e | 13


Windows XP also includes the following local groups. Although these groups exist, you should
not modify their membership.

       Network Configuration Operators
       Remote Desktop Users
       Replicator


Implicit Local Groups

Windows XP has some special groups (sometimes called implicit groups or special identities)
that act as variables to represent either a set of users or a set of programs running on the
computer. The identity and membership of these groups is dynamically configured, so they are
not listed in Local Users and Groups. In many cases, user accounts are dynamically made a
member of these groups when users perform certain actions (such as logging on or creating a
file).

Group Name                        Membership obtained by...
                                  Logging on without a user name and password (anonymous
ANONYMOUS LOGON                   logon is commonly permitted if the computer is acting as a
                                  web server)
AUTHENTICATED USERS               Logging on by supplying a user name and password
CREATOR GROUP                     Creating an object
CREATOR OWNER                     Creating an object (such as a file)
DIALUP                            Connecting to the computer through a dial-up connection
                                  Gaining access to the computer except through anonymous
Everyone
                                  logon
                                  Logging on interactively (also called logging on locally)
INTERACTIVE
                                  through the computer console
NETWORK                           Logging on to the computer through a network connection
                                  Logging on to the computer through a remote desktop
REMOTE INTERACTIVE LOGON
                                  connection

       Except the Everyone group, you can recognize these groups because their names are
        written in all caps.




Microsoft XP Operating System
                                                                                            P a g e | 14



Local Group Facts

As you work with local groups, keep in mind the following recommendations:

          Whenever possible, use built-in groups to assign rights and permissions. For example,
           to allow someone to back up and restore the system, make the user account a member
           of the Backup Operators group.
          Use caution in modifying the default rights and permissions assigned to built-in groups.
          When assigning security, make user accounts members of groups, then assign the
           rights or permissions to the group rather than the user accounts.

In addition, be aware of the following facts about managing local groups:

          Deleting a group does not delete the user accounts that are members of the group.
          Removing a user account from a group does not delete the group or the user account.
          You can make domain users and groups members of local groups.
          You cannot remove the Administrator local user account from the Administrators group.
          You cannot remove the Guest user account from the Guests group.
          When you join a domain, some domain accounts are automatically made members of
           local groups.
          User Profile Management Tasks
          The following list describes some common profile management tasks and the
           recommended method for completing them.

To . . .                Do . . .
                        Log on as a user without a profile. User profiles are created automatically,
Create a new
                        using the Default Users profile as a template. (You can also set access
profile
                        permissions on a copied profile for use as a new profile.)
Edit an existing        Log on as the user, then use the Windows interface to modify the desktop,
profile                 Start Menu, taskbar, and other preferences.
Create Start Menu
or Desktop              Copy the desired shortcuts to the appropriate folder within the user profile.
shortcuts
                        Use the User Profiles tool to copy the profile to a new location. If you
                        simply copy the subfolders to a new location, registry settings and
Copy a profile
                        permissions will not be properly modified.
                        Note: You cannot copy the profile of a logged on user.
Make a mandatory
                        Use Explorer to rename the Ntuser.dat file to Ntuser.man.
user profile
Make a roaming          Copy the profile to a network share. Use the Profile tab in the user account
user profile            properties to enter the path to the user's roaming profile.
Assign a specific       Edit the properties of the user account (either local or domain user) to
profile                 identify the specific profile (either to a user roaming or otherwise) to use.
                        Use the User Profiles tool. Do not simply delete the folder as registry
Delete a profile
                        settings will not be modified appropriately.




Microsoft XP Operating System
                                                                                       P a g e | 15


                       Note: You cannot delete the profile of a logged on user.


Folder Redirection Facts

Keep in mind the following facts about redirecting folders:

       End users can only redirect the following folders: My Documents, My Music, My
        Pictures, and My Videos.
       Group Policy can only redirect the following folders: Application Data, Desktop, My
        Documents, My Music, My Pictures, My Videos, and Start Menu.
       You cannot redirect folders using local Group Policy.
       Use the %username% variable to redirect folders to unique parent folders based on user
        name.
       You can redirect folders to different locations based on group membership.
       When you redirect folders, the default is to copy the existing folder contents to the new
        location.
       Redirecting folders does not delete the existing folder or prevent data from being stored
        in the folder. It only redirects the shortcut that points to the target folder.
       By default, users are given the necessary permissions to manage their redirected
        folders.


Group Policy Facts

Group policy is a tool used to implement system configurations that can be deployed from a
central location through GPOs (Group Policy Objects).

You should know the following Group Policy facts:

       GPOs contain hundreds of configuration settings.
       GPOs can be linked to Active Directory sites, domain, or organizational units (OUs).
       GPOs include computer and user sections. Computer settings are applied at startup.
        User settings are applied at logon.
       A GPO only affects the users and computers beneath the object to which the GPO is
        linked.
       Group policy settings take precedence over user profile settings.
       A local GPO is stored on a local machine. It can be used to define settings even if the
        computer is not connected to a network.
       GPOs are applied in the following order:
            1. Local
            2. Site
            3. Domain
            4. OU
       If GPOs conflict, the last GPO to be applied overrides conflicting settings.
       The Computers container is not an OU, so it cannot have a GPO applied to it.
       Group policy is not available for Windows 98/NT clients or Windows NT 4.0 domains.
       You can use a GPO for document redirection, which customizes where user files are
        saved. (For example, you can redirect the My Documents folder to point to a network



Microsoft XP Operating System
                                                                                       P a g e | 16


         drive where regular backups occur. Folder redirection requires Active Directory-based
         group policy.)
        Configuring a domain group policy to delete cached copies of roaming user profiles will
         remove the cached versions of the profile when a user logs off.

To manually refresh group policy settings, use the Gpupdate command with the following
switches:

Switch             Function
No switch          Refresh user and computer-related group policy.
/target:user       Refresh user-related group policy.
/target:computer Refresh computer-related group policy.


Installing Devices

When installing devices:

        Begin by adding the device to the system or plugging the device in. Windows
         automatically detects and installs drivers for Plug and Play devices.
        For undetected legacy devices, you might need to:
            o Run the setup program that came with the device.
            o Use the Add New Hardware wizard to install a device driver manually.
            o Manually set IRQ, DMA, or I/O addresses
            o Manually select and install the driver

IDE Devices
Keep in mind the following facts about configuring IDE devices:

        Virtually every computer has two IDE host bus adapters integrated onto the
         motherboard.
        Each adapter supports a maximum of two devices.
        When two devices per adapter are configured, use jumpers to identify the master and
         slave devices.
        The CMOS and BIOS typically auto-detects the devices attached to each adapter.
        Configure the BIOS to identify which devices can be used to boot the computer.

SCSI Devices
Keep in mind the following facts about configuring SCSI devices:

        Some computers have a built-in SCSI host bus adapter. For other computers, install an
         adapter card in the PCI bus.
        Devices are connected in a chain. Most host bus adapters allow for an internal chain of
         devices and an external chain of devices. Most SCSI implementations have a limitation
         of seven devices (including the host bus adapter).
        Each device (including the host bus adapter) in the chain must have a unique ID
         number.



Microsoft XP Operating System
                                                                                       P a g e | 17


       This number might be set with switches or through software.
       The end of the SCSI chain must be terminated. Some devices are self-terminating.
        Other devices require a special termination plug.
       Modify the system BIOS to boot from a SCSI device (set the device type to 0 or not
        installed).

Parallel Devices
Keep in mind the following facts about working with parallel devices:

       Parallel ports originally supported only printers. You can now attach a wide variety of
        devices to the parallel port.
       Windows identifies each parallel port with the designation LPT1, LPT2, etc.
       Parallel ports operate in three different modes: SPP (standard), EPP (enhanced, to
        support non-printer devices), and ECP (extended, for improved printer support). Virtually
        all computers support all three modes.
       In most cases, Windows automatically detects the device connected to a parallel port
        and sets the mode accordingly.
       To configure the port mode manually (such as to disable EPP for a port), edit BIOS
        settings.

