Windows OS Internal Training

Windows OS Internal Training

Index

Windows XP Overview

Active Directory

Directory Structure

User profile (Start Menu, Desktop, My documents, App Data etc.,)

Advantage of NTFS (Sharing and Security, Encryption, Disk Quota etc.,)

Users and Groups overview

System Tools (Backup, Disk Cleanup, Schedule Task, System restore etc.,)

Computer Manager(Event Viewer, Disk Management, Defrag, Device Manager etc.,)

Registry Overview ( about Hives and data types)

Control Panel Overview

Internal and External Commands

"Run" commands


Windows XP Overview

The Windows eXPerience operating system is available as home and

professional edition and are similar suitable for the use on standalone computers. The home edition is suitable for user which worked with Windows

9x/ME till now and don't need special network or security features in their

environment. If the users have used Windows NT/2000 private, in business or both, the Professional Edition is not only with a view of the administration

optimally. Microsoft already encloses 10,000 drivers on the installation media

of Windows XP, about the Windows update further more 2,000 drivers are

available.

The Professional Edition of Windows XP has more network features than the

Home Edition. An update of Windows 9 x/ME is possible, with Windows

NT/2000 only the Professional Edition can be used for update. Optional FAT32 and NTFS are available as a file system for the installation partition.

Windows XP (Windows version 5.1) becomes a predecessor of Windows 9x/ME

as well as Windows NT/2000 and is available for 32-bits CPUs in the following versions:

- Embedded - Home Edition (1 CPU) for private user (Oct. 2001)

- Professional Edition (2 CPU) for business user (Oct. 2001)

- Media Center (1 CPU) especially for multimedia devices (Nov. 2002)

- Tablet PC Edition especially for Tablet PCs (Nov. 2002) - Server Edition (4 CPU)

- Advanced Server (8 CPU), also 64-bit Intel CPUs

- Microsoft Windows Fundamentals for Legacy PCs (July 2007)

A 64-bit version of Windows XP was announced officially of Microsoft in April

2003. The RC2 was available in February 2005. Windows XP Professional x64 was published in April 2005. At most 16 gbyte RAM are utilizably with that, the

virtual address range enlarges to 16 byte.

Same will be the product activation at all versions, which is needed at every new installation or extensive upgrade of the PC devices. Company customers

can use can so-called corporate version by a special licensing option without

this product activation.

As the most visual innovation the revised Windows interface with the new design is well done, the design called Luna (as of beta 2428) can display

window elements in high color. The return to the interface as of Windows 2000


is further possible. The representation and organization of the central registry

is quit the same as used in Windows 2000.

Standard features of Windows XP - Home and Professional

Fast user switching Network assistant

Remote control for the diagnosis (Remote assistant)

Simplified user interface

Windows Media Player Internet Explorer 6.0

Windows Movie Maker

Special features of Windows XP - Professional Edition

ASR - Automated System Recovery Create of offline files

Backup/recovery function

User guidelines (Policies) User administration (limited in Home Edition)

File system encrypting (only for NTFS)

Integration of the PC in a domain

Integration of dynamic data storage Use as a terminal service client

Use as a NetWare-Client

Remote connection (desktop sharing) Use of multiple monitors

EFS support in the file system

Send and received Fax support SMP (use of more than one processor)

The graphic device interface (GDI) in the version GDI+ can take advance of

gamma correction and 3D interfaces in high color depth. Windows XP is more

based on HTML than previous versions. The system control was designed

complete in HTML. With the new CD-R/CD-RW software It is it is possible to

create easy and simple CDs. The Windows terminal service makes the access to

an shared Windows XP desktop with an terminal client like the VNC solution.

With the new introduced multi-user function, user are now be able to run her

applications in the background even if the user signs off and another user is

logging on to Windows. If the previous user returns he can continue his work

after that without having to once more start the recent documents or

applications.


Active Directory

What is Active Directory? Active Directory is Microsoft's trademarked

directory service, an integral part of the Windows architecture. Like other

directory services, such as Novell Directory Services (NDS), Active Directory is a

centralized and standardized system that automates network management of

user data, security and distributed resources and enables interoperation with

other directories. Active Directory is designed especially for distributed

networking environments.

Active Directory was new to Windows 2000 Server and further enhanced for

Windows Server 2003, making it an even more important part of the operating

system. Windows Server 2003 Active Directory provides a single reference,

called a directory service, to all the objects in a network, including users,

groups, computers, printers, policies and permissions.

For a user or an administrator, Active Directory provides a single hierarchical

view from which to access and manage all of the network's resources.

Why implement Active Directory? There are many reasons to implement

Active Directory. First and foremost, Microsoft Active Directory is generally

considered to be a significant improvement over Windows NT Server 4.0

domains or even standalone server networks. Active Directory has a centralized

administration mechanism over the entire network. It also provides for

redundancy and fault tolerance when two or more domain controllers are

deployed within a domain.

Active Directory automatically manages the communications between domain

controllers to ensure the network remains viable. Users can access all

resources on the network for which they are authorized through a single sign-

on. All resources in the network are protected by a robust security mechanism

that verifies the identity of users and the authorizations of resources on each

access.


Even with Active Directory's improved security and control over the network,

most of its features are invisible to end users; therefore, migrating users to an

Active Directory network will require little re-training. Active Directory offers a

means of easily promoting and demoting domain controllers and member

servers. Systems can be managed and secured via Group Policies. It is a

flexible hierarchical organizational model that allows for easy management and

detailed specific delegation of administrative responsibilities. Perhaps most

importantly, however, is that Active Directory is capable of managing millions

of objects within a single domain.

Basic divisions of Active Directory

Active Directory networks are organized using four types of divisions or

container structures. These four divisions are forests, domains, organizational

units and sites. Forests are not limited in geography or network topology. A

single forest can contain numerous domains, each sharing a common schema.

Domain members of the same forest need not even have a dedicated LAN or

WAN connection between them. A single network can also be the home of

multiple independent forests. In general, a single forest should be used for each

corporate entity. However, additional forests may be desired for testing and

research purposes outside of the production forest.

Domains serve as containers for security policies and administrative

assignments. All objects within a domain are subject to domain-wide Group

Policies by default. Likewise, any domain administrator can manage all objects

within a domain. Furthermore, each domain has its own unique accounts

database. Thus, authentication is on a domain basis. Once a user account is

authenticated to a domain, that user account has access to resources within

that domain.

Active Directory requires one or more domains in which to operate. As

mentioned before, an Active Directory domain is a collection of computers that

share a common set of policies, a name and a database of their members. A

domain must have one or more servers that serve as domain controllers (DCs)

and store the database, maintain the policies and provide the authentication of

domain logons.


With Windows NT, primary domain controller (PDC) and backup domain

controller (BDC) were roles that could be assigned to a server in a network of

computers that used a Windows operating system. Windows used the idea of a

domain to manage access to a set of network resources (applications, printers

and so forth) for a group of users. The user need only to log in to the domain to

gain access to the resources, which may be located on a number of different

servers in the network.

One server, known as the primary domain controller, managed the master user

database for the domain. One or more other servers were designated as backup

domain controllers. The primary domain controller periodically sent copies of

the database to the backup domain controllers. A backup domain controller

could step in as primary domain controller if the PDC server failed and could

also help balance the workload if the network was busy enough.

With Windows 2000 Server, while domain controllers were retained, the PDC

and BDC server roles were basically replaced by Active Directory. It is no longer

necessary to create separate domains to divide administrative privileges. Within

Active Directory, it is possible to delegate administrative privileges based on

organizational units. Domains are no longer restricted by a 40,000-user limit.

Active Directory domains can manage millions of objects. As there are no

longer PDCs and BDCs, Active Directory uses multi-master replication and all

domain controllers are peers.

Organizational units are much more flexible and easier overall to manage than

domains. OUs grant you nearly infinite flexibility as you can move them, delete

them and create new OUs as needed. However, domains are much more rigid

in their existence. Domains can be deleted and new ones created, but this

process is more disruptive of an environment than is the case with OUs and

should be avoided whenever possible.

By definition, sites are collections of IP subnets that have fast and reliable

communication links between all hosts. Another way of putting this is a site

contains LAN connections, but not WAN connections, with the general

understanding that WAN connections are significantly slower and less reliable

than LAN connections. By using sites, you can control and reduce the amount

of traffic that flows over your slower WAN links. This can result in more


efficient traffic flow for productivity tasks. It can also keep WAN link costs

down for pay-by-the-bit services.

The Infrastructure Master and Global Catalog

Among the other key components within Active Directory is the Infrastructure

Master. The Infrastructure Master (IM) is a domain-wide FSMO (Flexible Single

Master of Operations) role responsible for an unattended process that "fixes-

up" stale references, known as phantoms, within the Active Directory database.

Phantoms are created on DCs that require a database cross-reference between

an object within their own database and an object from another domain within

the forest. This occurs, for example, when you add a user from one domain to a

group within another domain in the same forest. Phantoms are deemed stale

when they no longer contain up-to-date data, which occurs because of changes

that have been made to the foreign object the phantom represents, e.g., when

the target object is renamed, moved, migrated between domains or deleted. The

Infrastructure Master is exclusively responsible for locating and fixing stale

phantoms. Any changes introduced as a result of the "fix-up" process must

then be replicated to all remaining DCs within the domain.

The Infrastructure Master is sometimes confused with the Global Catalog (GC),

which maintains a partial, read-only copy of every domain in a forest and is

used for universal group storage and logon processing, among other things.

Since GCs store a partial copy of all objects within the forest, they are able to

create cross-domain references without the need for phantoms.

Active Directory and LDAP

Microsoft includes LDAP (Lightweight Directory Access Protocol) as part of

Active Directory. LDAP is a software protocol for enabling anyone to locate

organizations, individuals and other resources such as files and devices in a

network, whether on the public Internet or on a corporate intranet.

In a network, a directory tells you where in the network something is located.

On TCP/IP networks (including the Internet), the domain name system (DNS) is

the directory system used to relate the domain name to a specific network

address (a unique location on the network). However, you may not know the


domain name. LDAP allows you to search for individuals without knowing

where they're located (although additional information will help with the

search).

An LDAP directory is organized in a simple "tree" hierarchy consisting of the

following levels: An LDAP directory can be distributed among many servers.

Each server can have a replicated version of the total directory that is

synchronized periodically.

It is important for every administrator to have an understanding of what LDAP

is when searching for information in Active Directory and to be able to create

LDAP queries is especially useful when looking for information stored in your

Active Directory database. For this reason, many admins go to great lengths to

master the LDAP search filter.

Group Policy management and Active Directory

It's difficult to discuss Active Directory without mentioning Group Policy.

Admins can use Group Policies in Microsoft Active Directory to define settings

for users and computers throughout a network. These setting are configured

and stored in what are called Group Policy Objects (GPOs), which are then

associated with Active Directory objects, including domains and sites. It is the

primary mechanism for applying changes to computers and users throughout a

Windows environment.

Through Group Policy management, administrators can globally configure

desktop settings on user computers, restrict/allow access to certain files and

folders within a network and more.

It is important to understand how GPOs are used and applied. Group Policy

Objects are applied in the following order: Local machine policies are applied

first, followed by site policies, followed by domain policies, followed by policies

applied to individual organizational units. A user or computer object can only

belong to a single site and a single domain at any one time, so they will receive

only GPOs that are linked to that site or domain.


