70-270

Exam Objectives:
This exam measures your ability to accomplish the technical tasks listed below.

Installing Windows XP Professional

 Perform and troubleshoot an attended installation of Windows XP Professional.

 Perform and troubleshoot an unattended installation of Windows XP Professional.
o Install Windows XP Professional by using Remote Installation Services (RIS).
o Install Windows XP Professional by using the System Preparation Tool.
o Create unattended answer files by using Setup Manager to automate the installation of
Windows XP Professional.
 Upgrade from a previous version of Windows to Windows XP Professional.
o Prepare a computer to meet upgrade requirements.
o Migrate existing user environments to a new installation.
 Perform post-installation updates and product activation.
 Troubleshoot failed installations.

Implementing and Conducting Administration of Resources

 Monitor, manage, and troubleshoot access to files and folders.

o Configure, manage, and troubleshoot file compression.
o Control access to files and folders by using permissions.
o Optimize access to files and folders.
 Manage and troubleshoot access to shared folders.
o Create and remove shared folders.
o Control access to shared folders by using permissions.
o Manage and troubleshoot Web server resources.
 Connect to local and network print devices.
o Manage printers and print jobs.
o Control access to printers by using permissions.
o Connect to an Internet printer.
o Connect to a local print device.
 Configure and manage file systems.
o Convert from one file system to another file system.
o Configure NTFS, FAT32, or FAT file systems.
 Manage and troubleshoot access to and synchronization of offline files.

Implementing, Managing, Monitoring, and Troubleshooting Hardware Devices and Drivers

 Implement, manage, and troubleshoot disk devices.

o Install, configure, and manage DVD and CD-ROM devices.
o Monitor and configure disks.
o Monitor, configure, and troubleshoot volumes.
o Monitor and configure removable media, such as tape devices.
 Implement, manage, and troubleshoot display devices.
o Configure multiple-display support.
o Install, configure, and troubleshoot a video adapter.
 Configure Advanced Configuration Power Interface (ACPI).
 Implement, manage, and troubleshoot input and output (I/O) devices.
o Monitor, configure, and troubleshoot I/O devices, such as printers, scanners,
multimedia devices, mouse, keyboard, and smart card reader.
o Monitor, configure, and troubleshoot multimedia hardware, such as cameras.
o Install, configure, and manage modems.
 o Install, configure, and manage Infrared Data Association (IrDA) devices.
o Install, configure, and manage wireless devices.
o Install, configure, and manage USB devices.
o Install, configure, and manage hand held devices.
o Install, configure, and manage network adapters.
 Manage and troubleshoot drivers and driver signing.
 Monitor and configure multiprocessor computers.

Monitoring and Optimizing System Performance and Reliability

 Monitor, optimize, and troubleshoot performance of the Windows XP Professional desktop.

o Optimize and troubleshoot memory performance.
o Optimize and troubleshoot processor utilization.
o Optimize and troubleshoot disk performance.
o Optimize and troubleshoot application performance.
o Configure, manage, and troubleshoot Scheduled Tasks.
 Manage, monitor, and optimize system performance for mobile users.
 Restore and back up the operating system, System State data, and user data.
o Recover System State data and user data by using Windows Backup.
o Troubleshoot system restoration by starting in safe mode.
o Recover System State data and user data by using the Recovery console.

Configuring and Troubleshooting the Desktop Environment

 Configure and manage user profiles and desktop settings.

 Configure support for multiple languages or multiple locations.
o Enable multiple-language support.
o Configure multiple-language support for users.
o Configure local settings.
o Configure Windows XP Professional for multiple locations.
 Manage applications by using Windows Installer packages.

Implementing, Managing, and Troubleshooting Network Protocols and Services

 Configure and troubleshoot the TCP/IP protocol.

 Connect to computers by using dial-up networking.
o Connect to computers by using a virtual private network (VPN) connection.
o Create a dial-up connection to connect to a remote access server.
o Connect to the Internet by using dial-up networking.
o Configure and troubleshoot Internet Connection Sharing (ICS).
 Connect to resources by using Internet Explorer.
 Configure, manage, and implement Internet Information Services (IIS).
 Configure, manage, and troubleshoot Remote Desktop and Remote Assistance.
 Configure, manage, and troubleshoot an Internet Connection Firewall (ICF).