Serial Devices
Keep in mind the following facts about configuring serial devices:

       Most computers have one or two serial ports.
       Modems and direct computer-to-computer connections typically use serial ports.
       Windows allocates resources to serial devices using COM1, COM2, etc. designations.
       Windows XP supports up to 256 COM ports.
       For each serial port, configure the data speed, data/stop bits, parity, and flow control
        settings.
       Conflicts might occur if two devices share the same COM port number.

USB Devices
Following are some facts to keep in mind while configuring USB devices:

       USB devices connect through hubs to form a tree bus structure.
       Hubs are either self-powered or bus-powered (receiving their power from another hub).
       Bus-powered hubs have a maximum of four ports, and supply a maximum of 100 mA of
        power per port.
       Self-powered hubs supply up to 500 mA per port and can have many ports.
       USB devices can be self-powered or hub-powered (receiving their power from the hub).
       Connect low powered devices (such as a mouse or keyboard) to either self-powered or
        bus-powered hubs.
       Connect high-powered devices (such as video cameras or scanners) to either a self-
        powered hub or plug the device in to its own power supply.
       The USB bus is self-terminating and automatically assigns IDs to each device.

FireWire Devices
FireWire (also called IEEE 1394) is similar to USB, but is targeted mainly towards audio/video
data transfer. Keep in mind the following facts about FireWire devices:


Microsoft XP Operating System
                                                                                      P a g e | 18


       FireWire is typically used for video cameras and devices requiring high-speed,
        guaranteed bandwidth.
       FireWire devices are connected in a chain.
       The controller automatically assigns device IDs. No termination is needed.
       Windows detects and configures FireWire devices automatically as they are plugged in.

Wireless Devices
Keep in mind the following facts regarding configuring wireless devices:

       Two common wireless interfaces include IrDA (infrared) and BlueTooth (radio
        frequency).
       Common IrDA devices include the mouse, keyboard, and PDAs. BlueTooth devices are
        typically used for networking (such as to allow a laptop to connect to a network without
        wires).
       Both the host computer and communicating devices require a transmitter/receiver.
       With IrDA, devices must be close and have a direct line of sight path. With BlueTooth,
        devices can be farther away (up to 10 meters) and separated by walls or other objects in
        the path.


Drivers

To update drivers:

       Use Windows Update to automatically check for new drivers.
       Download the new driver and run the program to install it.
       Download the new driver and use Device Manager to update and install the new driver.

To control how unsigned drivers are installed on the system, use the following settings:

       Block (prevents unsigned driver installation)
       Warn (allows installation, but with an error message)
       Ignore/Silently Succeed (install)

To protect against unsigned drivers,

       Enforce driver signing on the system through the System applet or Group Policy.
       Use group membership and user rights to prevent normal users from installing drivers
        (Power Users or Administrators only can install drivers).
       The Hardware Compatibility List (HCL) includes all devices for which a signed driver is
        available.
       Driver Rollback allows you to restore an original driver when a new driver causes system
        problems.




Microsoft XP Operating System
                                                                                         P a g e | 19



File Verification Programs

        The following table summarizes the file verification tools you can do to verify driver
        signatures and file integrity.

Program                  Features
                         GUI-based tool that searches for unsigned files.
                         By default, it searches only the Windows directory (click the Advanced
Sigverif.exe
                         button to search other locations).
                         The program returns a list of files without digital signatures.
                         Command-line tool that checks the digital signatures of drivers that are in
                         use.
Driverquery.exe /si      Use the /si switch to request the signature status of the drivers.
                         The report lists each device, the .inf file for the device, and the signed
                         status of the driver.
                         GUI-based tool that displays the list of devices and information about
                         each device (including the driver, driver date, and signature status).
Msinfo32.exe
                         The report shows every installed device and the signed status of the
                         drivers.
                         Tool that scans system files to ensure that they have not been replaced
                         or corrupted.
Sfc.exe /scannow
                         Use the /scannow switch to force an immediate check of the system.
                         Use the tool to automatically replace bad files.
                         Launches the System Information tool. System Information lists hardware
Winmsd.exe               resources, hardware devices and drivers used, system and signed
                         drivers, Internet Explorer settings, and Office application information.


Multiple Monitors

Hardware requirements for using multiple monitors:

       Video card with dual monitor support OR multiple video cards
       One card designated as the primary card
       Cards must be AGP or PCI (ISA will not work)

Special considerations for using multiple monitors:

       Make sure the video card driver supports multiple monitors (upgrade the driver or
        replace the device)
       Not all applications support multiple monitors (they might display only on the primary
        monitor)
       Use the Settings tab in the Display properties to configure multiple monitors




Microsoft XP Operating System
                                                                                       P a g e | 20


Multiple Processors

Keep in mind the following facts about multiple processors:

       The Hardware Abstraction Layer (HAL) controls communication between the kernel
        (operating system) and the hardware.
       Multiple processor support depends on whether the HAL is designed for uniprocessor or
        multiprocessor support.
       Use the multiprocessor HAL to utilize both processors.
       If you want to run multiple processors, you can use Device Manager to upgrade the HAL
        driver to support multiple processors.


Power Management

Windows XP supports two types of power management:

       Advanced Power Management (APM): Power management controlled by the BIOS
       Advanced Configuration Power Interface (ACPI): Windows controls the power
        management

ACPI offers a number of advantages over APM, including:

       Control of power management for individual devices though Device Manager
       Support for hibernation and stand-by modes
       Support for power schemes to customize power options
       Support for laptop power management

ACPI support is enabled by the hardware abstraction layer (HAL).

       The ACPI HAL can be installed only if the BIOS supports ACPI.
       If the non-ACPI HAL is installed (for example if you forced an install of the non-ACPI
        HAL), you must reinstall Windows to replace the HAL.
       If necessary, enable ACPI support in the BIOS.


Hardware Profile Considerations

To create a new profile,

    1. Copy an existing profile.
    2. Reboot, selecting the new profile.
    3. Use Device Manager to enable or disable devices for the current profile.

Use the Hardware Profile tool to manage profiles:

       Move profiles up or down in the list. The top profile is the default.




Microsoft XP Operating System
                                                                                       P a g e | 21


       Set the profile menu timer. Set the timer to 0 to hide the menu (if the menu is hidden,
        press the Spacebar during boot to show the menu).
       You can customize the profile menu by removing profiles from the menu.

The following table lists some cases when hardware profiles are or are not needed.

When not to use a hardware profile                When to use a hardware profile
If you are adding or removing hot-swap
                                                  If you need to conserve laptop power under
components
                                                  specific conditions
If you want to disable a device under all
                                                  If you need to force a specific device to be
conditions
                                                  used at a specific time
If you need to permanently uninstall a specific
                                                  If you want reduce the time delay the system
device
                                                  needs to select the correct device in a specific
If a laptop uses only a docked and an undocked
                                                  situation
state




Microsoft XP Operating System
                                                                                              P a g e | 22




Network Components

The following tables list the protocols, clients, and services provided by Microsoft. Other
vendors (such as Novell) might provide additional networking components.