GPOs are split into two distinct parts: the Group Policy Template (GPT) and the

Group Policy Container (GPC). The Group Policy Template is responsible for

storing the specific settings created within the GPO and is essential to its

success. It stores these settings in a large structure of folders and files. In

order for the settings to apply successfully to all user and computer objects,

the GPT must be replicated to all domain controllers within the domain.

The Group Policy Container is the portion of a GPO stored in Active Directory

that resides on each domain controller in the domain. The GPC is responsible

for keeping references to Client Side Extensions (CSEs), the path to the GPT,

paths to software installation packages, and other referential aspects of the

GPO. The GPC does not contain a wealth of information related to its

corresponding GPO, but it is essential to the functionality of Group Policy.

When software installation policies are configured, the GPC helps keep the

links associated within the GPO. The GPC also keeps other relational links and

paths stored within the object attributes. Knowing the structure of the GPC

and how to access the hidden information stored in the attributes will pay off

when you need to track down an issue related to Group Policy.

For Windows Server 2003, Microsoft released a Group Policy management

solution as a means of unifying management of Group Policy in the form of a

snap-in known as the Group Policy Management Console (GPMC). The GPMC

provides a GPO-focused management interface, thus making the

administration, management and location of GPOs much simpler. Through

GPMC you can create new GPOs, modify and edit GPOs, cut/copy/paste GPOs,

back up GPOs and perform Resultant Set of Policy modeling.

Directory Structures

The Windows XP installation routine makes several changes to your hard

drives. Windows XP uses two different partitions to store its information: a system partition and a boot partition. These partitions can exist on a single

physical partition or on two physical partitions. Unfortunately, the way these

terms are used is the reverse of common sense usage. The system partition is

the partition containing the initial bootstrap components and the boot menu. The boot partition is the partition hosting the Windows XP root folder and all

operational drivers and files.


The boot and system partition files can be located on the same partition, on

different partitions, or even on different hard drives. However, the system partition must always be on the first hard drive in the system and must be an

active primary partition. The boot partition can be a primary partition or a

logical drive within an extended partition.

System Partition

Table 3.1 shows the files contained on the system partition for an x86

computer.

Table 3.1 Files Located on the System Partition for an x86 Computer

File Description

NTLDR Controls the operating system boot selection process and

hardware detection before the actual Windows XP Kernel is

launched. It requires that boot.ini, ntdetect.com, bootsect.dos (if dual booting), and ntbootdd.sys (if booting on a non-BIOS

enabled SCSI drive; that is, scsi() is used instead of multi() in the

ARC name in boot.ini) exist in the root system partition.

boot.ini Contains the contents of the boot menu displayed by NTLDR.

This file contains the default operating system selection, the

timeout period for the selection, and an ARC name or pathname

for each listed operating system boot selection.

ntdetect.com Detects the major components of the computer before NTLDR

selects a configuration and loads the Kernel.

bootsect.dos Present only on dual-boot systems. NTLDR uses this file when the selected operating system is not Windows XP. Bootsect.dos in

turn seeks out the OS-specific operating system loader file, such

as io.sys for MS-DOS or os2ldr.exe for OS/2.

ntbootdd.sys Used only on systems with SCSI drives that do not have on-board

BIOS translation enabled. It is a copy of the device driver for your

particular SCSI drive.

hiberfil.sys Available if hibernation is enabled on the computer.

NOTE


When BOOTSECT.DOS is installed using the DOS-mode setup (for example, a

Windows 98 startup disk), the file will still appear, even though it is not really a dual-boot system, meaning there is no COMMAND.com to boot into DOS. In

this scenario, there is only one OS entry in the boot.ini file, and the boot

selection menu does not appear.

Other files can appear in the system partition on x86 dual-boot and multi-boot

systems. The addition of these files does not affect the function or capabilities

of the required Windows XP boot files in the system partition. Installing

multiple operating systems on a single computer with Windows XP Professional (or Home Edition) often requires a specific installation order or manual post-

installation configuration changes. Both the Microsoft Windows XP

documentation and TechNet include detailed articles on performing multi-boot setups with Windows XP Professional, Windows XP Professional, Windows

Server 2003, Windows 95, Windows 98, MS-DOS, and OS/2.

Multi-booting Windows XP with non-Microsoft operating systems, such as Linux, often requires third-party boot and partition managers.

The system partition does not include any folders. It exists as a root folder only

with three or more files. Having additional folders in the system partition does not affect the operation of boot files.

You might notice that the files in the system partition are among the files found

on an Emergency Repair Disk (ERD). This should not be surprising because an

ERD is used to restore files to the system partition if these files are corrupted, deleted, or otherwise destroyed.

Boot Partition

The directory structure and subsequent files installed into the boot partition

are quite a bit more complex than those of the system partition. Table 3.2

describes the five folders created in the boot partition's root folder (normally the C:\ drive) during the installation of Windows XP.

Table 3.2 Folders Created by Windows XP in the Boot Partition's Root

Folder

Directory Description

Documents

and Settings

This folder is used to hold the configurations for each user who

accesses the system. In Windows NT, this information was stored in the \Windows\profiles folder.

Program This folder is the default installation location for Windows

applications.


Files

System

Volume

Information

This folder stores all disk permission and security information.

Recycler This is not a true folder; instead, it is the system-controlled temporary repository for deleted files. You can access its

contents by launching the Recycle Bin tool from the desktop.

Note that this folder does not appear until a file is deleted.

Windows This is the main folder containing all the Windows XP system files, and the default folder for Windows XP.

The root of the boot partition is also the default location for pagefile.sys, which is the page file the Windows NT virtual memory system uses.

NOTE

The file and folder structure discussed in this chapter is derived from a fresh

installation of Windows XP on an x86 desktop system with Service Pack 1 integrated. The typical installation method was chosen. No other applications

from Microsoft or any third-party vendors were present on the system. That

means no additional services or applications were installed from the Windows XP distribution CD, no hotfixes were applied, and Internet Explorer was not

updated.

The Program Files folder is home to 16 subfolders:

Common Files. This folder contains files shared with the Microsoft

applications.

ComPlus Applications. This folder contains files used by ComPlus applications. If there are no ComPlus applications installed on your XP

machine, this folder will be empty. COM+ builds on the Microsoft

Component Object Model (COM) integrated services and features, making it

easier for developers to create and use software components in any language, using any tool.

Internet Explorer. This folder contains the files and executables for

Internet Explorer, a Web-browsing tool.


Messenger. This folder contains files and executables for the new Windows

Messenger Service. This service combines features found in MSN Messenger with an improved communications infrastructure.

Movie Maker. This folder contains the files and executables for the Movie

Maker application.

MSN. This folder contains the files and executables for MSN Explorer, the

new Internet connectivity tool from Microsoft that combines Web, e-mail

services, and Internet setup services.

MSN Gaming Zone. This folder contains the files and executables for the MSN Gaming Zone.

NetMeeting. This folder contains all the files used by Microsoft NetMeeting.

Online Services. This folder contains files used to establish Internet connectivity. These files enable you to set up Internet access through MSN

or to select another available Internet service provider.

Outlook Express. This folder contains all the files and executables needed by Microsoft Outlook Express, a simple e-mail application.

Uninstall Information. This is a hidden folder containing files and

information for uninstall services.

Windows Media Player. This folder contains the Microsoft Media Player

application.

Windows NT. This folder contains any applications that have been ported

over from other Windows operating systems (such as Pinball). This folder has empty folders in it if the ported components were not selected during

installation.

Windows Update. This folder contains all the files used by the Windows Update Service.

Xerox. This folder contains all the files used by Xerox applications. By

default, this folder is empty.

The Windows root-level folder contains an extensive subfolder hierarchy but

very few files. The Windows\System32 folder is the main repository of all

files required to launch and operate Windows XP. The following files are among those stored in the Windows folder:

Wallpaper and tiling images (.bmp)


Initialization and configuration files for backward-compatibility with various

16-bit utilities and applications (.ini)

Readme, log, and documentation files (.txt, .log, and .wri)

The following is a listing of the subfolders under the Windows folder:

Addins. ActiveX controls files.

AppPatch. Contains application compatibility .dlls and Appfix packages.

Config. Contains configuration .idf files used by the MIDI sound system.

Depending on system configuration, this folder might be empty.

Connection Wizard. Files used for establishing Internet connectivity. Can be an empty folder.

CSC. The Client Side Cache is where contents of mapped network drives are

cached so that the contents of these drives will be available offline. By default, this folder contains empty folders.

Cursors. Contains static and animated cursor files. You can use these files

by configuring the Mouse applet.

Debug. Contains .log files that can be used to debug network connectivity

and other setup functions.

Downloaded Program Files. Contains ActiveX controls and Java applets that have been downloaded from the Internet.

Driver Cache. Contains a platform subdirectory and a copy of the

driver.cab file so that new devices can be easily installed without needing

the Windows XP CD. Might contain SP1.cab if installing an integrated copy of the operating system.

Fonts. Contains all installed fonts.

Help. Contains the help files used by the Windows XP Help system and all its native utilities.

Ime. Files to support the Input Method Editor. Provides language support

for Windows XP.

Inf. Contains the .inf (system information) files used to install software

components. This is a hidden folder.

Installer. The location for temporary files used by the Windows Installer program. This is a hidden folder.


Java. Folder structure for Java files.

Media. Contains media files (sound and video) used by sound themes.

Msagent. Microsoft agent files, which are software services that support

using animated characters in the Windows interface to assist users in

manipulating the operating system.

Msapps. Contains files for backward-compatibility with applications that

use shared components.

Mui. MUI (Multilingual-User Interface) Packs give companies flexibility in

making language options available to users.

Offline Web Pages. Any Web pages designated as offline accessible are

stored in this folder, along with any images and other files that go with it.

PCHEALTH. Contains files and subfolders to support the Microsoft Help Center Service. These files support all the Windows XP Help services,

including features such as Remote Desktop Assistance.

Prefetch. Contains the files that XP is tracking for prefetch execution. Caching frequently used files decreases startup time for applications and

optimizes XP performance.

Registration. Contains files that support COM+ applications.

Repair. Contains backup copies of the permanent Registry hives. The

NTBackup program updates this directory with the System State option.

Resources. Contains files to support the user's shell interface.

Security. Contains subfolders and files related to security. Includes log files that define the default security applied during setup and templates for

assigning new security privileges.

Srchasst. Contains files and subfolders for Search Companion, the updated search assistant included with XP. Includes files to support an indexing

function that improves search performance.

System. Contains 16-bit versions of protected and real mode drivers and .dll files used by applications. These files are provided for backward-

compatibility with older applications. Additional 16-bit driver files can be

stored in this folder.

System32. Contains the core operating system files and subfolder trees.

Tasks. Contains scheduled tasks that run without operator intervention.


Temp. Contains any temporary files used by the system and applications.

Twain_32. Contains files to support Twain technology, enabling a scanner document to be inserted into a file.

Web. Contains files and subfolders to support Internet printing and

document access.

WinSxS. A folder to store the shared components of side-by-side

applications. These can be multiple versions of the same application or the

same assembly.

The System32 subfolder contains most of the files used by Windows XP. This is the primary storage location for DLLs, Control Panel applets (.cpl), device

drivers (.drv), help files (.hlp and .cnt), MS-DOS utilities (.com), language

support files (.nls), screensavers (.scr), setup information files (.inf), and a handful of other files used for support, configuration, or operation.

