Implementing and Supporting Microsoft Windows XP Professional

1 RAVEENDAR SWAMINATHAN

Agenda
2

Configuring Hardware on a Computer Running Microsoft Windows XP Professional Managing Disks Configuring and Managing File Systems Configuring the Desktop Environment

Configuring Hardware on a Computer Running Microsoft Windows XP Professional

3

Installing a Device Driver Using Device Manager Installing a Printer Determining Which Hardware Resources are required Determining Available Hardware Resources are required

Determining Which Hardware Resources are required

4
Interrupts Hardware devices use interrupts (IRQ) to send messages. The microprocessor knows this as an interrupt request (IRQ). The microprocessor uses this information to determine which device needs its attention and the type of attention that it needs. Windows XP Professional provides 16 IRQs, numbered 0 to 15, that are assigned to devices. For example, Windows XP Professional assigns IRQ 1 to the keyboard. Input/output (I/O) ports I/O ports are a section of memory that a hardware device uses to communicate with the operating system. When a microprocessor receives an IRQ, the operating system checks the I/O port address to retrieve additional information about what the hardware device wants it to do. An I/O port is represented as a hexadecimal number. Direct memory access (DMA) DMAs are channels that allow a hardware device, such as a floppy disk drive, to access memory directly, without interrupting the microprocessor. DMA channels speed up access to memory. Windows XP Professional has eight DMA channels, numbered 0 through 7. Memory Many hardware devices, such as a network interface card (NIC), use onboard memory or reserve system memory. This reserved memory is unavailable for use by other devices or Windows XP Professional.

Determining Available Hardware Resources are required

5
Device Manager, View menu, Select Resources By Connection. The Device Manager displays the resources that are currently in use (for example, IRQs). You might need to change hardware resource assignments. For example, a hardware device might require a specific resource presently in use by another device. You might also encounter two hardware devices requesting the same hardware resource, resulting in a conflict. When you change a hardware resource, print the content of Device Manager. This provides you with a record of the hardware configuration. If you encounter problems, you can use the printout to verify the hardware resource assignments.

Managing Disks
6

Working with Disk Management Working with Basic Disks Working with Dynamic Disks Preparing Disks When Upgrading to Windows XP Professional Managing Disks Defragmenting Volumes

Disk Management
7

Disk Management
8

To open Disk Management window, at run prompt, type compmgmt.msc It is also available at Administrative Tools in Control Panel as Computer Management We can perform Creating and deleting a partition

Basic 9Disks
Basic storage uses normal partition tables supported by MS-DOS, Microsoft Windows 95, Microsoft Windows 98, Microsoft Windows Millennium Edition (Me), Microsoft Windows NT, Microsoft Windows 2000, and Windows XP. A disk initialized for basic storage is called a basicdisk. A basic disk contains basic volumes, such as primary partitions, extended partitions, and logical drives. Additionally, basic volumes include multidisk volumes that are created by using Windows NT 4.0 or earlier, such as volume sets, stripe sets, mirror sets, and stripe sets with parity. Windows XP does not support these multidisk basic volumes. Any volume sets, stripe sets, mirror sets, or stripe sets with parity must be backed up and deleted or converted to dynamic disks before you install Windows XP Professional.

Dynamic Disks
10 Dynamic storage is supported in Windows 2000 and Windows XP Professional. A disk initialized for dynamic storage is called a dynamic disk. A dynamic disk contains dynamic volumes, such as simple volumes, spanned volumes, striped volumes, mirrored volumes, and RAID-5 volumes.
NOTE: Dynamic disks are not supported on portable computers or on Windows XP Home Edition-based computers.

You cannot create mirrored volumes or RAID-5 volumes on Windows XP Home Edition, Windows XP Professional, or Windows XP 64-Bit Edition-based computers. You can use a Windows XP Professional-based computer to create a mirrored or RAID-5 volume on remote computers that are running Windows 2000 Server, Windows 2000 Advanced Server, or Windows 2000 Datacenter Server. You must have administrative privileges on the remote computer to do this. Storage types are separate from the file system type. A basic or dynamic disk can contain any combination of FAT16, FAT32, or NTFS partitions or volumes. A disk system can contain any combination of storage types. However, all volumes on the same disk must use the same storage type.