Configuring, Managing, and Troubleshooting Security

 Configure, manage, and troubleshoot Encrypting File System (EFS).

 Configure, manage, and troubleshoot a security configuration and local security policy.
 Configure, manage, and troubleshoot local user and group accounts.
o Configure, manage, and troubleshoot auditing.
o Configure, manage, and troubleshoot account settings.
o Configure, manage, and troubleshoot account policy.
o Configure, manage, and troubleshoot user and group rights.
 o Troubleshoot cache credentials.
 Configure, manage, and troubleshoot Internet Explorer security settings.

Installation of Windows XP Professional

This article covers attended installations of Windows XP Professional from a CD-ROM.

Installing Windows XP Professional from a CD-ROM to a clean hard disk consists of these four
stages:

Running the Setup program - Partitions and formats the hard disk (if required) for the installation
to proceed and copies the files necessary to run the Setup Wizard.

Running the Setup Wizard - Requests setup information about the local workstation where the
installation is taking place.

Networking components - Installs the networking components that allow the computer to
communicate with other computers on the local network.

Completing the installation - This final phase copies files to the hard drive and configures the final
stages of the setup.

There are some noted differences in the Windows XP Professional installation and older Windows NT4
and Windows Professional installations.

The design of the installation program assumes that your system has the ability to boot directly from a
CD-ROM or that you will use a Windows 95/98/ME boot floppy to begin installing from a CD. The
ability to directly create setup floppies has been dropped from Windows XP. Setup boot disks are
available only by download from Microsoft. The Setup boot disks are available so that you can run
Setup on computers that do not support a bootable CD-ROM.

There are six Windows XP Setup boot floppy disks. These disks contain the files and drivers that are
required to access the CD-ROM drive through generic PCI drivers and begin the Setup process.

If your computer does support booting from a CD-ROM, or if network-based installation is available,
Microsoft recommends that you use those installations methods.

Setup will not prompt the user to specify the name of an installation folder unless you are performing
an unattended installation or using winnt32 to perform a clean installation.

By default, the Setup Wizard installs the Windows XP Professional operating system files in the
WINDOWS folder. If this folder exists on the partition you have chosen for the install, setup will warn
you that you are about to overwrite the current operating system installed on that partition. In order
to keep it (e.g. dual or multi booting scenario) you would need to choose another partition for the
installation.

To start the Setup program, insert the Windows XP Professional installation CD-ROM in your CD-ROM
drive

If an operating system is detected on the hard drive, the following message will appear:

In this scenario, you would need to press any key on the keyboard to continue with the CDROM
installation.

After the computer starts, a minimal version of Windows XP Professional is copied into memory. This
version of Windows XP Professional starts the Setup program.

After all of the files are copied and the system is restarted, the text-mode portion of Setup is started
which prompts you to read and accept a licensing agreement.

You would select "F8-I agree" to continue. (If you elect not to accept the agreement, the installation
will end)

You are then prompted to select a partition on which to install Windows XP Professional. You can
select an existing partition or create a new partition by using any unpartitioned free space on the hard
drive(s).
(The above example shows a partitioned and formatted drive)

Once a partition has been selected the next step is to select a file system for the new partition. Next,
Setup formats the partition with the selected file system. (This would assume that a file system didn't
currently exist. In this example, one already does and it is formatted in NTFS so I have elected to
leave it as is. Any formatting done here during setup will destroy any existing data on the partitions
formatted.)

From here Setup copies files to the hard disk and saves configuration information.
Setup restarts the computer once the file copy is completed and then starts the Windows XP
Professional Setup Wizard, the graphical user interface (GUI) portion of Setup.

The GUI-based Windows XP Professional Setup Wizard is the next stage of the installation process.
Regional settings - In this section you are able to customize settings to your language and where
you live as well as setup Windows XP Professional to use multiple languages and regional settings.

Personalize your Software - In this section you can enter the name of the person and the
organization to which this copy of Windows XP Professional is licensed. This can be your own name
and nothing in the organization field or the name of the company in both places if this installation is
being performed in a place of business. Software installed on the system later will often use this
information for product registration and document identification.
Your Product Key - This page is where you enter your 25-character product key in order to install
the software.