Protocols
Protocol                        Use
                                Routable protocol used on the Internet and the default protocol for
Internet Protocol (TCP/IP)
                                Windows XP
NWLink
IPX/SPX/NetBIOS                 Microsoft's implementation of IPX/SPX for connecting to NetWare
Compatible Transport            servers
Protocol
Network Monitor Driver          Enables the computer to capture network communication statistics

Clients
Client                          Use
Client for Microsoft
                                Client software to access resources on Microsoft networks
Networks
Client Service for              Client software to access resources on NetWare networks running
NetWare                         IPX/SPX

Services
Service                            Use
File and Printer Sharing for       Enables a computer to share its resources with other network
Microsoft Networks                 clients
                                   Service that prioritizes TCP/IP traffic, enabling a higher priority for
QoS Packet Scheduler
                                   time-sensitive communications
                                   Protocol used with NetWare to locate services on an IPX/SPX
Service Advertising Protocol
                                   network

TCP/IP Configuration Settings

The following table summarizes many of the configuration settings for a TCP/IP network.

Parameter        Purpose
IP address       Identifies both the logical host and logical network addresses.
Subnet mask Identifies which portion of the IP address is the network address.
Default
                 Identifies the router to which packets for remote networks are sent.
gateway




Microsoft XP Operating System
                                                                                      P a g e | 23


Host name        Identifies the logical name of the local system.
DNS server       Identifies the DNS server that is used to resolve host names to IP addresses.
WINS server      Identifies the WINS server that is used to resolve host names to IP addresses.
                 Identifies the physical address. On an Ethernet network, this address is burned
MAC address
                 in to the network adapter hardware.

Keep in mind the following regarding TCP/IP configuration:

       All computers must be assigned a unique IP address.
       Hosts on the same physical network should have IP addresses in the same address
        range.
       The subnet mask value for all computers on the same physical network must be the
        same.
       Configure the default gateway value to enable internetwork communication.
       The default gateway address must be on the same subnet as the host's IP address.
       By default, all Windows computers try to use DHCP for TCP/IP configuration information.
       APIPA is used to automatically generate an IP address if the DHCP server is unavailable
        and if no alternate address is configured.
       The APIPA range is 169.254.0.1 to 169.254.255.254 with a mask of 255.255.0.0.
       If the computer assigned itself an IP address (using APIPA), this means the computer
        could not contact a DHCP server.
       Use an alternate IP address to use DHCP on one network and static addressing on
        another without reconfiguring the connection.
       When you configure a static IP address, you disable DHCP and APIPA.
       When you configure an alternate IP address, APIPA is no longer used.
       APIPA does not set the default gateway or name server address values. Rely on APIPA
        only on a small non-routed network.
       Private IP addresses do not need to be registered, and fall within the following ranges:
             o 10.0.0.0 to 10.255.255.255
             o 172.16.0.0 to 172.31.255.255
             o 192.168.0.0 to 192.168.255.255




Microsoft XP Operating System
                                                                                      P a g e | 24



Name Resolution Facts

Microsoft uses one or both of the following methods for performing name resolution:

       Windows Internet Name Service (WINS) is Microsoft's service to resolve names
        dynamically to IP addresses using NetBIOS. WINS is still used by legacy machines.
       Domain Name Service (DNS) dynamically registers clients and uses client information to
        register IP addresses.

If your network is running only Windows 2000/XP/2003 systems, you can disable NetBIOS
name resolution.

To troubleshoot name resolution problems:

       Confirm that it is not a TCP/IP problem by pinging the IP address. If pinging the address
        succeeds but pinging the name fails, the problem is with the name resolution system.
       Run Ipconfig /all to verify DNS server addresses.
       Run Nslookup to see if you get an IP address from the DNS server.
       Verify the DNS and WINS server configurations.
       Check the services on the DNS and WINS servers to see that they are running.
       Check DNS registration. If you need to renew the DNS registration, do the following:
           o Run Ipconfig /registerdns to renew a DNS name.
           o Run Nbtstat -RR to renew a NetBIOS name.
       Flush the local host name resolution cache using:
           o Ipconfig /flushdns for DNS.
           o Nbtstat -c or Nbtstat -R for NetBIOS.


Dial-up Connection Facts

There are two types of dial-up modems:

       Standard analog modem (up to 56 Kbps)
       ISDN modem

ISDN modems use the following channels over normal analog lines:

       Two B channels of 64 Kbps each. The two channels operate independently, and they
        are associated with separate phone numbers. Each channel must be configured
        separately.
       The third channel is a 16 Kbps D channel which is used to control the two B channels.

When configuring dial-up, you can configure the following additional options:

       Callback security--The server disconnects the user after authentication then immediately
        calls the user back. The server can use a preset phone number for each user, or the
        user can enter a callback phone number after authentication.




Microsoft XP Operating System
                                                                                          P a g e | 25


       Multi-link--The ability to integrate multiple connections into a single logical connection in
        order to increase the overall bandwidth. Both the client and the server need to be
        configured to accept multi-link connections. You cannot use multi-link with callback.


Remote Authentication Protocols

Windows XP supports the following remote authentication protocols.

Method           Description
Password
               Authentication is done by comparing a user name and password to a table with
Authentication
               paired user names and passwords on the network. PAP does not support
Protocol
               secure passwords.
(PAP)
               A server sends a challenge message to a peer. Based on the challenge
Challenge      message, the peer calculates a value using a hash, a number generated
Handshake      algorithmically from a string of text, and returns the value to the server. The
Authentication server checks the value against its own calculation. If the values match, the peer
Protocol       is authenticated. Microsoft has two versions of CHAP: MS-CHAP and MS-CHAP
(CHAP)         v2. CHAP, MS-CHAP, and MS-CHAP v2 require secure passwords, but only
               MS-CHAP and MS-CHAP v2 support data encryption.
Extensible
               EAP supports several authentication methods, including smart cards,
Authentication
               certificates, one-time passwords, and public key authentication. EAP supports
Protocol
               secure passwords and data encryption.
(EAP)


VPN Tunneling Protocols

Windows XP Professional supports two different VPN tunneling protocols: PPTP and L2TP. By
default, VPN connections for Windows XP Professional are configured to use both PPTP and
L2TP. The client will negotiate with the VPN server to select the tunneling protocol to use for the
connection.

Protocol                                    Description
                                         Uses standard authentication protocols
Point-to-Point Tunneling Protocol (PPTP) Uses MPPE for encryption
                                         Is supported by most operating systems and servers
                                            Can use certificates for authentication
Layer Two Tunneling Protocol (L2TP)         Uses IPSec for encryption (requires certificates)
                                            Only supported by Windows 2000/XP/2003




Microsoft XP Operating System
                                                                                        P a g e | 26


Common Port Numbers

This table lists the services and port numbers included with ICF. Custom entries can be created
to allow other types of traffic.

Service                                            Port Number Protocol
File Transfer Protocol (FTP)                             21          TCP
Incoming L2TP VPN                                       1701        UDP
Incoming PPTP VPN                                       1723         TCP
Internet Mail Access Protocol version 3 (IMAP3)         220          TCP
Internet Mail Access Protocol version 4 (IMAP4)         143          TCP
IP Security (IKE)                                       500         UDP
Post Office Protocol (POP3)                             110          TCP
Remote Desktop                                          3389         TCP
Secure Web (HTTPS)                                      443          TCP
Telnet                                                   23          TCP
Web Server (HTTP)                                        80          TCP


ICS and ICF Facts

With Internet Connection Sharing (ICS), most configuration tasks are completed automatically.
When using ICS:

        The ICS system is configured as a NAT router, a limited DHCP server, and a DNS proxy
         (name resolution requests from the private network are forwarded to DNS servers on the
         Internet).
        The IP address for the private interface is automatically changed to 192.168.0.1 with a
         mask of 255.255.255.0.
        The default gateway of the ICS system is set to point to the Internet connection.
        Hosts on the private network should use DHCP for address and DNS server information.
        The ICS system uses DHCP to deliver the following information to hosts on the private
         network:
             o IP address in the range of 192.168.0.0 with a mask of 255.255.255.0.
             o DNS server address of 192.168.0.1 (the private interface of the ICS system).
             o Default gateway address of 192.168.0.1.
        Do not use DHCP servers, DNS servers, or Active Directory on your private network.

