BACK
Windows Operating Systems: 2003, XP, MCSE 2003
/ XP Pro notes, 2000
Upgrade pathes:
To XP |
FROM |
TO |
95 |
98 |
NT3.51 |
NT4 |
- 98
- ME
- NT4 SP5 (+)
- W2K PRO
|
XP |
To 2003 |
FROM |
TO |
- NT4 Server SP5 (+)
- NT4 Terminal Server SP5 (+)
- W2K Server
|
Windows 2003 Server |
Specs Overview:
| flavor |
Notes |
max RAM |
max HD |
64bit ? |
NLB |
Cluster-able? |
2003 WEB |
Can NOT be a DC; no Macintosh; no IAS; no RIS; no Media
services; no terminal serivices; no IAS; limited VPN |
|
|
|
yes |
NO |
| 2003 STANDARD |
Use this flavor for almost everything (except an obvious web server of
a CA or cluster or high RAM server) |
|
|
|
yes |
NO |
| 2003 ENTERPRISE |
Metadata services (MIIS) |
supports hot-swappable RAM; NUMA (Non-Uniform Memory Access) |
|
on Itanium |
yes |
YES |
| 2003 DATA CENTER |
OEM only; No ICF |
supports hot-swappable RAM; NUMA |
|
on Itanium |
yes |
YES |
XP PRO |
|
|
|
|
|
NO |
| XP HOME |
|
|
|
|
|
NO |
| XP 64bit |
|
|
|
|
|
|
| 2000 PROFESISONAL |
|
|
|
|
|
|
| 2000 STANDARD |
|
|
|
|
|
|
| 2000 ADVANCED |
|
|
|
|
|
|
| 2000 DATA CENTER |
|
|
|
|
|
|
Windows 2003 Server
Share permissions and file permissions:
- File permissions are generally NTFS permissions
- For local access (at console or when RDP'ed) all that applies are local
(file / NTFS) permissions
- When accessing over the network via a share both file and share permissions
matter
- With multiple file permissions the most generous or liberal or sweeping
wins or is granted. Deny allows supercedes allow
- With multiple share permissions the most generous or liberal or sweeping
wins or is granted. Deny allows supercedes allow
- When combing both file and share, the more restrictive or the two wins or
is granted
Microsoft Security Bulletin MS05-041: Vulnerability in Remote Desktop
Protocol Could Allow Denial of Service (899591)
http://www.microsoft.com/technet/security/Bulletin/MS05-041.mspx
HAL options after Windows XP or Windows Server
2003 Setup
http://support.microsoft.com/default.aspx?scid=kb;en-us;309283
Sysinternals Boot INI Options Reference
http://www.sysinternals.com/information/bootini.html
kerbtray.exe
- resource kit GUI
- displays TGT times and more
klist.exe
- resource kit CLI
- view and delete KRB tickets and more
Windows XP
The Wikipedia on XP
http://en.wikipedia.org/wiki/Windows_XP
Five editions of Windows XP compared
http://www.microsoft.com/windowsxp/evaluation/compare.mspx
MS HCL (sometimes broken links)
www.microsoft.com/hcl
http://www.microsoft.com/whdc/hcl/default.mspx
A sweet if slightly biased Windows XP Security Guide
http://mywebpages.comcast.net/SupportCD/SecureXP.html
Changes to Functionality in Microsoft Windows XP Service Pack 2
http://www.microsoft.com/downloads/details.aspx?FamilyID=7bd948d7-b791-40b6-8364-685b84158c78&DisplayLang=en
Windows XP Home Edition Utility: Setup Disks for Floppy
Boot Install
http://www.microsoft.com/downloads/details.aspx?FamilyID=e8fe6868-6e4f-471c-b455-bd5afee126d8
Windows XP Professional Utility: Setup Disks for Floppy
Boot Install
http://www.microsoft.com/downloads/details.aspx?FamilyID=55820edb-5039-4955-bcb7-4fed408ea73f
Managing Windows XP Service Pack 2 Features Using Group Policy lots
of goodies including IE6 config via GPO
http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/mangxpsp2/mngieps.mspx
User mode vs kernel mode (internal
link)
Some Stuff on Windows Services
NOTE: Windows Service = *NIX
Daemon
Windows Server 2003 default network services include:
- Automatic Updates - Monitors the availability of operating system patches.
When a patch is available, you are notified and are given the option to download
and install it.
- Background Intelligent Transfer Service (BITS) - Ensures that file transfers
do not overwhelm the capacity of the server.
- Computer Browser - Maintains the list of computers that appears in My Network
Places.
- DHCP Client - Enables Windows Server 2003 to obtain an IP address dynamically
from a Dynamic Host Configuration Protocol (DHCP) server.