Dynamic Disks
11
A volume is a storage unit made from free space on one or more disks. It can be formatted with a file system and assigned a drive letter. Volumes on dynamic disks can have any of the following layouts: simple, spanned, mirrored, striped, or RAID-5. A simple volume uses free space from a single disk. It can be a single region on a disk or consist of multiple, concatenated regions. A simple volume can be extended within the same disk or onto additional disks. If a simple volume is extended across multiple disks, it becomes a spanned volume. A spanned volume is created from free disk space that is linked together from multiple disks. You can extend a spanned volume onto a maximum of 32 disks. A spanned volume cannot be mirrored and is not fault-tolerant. A striped volume is a volume whose data is interleaved across two or more physical disks. The data on this type of volume is allocated alternately and evenly to each of the physical disks. A striped volume cannot be mirrored or extended and is not fault-tolerant. Striping is also known as RAID-0. A mirrored volume is a fault-tolerant volume whose data is duplicated on two physical disks. All of the data on one volume is copied to another disk to provide data redundancy. If one of the disks fails, the data can still be accessed from the remaining disk. A mirrored volume cannot be extended. Mirroring is also known as RAID-1. A RAID-5 volume is a fault-tolerant volume whose data is striped across an array of three or more disks. Parity (a calculated value that can be used to reconstruct data after a failure) is also striped across the disk array. If a physical disk fails, the portion of the RAID-5 volume that was on that failed disk can be re-created from the remaining data and the parity. A RAID-5 volume cannot be mirrored or extended. The system volume contains the hardware-specific files that are needed to load Windows (for example, Ntldr, Boot.ini, and Ntdetect.com). The system volume can be, but does not have to be, the same as the boot volume. The boot volume contains the Windows operating system files that are located in the %Systemroot% and %Systemroot%\System32 folders. The boot volume can be, but does not have to be, the same as the system volume.

Operating System

Storage Types Basic Volumes

Storage Types Dynamic Simple, Spanned, and Striped Volumes

Storage Types Dynamic Mirrored and RAID-5 Volumes

Partition Styles MBR Disks

Partition Styles GPT Disks

Windows XP Home Edition

Windows XP Professional

Windows XP Professional x64 Edition

Windows 2000 Professional

Windows 2000 Server family

Windows Server 2003 family

12

Preparing Disks When Upgrading to Windows XP Professional

13

In the lower-right pane, right-click the basic disk that you want to convert, and then click Convert to Dynamic Disk. Select the check box that is next to the disk that you want to convert (if it is not already selected), and then click OK. Click Details if you want to view the list of volumes in the disk. Click Convert. Click Yes when you are prompted to convert the disk, and then click OK. After you convert a basic disk to a dynamic disk, local access to the dynamic disk is limited to Windows 2000 and Windows XP Professional. Additionally, after you convert a basic disk to a dynamic disk, the dynamic volumes cannot be changed back to partitions. You must first delete all dynamic volumes on the disk and then convert the dynamic disk back to a basic disk. If you want to keep your data, you must first back up the data or move it to another volume.

Defragmenting Volumes
14

Fragmentation occurs when the operating system cannot or will not allocate enough contiguous space to store a complete file as a unit, but instead puts parts of it in gaps between other files Defragmentation is a process that reduces the amount of fragmentation in file systems.

Defragmenting Volumes
Option 1 15 Open My Computer. Right-click the local disk volume that you want to defragment, and then click Properties. On the Tools tab, click Defragment Now. Click Defragment. Option 2 Start Computer Management MMC (Compmgmt.msc). Click Disk Defragmenter. Click the volume that you want to defragment, and then click Defragment. Option 3 Start Disk Defragmenter MMC (Dfrg.msc). Click the volume that you want to defragment, and then click Defragment. Limitations It can defragment only local volumes. It can defragment only one volume at a time. It cannot defragment one volume while it is scanning another. It cannot be scheduled.

Configuring and Managing File Systems

16

Working with File Systems Managing Data Compression Securing Data by Using EFS

Working with File Systems

A file system is the structure in which files are named, stored, and organized. File systems supported by Windows XP Professional include FAT16, FAT32, and NTFS. You can use any combination of these file systems on a hard disk, but each volume on a hard disk can be formatted by using only one file system
Operating System Windows XP FAT16 X FAT32 X NTFS X

Windows Server 2003

Windows 2000

Windows NT 4.0*

Windows 95 OSR2, Windows 98, and Windows Me

Windows 95 (prior to OSR2)