The most commonly accessed subfolders in Windows\System32 are described

in the following list:

1025, 1028, 1031, 1033, etc. Contains locationization languages files.

Most of these folders will be empty. The English language is 1033. The

complete list of locale IDs can be found at http://www.microsoft.com/globaldev/reference/loclanghome.mspx.

CatRoot. Contains security catalog files.

CatRoot2. Contains catalog database files.

Com. Contains COM object information.

Config. Contains the Registry hives used during bootup and is the storage

location for the System, Security, and Application log files viewed through

Event Viewer. Config now contains a new folder called \systemprofile that holds a standard profile for the local system.

DHCP. This is an empty folder used to hold Dynamic Host Configuration

Protocol (DHCP) database files if the host becomes a DHCP server.

DirectX. Contains files to support the accelerated performance features of

game devices.

Dllcache. Contains backup copies of the operating system files that are under the Windows File System Protection system.

http://www.microsoft.com/globaldev/reference/loclanghome.mspx


Drivers. Contains driver files (.sys); the \etc folder contains sample copies

of the TCP/IP text-based configuration files, such as Hosts and LMHosts files.

Export. This is an empty folder.

IAS. If there is no Internet connection capability, this is an empty folder used to hold configuration files for the Internet Authentication Service. This

service is typically found on servers. If the machine has a device capable of

connecting to the Internet, the IAS folder should not be empty. It will

contain two files: DNARY.MDB (used to phrase IAS log files) and IAS.MDB (used to store remote access policies).

Icsxml. Contains files for Univeral Plug and Play.

IME. Contains files for Input Method Editors.

Intsrv. Contains files used by the World Wide Web service. This folder is

empty.

Macromedia. Contains a subfolder with the Shockwave Flash .ocx file.

MsDTC. Contains Microsoft Distributed Transaction Coordinator files that

control transaction output and message delivery between two different

applications or processes.

MUI. Contains Multilingual-User Interface files that are created by

applications, such as Service Pack 1.

Os2. Contains drivers used by the OS/2 subsystem.

NPP. Contains files to support collecting network traffic from an XP PC by a Network Monitor server.

Oobe. Contains "Out of Box Experience" files that prompt users to complete

product activation and registration and to create a new user other than Administrator. This feature is activated only after setup.

Ras. Contains the default scripts used by Dial-Up Networking.

Restore. Contains a list of files to be monitored and saved to an alternative location in case of file corruption. The System Restore service takes

snapshots of the XP system periodically to enable the system to be restored

from a previous set of data. This folder also contains the machine GUID.

Setup. Contains setup files for additional services, such as FrontPage

Server Extensions and Microsoft Fax.


ShellExt. By default, this folder is empty.

Spool. Used by the printing system to store spooled print jobs and related files. The Printers subfolder is used to store spool files. The other folders

found here vary based on printer drivers and configuration.

USMT. USMT stands for User State Migration Tool. This folder contains files to support both USMT and the File and Settings Transfer Wizard. Both tools

enable user files and settings to be copied to another PC.

WBEM. Used by Web Based Enterprise Management to store its data and

executable files and utilities. The Microsoft implementation of WBEM is the Windows Management Instrumentation (WMI) Service. With WMI,

programmers can create applications that control network devices, using

the same commands regardless of platform.

Wins. Contains files to support the Windows Internet Name Service (WINS).

This folder is empty.

User Profile folders Structure

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server

2003 with SP1, Windows Server 2003 with SP2

A user profile consists of:

A registry hive. The registry is a database used to store computer- and user-specific settings. Portions of the registry can be saved as files, called

hives. These hives can then be reloaded for use as necessary. User profiles take advantage of the hive feature to provide roaming profile

functionality. The user profile registry hive is the NTuser.dat in file form,

and is mapped to the HKEY_CURRENT_USER portion of the registry when the user logs on. The NTuser.dat hive maintains the users

environment preferences when the user is logged on. It stores those

settings that maintain network connections, Control Panel configurations unique to the user (such as the desktop color and mouse), and

application-specific settings. The majority of the settings stored in the

registry are opaque to user profiles settings are owned and maintained by individual applications and operating system components.


A set of profile folders stored in the file system. User profile files are

stored in the filesystem in the Documents and Settings directory, in a per user folder. The user profile folder is a container for applications and

other operating system components to populate with subfolders and per-

user data, such as shortcut links, desktop icons, startup applications, documents, configuration files and so forth. Windows Explorer uses the

user profile folders extensively for special folders such as the users

desktop, start menu and my documents folder.

Together, these two components record user-configurable settings that can migrate from computer to computer.

The default location of user profiles was changed from the Windows NT 4.0

operating system to allow administrators to secure the operating system folders without adversely affecting user data. On a clean installed computer running

Windows Server 2003, Windows XP or Windows 2000, profiles are stored in the

%Systemdrive%\Documents and Settings folder. In contrast, on computers running Windows NT 4.0, profiles are stored inside the system directory, at

%Systemroot%\profiles folder (typically WINNT\profiles).

Note

If you upgrade a computer from Windows NT 4.0, the profile location remains

%Systemroot%\profiles.

Table 1 below shows the location of user profiles for each of the possible

installation scenarios:

Table 1 User Profile Locations

Operating system Location of user profile

Windows Server 2003 clean

installation (no previous

operating system)

%SYSTEMDRIVE%\Documents and

Settings; for example, C:\Documents and

Settings

Windows Server 2003 upgrade of SYSTEMDRIVE%\Documents and Settings;


Windows 2000 for example, C:\Documents and Settings

Windows Server 2003 upgrade of

Windows NT 4.0

%SYSTEMROOT%\Profiles; for example,

C:\WinNT\Profiles

Configuration Preferences Stored in the Registry Hive

The NTuser.dat file contains the following configuration settings:

Windows Explorer settings. All user-definable settings for Windows

Explorer, as well as persistent network connections.

Taskbar settings.

Printer settings. All network printer connections.

Control Panel. All user-defined settings made in the Control Panel.

Accessories. All user-specific application settings affecting the Windows

environment, including: Calculator, Clock, Notepad, Paint, and

HyperTerminal, among others.

Application Settings. Many applications store some per user settings in

the users registry hive (HKEY_CURRENT_USER). An example of these types of settings would be Microsoft Word 2000s toolbar settings.

Configuration Preferences Stored in Profile Directories

Figure 1 below shows the structure of the user profile.

Figure 1: User Profile.


Each users profile contains the following folders:

Application data*. Application-specific data, such as a custom

dictionary for a word processing program. Application vendors decide

what data to store in this directory.

Cookies. Internet Explorer cookies.

Desktop. Desktop items, including files and shortcuts.

Favorites. Internet Explorer favorites

Local Settings*. Application settings and data that do not roam with

the profile. Usually either machine specific, or too large to roam

effectively.

Application data. Computer specific application data.

History. Internet Explorer history.

Temp. Temporary files.

Temporary Internet Files. Internet Explorer offline cache.

My Documents. The new default location for any documents that the

user creates. Applications should be written to save files here by default.

My Pictures. Default location for users pictures.


My Music. Default location for users music.

NetHood*. Shortcuts to My Network Places items.

PrintHood*. Shortcuts to printer folder items.

Recent. Shortcuts to the most recently used documents.

SendTo. Shortcuts to document storage locations and applications.

Start Menu. Shortcuts to program items.

Templates*. Shortcuts to template items.

* These directories are hidden by default. To see these directories, change the

View Options.

The Folder Redirection feature of IntelliMirror allows an administrator to redirect the location of certain folders in the user profile to a network location.

When these redirected folders are accessed either by the operating system or by

applications, the operating system automatically redirects to the location on a network share specified by the administrator. From a user perspective, this is

similar to the roaming scenario because users have the same settings

regardless of which computers they use. However unlike roaming, these settings actually remain on the network share. Folder redirection can be used

with all types of user profiles: local, roaming, or mandatory.

Using Folder Redirection with local profiles can provide some of the benefits of roaming profiles (such as having a users data available at any computer or

maintaining data on the server) without the need to implement roaming

profiles. Remember though, using Folder Redirection with a local profile would only result in the users documents and files being available from all

computers. To have settings and configurations move with the user, you would

need to use roaming profiles.

Combining Folder Redirection with roaming profiles gives the benefit of

roaming profiles, while minimizing network traffic caused by synchronization of

the profile.

Folder redirection is accomplished using Group Policy. The use of Folder

Redirection with roaming profiles is discussed later in this article.

Table 2 below lists the folders that roam with the profile by default and

indicates whether they can be redirected using Group Policy.


Table 2 Folders that Roam with the Profile

Folder Name Description

Roams with

profile by

default

Redirect

with Group

Policy

Application

Data

Per-user roaming

application data.

Yes Yes

Cookies Users Internet Explorer

cookies.

Yes No

Desktop Desktop items, including

files and shortcuts.

Yes Yes

Favorites Users Internet Explorer

favorites.

Yes No

Local Settings Temporary files and per-

user non-roaming

application data.

No No

My Documents Users documents. Yes Yes

NetHood Shortcuts to My Network Yes No


Places items.

PrintHood Shortcuts to printer folder

items.

Yes No

Recent Shortcuts to recently used

documents

Yes No

Send To Shortcuts to document

storage locations and

applications.

Yes No

Start Menu Users personal start menu. Yes Yes

Templates Per-user customized

templates.

Yes No

Non-Roaming Folders

The default behavior of roaming user profiles in Windows NT 4.0 is to include

all the folders in the user profile directory. Thus when a user first logs on, all

folders within the profile folder are copied from the server to the client at logon and copied back at logoff,

Windows 2000 introduced a per-user local settings folder into the user profile that is not copied during log on or logoff. This folder is intended for the storage

of operating system components and other applications can store non-roaming

per-user data. A typical example of the usage of this folder is for Microsoft

Internet Explorer to store a users Favorites in the roaming portion of the user profile but store the Temporary Internet Files in the local (non-roaming) portion

of the user profile. This will allow a user to retain access to their favorite URLs,

but will save copying of temporary cache files at logon and logoff.

On computers running Windows Server 2003, Windows XP or Windows 2000,

the History, Local Settings, Temp and Temporary Internet Files folders do not

roam by default. Other Non-Roaming Folders are configured using the Group


Policy Object Editor. The path for this setting in the Group Policy name space

is:

User Configuration\Administrative Templates\System\User Profiles\Exclude

directories in roaming profile

Once enabled this allows multiple folder names to be defined, all relative to the root of the users profile. Once included in the policy these folders will not be

copied to the local machine at logon, nor copied back to the server at logoff.

This setting is likely to result in decreased time taken for a user to logon, by restricting the amount of data within a user profile that really does roam with

the user.

How Do Users Get Their Profile?

The way in which users get their profiles depends on the type of profile they're configured to use. This section describes this process.

Local Profile - New User

1. The user logs on.

2. The operating system checks the list of user profiles located in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentV

ersion\ProfileList to determine if a local profile exists for the user.

3. Because this is a new user, no local profile is found. If the computer is part of a domain, the operating system checks if a domain wide default

profile exists in a folder named Default User on the domain controllers

NETLOGON share.

If a domain wide profile exists, it is copied to a subfolder on the

local computer with the user name under %SYSTEMDRIVE%\Documents and Settings\. For example, a new

user with the user name JDoe would have a profile created in

%SYSTEMDRIVE%\Documents and Settings\JDoe.