- Distributed File System (DFS) - Allows file shares on multiple servers
to be viewed as a single logical structure. If Distributed File System (DFS)
is disabled, then this server cannot access shares through DFS.
- Distributed Transaction Coordinator (DTC) - Is used by programs to coordinate
transactions that occur on multiple servers. It ensures that all parts of
a transaction are completed.
- DNS Client - Enables Windows Server 2003 to resolve host names to IP addresses
by contacting a Domain Name System (DNS) server. It is also responsible for
caching previous DNS resolution requests.
- Error Reporting Services - Collects operating system errors and sends them
to Microsoft across the Internet.
- IPSec Services - Controls how Windows Server 2003 uses IP Security (IPSec)
to encrypt data transferred across the network. By default, network traffic
is not encrypted.
- Network Connections - Allows you to view and manage the network connections
in Control Panel.
- Network Location Awareness (NLA) - Makes it easier for developers to track
network information when they write applications.
- Remote Procedure Call (RPC) - Is used by application developers to communicate
with services on remote computers. If this service is stopped, many applications
will not function properly.
- Remote Registry - Allows remote editing of the registry.
- Server - Is used to share file and print services.
- TCP/IP NetBIOS Helper - Is required to support
NetBIOS services when using TCP/IP.
- Terminal Services - Is required for Remote Desktop, Remote Assistance,
and terminal server.
- Windows Time - Enables time synchronization between computers in an Active
Directory forest.
- Wireless Configuration - Manages the configuration of wireless networks
based on the 802.11 standard, as defined by the Institute of Electrical and
Electronics Engineers (IEEE). It provides the ability to roam easily from
one wireless network to another. This is not normally required on servers.
- Workstation - Is used to access file and print services on Windows servers
across the network. It is also required by some applications that access resources
across the network.
Additional network services running on domain controllers include:
- Background Intelligent Transfer Service (BITS) - This service is disabled
on domain controller.
- File Replication Service - Synchronizes the contents of the netlogon share
between domain controllers.
- Intersite Messaging - Is used to synchronize Active Directory information
between sites in an Active Directory forest.
- Kerberos Key Distribution Center - Performs the authentication and distributes
Kerberos keys to clients.
- Net Logon - Is responsible for providing authentication services and registering
service information in DNS.
Optional Services: (And service-like feature sets)
- Certificate services - Used to issue and manage certificates that are used
in the certificate issuing and control structure know as Public Key Infrastructure
(PKI).
- Clustering - Allows greater fault tolerance for applications.
- DHCP - An automated mechanism used to assign IP addresses to client computers.
Automating this process saves hours of work for a network administrator.
- DNS - Converts host names to IP addresses. Client computers require this
to access resources through a host name. Active Directory uses DNS to store
service location information.
- Internet Authentication Service (IAS) - Allows a company to use Active
Directory for centralized authentication of remote access clients on many
different remote access servers.
- Internet Connection Firewall (ICF) - Provides basic firewall protection
for small businesses.
- Internet Connection Sharing (ICS) - An automated way to set up DHCP, NAT,
and a DNS proxy for small networks.
- Internet Information Services (IIS) 6.0 - Provides support for Hypertext
Transfer Protocol (HTTP), which is used for web connectivity, and File Transfer
Protocol (FTP), which is used for file transfers.
- Load balancing has been added as a standard feature to all versions of
Windows Server 2003. Load balancing transparently spreads the traffic between
two or more servers. From the client, perspective, it appears as if there
is still only one server.
- Network Address Translation (NAT) allows an entire office of computers
to share a single IP address when accessing the Internet.
- Network bridging allows Windows Server 2003 to be used as a bridge to allow
multiple network segments to communicate without introducing the complexity
of routing.
- Point-to-Point Protocol over Ethernet (PPPoE) is used by many high-speed
Internet service providers (ISPs) to control traffic on their networks. ISPs
sell access to the Internet. Windows Server 2003 can access these networks
without installing third-party client software. This was not available in
Windows 2000 Server and is a new feature in Windows Server 2003.
- Routing and Remote Access Service (RRAS) allows Windows Server 2003 to
act as a router, VPN server, and dial-in server.
- Services for Macintosh - Allows Macintosh computers to communicate with
Windows Server 2003.
- Services for UNIX - Allows UNIX and Linux computers to communicate with
Windows Server 2003.
- Web Distributed Authoring and Versioning (WebDAV) allows documents to be
shared and managed using HTTP.
- Windows Server 2003 includes native support for XML Web services. Web services
are a standardized way to develop application components that can be accessed
across the Internet, and use Internet standards such as Extensible Markup
Language (XML), Simple Object Access Protocol (SOAP), Universal Description,
Discovery and Integration (UDDI), and Web Services Description Language (WSDL).