If you incorrectly type the key, an error message will be generated.

Computer Name And Administrator Password - Here you enter a name for the computer or use
the auto generated one that Windows XP Professional provided.

The computer name will always display in all uppercase letters, no matter how you type it. The name
is not case sensitive.
In the Administrator Password box on the same screen, you will enter the password to be used for the
administrator account and in the Confirm Password box you will re-enter it to make sure that it is
entered correctly.

If the passwords do not match, the above error message will appear and you will need to enter them
again.
Modem Dialing Information - This section will begin only if an installed modem has been found on
your system.

Enter the correct country or region if it is not selected. (It should match your selection from the
Regional settings page.) Type your area code or city code and any number you might need to dial to
get an outside line. You can also select either tone or pulse dialing on this page as well.

Date and Time Settings - This section of Setup allows you to verify that the correct date, time and
time zone are entered and whether or not the system should adjust itself automatically at the daylight
savings times events each year.

Network Settings - The next section of setup deals entirely with installing the Windows XP
Professional networking components on your system.

Installing Windows XP Professional networking components involves the following processes:

Detect network adapter cards - The Setup Wizard detects and configures any network adapter
cards installed on the computer. By default, it attempts to locate a DHCP server on the network. If
none is found it will use an Automatic Private IP Addressing (APIPA) IP address. (The APIPA IP address
feature of Windows XP Professional automatically configures a unique IP address from the range
169.254.0.1 to 169.254.255.255 and a subnet mask of 255.255.0.0 when TCP/IP is configured for
dynamic addressing and a DHCP server is not available.)

Select networking components - The Setup Wizard prompts you to choose typical or customized
settings for networking components.

The Typical (selected by default) installation includes the following options:

 Client For Microsoft Networks. Allows your computer to access network resources .
 File And Printer Sharing For Microsoft Networks. Allows other computers to access file and
print resources on your computer.
 QoS Packet Scheduler. Helps provide a guaranteed delivery system for network traffic, such as
Internet Protocol (TCP/IP) packets.
 Internet Protocol (TCP/IP). Allows your computer to communicate over local area networks
(LANs) and wide area networks (WANs). TCP/IP is the default networking protocol.

You can install other clients, services, and network protocols during the Windows XP Professional
installation by choosing CUSTOM, but it is recommended that you wait until after the installation has
completed to add additional services. (The exception would be if the lack of these services would
prevent the system from coming online to your network properly upon restart.)

Workgroup or Computer Domain - This section allows you to choose to join a domain for which you
have administrative privileges or to join a local workgroup. You can create the computer account in
the domain you are joining ahead of time or during installation. (The Setup Wizard prompts you for
the name and password of a user account with authority to add domain computer accounts if you elect
to create the account during the Windows XP Professional installation).
After installing the networking components, Setup starts the final steps of the installation process,
which include:

 Installs Start menu items - Shortcuts that will appear on the Start menu are installed and
configured during this stage.
 Registers components - The configuration settings that you specified earlier during the install
are configured now.
 Saves the configuration - The Setup Wizard saves your entered configuration settings. Once
the system is restarted, the computer uses this configuration by default.
 Removes temporary files - Any files used by the Setup Wizard that are no longer needed are
deleted.
 Restarts the computer - The computer is automatically restarted. This is the final step of the
Setup Wizard.

Upon restart, the computer will either boot directly to Windows XP Professional or it will bring up the
operating system selection window (the text of the BOOT.INI file) if you have more than one operating
system installed.

After you start Windows XP for the first time, you will come to the Welcome to Microsoft Windows
screen to finish setting up your computer. Click on the Green NEXT arrow at the bottom right hand
corner of the display.

The system will then check to see how you will connect to the Internet. If Windows cannot detect the
settings it will prompt you for input. (You can also select SKIP to by pass this section).

The Registration of your Windows XP Professional software IS NOT REQUIRED. You can skip this step
and never go back to it.