Keep in mind the following details when working with ICF:

        Enable ICF on the Internet connection, not on the private connection. Doing so can
         disable communication with hosts on the private network.
        By default, the firewall allows all outgoing Web traffic and responses but blocks all
         incoming traffic.




Microsoft XP Operating System
                                                                                         P a g e | 27


       To allow incoming Web traffic, open ports in the firewall based on the services you want
        to allow in.
       If the incoming service is hosted by a computer on the private network, redirect the
        incoming port to the private host.


Remote Services Facts

Keep in mind the following details regarding Remote Assistance.

       Both the novice (person requesting assistance) and the expert (person giving
        assistance) computers must be running Windows XP (either Home or Professional).
       Generally, the novice must initiate the invitation. If Active Directory is used, the expert
        can initiate the Remote Assistance connection.
       Invitations require a password (unless Instant Messaging is used) and have an
        expiration time. Expired invitations cannot be answered.
       When sending an invitation, do not include the password in the invitation text.
        Communicate it in some other way.
       To allow inbound Remote Assistance invitations to cross through a firewall, open port
        3389.
       Disable Standby and Hibernation modes to prevent session termination.
       The helper cannot copy files from a user's computer. The user must explicitly send any
        files the helper may need.
       The user can take control the computer at any time by pressing the Esc key, Ctrl+C, or
        clicking Stop Control.

Keep in mind the following details when working with Remote Desktop.

       Host computers must be running Windows XP Professional.
       Client computers require client software to make the connection. This software is
        included with Windows XP, but must be installed separately on other Windows versions.
       For Web access, client software is downloaded and installed automatically through an
        Active X control (if required).
       The user account that is used for the Remote Desktop connection must have a
        password.
       If one is not set, the connection cannot be established.
       If a user is logged on to the host computer (or if the computer is locked), the remote
        client must log on using the current user account or the Administrator account.
       The user account for the remote connection must be a member of the Remote Desktop
        Users group or the Administrators group (or user rights must be modified in Group
        Policy).
       To allow incoming Remote Desktop sessions through a firewall, open port 3389.

If you are using the Web connection for Remote Desktop, keep in mind the following:

       The host computer must be running IIS.
       The client computer must be running a Windows operating system (Windows 9x or
        higher) with Internet Explorer 4.0 or higher.
       Use a URL formatted as http://computername/tsweb to make the connection.




Microsoft XP Operating System
                                                                                        P a g e | 28


       After the connection is made, you can use the browser to access any other Remote
        Desktop- or Terminal Services-enabled computers on the private network.
       You can use authentication and Web permissions in IIS to control access to the Remote
        Desktop Web connection.


File System Facts

The following table indicates which file systems support which capabilities.

Feature                                       FAT FAT32 NTFS
Long file names                                X      X       X
Larger than 2 GB/4 GB partitions                      X       X
Smaller clusters                                      X       X
Enhances file security through permissions                    X
Folder and file level encryption                              X
Folder and file level compression                             X
Disk quotas                                                   X

Use the Convert.exe utility to modify the file system without reformatting and losing data. To
convert the C:\ drive to NTFS, use the following command: convert C: /fs:ntfs


Basic and Dynamic Disks

Keep in mind the following when using basic disks.

       A basic disk has a limit of four partitions, only one of which can be an extended partition.
       One primary partition must be marked active.
       Most operating systems can recognize only one primary partition. All other primary
        partitions are invisible. (Windows NT/2000/XP/Server 2003 can recognize multiple
        primary partitions.)
       The active primary partition is represented with one drive letter (C:). The extended
        partition can be divided into multiple logical drives (up to 26).

Keep in mind the following when using dynamic disks.

       Windows 2000/XP/Server 2003 recognize dynamic disks.
       Volumes on dynamic disks are like partitions and logical drives on basic disks.
       A volume can be made of non-contiguous space on a single drive or space taken from
        more than one drive.
       You cannot install the operating system on a dynamic disk. You can, however, upgrade
        a basic disk containing the operating system to dynamic after installation.

Keep in mind the following points as you plan whether to implement basic or dynamic disks.




Microsoft XP Operating System
                                                                                              P a g e | 29


         A hard disk must be either basic or dynamic; it cannot be both at once.
         Windows 2000/XP/Server 2003 use basic storage by default.
         MS-DOS and all versions of Microsoft Windows support basic storage.
         Dynamic storage was new to Windows 2000 and previous Windows operating systems
          cannot use it (this is especially important if you plan to multi-boot to other operating
          systems).
         Dynamic storage is not supported on portable computers because they normally have
          only one internal hard drive and cannot take advantage of advanced dynamic storage
          features.

To convert a basic disk to a dynamic disk, right click the volume in Computer Management and
choose Convert to dynamic disk. Or, use the Diskpart command at the command


Volume Characteristics

The following table summarizes the volume types supported on Windows XP Professional and
their characteristics.

Volume Type Characteristics
Simple volume Contains a single, contiguous block of space from a single hard disk.
Extended          Contains space from multiple areas on the disk. An extended volume that spans
volume            two disks is a spanned volume.
                  Combines areas from two or more disks into one storage unit.
Spanned           Fills the first area, then the second, and so on.
volume            Does not provide fault tolerance. If one hard disk fails, you lose all data.
                  Cannot contain system or boot files.
                  Uses storage areas on several different disks.
                  Improves performance by writing to multiple disks simultaneously.
                  Uses disk areas similar in size. The amount of space used on each disk is equal
Striped
                  to the smallest area.
volume
                  Saves data from a single file on multiple disks.
                  Is not fault-tolerant. If one hard disk in the set fails, you lose all data on all disks.
                  Cannot contain system or boot files.

Note: Only dynamic disks support extended, spanned, or striped volumes.

Mirrored and RAID volumes are supported only on server versions of Windows. These volume
types provide fault tolerance and improve performance.




Microsoft XP Operating System
                                                                                     P a g e | 30



Volume Mount Point Facts

Be aware of the following conditions for using volume mount points.

        Both partitions must be formatted with NTFS.
        You can use either partitions on basic disks or volumes on dynamic disks.
        The folder on the source partition must be empty.
        The target partition must not have a drive letter.
        Multiple folders can reference the same target partition.


Designing Disks for Multiple Operating Systems

For a system that boots to multiple different operating systems (for example to both Windows 98
and Windows XP), you will need to plan your storage space so that the drives are accessible to
the appropriate operating system. In general, be sure to select the disk type (basic or dynamic)
and file system that is common to both operating systems. Keep in mind the following:

        Only Windows 2000/XP supports dynamic disks and volumes. Use basic disks and
         partitions for operating systems other than Windows 2000/XP.
        Only Windows 2000/XP supports its version of NTFS. Select FAT or FAT32 for other
         operating systems.
        Select FAT32 over FAT if possible.

The following table indicates which file systems are compatible with which operating systems.