- Windows Internet Naming Service (WINS) acts as a central registry of Net-BIOS
name and service information. WINS is required on large networks with pre-Windows
2000 clients.
- Windows Media Services provides streaming audio and video. This is used
in combination with Windows Media Player on the client computers.
Deployment
See also upgrade pathes at the top of this page
WINNT
- WINNT is for launching the OS installer from a 16 bit Windows based OS
- WINNT32 is for launching the OS installer from a 32 bit Windows based OS
- Some more info (internal link)
- /unattend:<unattend.txt>
switch to specify and call an unattend.txt file for use during the install
- /udf:ID,<udf.txt> switch
to specify and call an unattend.txt file for use during the install
Workstation Migration Tools:
- USMT: User State Migration Tool
- FAST: File And Settings Transfer tool
Check out the deployment and planning guide in support tools on the
CD!
OS only vs. OS and loaded applications deployment. (more)
- Automated install
- Answer.txt
- udf
- how answer.txt and udf combine:
-
| answer.txt contains |
udf contains |
Result |
| Exists |
DNE |
From answer.txt |
| DNE |
Exists |
From udf.txt |
| Exists |
Exists |
From udf.txt |
| DNE |
DNE |
From install GUI user input |
- SYSPREP - System duplication preporation tool
- What Is Sysprep?
http://technet2.microsoft.com/WindowsServer/en/library/c03a5469-ef71-4545-b970-ce2add5e715c1033.mspx?mfr=true
- How to Use Sysprep: An Introduction
http://www.microsoft.com/technet/prodtechnol/winxppro/deploy/introduction.mspx
- Sysprep removes unique config settings such as SIDs and installs the
mini-setup wizard
- Build > copy to default profile > sysprep > clone > test
(OS, Apps, chkdsk, defrag, EULA, device manager
- sysprep.exe switches
- quiet: Runs Sysprep.exe without displaying on-screen messages.
- reboot: Forces the computer to restart automatically after the
image of the hard disk is installed and the Mini-Setup Wizard starts.
Restarting the computer is useful when you want to audit the computer's
functions and verify that the Mini-Setup Wizard is operating correctly.
You must run Sysprep.exe again to reset the Mini-Setup Wizard.
- nosidgen: Runs Sysprep.exe without generating a SID. You must use
this switch if you are not duplicating the hard disk on which you
are running Sysprep.exe.
- How to use the Sysprep tool to automate successful deployment of Windows
XP
http://support.microsoft.com/default.aspx?scid=kb;en-us;302577
- Copy the unattend.txt file created by the wizard to winnt.sif and add
it into a bootable .ISO to do a custom unattended OS install from CD without
needing a floppy
- (more)
- RIS (Remote Installation Service)
- PXE (or .\system32\reminst\rbfg.exe)
- DHCP, DNS, AD
- RIS
- .sif file?
- (more)
MCSE 2003 / XP Pro notes
- HAL options after Windows XP or Windows Server 2003 Setup
http://support.microsoft.com/?id=309283
- IE configuration options
- You can use the Privacy this tab to set a general policy as well as to
set policies for specific Web sites.
- You use the Security tab to define security settings for each Web content
zone as well as to add sites to each zone.
- You use the Content tab to manage Content Advisor settings and certificates.
You can also use the Content tab to activate the Microsoft Profile Assistant
and to define settings for the Autocomplete feature.
- You use the Connections tab to manage settings for dial-up networking
(DUN) and virtual private network (VPN) connections, proxy server settings,
and local area connection (LAN) settings.
- You use the Programs tab to define the programs to use for Internet services
such as e-mail, newsgroup access, calendars, and management of your contacts
list.
- You use the Advanced tab to define settings related to accessibility,
Web browsing, printing, searching from the address bar, and encryption.
- Copy/move permissions
- When NTFS files are copied to another NTFS location, whether on the
same partition or a different one, any established file permissions are
replaced by a set inherited by the destination folder's permission settings.
To retain a file's assigned permissions after relocation, you must move,
rather than copy, the file to another location on the same partition.
- FAT16 partitions cannot provide any file-level security; all NTFS permissions
associated with a given file, therefore, are lost completely when you
either copy the file to or move the file to a FAT partition.
- When you upgrade a Windows 98 computer running FAT or FAT32 to Windows
XP, Windows XP provides an uninstall tool and will not let you convert the
drive to NTFS at install time.
- Printing permissions
- "Print" permission gives users or groups the ability to not
only print their own documents, but also to pause, restart, or cancel
the documents before they're printed. This level of permission is appropriate
for the stated needs of the Marketing and Accounting departments. You
must also assign this permission to the Sales and Executive departments
to allow them to print documents.