If a default domain profile does not exist, then the local default profile is copied from the %Systemdrive%\Documents and

Settings\Default User folder to a subfolder on the local computer

with a user name under %Systemdrive%\Documents and Settings\.

4. If the computer is not part of a domain, the local default profile is copied

from the %Systemdrive%\Documents and Settings\Default User folder to a subfolder on the local computer with a user name under

%Systemdrive%\Documents and Settings\.


5. The users registry hive (NTUSER.DAT) is mapped to the

HKEY_CURRENT_USER portion of the registry.

6. The users %userprofile% environment variable is updated with the value

of the local profile folder

7. When the user logs off, a profile is saved to the local hard disk of the computer.

Local Profile - Existing User


2. Windows checks the list of user profiles located in

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList to get the path to the users profile.




of the local profile folder.

5. When the user logs off, the profile is saved to the local hard disk of the computer.

Roaming Profile - New User


2. The path to the users roaming profile is retrieved from the user object on the Domain Controller.

3. Windows checks to see if a profile exists in the roaming path, if no profile

exists a folder is created.

4. Windows checks the list of user profiles located in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentV

ersion\ProfileList to determine if a cached copy of the profile exists. If a

local copy of the profile is not found, and the computer is part of a domain, Windows checks to determine if a domain wide default profile

exists in the Default User folder on the domain controllers NETLOGON

share.

If a domain wide profile exists, it is copied to a subfolder on the

local computer with their user name under

%Systemdrive%\Documents and Settings\.


If a default domain profile does not exist, then the local default

profile is copied from the %Systemdrive%\Documents and Settings\Default User folder to a subfolder on the local computer

with their user name under %Systemdrive%\Documents and

Settings\.




of the local profile folder

7. The user can then run applications and edit documents as normal. When

the user logs off, their local profile is copied to the path configured by the

administrator. If a profile already exists on the server, the local profile is merged with the server copy (see merge algorithm later in this paper for

more details).

Roaming Profile - Existing User


2. The path to the users roaming profile is retrieved from the user object on

the Domain Controller.

3. Windows checks to see if a profile exists in the roaming path, if no profile exists a folder is created.

4. Windows checks the list of user profiles located in

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentV

ersion\ProfileList to get the path to the users cached profile if it exists.

5. The contents of the local cached profile are compared with the copy of

the profile on the server, and the two profiles are merged. (See the new

merge algorithm later in this paper for more details).



7. The users %userprofile% environment variable is updated with the value of the local profile folder

8. The user can then run applications and edit documents as normal. When

the user logs off, the local profile is copied to the path configured by the administrator. If a profile already exists on the server, the local profile is

merged with the server copy.


File Systems

You can use FAT16, FAT32, NTFS, or a combination of file systems on a single

computer, but each volume can have only one file system installed. When

choosing which file system to use, you need to determine the following:

How the computer is used (dedicated to Windows XP or multiple-boot).

The number and size of locally installed hard disks.

Security considerations.

Interest in using advanced file system features.

Important

It is recommended that you format all Windows XP volumes with NTFS except

on computers with certain multiple-boot configurations. For more information about NTFS, see NTFS File System later in this chapter.

Certain file systems have limitations regarding the minimum and maximum

size of volumes that they can format. Additionally, the cluster size of each file

system, which depends on the size of the volume and the maximum number of clusters the file system can manage, can affect the choice of file systems.

The version of NTFS included with Windows XP can take advantage of many

advanced features not available by using other file systems. As such, using

NTFS wherever possible is recommended to gain the maximum benefits from

Windows XP.

The following are some file system size limitations that should also be

considered:

FAT volumes smaller than 16 megabytes (MB) are formatted as FAT12.


FAT16 volumes larger than 2 gigabytes (GB) are not accessible from

computers running MS-DOS, Windows 95, Windows 98, and many other

operating systems.

While FAT32 volumes can theoretically be as large as 2 terabytes,

Windows XP limits the maximum size FAT32 volume that it can format to

32 GB. However, Windows XP can read and write to larger FAT32

volumes formatted by other operating systems.

The implementation of FAT32 in Windows XP limits the maximum

number of clusters on a FAT32 volume that can be mounted by

Windows XP to 4,177,918. This is the maximum number of clusters on a

FAT32 volume that can be formatted by Windows 98.

NTFS volumes can theoretically be as large as 16 exabytes (EB), but the

practical limit is 2 terabytes.

The user can specify the cluster size when an NTFS volume is formatted.

However, NTFS compression is not supported for cluster sizes larger than

4 kilobytes (KB).

Advantages of NTFS

Formatting Windows XP volumes with NTFS instead of FAT allows you to use

advanced features that are available only on NTFS, including the following:

NTFS is a recoverable file system. A user seldom needs to run a disk

repair program on an NTFS volume. NTFS guarantees the consistency of the volume by using standard transaction logging and recovery

techniques. In the event of a system failure, NTFS uses its log file and

checkpoint information to automatically restore the consistency of the file system.

NTFS supports compression on volumes, folders, and files. Files that are

compressed on an NTFS volume can be read and written by any

Windows-based application without first being decompressed by another program; decompression happens automatically during the file read. The

file is compressed again when it is closed or saved.

NTFS supports all Windows XP file system features.

NTFS does not restrict the number of entries in the root folder.


Windows XP can format volumes up to 2 terabytes with NTFS.

NTFS manages disk space more efficiently than FAT, using smaller

clusters (4 KB for volumes up to 2 terabytes).

The boot sector is backed up to a sector at the end of the volume.

NTFS minimizes the number of disk accesses required to find a file.

On NTFS volumes, you can set permissions on shares, folders, and files

that specify which groups and users have access, and what level of access is permitted. NTFS file and folder permissions apply to users

working on the local computer and to users accessing the file over the

network from a shared folder. You can also set share permissions that operate on network shares in combination with file and folder

permissions.

NTFS supports a native encryption system, EFS, that uses symmetric

key encryption in conjunction with public key technology to prevent

unauthorized access to file contents.

Reparse points enable new features such as volume mount points.

Disk quotas can be set to limit the amount of space users can consume.

NTFS uses a change journal to track changes made to files.

NTFS supports distributed link tracking to maintain the integrity of

shortcuts and OLE links.

NTFS supports sparse files so that very large files can be written to disk

while requiring only a small amount of storage space.

Disadvantages of NTFS

While NTFS is recommended for most Windows XP users, it is not appropriate

in all circumstances. Disadvantages of NTFS include:

NTFS volumes are not accessible from MS-DOS, Windows 95, or

Windows 98. The advanced features of the version of NTFS included with

Windows XP are not available in Windows NT.

For very small volumes that contain mostly small files, the overhead of managing NTFS can cause a slight performance drop in comparison to

FAT.


A former disadvantage of NTFS was accessing the NTFS-formatted system

volume when corrupted or deleted system files prevented the computer from starting. In the past, it was a common requirement that Windows NT be

installed to a second, separate folder to access the NTFS system volume of the

first installation.

Windows XP resolves this problem by offering a pair of new troubleshooting

tools. The first tool, known as Safe Mode, allows Windows XP to be started with

only the basic set of device drivers and system services loaded. Safe Mode

allows a system that cannot start, due to system corruption or the installation of incompatible drivers or system services, to bypass those blocking issues,

enabling the local administrator to resolve the problem.

If the damage to the operating system files is severe enough that the computer cannot start even in Safe Mode, you can start the computer from either the

Windows XP operating system CD or Setup floppy disks by using the Recovery

Console. The Recovery Console is a special command-line environment that enables the administrator to copy system files from the operating system CD,

fix disk errors, and otherwise troubleshoot system problems without installing

a second copy of the operating system.

What are the advantages of NTFS over FAT32?

Is the native file system for WinNT/2k/XP Allows indexing which improves file searching (mostly, faster); causes slight

performance hit (can turn off).

Has better security -- such as file-wise encryption (not supported by WinXP

home) and per-user access rules (you can stop your wife from seeing the porn folder!)

Supports user quotas (prevent the tykes from downloading too many mp3s)

Has file-wise compression. Is journaled, decreasing data loss (ScanDisk at start up unnecessary).

Uses Unicode (allows foreign and extended character) file names and

natively supports long file names. Supports larger files than FAT (greater than 4GB).

Allows larger volume sizes (greater than 1TB) There is talk about a

theoretical limit of 16 Exabytes, and up to 2 Terabytes. Supported format on dynamic disks (no dynamic disks on WinXP Home).

Works well with large cache (greater than 96MB systems).

Performs better on volumes ~20GB and more.

Is more space-efficient on large volumes (greater than 8GB).

Resistant to fragmentation.


Sharing and Security

How to Share and Set Permissions for Folders and Files Using Windows XP

File and Printer Sharing for Microsoft Networks The File and Printer Sharing for Microsoft Networks component allows

computers on a network to access resources on other computers using a

Microsoft network. This component is installed and enabled by default. It is enabled per connection using TCP/IP and is necessary to share local folders.

The File and Printer Sharing for Microsoft Networks component is the

equivalent of the Server service in Windows NT 4.0.

To share folders with other users on your network

1. Open My Documents in Windows Explorer. Click Start, point to All

Programs, point to Accessories, and then click Windows Explorer.

2. Click the folder you want to share.

3. Click Share this folder in File and Folder Tasks.

4. In the Properties dialog box select the radio button Share this folder to

share the folder with other users on your network, as shown in Figure 1 below.

Figure 1. Sharing a folder on a network


5. To change the name of the folder on the network, type a new name for

the folder in the Share name text box. This will not change the name of

the folder on your computer.

Note The Sharing option is not available for the Documents and

Settings, Program Files, and Windows system folders. In addition, you

cannot share folders in other users’ profiles.

To set, view, change, or remove file and folder permissions

1. Open Windows Explorer, and then locate the file or folder for which you

want to set permissions. To open Windows Explore click Start, point to

All Programs, point to Accessories, and then click Windows Explorer.

2. Right-click the file or folder, click Properties, and then click the

Security tab as shown in Figure 2 below.

Figure 2. Setting file and folder permissions


3. To set permissions for a group or user that does not appear in the Group

or user names box, click Add. Type the name of the group or user you want to set permissions for and then click OK, as shown in Figure 3

below.

Figure 3. Adding new group or user permissions

4. To change or remove permissions from an existing group or user, click

the name of the group or user and do one of the following, as shown in Figure 2 above:

To allow or deny a permission, in the Permissions for...box, select

the Allow or Deny check box.

To remove the group or user from the Group or user names box,

click Remove.

Notes

In Windows XP Professional, the Everyone group no longer includes

Anonymous Logon.

You can set file and folder permissions only on drives formatted to use NTFS.

To change permissions you must be the owner, or have been granted

permission to do so by the owner.


Groups or users granted Full Control for a folder can delete files and

subfolders within that folder regardless of the permissions protecting the

files and subfolders.

If the check boxes under Permissions for user or group are shaded or if

the Remove button is unavailable, then the file or folder has inherited

permissions from the parent folder.

When adding a new user or group, by default, this user or group will

have Read & Execute, List Folder Contents, and Read permissions.

User profiles overview

A user profile defines customized desktop environments, such as individual display, and network and printer connections settings. You or your system

administrator can define your desktop environment.

Types of user profiles include:

A local user profile, which is created the first time you log on to a computer and is stored on the computer's local hard disk Any changes made to your local user profile are specific to the computer on which the

changes are made.