MS-DOS

17

NTFS File Systems

Robust, reliable performance NTFS guarantees the consistency of the volume by using standard transaction logging and 18 recovery techniques. In the event of a system failure, NTFS uses its log file and checkpoint information to restore the consistency of the file system when the computer is restarted. In the event of a bad-sector error, NTFS dynamically remaps the cluster containing the bad sector and allocates a new cluster for the data. NTFS also marks the cluster as bad and no longer uses it. Built-in security features When you set permissions on a file or folder, you specify the groups and users whose access you want to restrict or allow and then select the type of access. For example, you can let one group read the contents of a file, let another group make changes to the file, and prevent all other groups from accessing the file. The Encrypting File System (EFS) is the technology used to store encrypted files on NTFS volumes. After you encrypt a file or folder, you work with the encrypted file or folder just as you do with any other files and folders. However, an intruder who tries to access your encrypted files or folders is prevented from doing so, even if the intruder has physical access to the computer. Supports large volumes Using the default cluster size (4 KB) for large volumes, you can create an NTFS volume up to 16 terabytes. You can create NTFS volumes up to 256 terabytes using the maximum cluster size of 64 KB. NTFS also supports larger files and more files per volume than FAT. NTFS manages disk space more efficiently than FAT by using smaller cluster sizes. For example, a 30-GB NTFS volume uses 4-KB clusters. The same volume formatted by using FAT32 uses 16-KB clusters. Using smaller clusters reduces wasted space on hard disks.

NTFS File Systems

Designed for storage growth 19 By enabling disk quotas, you can track and control disk space usage for NTFS volumes. You can configure whether users are allowed to exceed their limit, and you can also configure Windows XP Professional to log an event when a user exceeds a specified warning level or quota limit. To create extra disk space, you can compress files on NTFS volumes. Compressed files can be read and written by any Windows-based application without first being decompressed by another program. If you run out of drive letters or need to create additional space that is accessible from an existing folder, you can mount a volume at any empty folder on a local NTFS volume to create a mounted drive. Mounted drives make data more accessible and give you the flexibility to manage data storage based on your work environment and system usage. You can increase the size of most NTFS volumes by adding unallocated space from the same disk or from another disk. Other advanced features found only on NTFS volumes Sparse files consist of large, consecutive areas of zeros. NTFS manages sparse files by tracking the starting and ending point of the sparse file, as well as its useful (nonzero) data. The unused space in a sparse file is made available as free space. The NTFS change journal provides a persistent log of changes made to files on a volume. NTFS maintains the change journal by tracking information about added, deleted, and modified files for each volume. Programs such as Indexing Service can take advantage of the change journal to boost search performance. Hard links are NTFS-based links to a file on an NTFS volume. By creating hard links, you can have a single file in multiple folders without duplicating the file. You can also create multiple hard links for a file in a folder if you use different file names for the hard links. Because all the hard links reference the same file, applications can open any of the hard links and modify the file.

NTFS Size Limits

Description Maximum file size Maximum volume size Files per volume Limit 16 terabytes 256 terabytes 4,294,967,295

20

FAT32 Size Limits

Description Maximum file size Maximum volume size Files per volume Maximum number of files and subfolders within a single folder Limit 4 GB 32 GB 4,177,920 65,534 (The use of long file names can significantly reduce the number of available files and subfolders within a folder.)

FAT Size Limits

Description Maximum file size Maximum volume size Files per volume Maximum number of files and folders within the root folder Limit 4 GB 4 GB Approximately 65,536 (2 files) 512 (Long file names can reduce the number of available files and folders in the root folder.)
16

Format Options
Formatting a Volume 21 You choose a file system when you format a volume. During the format, Windows XP Professional places key file system structures on the volume. These structures include the boot sector, the file allocation table (for FAT volumes), and the master file table (for NTFS volumes). Depending on the program you use to format a volume, you can also choose one or more of the following formatting options.

Format Option

Where the Option Is Available Setup

Where the Option Is Available My Computer or Windows Explorer Available for all volumes.

Where the Option Is Available Disk Management Available for all volumes.

Where the Option Is Available Format Command Use the /v:label parameter to specify the volume label.

Volume label

No option to create a volume label.

Quick format

Available for all volumes. No option to compress the volume. Uses the default cluster size only.

Available for all volumes.

Available for all volumes. Available for NTFS volumes. Offers all available cluster sizes.

Use the /q parameter to specify the quick format option. Use the /c parameter to enable compression for NTFS volumes. Use the /a:size parameter to specify the cluster size.

Enable compression Allocation unit (cluster) size

Available for NTFS volumes.

Offers default cluster sizes for FAT volumes and cluster sizes up to 4 KB for NTFS volumes.