The Windows Product Activation screen appears next. Windows Product Activation has been designed
by Microsoft it protect their intellectual property as much as possible from software piracy. According
to Microsoft through the setup feature, you do not need to send any information at all when you
activate the product, not even a name. This step is required, at this time or within the first 30 days.

If you decide to skip this registration step now, you will only be able to use Windows XP Professional
for 30 days. At that time, the operating system will not function without activating the product. You
will have no other option but to either blow the partition away and reinstall the OS for another 30 days
or activate the software.

If you skip this step, Windows XP will periodically remind us during our 30-day period to Activate the
product.
The next screen we are brought to is the Internet Access screen, which allows us to configure our
Internet connection at this time as well. You do have the option to skip this step as well.

The next screen that appears is the User Setup screen. On this setup page you are able to enter the
name of each person that will have local access to this computer. If you choose to do this now,
Windows XP Professional would create a separate user account for each name entered.

These names would first appear on the Welcome Screen in alphabetical order. At that point, users
would be able to select their name from the Welcome screen to use the computer. The local
administrator can use User Accounts in the system Control Panel to assign these users with passwords
and system permission limits. It is also where additional users can be created, in lieu of doing here or
in addition to entering some here.

At least one name needs to be entered.

This first user becomes a local administrator by default.

Best of luck in your studies and please feel free to contact me with any questions on my article and
remember, "If a bad guy can alter the operating system on your computer, it may not be your
computer anymore"

Upgrading to Windows XP Professional

Before we get started with a direct upgrade to Windows XP Professional we need to know which
operating systems support a direct upgrade.
Windows XP Supported Upgrade Paths

The following direct upgrade paths are supported by Microsoft and are considered viable for both the
Windows XP Professional and Windows XP Home operating systems.

Microsoft Windows 98

Microsoft Windows 98 Second Edition

Microsoft Windows Millennium Edition

 Windows XP Home Edition Retail (Full) Version

 Windows XP Home Edition Upgrade Version
 Windows XP Professional Retail (Full) Version
 Windows XP Professional Upgrade Version

Microsoft Windows NT 4.0 Workstation

 Windows XP Professional Retail (Full) Version

 Windows XP Professional Upgrade Version

Microsoft Windows 2000 Professional

 Windows XP Professional Retail (Full) Version

 Windows XP Professional Upgrade Version

Microsoft Windows XP Home Edition

 Windows XP Professional Retail (Full) Version

 Windows XP Professional Upgrade Version

All Versions of Windows NT 4.0 require Service Pack 5 to be installed prior to upgrading to Windows
XP.

Currently, there are no supported direct upgrade paths for the following Microsoft operating systems:

Microsoft Windows 3.x

Microsoft Windows NT 3.51 Workstation

Microsoft Windows NT 3.51 Server

Microsoft Windows NT 3.51 Server with Citrix

Microsoft Windows 95

Microsoft BackOffice Small Business Server

Having this information available or knowing where to look it up is important before you get started.

[NOTES FROM THE FIELD] - I often get the question, "how do you know all of this stuff", when I am
working with desktop or system admins. The truth is, I often do not know the information off the top
of my head. Sometimes I do, and it is often due to the fact that many people throughout the course of
the year come to ask me different questions and because many of them are repetitive I often have
immediate recall of them. Many times, (more often than not) I don't remember the answer, but I have
a vague idea of where I looked it up when I was asked it before and I head right "battle" is knowing
where to look up the information when you need it. If you can do that, you're ahead of the game and
ahead of most other people you might work with.

Once you are certain that the operating system you're currently using can be directly upgraded to
Windows XP Professional, you then need to be sure that the installed system hardware meets the
minimum Windows XP Professional hardware requirements by verifying all of the hardware is on
theHardware Compatibility List (HCL) at the Microsoft website.

Windows XP Professional supports only the devices listed in the HCL. If your hardware isn't listed,
contact the hardware manufacturer and request a Windows XP Professional driver.

Support means that while the operating system may load and run on unsupported hardware and
software, any issues that come up with the system will not be covered (i.e. supported) by Microsoft
Technical Support if you should need to engage them.