- "Manage Documents" permission gives a user or group the ability
to re-prioritize print jobs and delete any or all documents due to be
printed. As such, then, this level of permission, along with the Print
permission, satisfies the needs of the Sales and Executive departments.
- A third level, "Manage Printer," includes the abilities to
enable printer sharing, configure the print device, and more.
- You should also remove the Everyone group from the printer's access
control list (ACL), since the Everyone group is assigned the Print permission
by default.
- Mount volume as a folder
- Can mount a volume in a empty NTFS folder only
- Upgrading from Windows 98 to Windows XP will not give you the option
to install with NTFS file system, so convert
c: /fs:ntfs. BTW, fsutil
is only available to NTFS formatted partitions.
- To use a dedicated user account for the Task Scheduler process you should
use the "AT Service Account" option in the advanced menu. The Task
Scheduler uses the System account, by default.
- You'd like to run a process that checks the new computer
for such incompatibilities before you attempt an upgrade. Microsoft provides
two tools for running compatibility checks on Win9x machines before upgrading
them to Windows XP Professional.
- One of these tools is the Windows Readiness Analyzer, available for
downloading from Microsoft's Web site.
- The other tool is the WINNT32.EXE
installer executable itself (available on the CD), which you can run with
a "/checkupgradeonly"
command-line switch.
- winnt32.exe /syspart copy
setup startup files to a hard disk, mark the disk as active, and then install
the disk onto another computer; when you start the computer onto which you
have installed the disk, it automatically starts with the next phase of setup
- you must additionally use the /tempdrive
parameter.
- Default initial perfmon counters
- Processor \ %Processor Time
- Memory \ Pages/sec
- PhysicalDisk \ Average Disk Queue Length
- Accessibility stuff:
-
| Accessibility Wizard |
Accessibility Options |
| Magnifier Feature |
X |
| personalized menus |
X |
| X |
Serial Keys |
| X |
mouse options |
| Bounce Keys |
Filter Keys |
- ToggleKeys used if you want an audible warning when you please caps lock,
num lock, scroll lock
- Windows XP Professional How-to Resources http://www.microsoft.com/technet/itsolutions/howto/winxphow.mspx
- To Disable The Notification Area Balloon Tips: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\
EnableBalloonTips\0
- Windows 2000's RunAs Service = Windows XP Secondary Logon Service
- The Language bar is a floating toolbar that appears on your desktop automatically
when you add handwriting recognition, speech recognition, or an Input Method
Editor (IME) as a method of inserting text. You can use the Language bar to
switch easily between tasks and perform tasks related to entering text. For
example, if you are entering text with a handwriting input device, use the
buttons on the Language bar to open the Writing Pad window, from which you
can insert handwritten text into your document. The buttons and options that
are displayed on the Language bar depend on the text services you have installed,
and on the program that is currently active.
- My Documents / Properties / Sharing tab / check "Make this folder
private so that only I have access to it"
- GUI: Disk Management / Convert to MBR disk = CLI: diskpart / list disk
/ select disk n / convert mbr
- Simple file sharing: Windows Explorer: Tools / Folder Options / View tab
/ Advanced Settings / clear or check the "Use simple file sharing (Recommended)"
- Start / Accessories / System Tools / Files and Settings Transfer Wizard.
Wizard helps you transfer files and settings from your old computer to your
new one. You can transfer settings for Microsoft Internet Explorer and Microsoft
Outlook Express, as well as desktop and display settings, dial-up connections,
and other types of settings. As you go through the wizard, you can select
the files and settings that you want to transfer.
- Device Driver Roll Back reinstalls the driver you were using previously
and restores any driver settings that were changed when you added the new
driver. Note that you cannot restore printer drivers with Device Driver Roll
Back. To roll back a device driver to a previous version:
- Log on to the computer by using an account with administrative privileges.
- Click Start, and then click Control Panel.
- Under Pick a category, click Performance and Maintenance.
- Under or pick a Control Panel icon, click System.
- On the Hardware tab, click Device Manager.
- In the device list, expand the device type branch that you want to work
with. For example, Display adapters.
- Right-click the device that you want to work with, and then click Properties.
- On the Driver tab, click Roll Back Driver. Click Yes when you receive the
following message:
- Are you sure you would like to roll back to the previous driver?
- The previous device driver is restored. Click Close.
- Quit Device Manager, and then click OK.
- The netstat.exe utility
has a new switch, the -o switch,
that can display the process identifier (ID) that is associated with each
connection.
- EFI = Extensible Firmware Interface, a partition on IA64-based computer.
- The Cipher.exe utility that is included with Windows XP provides the ability
to overwrite deleted data. cipher
/w:driveletter:\foldername. May work on unencrypted deleted
files too.
BACK