A roaming user profile, which is created by your system administrator

and is stored on a server This profile is available every time you log on to any computer on the network. Any changes made to your roaming user

profile will be updated on the server.

A mandatory user profile, which is a roaming profile that can be used to specify particular settings for individuals or an entire group of users.

Only system administrators can make changes to mandatory user

profiles.

Local Users and Groups overview

Local Users and Groups is a tool you can use to manage local users and

groups. It is available on the following operating systems:

• Windows 2000 Professional

• Windows XP Professional

• Member servers running Windows 2000 Server


A local user or group is an account that can be granted permissions and rights

from your computer. Domain or global users and groups are managed by your network administrator. You can add local users, global users, and global

groups to local groups. However, you cannot add local users and groups to

global groups

Local Users and Groups is an important security feature because you can limit

the ability of users and groups to perform certain actions by assigning them

rights and permissions. A right authorizes a user to perform certain actions on

a computer, such as backing up files and folders or shutting down a computer. A permission is a rule associated with an object (usually a file, folder, or

printer) and it regulates which users can have access to the object and in what

manner.

Local Users and Groups is not available on domain controllers. Use Active

Directory Users and Computers to manage global users and groups.

Groups overview

Groups displays all built-in groups as well as groups you create. The built-in groups are created automatically when you install Windows 2000 or

Windows XP. Belonging to a group gives a user rights and abilities to perform

various tasks on the computer.

Administrators

Members of the Administrators group have the largest amount of default

permissions and the ability to change their own permissions.

Backup Operators

Members of the Backup Operators group can back up and restore files on the

computer, regardless of any permissions that protect those files. They can also

log on to and shut down the computer, but they cannot change security settings.

Power Users

Members of the Power Users group can create user accounts, but can modify and delete only those accounts they create. They can create local groups and

remove users from local groups they have created. They can also remove users

from the Power Users, Users, and Guests groups.

They cannot modify the Administrators or Backup Operators groups, nor can

they take ownership of files, back up or restore directories, load or unload

device drivers, or manage the security and auditing logs.

Users


Members of the Users group can perform most common tasks, such as running

applications, using local and network printers, and shutting down and locking the workstation. Users can create local groups, but can modify only the local

groups that they created. Users cannot share directories or create local

printers.

Guests

The Guests group allows occasional or one-time users to log on to a

workstation's built-in Guest account and be granted limited abilities. Members

of the Guests group can also shut down the system on a workstation.

Replicator

The Replicator group supports directory replication functions. The only

member of the Replicator group should be a domain user account used to log on the Replicator services of the domain controller. Do not add the user

accounts of actual users to this group.

Users overview

Users displays the two built-in user accounts, Administrator and Guest, as

well as any user accounts you create. The built-in user accounts are created automatically when you install Windows 2000 or Windows XP.

Administrator account

The Administrator account is the one you use when you first set up a workstation or member server. You use this account before you create an

account for yourself. The Administrator account is a member of the

Administrators group on the workstation or member server.

The Administrator account can never be deleted, disabled, or removed from the

Administrators local group, ensuring that you never lock yourself out of the

computer by deleting or disabling all the administrative accounts. This feature sets the Administrator account apart from other members of the

Administrators local group.

Guest account

The Guest account is used by people who do not have an actual account on the computer. A user whose account is disabled (but not deleted) can also use the

Guest account. The Guest account does not require a password. The Guest

account is disabled by default, but you can enable it.

You can set rights and permissions for the Guest account just like any user

account. By default, the Guest account is a member of the built-in Guests

group, which allows a user to log on to a workstation or member server.


Additional rights, as well as any permissions, must be granted to the Guests

group by a member of the Administrators group.

System Tools

Disk Cleanup

The Disk Cleanup tool helps you free up space on your hard disk by searching

your disk for files that you can safely delete. You can choose to delete some or

all of the files. Use Disk Cleanup to perform any of the following tasks to free

up space on your hard disk:

Remove temporary Internet files. Remove downloaded program files. For example, ActiveX controls and

Java applets that are downloaded from the Internet.

Empty the Recycle Bin. Remove Windows temporary files.

Remove optional Windows components that you are not using.

Remove installed programs that you no longer use.

You can start Disk Cleanup, by doing any of the following:

Click Start, and then click Run. In the Open box, type cleanmgr, and then click OK.

-or-

Click Start, point to All Programs, point to Accessories, point to System Tools, and then click Disk Cleanup.

-or-

In Windows Explorer or My Computer, right-click the disk in which you want to free up space, click Properties, click the General tab, and then

click Disk Cleanup.

Remove Files Stored on Your Hard Disk

To remove files stored on your hard disk that you no longer use, follow these

steps:

1. Click Start, and then click My Computer. 2. Right-click the disk in which you want to free up space, and then click

Properties.

3. Click the General tab, and then click Disk Cleanup.


4. Click the Disk Cleanup tab (if it is not already selected), click to select

the check boxes next to the files that you want to remove, and then click OK.

5. Click Yes to the proceed with this action, and then click OK.

Remove Windows Components

To remove Windows components that you are not using, follow these steps:


Properties.

3. Click the General tab, and then click Disk Cleanup. 4. Click the More Options tab, and then under Windows components,

click Clean up.

The Windows Components Wizard starts.

5. In the Components list, click to clear the check box next to the

component(s) that you want to remove. o A shaded check box next to a component indicates that only some

of its subcomponents are installed.

If you want to remove a subcomponent, click Details, click to clear

the check box next to the subcomponent(s) that you want to

remove, and then click OK.

6. Click Next. 7. In the Completing the Windows Components Wizard page, click Finish.

8. Click OK, click Yes to proceed with this action, and then click OK.

Remove Installed Programs

To remove programs that you no longer use, follow these steps:


Properties. 3. Click the General tab, and then click Disk Cleanup.

4. Click the More Options tab, and then under Installed programs, click

Clean up.

The Add or Remove Programs dialog box is displayed.

5. In the Currently installed programs list, click the program that you want to remove, and then click Remove (or Change/Remove).

6. If you receive a prompt to confirm the removal of the program, click Yes.

7. Repeat step 5 and 6 to remove other programs that you no longer use,

and then click Close.



Remove Restore Points

To remove all restore points except the most recent restore point, follow these

steps:


Properties.

3. Click the General tab, and then click Disk Cleanup.

4. Click the More Options tab, and then under System Restore, click Clean up.

5. Click Yes to remove all but the most recent restore point.


Administrative tools

Component Services

Used by system administrators to deploy and administer COM+ programs from

a graphical user interface, or to automate administrative tasks using a

scripting or programming language. Software developers can use Component Services to visually configure routine component and program behavior, such

as security and participation in transactions, and to integrate components into

COM+ programs. For more information, see Using Component Services

Computer Management

Used to manage local or remote computers from a single, consolidated desktop

utility. Computer Management combines several Windows XP administrative

tools into a single console tree, providing easy access to a specific computer's administrative properties. For more information, see Using Computer

Management

Data Sources (ODBC)

Open Database Connectivity (ODBC) is a programming interface that enables

programs to access data in database management systems that use Structured

Query Language (SQL) as a data access standard. For more information, see Using Data Sources (ODBC)

Event Viewer

Used to view and manage logs of system, program, and security events on your computer. Event Viewer gathers information about hardware and software

http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/snap_comp_exp.mspx

http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/snap_comp_mgmt.mspx

http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/snap_comp_mgmt.mspx

http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/app_mdac.mspx


problems, and monitors security events. For more information, see Using Event

Viewer

Local Security policy

Used to configure security settings for the local computer. These settings

include the Password policy, Account Lockout policy, Audit policy, IP Security policy, user rights assignments, recovery agents for encrypted data, and other

security options. Local Security Policy is only available on computers that are

not domain controllers. If the computer is a member of a domain, these

settings may be overridden by policies received from the domain.

Performance

Used to collect and view real-time data about memory, disk, processor,

network, and other activity in a graph, histogram, or report form. For more information, see Using Performance

Services

Used to manage the services on your computer, set recovery actions to take place if a service fails, and create custom names and descriptions for services

so that you can easily identify them. For more information, see Using Services

Note

• Administrative Tools can also be opened from Microsoft Management

Console, or by clicking Start, clicking Control Panel, clicking Performance

and Maintenance, and then clicking Administrative Tools.

Task Scheduler overview

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Task Scheduler overview

Using Task Scheduler, you can schedule any script, program, or document to

run at a time that is most convenient for you.

When you first install your Windows Server 2003 family operating system, the

Task Scheduler service is enabled. By default, you must be a member of the

Administrators, Backup Operators, or Server Operators group on the local computer, to view, add, edit, or delete scheduled tasks, or to disable, pause, or

restart the Task Scheduler service. For more information, see Task Scheduler

and Security.

With Task Scheduler, you can:

http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/snap_event_viewer.mspx

http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/snap_event_viewer.mspx


Schedule a task to run daily, weekly, monthly, or at certain times (such as system startup).

Change the schedule for a task.

Stop a scheduled task.

Customize how a task runs at a scheduled time.

Each scheduled task you create is stored as a .job file in the \Windows\Tasks

folder. The .job file contains the properties and configuration information for

the task. You can create a scheduled task on your computer and then drag the

.job object over to a remote computer. After you drag a task from one computer to another, you must update the account information for the task before it will

run. Removing a scheduled task removes only the .job file from the schedule.

The program file the task runs is not removed from the hard disk.

Windows XP System Restore

Microsoft OSs have typically included utilities that help you recover systems

that become unstable or crash, but Windows XP's System Restore goes much further. System Restore reinstates the registry, local profiles, the COM+

database, the Windows File Protection (WFP) cache (wfp.dll), the Windows

Management Instrumentation (WMI) database, the Microsoft IIS metabase, and files that the utility copies by default into a Restore archive. You can't specify

what to restore: it's all or nothing.

Understanding System Restore

Creating a Restore Point

Restoring a System

Troubleshooting

Understanding System Restore

System Restore's purpose is to return your system to a workable state without

requiring a complete reinstallation and without compromising your data files.

The utility runs in the background and automatically creates a restore point when a trigger event occurs. Trigger events include application installations,

AutoUpdate installations, Microsoft Backup Utility recoveries, unsigned- driver

installations, and manual creations of restore points. The utility also creates restore points once a day by default.


System Restore requires 200MB of free hard disk space, which the utility uses

to create a data store. If you don't have 200MB of free space, System Restore remains disabled until the space becomes available, at which point the utility

enables itself. System Restore uses a first in/first out (FIFO) storage scheme:

The utility purges old archives to make room for new ones when the data store reaches a set limit.

The file types that System Restore monitors are many but include most of the

extensions that you typically see when you install new software (e.g., .cat,

.com, .dll, .exe, .inf, .ini, .msi, .ole, .sys). Note that only application installations that use a System Restore restorept.api-compliant installer will

trigger the creation of a restore point.

Typically, system recoveries are easiest when you know *or think you know* what caused the problem (e.g., a recently installed device driver). In some

cases, System Restore might not be the best choice for correcting a problem

you're experiencing. System Restore changes many different files and registry entries, and in some cases might replace too much and actually cause more

problems than it solves. For example, say you install Office XP, which triggers

System Restore to create a restore point, and the software suite works great. Later in the day, you download and install an updated video driver, and

because the driver is signed, the installation doesn't trigger System Restore to

create a restore point. Now your system hangs on occasion, and you believe

that the video driver is the culprit. In this case, you should use the Device Driver Rollback utility because it will address the device-driver problem only

and not change anything else on your system. System Restore would roll your

computer back to a preOffice XP state, and you would have to reinstall the entire software suite after you resolved the driver problem.