Operating System FAT FAT32             Windows 2000/XP NTFS
MS-DOS                   X
Windows 3.1              X
Windows 95a              X
Windows 95b/98/Me        X      X
Windows NT               X          Limited support on NT 4 with SP4
Windows 2000/XP          X      X                  X

When installing Windows 2000/XP and other operating systems on the same computer, as a
rule you should install the other operating systems first, then install Windows 2000/XP last.
Doing so prevents Windows 2000/XP startup files from being corrupted. Microsoft recommends
the following installation order:

    1.   MS-DOS
    2.   Windows 95/98/Me
    3.   Windows NT
    4.   Windows 2000/XP




Microsoft XP Operating System
                                                                                         P a g e | 31


Boot.ini Facts

The Boot.ini file is responsible for the following operations:

       Launching the menu for operating system selection during startup
       Pointing to the system files for the selected operating system
       Identifying the controller, hard disk, and partition where the system files are located

The ARC path locates the system file and contains the following elements:

Entry            Meaning and Use
                 Identifies the controller location.
MULTI(x)         Use multi(x) if the disk controller is a SCSI device with its BIOS enabled or is a
or               non-SCSI device.
SCSI(x)          Use scsi(x) only if the disk controller is a SCSI device with BIOS disabled.
                 The value for x begins at 0.
                 Identifies the disk location.
                 If the first component of the ARC name is scsi, disk(x) indicates which SCSI disk
                 the operating system is located on. The x value begins with 0.
DISK(x)          If the first component of the ARC name is multi, this component is always
                 disk(0), and the disk containing the operating system is indicated by the rdisk(x)
                 component.
                 The value for x begins at 0.
                 Identifies the disk location.
                 If the first component of the ARC name is multi, rdisk(x) indicates which physical
                 disk the operating system is located on. The x value begins at 0.
RDISK(x)         If the first component of the ARC name is scsi, the rdisk component is always
                 rdisk(0) and the disk containing the operating system is indicated by the disk(x)
                 component.
                 The value for x begins at 0.
                 Identifies which partition holds the boot files.
PARTITION(y)
                 The value for y begins at 1.




Microsoft XP Operating System
                                                                                         P a g e | 32




File Compression Facts

Keep the following information in mind when working with folder and file compression.

        When you compress a file, Windows makes a copy of the file, compresses it, then
         replaces the original file with the compressed one.
        When you open a compressed file, Windows decompresses the file. The decompressed
         file is used by the application.
        You cannot save or copy a compressed folder or file to a disk containing less free space
         than the folder or file would be uncompressed.
        Compression and encryption cannot be used on folders or files at the same time.
        Apply data compression to files that change size dramatically. For example, bitmap and
         spreadsheet files compress by a much larger percentage than application or word-
         processing files.
        Do not compress files that are already compressed using another compression utility.
        Use zipped folders to share compressed files with other computers.
        NTFS compression on volumes with cluster sizes larger than 4 KB is not supported.

Copying and moving files and folders can affect their compressed state. To determine the final
state of a file or folder, remember the following rules.

        If you copy or move a compressed file or folder to a non-NTFS partition, the file or folder
         is uncompressed (other file systems do not support NTFS compression).
        If you copy a compressed file or folder, it inherits the compressed state of the destination
         folder.
        If you move a compressed file or folder to the same NTFS partition, it retains its
         compressed state.
        If you move a compressed file or folder to another NTFS partition, it inherits the
         compressed state of the destination folder.
        If you copy or move a zipped folder, it always remains zipped (regardless of the
         destination file system).

Compact.exe is a command prompt tool that you can use to set and manage compression. The
following table summarizes some options for the Compact.exe command.

Option Action
/C       Compresses the specified files. Folders are marked with the compressed attribute.
/S       Compresses all subfolders of the specified folder.
/U       Uncompresses the specified files. Folders are marked with the uncompressed attribute.

For example, the following command will compress all files in the C:\Documents\Transfer folder,
including all subfolders:

Compact /C C:\Documents\Transfer\*.* /S




Microsoft XP Operating System
                                                                                       P a g e | 33


Encryption Facts

Keep the following information in mind as you work with EFS.

       You must have Write permission to a folder or file to encrypt it.
       Windows transparently unencrypts and encrypts folders and files as users use them.
       You cannot encrypt System or Read-only files.
       Encryption and compression cannot be used on folders or files at the same time.
       If you are having trouble opening encrypted folders or files, make sure you are logged in
        to the user account that encrypted the folder or file and that you still have permissions
        for the file.
       In a workgroup, the local Administrator user account is the default recovery agent.
       In a domain, the domain Administrator account is the default recovery agent.
       To recover encrypted files, the files and recovery key need to be on the same computer.
       Without the private key or recovery key, you cannot copy or move an encrypted file. You
        can however, back up the files and restore them to the computer where a recovery key
        is located.
       You can also export the recovery key and import it onto the computer storing the files
        you want to recover.
       You can add additional authorized users to files (not folders) who will be able to open
        encrypted files.
       Implement encryption through the file or folder properties. Or, use the Cipher command
        to encrypt files and folders.

Copying and moving files might change the encrypted state of the file. To determine the final
state of a file, remember the following rules.

       If you copy or move an encrypted file or folder to a non-NTFS partition, the file or folder
        is unencrypted (other file systems do not support encryption).
       If you copy or move an encrypted file to an NTFS partition (either to the same one or to a
        different one), the file remains encrypted.
       If you copy an unencrypted file to an encrypted folder, the file is encrypted.
       If you move an unencrypted file into an encrypted folder, the file remains unencrypted.
       Encryption is preserved when the file is backed up.

Normally, encrypted files are meant to be stored and read on the local computer only. When
saving encrypted files on a remote computer, be aware of the following:

       You can only encrypt files stored on remote computers if the computer is trusted for
        delegation in Active Directory (how to do this is beyond the scope of the course).
       When moving files encrypted on your local system to another computer (for use on that
        computer), make sure your certificate and private key are available on the other
        computer. Otherwise, you might be unable to open the file.
       When moving encrypted files to another computer over the network, files are not
        encrypted while they are in transit. Files might be intercepted as they are transferred.
        Use IPSec to secure network communications.




Microsoft XP Operating System
                                                                                       P a g e | 34


Disk Quota Facts

Keep the following in mind as you work with disk quotas.

       Quotas can only be set on NTFS volumes. The Quota tab will not be shown for FAT
        volumes.
       Every file and folder that users create, copy, save, or take ownership of on a volume or
        partition counts toward their disk quota.
       The space available for applications to save files to is equal to the amount of space left
        in a user's quota.
       Each NTFS volume or partition on a hard disk has its own set of disk quotas, even if they
        are on the same hard disk.
       System and application files count toward disk quotas, so the user account which installs
        software needs a higher limit.
       You cannot set a quota limit on the built-in Administrator account.
       You cannot delete a user's account quota until you remove or take ownership of all of
        that user's files on the volume.
       You can use the Fsutil.exe command to manage quotas from the command prompt.

Quota configurations:

Configuration State
Disabled         File usage data is not collected and storage space is not limited.
                 File usage data is collected, but storage space is not limited. Users can exceed
Tracked
                 their quota limit.
                 Warning levels and restrictions are enforced to prevent users from exceeding
Enforced
                 disk space limitations.

If a user exceeds the quota limit, take one of the following actions:

       Delete files owned by the user.
       Change ownership of files (quota limits are enforced based on owned files).
       Move files to other volumes (quota limits are enforced on a volume or partition basis).
       Increase the quota limit.

You cannot reduce the amount of space used by files by compressing them. Quotas count the
uncompressed size of a file toward the quota limit.




Microsoft XP Operating System
                                                                                              P a g e | 35



NTFS Permission Facts

The following table summarizes the permissions for folders and files.

Permission           Allowed Actions
Read                 View folder details and attributes. View file attributes; open a file.
Write                Change folder or file data and attributes.
List Folder
                     Includes all Read actions and adds the ability to view a folder's contents.
Contents
Read & Execute       Includes all Read actions and adds the ability to run programs.
                     Includes all Read & Execute and Write actions and adds the ability to add or
Modify
                     delete files.
                     Includes all other actions and adds the ability to take ownership of and
Full Control
                     change permissions on the folder.

Use these suggestions to help you plan NTFS permissions.