NTFS Folder Permissions

Read Write
Create new files and subfolders within the folder, change folder attributes, and view folder ownership and permissions

22

See files and subfolders in the folder and view folder ownership, permissions, and attributes (such as Read-Only, Hidden, Archive, and System)

List Folder Contents

See the names of files and subfolders in the folder

Read & Execute

Move through folders to reach other files and folders, even if the users don't have permission for those folders, and perform actions permitted by the Read permission and the List Folder Contents permission

Modify
Delete the folder plus perform actions permitted by the Write permission and the Read & Execute permission

Full Control
Change permissions, take ownership, and delete subfolders and files, plus perform actions permitted by all other NTFS folder permissions

You can deny permission to a user account or group. To deny all access to a user account or group for a folder, deny the Full Control permission.

NTFS File Permission

23

Read
Read the file, and view file attributes, ownership, and permissions

Write
Overwrite the file, change file attributes, and view file ownership and permissions

Read & Execute

Run applications, plus perform the actions permitted by the Read permission

Modify
Modify and delete the file, plus perform the actions permitted by the Write permission and the Read & Execute permission

Full Control
Change permissions and take ownership, plus perform the actions permitted by all other NTFS file permission

24
Access Control List
NTFS stores an access control list (ACL) with every file and folder on an NTFS volume. The ACL contains a list of all user accounts and groups that have been assigned permissions for the file or folder, as well as the permissions that they have been assigned. When a user attempts to gain access to a resource, the ACL must contain an entry, called an access control entry (ACE), for the user account or a group to which the user belongs. The entry must allow the type of access that is requested (for example, Read access) for the user to gain access. If no ACE exists in the ACL, the user can't access the resource.

Multiple NTFS Permissions

You can assign multiple permissions to a user account and to each group of which the user is a member. To assign permissions, you must understand the rules and priorities by which NTFS assigns and combines multiple permissions and NTFS permissions inheritance.

Effective Permissions
A user's effective permissions for a resource are the sum of the NTFS permissions that you assign to the individual user account and to all of the groups to which the user belongs. If a user has Read permission for a folder and is a member of a group with Write permission for the same folder, the user has both Read and Write permissions for that folder.

Overriding Permissions
25

Inherit Permissions
26

Copying Files and Folders

27

Moving Files and Folders

28

Shared Folders
29

Shared Folder Permissions apply to folders only Apply to Users who connect to folder from network only Default if Full Control and available for Everyone Permissions
Multiple Deny NTFS

Administrative Shared Folder

Managing Data Compression

30

Create compressed files both on FAT and NTFS You can directly open from the compressed folders You can encrypt compressed folders You can compress without decreasing performance When you have selected the option of Encrypting your folder, we cannot do Compression You can also Compress your drive or Volume

Disk Quota
31

Tracks and control quota on per user per volume basis Ignores Compression when calculating space Free space reports on XP will show the space free on available Users Quota SA can do the following
Set a disk quota limit to specify the amount of disk space for each user. Set a disk quota warning to specify when Windows XP Professional should log an event, indicating that the user is nearing his or her limit. Enforce disk quota limits and deny users access if they exceed their limit, or allow them continued access. Log an event when a user exceeds a specified disk space threshold. The threshold could be when users exceed their quota limit or when they exceed their warning level.

32

Disk Quota
33

Status
A red traffic light indicates that disk quotas are disabled. A yellow traffic light indicates that Windows XP Professional is rebuilding disk quota information. A green traffic light indicates that the disk quota system is active.

Monitoring
The amount of hard disk space that each user uses Users who are over their quota warning threshold, signified by a yellow triangle Users who are over their quota limit, signified by a red circle The warning threshold and the disk quota limit for each user

Securing Data by Using EFS

34

The Microsoft Encrypting File System (EFS) provides encryption for data in NTFS files stored on disk. This encryption is public key-based and runs as an integrated system service, making it easy to manage, difficult to attack, and transparent to the file owner. If a user who attempts to access an encrypted NTFS file has the private key to that file, the file can be decrypted so that the user can open the file and work with it transparently as a normal document. A user without the private key is denied access. Windows XP Professional also includes the Cipher command, which provides the ability to encrypt and decrypt files and folders from a command prompt. Windows XP Professional also provides a recovery agent. In the event that the owner loses the private key, the recovery agent can still recover the encrypted file.

Securing Data by Using EFS

Features
Transparent encryption Strong protection of encryption keys
Public key encryption resists all but the most sophisticated methods of attack. Therefore, in EFS, the file encryption keys areencrypted using a public key from the user's certificate. (Note that Windows XP Professional and Windows 2000 use X.509 v3 certificates.) The list of encrypted file encryption keys is stored with the encrypted file and is unique to it. To decrypt the file encryption keys, the file owner supplies a private key, which only he or she has.