Creating a Restore Point

Windows XP automatically creates restore points when you would typically

need them most. However, occasions arise when you might want to create

restore points manually*for example, if you're installing an application that

you're not sure will be stable on Windows XP, if you're unsure whether an application is System Restore restorept.api-compliant, or if you're making

system changes that could affect the system's stability.

For example, I wanted to install Crystal Decisions' Crystal Reports Professional 7, but because that version is several years old, I wasn't sure how well it would

run on Windows XP. I decided to create a restore point before installing the

software. I clicked Start, All Programs, Accessories, System Tools, System Restore. A Welcome screen appeared, and System Restore asked whether I

wanted to restore or create a restore point. I chose Create a restore point and

clicked Next. I named my restore point Before Crystal Reports, as Figure 1 shows, and clicked Create.


Figure 1:

Name restore points so that you can easily identify them later. After the utility

collected all the information it needed, it displayed the Restore Point Created

screen, which Figure 2 shows. I closed the utility to end the process.

Figure 2:

Restoring a System

Having created a restore point, I could install Crystal Reports on my Windows

XP machine with the confidence of knowing that I could restore my system if


anything went wrong. During the installation, several error messages reported

that the system couldn't find a particular DLL. The installation finished, and Crystal Reports didn't start. I was immediately glad that I'd created the restore

point.

Before performing a restore, I used the Crystal Reports uninstallation program to try to delete the application's program files and registry entries, but the

procedure overlooked one registry entry. Instead of deleting the registry entry

manually, which could destabilize the system, I decided to use System Restore

to restore the registry safely.

I started the System Restore utility. At the Welcome screen, I chose Restore my

computer to an earlier time, then clicked Next. To prompt me to select a restore

point, the utility presented the various options in a calendar format, which Figure 3 shows. The calendar format lets you click through dates and see the

existing restore points. Restore points that System Restore creates appear as

System Checkpoint.

Figure 3:

I clicked July 23 and saw the Before Crystal Reports restore point that I had

created earlier. I selected that restore point and clicked Next, then confirmed

the restore point selection and clicked Next again. System Restore closed all programs and proceeded with the restoration. The computer then rebooted. I

logged back on, and the Restoration Complete screen appeared to let me know

the restore was finished and had succeeded, as Figure 4 shows.


Figure 4:

I then checked the hard disk and the registry and found no sign of Crystal Reports. In addition, the files I created between installing and restoring my

system remained on my system. My data files were safe, and the system was

stable.

If your system no longer boots to the OS, start the computer and press the F8 key as Windows begins to run. When the Windows Advanced Options menu

appears, choose Last Known Good Configuration and press Enter. If the

damage isn't too bad, a boot menu will appear, and you can select Microsoft Windows XP, then press Enter. Windows XP will restore the computer to the

most recent restore point.

If a restoration fails to resolve a problem, System Restore lets you try to select another restore point or undo the restoration. So, if you chose the wrong

restore point earlier, you get a chance to correct your mistake. Remember,

performing a restore is one of the events that triggers the system to create a restore point. Now you know why.

Troubleshooting

I've found System Restore to be stable and reliable. However, as with most programs, you might occasionally experience problems with System Restore.

Should you need to disable it, you can do so (for details, see the sidebar

"Disabling System Restore"). But first, try troubleshooting:

Read any error messages and address any issues that the messages

identify.


Check your hard disks for free space. You must have at least 200MB of

free space on each disk on which you've enabled System Restore. You can use the Disk Cleanup utility to reclaim space. If necessary, you can

also use this utility to delete all but the most recent restore point.

Confirm that the System Restore service is running.

Try to run the utility in Safe mode.

Check the System log for any errors that relate to sr or srservice.

If these steps don't help, run srdiag.exe to troubleshoot further. Srdiag creates

a .cab file, which it places in the \%windir%\system32\restore folder by default. You can double-click the file or right-click it and choose Extract. You

can then examine the 14 extracted files to troubleshoot your problem.

System Restore's scope, ease of use, and reliability are impressive. It's a useful utility that power users, technical support staff, and administrators should

familiarize themselves with. System Restore has the potential to significantly

reduce administrator work and user downtime.

Event Viewer

With Event Viewer, users can monitor events recorded in the Application,

Security, and System logs:

Understanding Event Viewer

Using the event logs in Event Viewer, you can gather information about

hardware, software, and system problems. You can also monitor Windows XP security events.


A computer running any version of Windows XP records events in three kinds

of logs:

Application log

The application log contains events logged by applications or programs. For

example, a database program might record a file error in the application log. Program developers decide which events to monitor.

Security log

The security log records events such as valid and invalid logon attempts, as

well as events related to resource use such as creating, opening, or deleting files or other objects. An administrator can specify what events are recorded in

the security log. For example, if you have enabled logon auditing, attempts to

log on to the system are recorded in the security log.

System log

The system log contains events logged by Windows XP system components. For

example, the failure of a driver or other system component to load during startup is recorded in the system log. The event types logged by system

components are predetermined by Windows XP.

A computer running Windows configured as a domain controller records events in two additional logs:

Directory service log

The directory service log contains events logged by the Windows directory

service. For example, connection problems between the server and the global catalog are recorded in the directory service log.

File Replication service log

The File Replication service log contains events logged by the Windows File Replication service. For example, file replication failures and events that occur

while domain controllers are being updated with information about sysvol

changes are recorded in the file replication log.

A computer running Windows configured as a Domain Name System (DNS)

server records events in an additional log:

DNS server log

The DNS server log contains events logged by the Windows DNS service. Events

associated with resolving DNS names to Internet Protocol (IP) addresses are

recorded in this log.

ms-its:C:/WINDOWS/Help/EVconcepts.chm::/event_overview_01.htm







Event Viewer displays these types of events:

Error

A significant problem, such as loss of data or loss of functionality. For example,

if a service fails to load during startup, an Error event will be logged.

Warning

An event that is not necessarily significant, but may indicate a possible future

problem. For example, when disk space is low, a Warning event will be logged.

Information

An event that describes the successful operation of an application, driver, or service. For example, when a network driver loads successfully, an Information

event will be logged.

Success Audit

An audited security access attempt that succeeds. For example, a user's

successful attempt to log on to the system will be logged as a Success Audit

event.

Failure Audit

An audited security access attempt that fails. For example, if a user tries to

access a network drive and fails, the attempt will be logged as a Failure Audit event.

The Event Log service starts automatically when you start Windows. All users

can view application and system logs. Only administrators can gain access to

security logs.

By default, security logging is turned off. You can use Group Policy to enable

security logging. The administrator can also set auditing policies in the registry

that cause the system to halt when the security log is full.







Disk Management

You use Disk Management snap-in in Windows XP to perform disk-related

tasks, such as creating partitions and volumes, formatting them, and assigning

drive letters. On computers running Windows XP or Windows 2003 Server, you

can also use Disk Management to perform advanced tasks, such as creating

and repairing fault tolerant volumes.

Disk Management overview

The Disk Management snap-in is a system utility for managing hard disks and

the volumes, or partitions, that they contain. With Disk Management, you can

initialize disks, create volumes, format volumes with the FAT, FAT32, or NTFS

file systems, and create fault-tolerant disk systems. Disk Management enables

you to perform most disk-related tasks without shutting down the system or

interrupting users; most configuration changes take effect immediately.

Disk Management, which replaces the Disk Administrator utility used in

Windows NT 4.0, offers many features including:

Simplified tasks and intuitive user interface. Disk Management is

easy to use. Menus that are accessible from the right mouse button display the tasks you can perform on the selected object, and wizards

guide you through creating partitions or volumes and initializing or

converting disks. Basic and dynamic disk storage. Basic disks contain basic volumes,

such as primary partitions, extended partitions, and logical drives. Use

basic disks on portable computers or when you plan to install multiple

operating systems in different partitions on the same disk.


Dynamic disks contain dynamic volumes that offer features not available

in basic disks, such as the ability to create fault-tolerant volumes. You can extend or mirror dynamic volumes and add new dynamic disks

without restarting the computer.

Local and remote disk management. By using Disk Management, you

can manage any remote computer running Windows 2000 or Windows XP on which you are a member of the Administrators group.

Mounted drives. You can use Disk Management to connect, or mount, a

local drive at any empty folder on a local NTFS-formatted volume.

Mounted drives make data more accessible and give you the flexibility to manage data storage based on your work environment and system

usage. Mounted drives are not subject to the 26-drive limit imposed by

drive letters, so you can use mounted drives to access more than 26 drives on your computer.

Logical Disk Manager Service. The Logical Disk Manager Service uses

disk groups to maintain information about the current state of disks in your computer.

Support for MBR and GPT disks. Disk Management offers support for

master boot record (MBR) disks in x86-based computers and support for MBR and GUID partition table (GPT) disks in Itanium-based computers.

Manage disks at the command line. Use the command-line tool

DiskPart to perform disk-related tasks at the command line as an

alternative to using Disk Management. With DiskPart, you can create scripts to automate tasks, such as creating volumes or converting disks

to dynamic.

Best practices

Back up data

Deleting or creating partitions or volumes destroys any existing data. Be sure to back up the disk contents beforehand. As with any major change

to disk contents, you should back up the entire contents of the hard disk

before working with partitions or volumes, even if you do not plan to make any changes to one or more of your partitions or volumes.

Format volumes using the NTFS file system

Many features, such as file and folder permissions, encryption, large

volume support, and sparse file management, all found in Windows 2000 and Windows XP, require this file format.

Use dynamic disks

Several Disk Management tasks can be performed only with dynamic disks, including the ability to create fault-tolerant disks. Using dynamic

disks, you can create and delete simple, spanned, striped, mirrored, and

RAID-5 volumes. Dynamic disks do not contain partitions or logical drives, nor can they be directly accessed by computers running MS-DOS,

Windows 95, Windows 98, Windows Millennium Edition, Windows NT, or


Windows XP Home Edition, so you cannot start these operating systems

on dynamic disks. However, shared folders on dynamic disks are available across a network to computers running all of these operating

systems.

Registry Overview

Registry Editor is an advanced tool for viewing and changing settings in your

system registry, which contains information about how your computer runs. Windows stores its configuration information in a database (the registry) that is

organized in a tree format. Although Registry Editor enables you to inspect and

modify the registry, normally you do not need to do so, and making incorrect changes can break your system. An advanced user who is prepared to both edit

and restore the registry can safely use Registry Editor for such tasks as

eliminating duplicate entries or deleting entries for programs that have been

uninstalled or deleted.

Registry Editor overview

Registry Editor is an advanced tool for viewing and changing settings in your

system registry, which contains information about how your computer runs.

mk:@MSITStore:C:/WINDOWS/Help/regedit.chm::/HELP=glossary.hlp%20TOPIC=GLS_REGISTRY

ms-its:C:/WINDOWS/Help/regedit.chm::/HELP=glossary.hlp%20TOPIC=GLS_REGISTRY


Windows stores its configuration information in a database (the registry) that is

organized in a tree format. Although Registry Editor enables you to inspect and modify the registry, normally you do not need to do so, and making incorrect

changes can break your system. An advanced user who is prepared to both edit

and restore the registry can safely use Registry Editor for such tasks as eliminating duplicate entries or deleting entries for programs that have been

uninstalled or deleted.