        Identify the users and their access needs (i.e., the actions they need to be able to
         perform).
        Based on the types of users you identify, create groups for multiple users with similar
         needs, and then make users members of groups.
        Assign each group (not user) the permissions appropriate to the group's data access
         needs. (Grant only the permissions that are necessary.)
        As you assign permissions, take inheritance into account. Set permissions as high as
         possible on the parent container and allow each child container to inherit the
         permissions.
        When necessary, you can override inheritance on a case by case basis.
        Deny always overrides Allow, so be careful when you use it.




Microsoft XP Operating System
                                                                                        P a g e | 36



Shared Folder Facts

To access a shared folder:

       In Network Neighborhood, browse to the computer
       Use the UNC path to connect to the share: \\computername\sharename

The following table lists the share permissions and the level of access the permission allows.

Permission Actions
               Browse the shared folder and its files
               Open files in the shared folder and its subfolders
Read
               Copy files from the shared folder
               Run programs
               All Read actions (browse, open files, copy files from the folder, run programs)
               Write to files and change file attributes
Change         Create new files and subfolders
               Copy files to the shared folder
               Delete files or subfolders
               All Read and Change actions
Full Control
               Configure share permissions

Use both share and NTFS permissions to secure network resources. Here is a common
strategy for administering resources with share and NTFS permissions:

    1. Secure the folder with NTFS permissions.
    2. Share the folder using the default share permission of Full Control for Everyone.

An administrative share is a special share hidden from browsing. Keep in mind the following
facts about Administrative shares.

       Administrative shares are hidden by following the sharename with a $.
       Default Administrative shares are accessible to only members of the Administrators
        group.
       Any share can be hidden by appending the $ to the sharename.
       A hidden share can only be accessed through the UNC path (they do not appear when
        you browse).




Microsoft XP Operating System
                                                                                         P a g e | 37



Offline File Facts

Offline file caching options:

Setting              Description
               When you share a folder, this is the default configuration. This option allows
Manual Caching the caching of documents that a user manually selects. To make the share
for Documents  available offline, choose the shared folder or file then select Make available
               offline from the File menu in Explorer.
Automatic
Caching for          This option allows the caching of files that a user opens on the local machine.
Documents
Automatic            This option allows the caching of programs run from the network; however,
Caching for          only those components of the program that the user executes will be available
Programs             offline.



Internet Information Services (IIS)

Use IIS to enable:

       Active Desktop
       Internet Printing
       Remote Desktop
       Share folders (Web folders) for access through IE

You should know the following facts about IIS:

       When you install IIS, a default Web site is automatically created.
       By default, all Web content is stored in the \inetpub\wwwroot directory.
       A virtual directory is used to make content outside of the default directory path available
        through the Web site.

To make content available on your Web site:

       Place content in the \inetpub\wwwroot directory.
       Web share a folder. This creates a virtual directory in the Web site.




Microsoft XP Operating System
                                                                                          P a g e | 38




Printing Facts

The following table lists some key definitions with which you should be familiar.

Term         Definition
Print
             The computer where printing is established.
Server
             A virtual device inside the print server that can be configured to send output to a
Printer
             printing device.
Print
             The physical device connected to the print server where print output occurs.
Device
Print
             The software that allows the printer to communicate with the print device.
Driver
Print        The portion of the hard drive where print drives are stored before going to the print
Queue        device.
Printer      The means by which a print device connects to a print server (parallel port, serial
Port         port, or to the printer's NIC).

When you configure printing, you create a logical printer object that references a print device or
points to another logical printer on the network. The following table lists the configuration
choices to make to configure each type of printer.

                                              Printer
Print Device Location                                      Port Type
                                              Type
Connected to the LPT, USB, or COM port
                                              Local        LPT, USB, or COM
of the local computer
Connected directly to the network through                  TCP/IP (identify the IP address of the
                                              Local
a NIC connected to the printer                             print device NIC)
Connected to the LPT, USB, or COM port
of a remote computer (with a shared           Network      UNC path (\\computername\sharename)
printer)


UNIX Printing Facts

The following table lists some key terms for working with UNIX printing.

Term Definition
LPD Line Print Daemon Service that hosts printer. The Print Server runs the LPD service.
LPR Line Print Request client requests print services. The Print Client runs LPR and LPQ.
LPQ Represents the printer queue. The LPQ works with the LPR to request services. The Print



Microsoft XP Operating System
                                                                                     P a g e | 39


        Client runs LPQ and LPR.

Windows XP can function as either the server or the client in a UNIX printing environment.

       To configure Windows XP as the server:
           1. Install UNIX Print services with LPD.
           2. Configure a local printer.
           3. Share the printer.
       To configure Windows XP as the client:
           1. Install UNIX Print services
           2. Configure a network printer. Select LPR as the port type.


Managing Printing

The following table summarizes the permissions that can be assigned to printers. Printer
permissions apply to both local and shared printers.

Permission             Allowed Actions
Print                  Send print jobs and manage your own documents
Manage Documents Manage all documents in the queue
Manage Printer         Change configuration settings and permissions

       The following table summarizes the printing component you would use to complete each
        configuration task.

To Configure . . .                 Edit . . .
                                   Printer object properties
Additional drivers for a printer
                                   Print server properties
Job priority                       Print Queue, job properties
Notification                       Print server properties
Permissions                        Printer object properties
                                   Printer object properties
Ports
                                   Print server properties
Sharing                            Printer object properties
Spool file location                Print server properties




Microsoft XP Operating System
                                                                                         P a g e | 40


Printer Pooling
Printer pooling uses a single printer object to represent multiple print devices. With printer
pooling,

       Users send print jobs to a single printer
       The print server decides which print device to send the job to

When creating a printer pool, all print devices in the pool:

       Must be the same model (using the same printer driver)
       Should be in the same physical location (because users won't know which physical
        device their print job prints on)

Printer pools:

       Speed printing by reducing the time that documents spend waiting for a free print device
       Simplify printer administration because you manage multiple devices through a single
        printer object

Multiple Printers
Configure multiple printer objects for a single print device to control access to the printer based
on job roles. To configure multiple printers:

    1. Create multiple printer objects, one per group or user with distinct access.
    2. For each printer, configure permissions to restrict access.
    3. Fine-tune access by editing the Advanced properties for the printer to modify priority (99
       is the highest) and restricting printer availability.




Microsoft XP Operating System
                                                                                          P a g e | 41



Faxing Facts

To configure the fax service, complete the following steps:

    1. Install the fax hardware. This might be a fax modem or a dedicated fax device. Use
       Device Manager to verify that the device is recognized by the system and configured.
    2. Use Add or Remove Programs to install the fax services Windows component.
    3. Open the Fax Console and follow the wizard to set initial fax properties.

When you open the Fax Console for the first time, the Fax Configuration wizard will run. During
the wizard, supply the following information.

Information                Description
                           This information identifies you or your company.
Sender information
                           Information you enter is used on the default fax cover pages.
                           If more than one device is installed, select the device that will be used
Fax device
                           to send or receive faxes.
                           Specify whether the device will automatically send and/or receive
Enable send and/or         faxes.
receive                    If receive is enabled, configure the number of rings before the device
                           answers a call.
                           This identifies your device to other devices when you send a fax. The
Transmitting               TSID is usually a combination of the phone number and business
Subscriber                 name.
Identification (TSID)      You can only configure this option if the device is enabled to send
                           faxes.
                           This identifies your device to other devices when it answers (CSID) a
                           fax. The CSID is usually a combination of the phone number and
Called Subscriber
                           business name.
Identification (CSID)
                           You can only configure this option if the device is enabled to receive
                           faxes.
                           Identify what to do with faxes when they are received. By default, they
                           are stored in the Inbox in the Fax Console. In addition, you can print
Routing options            them automatically or save them in a folder.
                           You can only configure this option if the device is enabled to receive
                           faxes.