35

In EFS, file encryption does not require the file owner to decrypt and re-encrypt the file on each use. Decryption and encryption happen transparently on file reads and writes to disk.

Integral data-recovery system

If the owner's private key is unavailable, the recovery agent can open the file using his or her own private key. There can be more than one recovery agent, each with a different public key, but at least one public recovery key must be present on the system to encrypt a file.

Secure temporary and paging files

Many applications create temporary files while you edit a document, and these temporary files can be left unencrypted on the disk. On computers running Windows XP Professional, EFS can be implemented at the folder level, so any temporary copies of an encrypted file are also encrypted, provided that all files are on NTFS volumes. EFS resides in the Windows operating system kernel and uses the nonpaged pool to store file encryption keys, ensuring that they are never copied to the paging file.

Securing Data by Using EFS

Encrypting
The recommended method to encrypt files is to create an NTFS folder and then encrypt the folder. To encrypt a folder, in the Properties dialog box for the folder, click the General tab. In the General tab, click Advanced, and then select the Encrypt Contents To Secure Data check box. All files placed in the folder are encrypted and the folder is now marked for encryption. Folders that are marked for encryption are not actually encrypted; only the files within the folder are encrypted. Compressed files cannot be encrypted, and encrypted files cannot be compressed.

36

Decrypting
Decrypting a folder or file refers to clearing the Encrypt Contents To Secure Data check box in a folder's or file's Advanced Attributes dialog box, which you access from the folder's or file's Properties dialog box. Once decrypted, the file remains so until you select the Encrypt Contents To Secure Data check box. The only reason you might want to decrypt a file would be if other people needed access to the folder or file-for example, if you want to share the folder or make the file available across the network.

Recovery Agent
Default Recovery Agent is the Administrator

Configuring TCP/IP Addressing and Name Resolution

37

Configuring IP Addresses Troubleshooting IP Addresses Determining TCP/IP Name Resolution Methods Configuring a DNS and WINS Client Connecting to a Remote Host

Configuring IP Addresses
38

Configure TCP/IP to use a static IP address Configure TCP/IP to obtain an IP address automatically Explain Automatic Private IP Addressing Disable Automatic Private IP Addressing

Configure a static IP address

39

Configure a dynamic IP address

40

Automatic Private IP Addressing

41

Troubleshooting Tools to test TCP/IP

Route Netstat IPconfig Ping Hostname Arp Tracert ftp telnet Rcp Finger Rsh
42

TCP/IP Name Resolution

In Windows XP Professional, TCP/IP allows a computer to communicate over a network with another computer by using a host name or a NetBIOS name in place of an IP address. 43 Domain Name System (DNS). A global, distributed database based on a hierarchical naming system. The hierarchical naming structure of DNS complements the hierarchical planning structure implemented in the Active Directory directory service, and is used as its naming service. DNS name resolution is used on the Internet to map friendly names to IP addresses, and vice versa. In Microsoft Windows 2000, Microsoft Windows Server 2003, and Microsoft Windows XP environments, DNS is the default name resolution method. NetBIOS over TCP/IP (NetBT). Provides name resolution and connection services for clients using Microsoft Windows 95, Microsoft Windows 98, and Microsoft Windows Millennium Edition (Windows Me) operating systems, applications, and services. Microsoft Windows 2000 Server and Windows Server 2003 include a NetBIOS name server known as the Windows Internet Name Service (WINS). When one computer attempts to communicate with another computer using one of these mechanisms for name resolution, the device name must be resolved to an IP address and ultimately to a hardware address.

Connecting to a Remote Host

The first component configures a system to act as a remote host and is simply 44 called Remote Desktop. The second component, called Remote Desktop Connection, configures a system to act as a remote client and allows it to access the remote host. Remote Desktop feature is based on Microsoft's Terminal Services technology and uses the Remote Desktop Protocol (RDP) to allow a client to connect to a remote host. Under RDP, which works across a TCP/IP connection, the client system is allowed to send keyboard and mouse input to the remote host to run applications located on the host system. The host system then uses RDP to send screen and audio information back to the client system. In addition to input and output data transmission, RDP allows the sharing of certain resources between the client and remote host systems. Any devices connected to the serial and parallel ports on the client system are accessible to applications running on the host system.

Configuring Remote Desktop

45