Folders represent keys in the registry and are shown in the navigation area on

the left side of the Registry Editor window. In the topic area on the right, the entries in a key are displayed. When you double-click a entry, it opens an

editing dialog box.

You should not edit your registry unless it is absolutely necessary. If there is an error in your registry, your computer may not function properly. If this

happens, you can restore the registry to the same version you were using when

you last successfully started your computer. For instructions, see Related Topics.

Registry Editor Keys

The navigation area of the Registry Editor displays folders, each of which

represents a predefined key on the local computer. When accessing the registry

of a remote computer, only two predefined keys, HKEY_USERS and HKEY_LOCAL_MACHINE, appear.

Folder/predefined key Description

HKEY_CURRENT_USER

Contains the root of the configuration information for the user who is currently logged on. The user's

folders, screen colors, and Control Panel settings

are stored here. This information is referred to as a user's profile.

HKEY_USERS

Contains the root of all user profiles on the

computer. HKEY_CURRENT_USER is a sub key of

HKEY_USERS.

HKEY_LOCAL_MACHINE Contains configuration information particular to the computer (for any user).

HKEY_CLASSES_ROOT

Is a sub key of HKEY_LOCAL_MACHINE\Software.

The information stored here ensures that the

correct program opens when you open a file by using Windows Explorer.

ms-its:C:/WINDOWS/Help/regedit.chm::/HELP=glossary.hlp%20TOPIC=gls_registry_key

ms-its:C:/WINDOWS/Help/regedit.chm::/HELP=glossary.hlp%20TOPIC=gls_predef_key


HKEY_CURRENT_CONFIG Contains information about the hardware profile

used by the local computer at system startup.

The following table lists the data types currently defined and used by the system.

Data type Description

REG_BINARY

Raw binary data. Most hardware

component information is stored as

binary data and is displayed in Registry Editor in hexadecimal format.

REG_DWORD

Data represented by a number that is

4 bytes long. Many parameters for

device drivers and services are this

type and are displayed in Registry Editor in binary, hexadecimal, or

decimal format.

REG_EXPAND_SZ

A variable-length data string. This data

type includes variables that are resolved when a program or service

uses the data.

REG_MULTI_SZ

A multiple string. Values that contain

lists or multiple values in a form that people can read are usually this type.

Entries are separated by spaces,

commas, or other marks.

REG_SZ A fixed-length text string.

REG_FULL_RESOURCE_DESCRIPTOR

A series of nested arrays designed to

store a resource list for a hardware component or driver.

Caution

Incorrectly editing the registry may severely damage your system. Before

making changes to the registry, you should back up any valued data on

your computer.


Notes

To open Registry Editor, click Start, click Run, type regedit, and then

click OK. To safely use Registry Editor for such tasks as eliminating duplicate

entries or deleting entries for programs that have been uninstalled or

deleted, you should be prepared to both edit and restore the registry.

Best practices

In Windows, system configuration information is centrally located in the

registry. While this simplifies the administration of a computer or network, one incorrect edit to the registry can disable the operating system. The following list

provides some best practices for using the registry and Registry Editor safely:

Before making changes to the registry, make a backup copy.

You can back up the registry by using a program such as Backup. After you

make changes to the registry, create an Automated System Recovery (ASR)

disk. For troubleshooting purposes, keep a list of the changes you make to the registry. For more information, see System State data.

Do not replace the Windows registry with the registry of another version of the Windows or Windows NT operating systems.

Use tools and programs other than Registry Editor to edit the registry.

Incorrectly editing the registry may severely damage your system. You should use tools and programs that provide safer methods for editing the

registry.

Never leave Registry Editor running unattended.

Control Panel overview

Control Panel is full of specialized tools that are used to change the way Windows looks and behaves.

Some of these tools help you adjust settings that make your computer more

fun to use. For example, use Mouse to replace standard mouse pointers with animated icons that move on your screen, or use Sounds and Audio Devices to

replace standard system sounds with sounds you choose. Other tools help you

set up Windows so that your computer is easier to use. For example, if you are left-handed, you can use Mouse to switch the mouse buttons so that the

button on the right performs the primary functions of selecting and dragging.

ms-its:C:/WINDOWS/Help/regedit.chm::/HELP=glossary.hlp%20TOPIC=gls_application

ms-its:C:/WINDOWS/Help/regedit.chm::/HELP=glossary.hlp%20TOPIC=gls_uninstall

mk:@MSITStore:C:/WINDOWS/Help/regedit.chm::/HELP=glossary.hlp%20TOPIC=gls_registry

mk:@MSITStore:C:/WINDOWS/Help/regedit.chm::/CHM=ntbackup.chm;nofts.chm%20FILE=ntbackup_system_state.htm;windows_non_specific.htm


To open Control Panel, click Start and then click Control Panel. If your

computer is set up in Classic view using the more familiar Start menu, click Start, point to Settings, and then click Control Panel.

When you first open Control Panel, you will see some of the most commonly

used Control Panel items organized by category. To find out more information about an item in Control Panel while in Category view, hold your mouse pointer

over the icon or category name and read the text that appears. To open one of

these items, click its icon or category name. Some of these items will open to a

list of tasks you can perform, as well as a selection of individual Control Panel items. For example, when you click Appearance and Themes, you will see a

list of tasks such as Choose a screen saver along with individual Control

Panel items.

If you open Control Panel and do not see the item you want, click Switch to

Classic View. To open an item, double-click its icon. To find out more about an

item in Control Panel while in Classic Control Panel view, hold your mouse pointer over the icon and read the text that appears.

Each tool in Control Panel is represented by a .cpl file in the

Windows\System32 folder. The .cpl files in the Windows\System32 folder are loaded automatically when you start Control Panel.

NOTE: Occasionally, Windows uses entries in the [MMCPL] section of the

Control.ini file to load Control Panel files.

The following table lists the most common .cpl files, including all the .cpl files

that are included with Windows:

File name Purpose

Access.cpl Accessibility properties

Appwiz.cpl Add/Remove Programs properties

Desk.cpl Display properties

Hdwwiz.cpl Add Hardware properties

Inetcpl.cpl Internet properties

Intl.cpl Regional Settings properties

Irprops.cpl Infrared Port properties

(located in C:\Windows\Driver cache\I386\Driver.cab until you install an infrared device)

Joy.cpl Joystick properties


Main.cpl Mouse properties

Mmsys.cpl Multimedia properties

Ncpa.cpl Network Connections properties

Nusrmgr.cpl User Accounts properties

Nwc.cpl Gateway Services for NetWare properties

Odbccp32.cpl Open Database Connectivity (ODBC) Data Source Administrator

properties

Powercfg.cpl Power Options properties

Sapi.cpl Speech Properties (located in C:\Program files\Common files\Microsoft

Shared\Speech)

Sysdm.cpl System properties

Telephon.cpl Phone and Modem Options properties

Timedate.cpl Time and Date properties

Third-party software and hardware manufacturers add Control Panel icons to

provide an interface for you to use when you configure settings for their

products. An icon is displayed in Control Panel after the program's Setup tool places the .cpl file in the Windows\System32.

To create a shortcut to a Control Panel tool, either drag an icon from Control Panel to the desktop or another location or manually create a shortcut, and

then specify the path to the .cpl file.

Internal / External commands

To find information about a command, on the A-Z button menu at the top of

this page, click the letter that the command starts with, and then click the

command name.

In addition to the tools installed with Windows XP, there are over 40 support

tools included on the Windows XP CD. You can use these tools to diagnose and

resolve computer problems. For more information about these support tools, see Windows Support Tools For information about installing support tools, see

Install Windows Support Tools

http://technet.microsoft.com/en-us/library/bb490890.aspx



For more information about changes to the functionality of MS-DOS

commands, new command-line tools, command shell functionality, configuring the command prompt, and automating commmand-line tasks, see Command-

line reference

Some command-line tools require the user to have administrator-level privileges on source and/or target computers.

Command-line tools must be run at the prompt of the Cmd.exe command

interpreter. To open Command Prompt, click Start, click Run, type cmd, and

then click OK. To view help at the command-line, at the command prompt,

type the following:

Example : CommandName /?

Arp, Assoc, At, Atmadm, Attrib

Bootcfg, Break

Cacls, Call, Change, Chcp, Chdir, Chkdsk, Chkntfs, Cipher, Cls, Cmd, Cmstp,

Color, Comp, Compact, Convert, Copy, Cprofile, CScript

Date,Defrag,Del,Dir,Diskcomp,Diskcopy,DiskPart,Doskey,Driverquery

Echo,Endlocal,Eventcreate,Eventquery,Eventtriggers,Evntcmd,Exit,Expand

Fc,Filter,Find,Findstr,Finger,Flattemp,Format,Fsutil,Ftp,Ftype

Getmac,Goto,Gpresult,Gpupdate,Graftabl

Help,Helpctr,Hostname

If,Ipconfig,Ipseccmd,Ipxroute,Irftp

Label,Lodctr,Logman,Lpq,Lpr

Macfile,Mkdir(md),Mmc,Mode,More,Mountvol,Move,Msiexec,Msinfo32

Nbtstat,Netsh,Netstat,Nslookup,Ntbackup,Ntcmdprompt,Ntsd

Openfiles

Pagefileconfig,Path,Pathping,Pause,Pbadmin,Pentnt,Perfmon,Ping,Popd,Print,

Prncnfg, Prndrvr, Prnjobs,Prnmngr,Prnport,Prnqctl,Prompt,Pushd,

Query






























Rasdial,Rcp,Recover,Reg,Regsvr32,Relog,Rem,Rename,Replace,Rexec,Rmdir,

Route, Rsh,Rsm,Runas

Sc,Schtasks,Secedit,Set,Setlocal,Shift,Shutdown,Sort,Start,Subst,Systeminfo

,sfc

Taskkill,Tasklist,Tcmsetup,Telnet,Tftp,Time,Title,Tracerpt,Tracert,Tree,Type,

Typeperf

Unlodctr

Ver,Verify,Vol,Vssadmin

W32tm,Winnt,Winnt32,WMIC

Xcopy

In detail:

o at (windows XP/2000) Scheduling utility.

o bootcfg (XP only) This utility allows you to set up your boot options, such as your default OS and other loading options.

o cacls (XP, 2000, & NT4.0)

Changes the ACLs (security Settings) of files and folders. Very similar to chmod in Linux.

o comp (XP & 2000) This utility is very similar to diff in Linux. Use the /? switch to get examples of command usage.

o contig (works with NT4.0 and newer)

A great defrag utility for NTFS partitions. o control (XP only) - unpublished!

Allows you to launch control panel applets from the command line. control userpasswords2, for example will launch a helpful local user admin utility.

o defrag (XP only - NT4.0 and Win2k use contig) Yes, XP comes with a command line disk defrag utility. If you are running Win2k or NT4.0 there is still hope. Contig is a free defrag program that I describe on the defrag page.

o diskpart (XP only) Use this command to manage your disk partitions. This is the text version for the GUI Disk Manager.

o driverquery (XP only)

Produces a list of drivers, their properties, and their versions. Great for computer documentation.

http://www.networkclue.com/os/Windows/commands/cacls.aspx

http://www.networkclue.com/os/Linux/commands/

http://www.networkclue.com/os/Windows/commands/defrag.aspx#Contig

http://www.networkclue.com/os/Windows/commands/defrag.aspx


o eudcedit (XP only) - unpublished! Private Character editor. Yes with this program built into Windows XP you can create your own font!

o findstr

Find String - similar to Linux's Grep. o fsutil (XP only) - unpublished!