Sending a fax is only slightly more complicated than printing a document. To send a fax:

    1. Create the document.
    2. From within the document, print the device. Select the fax device as the printer to use.
    3. Use the Send Fax wizard to specify parameters (such as the phone number to dial) and
       send the fax.




Microsoft XP Operating System
                                                                                        P a g e | 42


Internet Explorer URLs

Using a customized URL in the Active Directory Web browser allows you to access various
types of resources. The following table shows the syntax for common URLs.

To access...             Use...                                 Example
A custom port on a
                         http://sitename:port                   http://www.mysite.com:8080
Web server
A secure Web site
                         https://sitename                       https://www.mysite.com
using SSL
Internet printing        http://servername/printers             http://mysite.local/printers
Files on an intranet     http://servername/sharename/filename http://mysite.local/docs/report.htm
An FTP site              ftp://sitename                         ftp://ftp.mysite.com
An FTP site that
requires a username ftp://username:password@sitename            ftp://maryg:4rt5l@ftp.mysite.local
and password


Applications Facts

You should know the following information about applications:

       All 16-bit applications run in the same NTVDM process by default.
       One malfunctioning 16-bit application can cause all other 16-bit apps running in the
        same memory space to hang.
       Stop the NTVDM process to stop the virtual DOS machine and all programs running in it.
       Each 16-bit application can be configured to run in a separate memory space in its own
        NTVDM.
       Windows XP allows local programs running in XP to be configured to run in compatibility
        mode. Compatibility mode applies a predefined set of modifications that changes the
        operating system’s behavior to more closely emulate a previous version of Windows.

Applications that consume excessive resources can be assigned a lower priority level. This is a
list of the program priority levels (from highest to lowest):

       Realtime
       High
       AboveNormal
       Normal
       BelowNormal
       Low




Microsoft XP Operating System
                                                                                         P a g e | 43



Processes and Services Facts

You should know the following information about managing processes:

       End processes using Task Manager or the Tskill command.
       View processes running on a system with Task Manager or the Tasklist command.

You should know the following information about scheduled tasks:

       Task Scheduler is a service that can be stopped and started in the Services applet.
       Scheduled tasks can run daily, weekly, monthly, or any other specified time.
       Use the Scheduled Task wizard to schedule new tasks.
       Scheduled tasks run under the security context of a particular user. Open the properties
        for the task and enter the account information in the Run as box.
       The Pause Task Scheduler command prevents scheduled tasks from running.
       The Continue Task Scheduler command allows paused tasks to begin running.
       Disable tasks individually by editing their properties to prevent a task from running at an
        undesired time.


Installer Package Facts

The following table describes the file extensions that are used with installer packages.

File Extension        Description
.msi                  A Windows Installer package file. Use the Msiexec command to deploy .msi
                      files. Use the /i switch to specify the package file.
.msp                  A patch file. An .msp file can be applied to an .msi, but the .msi must be
                      redeployed after the patch is applied.
.mst                  A transform file. Transform files are applied when a software package is
                      assigned or published. Transform files change .msi files. To apply a .mst to
                      a .msi during deployment, append TRANSFORMS= followed by a list of .mst
                      files to the Msiexec command.
.zap                  A file to reference a Setup.exe file on a network, for example.

Using Group Policy, you can either assign or publish software. You can also associate software
packages with either users or computers.

       Applications may be published to users, but not to computers. You can assign
        applications to either users or computers.
       When you publish an application, it does not appear in the user's Start menu. Instead,
        the user goes to Add/Remove Programs to install the program.
       Assigning software to a computer installs the software when the computer starts up.
        Users cannot use Add/Remove Programs to remove computer assigned software.
       Assigning software to a user puts a shortcut on the user’s Start menu. The software is
        automatically installed when the shortcut is clicked.



Microsoft XP Operating System
                                                                                         P a g e | 44


System Monitor

To optimize the system, you need to identify system bottlenecks. A bottleneck is any component
or device that slows down your system. You can examine how each component of the system is
behaving. Each component is broken down into objects, and each object has multiple counters
that measure the object's performance.

         The following table outlines the major objects and critical counter values:

Object          Purpose                                      Counters            Optimum
                                                             % Processor time < 80% sustained
Processor       Measures the CPU performance
                                                             Interrupts/sec   < 3500/sec
                                                             Pages/sec           < 20 pages/sec
Memory          Measures RAM performance
                                                             Available space     > 4 MB available
                Measures the performance of the portion
Pagefile        of the hard disk dedicated to functioning    % Usage             < 90% used
                as memory
                Measures the performance of the volumes % Disk time              < 90%
Logicaldisk
                and partitions on the hard disk         Disk queue               <2
             Measures how the individual, physical
                                                             % Disk time         < 90%
Physicaldisk disks are performing (the read/writes and
                                                             Disk queue          <2
             percentage to be written to the disk)
                Measures the performance of the system                           < Network
Network                                                      Bytes total/sec
                on the network                                                   capacity

        You can also view the Performance tab in Task Manager to monitor system
         performance.




Microsoft XP Operating System
                                                                                          P a g e | 45



Mobile Performance Facts

You should know the following information about mobile computer power states:

Power
               Advantages                          Disadvantages
State
Hibernation Data in memory is saved to the         The computer takes a longer time to come out
            hard disk.                             of hibernation than standby.
            Restores desktop exactly as it         Requires as much free space on the system
            was.                                   drive as there is RAM in the computer.
Standby        Restores the computer more          Does not preserve the system state.
               quickly than from hibernation.


Backup Facts

Most backup methods use the archive bit on a file to identify files that need to be backed up.
When a file is modified, the system automatically flags the file as needing to be archived. When
the file is backed up, the backup method may reset (clear) the archive bit to indicate it has been
backed up.

The following table shows the type of data backed up using each backup method.

Backup Type Backs Up                                                    Resets Archive Bit?
Full            Backs up all files regardless of the archive bit.       Yes
Incremental     Backs up files on which the archive bit is set.         Yes
Differential    Backs up files on which the archived bit is set.        No
Copy            Backs up all files regardless of the archive bit status. No

Most of the time, you will perform backups using a strategy that combines backup types. The
following table compares common backup strategies.

Strategy        Backup Characteristics                         Restore Characteristics
                Requires large tapes for each backup.     To restore, restore only the last
Full Backup
                Takes a long time to perform each backup. backup.
                                                               To restore, restore the full backup
Full +          Incremental backups are quick to perform.
                                                               and every subsequent incremental
Incremental     This is the fastest backup method.
                                                               backup.
                                                               To restore, restore the last full
                Differential backups take progressively        backup and the last differential
Full +
                longer to complete as time elapses since       backup.
Differential
                the last full backup.                          Next to a full backup, this is the
                                                               fastest restore method.



Microsoft XP Operating System
                                                                                      P a g e | 46


Note: Do not combine incremental and differential

Keep in mind the following facts about doing backups:

       Back up user data more often than system state data (it changes more frequently).
       Back up system state data whenever you make a system change.
       Files backed up from one system might not restore to another system. Restore to a
        system running the same OS.
       Be sure to test your back up and restore strategy. It does no good to back up your data if
        you can't restore it.


Backup Devices Facts

Terms and definitions:

       Removable storage: Storage media (tape) that can be removed from the device.
       Media pool: The space on the removable storage where the backup is performed, and
        where the backed up files will be physically located.

To configure a backup device, begin by installing the device and making sure it is recognized
and configured in Device Manager.

       To install devices, you must be a member of the Power Users or Administrators group.
       For parallel backup devices with bi-directional control, enable enhanced parallel port
        (EPP) in the BIOS.