This is a utility with a lot of capability. Come back soon for great examples. o getmac (XP & 2000)

This command gets the Media Access Control (MAC) address of your network cards.

o gpresult (XP & 2000) This generates a summary of the user settings and computer group policy settings.

o gpupdate (XP only)

Use this utility to manually apply computer and user policy from your windows 2000 (or newer) domain.

o ipconfig (XP, 2000 & NT4.0) This handy tool displays IP settings of the current computer and much more.

o MMC (XP, 2000 & NT4.0) - Microsoft Management Console This is the master tool for Windows, it is the main interface in which all other tools use starting primarily in Windows 2000 and newer systems.

o more

Utility used to display text output one screen at a time. Ex. more c:\windows\win.ini

o msconfig (XP only) The ultimate tool to change the services and utilities that start when your Windows machine boots up. You can also copy the executable from XP and use it in Win2k.

o msinfo32 (XP &smp; 2000) An awesome diagnostic tool. With it you can get a list of running processes, including the residing path of the executable (great for manually removing malware) and get detailed information about hardware and system diagnostics.

o narrator (XP only) Turns on the system narrator (can also be found in accessibility options in control panel). Will will allow your computer to dictate text to you.

o netsh (XP & 2000)

A network configuration tool console. At the 'netsh>' prompt, use the '?' to list the available commands and type "exit" to get back to a command prompt.

o netstat (XP) A local network port tool - try netstat -ano.

o nslookup (all) A DNS name resolution tool.

o openfiles (XP Only) Allows an administrator to display or disconnect open files in XP professional. Type "openfiles /?" for a list of possible parameters.

http://www.networkclue.com/os/Windows/commands/findstr.aspx

http://www.networkclue.com/os/Windows/commands/ipconfig.aspx

http://www.networkclue.com/os/Windows/commands/mmc.aspx

http://www.networkclue.com/os/Windows/commands/msconfig.aspx

http://www.networkclue.com/os/Windows/commands/nslookup.aspx


o Pathping (XP & 2000) A cross between the ping and traceroute utilities. Who needs Neotrace when you can use this? Type "pathping <ip address>" and watch it go.

o recover (XP & 2000)

This command can recover readable information from a damaged disk and is very easy to use.

o reg (XP & 2000) A console registry tool, great for scripting Registry edits.

o sc (XP & 2000) A command line utility called the Service Controller. A power tool to make service changes via a logon/logoff or startup/shutdown script.

o schtasks (XP only)

A newer version of the AT command. This allows an administrator to schedule and manage scheduled tasks on a local and remote machines.

o secedit (XP & 2000) Use this utility to manually apply computer and user policy from your windows 2000 (or newer) domain. Example to update the machine policy: secedit /refreshpolicy machine_policy /enforce To view help on this, just type secedit. NOTE: In Windows XP SP1 and news, this command is superceded by: gpupdate /force

o sfc (XP & 2000)

The system file checker scans important system files and replaces the ones you (or your applications) hacked beyond repair with the real, official Microsoft versions.

o shutdown (XP & 2000)

With this tool, You can shut down or restart your own computer, or an administrator can shut down or restart a remote computer.

o sigverif (XP only) Microsoft has created driver signatures. A signed driver is Microsoft tested and approved. With the sigverif tool you can have all driver files analyzed to verify that they are digitally signed. Just type 'sigverif' at the command prompt.

o systeminfo (XP only) Basic system configuration information, such as the system type, the processor type, time zone, virtual memory settings, system uptime, and much more. This program is great for creating an inventory of computers on your network.

o sysedit (XP/2000) System Configuration File Editor. An old tool that was very handy for the Windows 9X days. msconfig is what you want to use now.

o tasklist (XP pro only)

Tasklist is the command console equivalent to the task manager in windows. It is a must have when fighting scumware and viruses. Try the command: tasklist /svc to view the memory resources your services take up.

http://www.networkclue.com/os/Windows/commands/sfc.aspx


o taskkill (XP only) Taskkill contains the rest of the task manager functionality. It allows you to kill those unneeded or locked up applications.

o tree (XP & 2000)

An amazing experience everyone should try! This command will provide a 'family tree' style display of the drive/folder you specify.

o WMIC (XP & 2000) Windows Management Instrumentation Command tool. This allows you to pull an amazing amount of low-level system information from a command line scripting interface.

Run Commands

Program Run Command

Accessibility Controls access.cpl

Accessibility Wizard accwiz

Add Hardware Wizard hdwwiz.cpl

Add/Remove Programs appwiz.cpl

Administrative Tools control admintools

Adobe Acrobat ( if installed ) acrobat

Adobe Distiller ( if installed ) acrodist

Adobe ImageReady ( if installed ) imageready

Adobe Photoshop ( if installed ) photoshop

Automatic Updates wuaucpl.cpl

Basic Media Player mplay32

Bluetooth Transfer Wizard fsquirt

Calculator calc

Ccleaner ( if installed ) ccleaner

C: Drive c:

Certificate Manager cdrtmgr.msc

Character Map charmap

Check Disk Utility chkdsk

Clipboard Viewer clipbrd

Command Prompt cmd

Command Prompt command

Component Services dcomcnfg

Computer Management compmgmt.msc

Compare Files comp

Control Panel control


Create a shared folder Wizard shrpubw

Date and Time Properties timedate.cpl

DDE Shares ddeshare

Device Manager devmgmt.msc

Direct X Control Panel ( if installed ) directx.cpl

Direct X Troubleshooter dxdiag

Disk Cleanup Utility cleanmgr

Disk Defragment dfrg.msc

Disk Partition Manager diskmgmt.msc

Display Properties control desktop

Display Properties desk.cpl

Display Properties (w/Appearance Tab Preselected ) control color

Dr. Watson System Troubleshooting Utility drwtsn32

Driver Verifier Utility verifier

Ethereal ( if installed ) ethereal

Event Viewer eventvwr.msc

Files and Settings Transfer Tool migwiz

File Signature Verification Tool sigverif

Findfast findfast.cpl

Firefox firefox

Folders Properties control folders

Fonts fonts

Fonts Folder fonts

Free Cell Card Game freecell

Game Controllers joy.cpl

Group Policy Editor ( xp pro ) gpedit.msc

Hearts Card Game mshearts

Help and Support helpctr

Hyperterminal hypertrm

Hotline Client hotlineclient

Iexpress Wizard iexpress

Indexing Service ciadv.msc

Internet Connection Wizard icwonn1

Internet Properties inetcpl.cpl

Internet Setup Wizard inetwiz

IP Configuration (Display Connection Configuration) ipconfig /all

IP Configuration (Display DNS Cache Contents) ipconfig /displaydns

IP Configuration (Delete DNS Cache Contents) ipconfig /flushdns


IP Configuration (Release All Connections) ipconfig /release

IP Configuration (Renew All Connections) ipconfig /renew

IP Configuration (Refreshes DHCP & Re-

Registers DNS) ipconfig /registerdns

IP Configuration (Display DHCP Class ID) ipconfig /showclassid

IP Configuration (Modifies DHCP Class ID) ipconfig /setclassid

Java Control Panel ( if installed ) jpicpl32.cpl

Java Control Panel ( if installed ) javaws

Keyboard Properties control keyboard

Local Security Settings secpol.msc

Local Users and Groups lusrmgr.msc

Logs You Out of Windows logoff

Malicious Software Removal Tool mrt

Microsoft Access ( if installed ) access.cpl

Microsoft Chat winchat

Microsoft Excel ( if installed ) excel

Microsoft Diskpart diskpart

Microsoft Frontpage ( if installed ) frontpg

Microsoft Movie Maker moviemk

Microsoft Management Console mmc

Microsoft Narrator narrator

Microsoft Paint mspaint

Microsoft Powerpoint powerpnt

Microsoft Word ( if installed ) winword

Microsoft Syncronization Tool mobsync

Minesweeper Game winmine

Mouse Properties control mouse

Mouse Properties main.cpl

MS-Dos Editor edit

MS-Dos FTP ftp

Nero ( if installed ) nero

Netmeeting conf

Network Connections control netconnections

Network Connections ncpa.cpl

Network Setup Wizard netsetup.cpl

Notepad notepad

Nview Desktop Manager ( if installed ) nvtuicpl.cpl

Object Packager packager

ODBC Data Source Administrator odbccp32


ODBC Data Source Administrator odbccp32.cpl

On Screen Keyboard osk

Opens AC3 Filter ( if installed ) ac3filter.cpl

Outlook Express msimn

Paint pbrush

Password Properties password.cpl

Performance Monitor perfmon.msc

Performance Monitor perfmon

Phone and Modem Options telephon.cpl

Phone Dialer dialer

Pinball Game pinball

Power Configuration powercfg.cpl

Printers and Faxes control printers

Printers Folder printers

Private Characters Editor eudcedit

Quicktime ( if installed ) quicktime.cpl

Quicktime Player ( if installed ) quicktimeplayer

Real Player ( if installed ) realplay

Regional Settings intl.cpl

Registry Editor regedit

Registry Editor regedit32

Remote Access Phonebook rasphone

Remote Desktop mstsc

Removable Storage ntmsmgr.msc

Removable Storage Operator Requests ntmsoprq.msc

Resultant Set of Policy ( xp pro ) rsop.msc

Scanners and Cameras sticpl.cpl

Scheduled Tasks control schedtasks

Security Center wscui.cpl

Services services.msc

Shared Folders fsmgmt.msc

Sharing Session rtcshare

Shuts Down Windows shutdown

Sounds Recorder sndrec32

Sounds and Audio mmsys.cpl

Spider Solitare Card Game spider

SQL Client Configuration clicongf

System Configuration Editor sysedit

System Configuration Utility msconfig


System File Checker Utility ( Scan Immediately ) sfc /scannow

System File Checker Utility ( Scan Once At Next Boot ) sfc /scanonce

System File Checker Utility ( Scan On Every

Boot ) sfc /scanboot

System File Checker Utility ( Return to Default Settings) sfc /revert

System File Checker Utility ( Purge File Cache ) sfc /purgecache

System File Checker Utility ( Set Cache Size to

Size x ) sfc /cachesize=x

System Information msinfo32

System Properties sysdm.cpl

Task Manager taskmgr

TCP Tester tcptest

Telnet Client telnet

Tweak UI ( if installed ) tweakui

User Account Management nusrmgr.cpl

Utility Manager utilman

Volume Serial Number for C: label

Volume Control sndvol32

Windows Address Book wab

Windows Address Book Import Utility wabmig

Windows Backup Utility ( if installed ) ntbackup

Windows Explorer explorer

Windows Firewall firewall.cpl

Windows Installer Details msiexec

Windows Magnifier magnify

Windows Management Infrastructure wmimgmt.msc

Windows Media Player wmplayer

Windows Messenger msnsgs

Windows Picture Import Wizard (Need camera

connected) wiaacmgr

Windows System Security Tool syskey

Windows Script host settings wscript

Widnows Update Launches wupdmgr

Windows Version ( shows your windows version

) winver

Windows XP Tour Wizard tourstart

Wordpad write

Zoom Utility igfxzoom

Date post:	08-Mar-2015
Category:	Documents
Upload:	jagadeeh-valasapalli
View:	57 times
Download:	4 times