After configuring the device, enable the media (the tape) in Computer Management to see the
tape itself. There are two modes for viewing media:

       Full mode allows you to see the media pool as well as all the nodes inside the media
        pool. This lets you select exactly what you want to restore or backup.
       Simple mode lets you see only the media pool.

Make users members of the Backup Operators group to enable them to back up and restore
files.

       Backup Operators cannot view, edit, or delete files.
       To allow Backup Operators to eject the backup media, assign the Eject media user right
        to the Backup Operators group.




Microsoft XP Operating System
                                                                                        P a g e | 47



System Recovery Facts

Windows XP offers you several different ways to recover from a system failure. Here are some
methods you can use to recover from system problems.

Tool                Use
                    Use this tool to uninstall recent driver changes and revert to a previous
Driver Rollback
                    version. In Device Manager, edit the properties of the device.
Last Known
                    This option reboots the system using the last successful hardware profile.
Good
                    However, it can only be used if you have not logged on after the last change.
Configuration
                    Boots Windows with a limited number of drivers and features enabled. Press
                    F8 during boot to enter Safe Mode. After booting into Safe Mode, you can use
Safe Mode
                    Device Manager to rollback drivers, disable devices, uninstall devices, or
                    reinstall or update drivers.
                    This is a command-line interface. Before a problem exists, you must install
                    Recovery Console. Install it by using the winnt32.exe /cmdcons command to
Recovery
                    install the recovery tools on the system. Use Recovery Console to fix boot
Console
                    sector or master boot record (MBR). You can also remove or update system
                    files and repartition hard disks.
System Restore This restores Windows files.
                    Install Windows to a new location on the hard disk. The new installation
Parallel Install
                    allows you to preserve data files.

Keep in mind the following facts about using Automated System Restore (ASR).

       Use the ASR diskette with a valid backup to restore the system.
       The ASR diskette is a boot diskette that contains limited system configuration
        information. The rest of the information is on the backup tape.
       Use the backup program to create the ASR diskette.
       The ASR diskette contains the Asr.sif and Asrpnp.sif files. Copies of these files are
        placed on the system so you can copy them manually.




Microsoft XP Operating System
                                                                                           P a g e | 48



Account Policies Facts

Account policies control passwords and login properties. Settings in the local GPO are used if
the computer is a member of a workgroup. Settings in the domain GPO are used for computers
that are members of a domain. Policy settings are applied to the computer, not the user.

The following table describes the password settings.

Setting                    Description
                           This setting requires users to input unique passwords. The system can
Password history
                           store up to 24 passwords, so the user can't repeat previous passwords.
Maximum password           This setting requires the user to change the password after a given
age                        length of time.
                           This setting keeps users from changing passwords immediately after
Minimum password           they've reset their passwords. This prevents users from defying the
age                        password history by entering several passwords to get back to a
                           preferred password.
Minimum password
                           This prevents people from using passwords that are too short.
length
                           This setting requires users to create a password with a minimum of
                           three of the four types of special characters (e.g., lower case letters,
Password complexity        upper case letters, numbers, or !, @, #, $, %, ^, &, *). This setting also
                           disallows use of dictionary words or any part of the user login
                           identification.
                           This setting requires the system to store the password with reversible
Reversible encryption
                           encryption.

Use account lockout to protect user accounts from guessing and prevent accounts from being
used when hacking attempts are detected. The following table describes account lockout
settings.

Setting            Description
Lockout            This setting determines the length of time the account will be disabled. When
duration           set to 0, an administrator must unlock the account.
Lockout            This setting determines the number of attempts a user can make before the
threshold          account is locked.
Reset account      This setting determines the amount of time that must pass before the account
lockout            is enabled.




Microsoft XP Operating System
                                                                                      P a g e | 49


Auditing Facts

You can configure the following audit policies in Group Policy.

Audit Category        Trigger Event(s)
                      Audits logon through a user account
Account logon         Recorded by the local computer for the local account, recorded by domain
                      controller for the AD account
Account               Add, rename, disable/enable, delete, or change the password for a user
management            account
                      Log on or off of the local system
Logon
                      Make a network connection to a local computer
Object access         File, folder, printer access
Policy change         Change account password or logon settings, user rights, or audit policies
                      User exercises user rights
Privilege use
                      An administrator takes ownership of an object
                      An application performs an action
Process tracking
                      This is used mainly for program debugging and tracking
                      Shutdown, restart, service starts
System events
                      An event affects security or the security log

Keep in mind the following about configuring auditing:

       Auditing can be enabled to log successful or failed events (or both).
       Because auditing consumes system resources and might result in a lot of generated
        data, enable auditing only on the events you are interested in.
       View audit entries in the Event Viewer Security log.
       Set the CrashOnAuditFail registry entry to prevent users from logging on to the system
        when entries can't be written to the security log.
       To monitor a domain for unauthorized user access, configure the domain with a group
        policy to Audit Logon Events.
       For file auditing to occur, the files must be on NTFS partitions.
       With auditing configured, clearing the log generates an event identifying when the log
        was clear and by whose authority.




Microsoft XP Operating System
                                                                                           P a g e | 50



Security Templates Facts

Windows XP ships with the following predefined security templates:

Template      Function
Securews      Secures a workstation without causing application or compatibility issues
Hisecurews Secures a workstation as much as possible
Compatws Forces compatibility across Windows platforms

Use the Security Analysis and Configuration snap-in to manage security templates, analyze
current settings, create custom templates, or import an existing template. When working with
templates:

       Compare an existing system with a template to see how the system compares to the
        template.
       Clear current settings before importing a new template.
       After applying a secure template, you might need to restore group memberships in the
        Administrators or Power Users group.
       You can also use the Secedit command to analyze and apply templates.


IE Security Facts

Microsoft uses security zones to define security levels for specific Web sites. Each zone can
have custom settings. The following table lists the IE security zones.

Security
             Description
Zone
             Includes everything on the local area network. By default, this includes every site
             with a UNC path, including sites available through a proxy. You can customize the
Local
             parameters that are used to automatically add sites to the zone. In addition, you can
intranet
             add sites to this zone or require server verification (https) for all sites in the zone. By
             default, the zone applies medium-low security.
             The trusted zone has the lowest security settings of any zone. No sites are
Trusted      automatically added to the zone--you need to explicitly add sites to the zone. You
             can require https for trusted zones.
             The restricted zone has the highest security settings. You must explicitly add sites
Restricted
             to the zone.
             The Internet zone includes all sites that are not in other zones. You cannot add or
Internet
             remove sites from this zone.

Cookies are small files saved on your computer that store information about sites you've visited.
Cookies can violate privacy by recording (and reporting) your Web-browsing activities. The
following table describes the cookie-handling settings in IE.



Microsoft XP Operating System
                                                                                         P a g e | 51


Privacy Setting      Description
Accept no cookies May prevent access to some Web sites.
First party          These come from the current sites you're visiting.
Third party          These come from secondary sites (banner ads).


IE Certificates

A certificate authority (CA) is an organization that is trusted to issue certificates.

       The root CA issues certificates to entities and other CAs.
       Subordinate CAs get their authority from the root CA and can issue certificates that will
        be trusted because of their authorization from the root CA.
       A standalone CA is a CA that gets its authority from itself. Standalone CAs are often
        used inside an organization.

Certificates are used on the Internet to secure communications between hosts. Internet Explorer
keeps track of:

       Trusted Certificate Authorities
       Certificates for individual sites

Internet Explorer automatically includes certificates from common CAs and other entities. When
using a certificate from a standalone CA, import the CA's certificate into the Trusted Root CA list
in Internet Explorer.




Microsoft XP Operating System

				
DOCUMENT INFO
Shared By:
Stats:
views:7
posted:11/3/2012
language:English
pages:51
Description: All About Networking...