You can test the computer for compatibility by using the Windows XP Professional Compatibility tool.
During a system upgrade you will see the option for this on the introductory screen. (You also run the
tool from the command line by typing <CDROM DRIVE>:\i386\winnt32 /checkupgradeonly. You can
perform just the check and then exit the tool without installing the operating system, if you wish.)

If you have AUTORUN enabled on your system the Welcome to Microsoft Windows XP setup screen will
appear.

The Windows XP Professional Compatibility tool can be run by selecting Check system compatibility
and then Check my system automatically.
If any issues are found they will be reported in the Microsoft Windows Upgrade Advisor Compatibility
window.
During an OS upgrade on a system with pre-installed software, you can use upgrade packs to make
the existing software compatible with Windows XP Professional. Upgrade packs are usually available
from the appropriate software manufacturers. You can also get updated setup files from Microsoft
during the upgrade installation if you are connected to the internet.

As time passes from the point of original software distribution, (many vendors often call the first
official release of a software platform as a GOLD distribution) many files may be updated before a
Second edition of the software (such as Windows 98 Second Edition) or a service release (Office XP
Professional SR1.) is distributed. Dynamic update allows you to do this as you start your installation.
You can also elect to not perform it during the installation, in order to do so at a later time.
The next point of the Upgrade installation is the setup type. Even though you are within an existing
operating system, you are not forced to upgrade to the new operating system. You can choose the
option to perform a clean installation at this point. (The default recommended option is Upgrade, as
shown above.)
The next page is the License Agreement, where you will need to click I Accept This Agreement, in
order to continue.

Next, you will need to enter your 25-character product key on the product Key page.

The next phase from here will vary slightly depending on whether you are upgrading from a Windows
9x system, where you will be asked whether you want to upgrade to the NTFS file system from your
FAT or FAT32 partition, or if you are upgrading from Windows NT4 and already using NTFS, you will be
displayed with the Upgrading To The Windows XP Professional NTFS File System page.

After you choose how you wish to handle the file system upgrade, setup will continue, reboot the
computer and finish the upgrade of your system on its own.

Additional Installation Methods of Windows XP Professional

This article covers the additional installation methods of Windows XP Professional of over the network
installations and automating installations using Windows Setup Manager.

Installing Windows XP Professional over the Network

Before you can begin a network installation of Windows XP Professional, you need to copy the
Windows XP Professional installation files to a server, normally a file or distribution server, and share
out the directory so that people who need to perform an over the network installation can attach to
the share. (These people will also need the proper level of Folder and NTFS permissions to attach to
the share.)

The distribution server share will need to contain the installation files from the I386 folder on the
Windows XP Professional CD-ROM.

From the target system, you connect to this shared directory and then run the Setup program.

The target system needs to be prepared ahead of time in order to be successful with an over the
network installation. First, you need to create a FAT or FAT32 partition on the target computer of at
least 1.5 GB of disk space and format it ahead of time and you also need to either boot from a client
diskette that includes a network client that enables the target computer to connect to the distribution
server or install the client directly to the local system hard drive with some sort of system installed,
such as formatting the hard drive with a Windows 9x boot disk with the "s" switch.

(FORMAT /S Copies system files to the formatted disk to make a boot disk. This also works on a local
hard drive).

The preferred method is to boot from a client diskette that includes a network client that enables the
target computer to connect to the distribution server.

(As we continue from here, we will assume we are using the preferred methods of installation. As
variables come up, I will mention them as a side note.)

The Setup program copies the installation files to the target computer, which is why you need to
create a FAT or FAT32 partition on the target computer of at least 1.5 GB of disk space and format it
ahead of time.

You begin from the target computer by booting from a floppy disk that includes a network client that
can be used to connect to the distribution server. Once the network client on the target computer is
started, you connect to the shared folder on the distribution server that contains the Windows XP
Professional installation files and Run WINNT.EXE to start the Setup program.

[NOTES FROM THE FIELD] - WINNT.EXE is used for an installation using MS-DOS or Windows 3.0 or
later versions on the source system. WINNT32.EXE is run for an installation using Microsoft Windows
95, Windows 98, Microsoft Windows Me, Windows NT 4, or Windows 2000 Professional.

Running WINNT.EXE from the shared folder does creates the $Win_nt$.~ls temporary folder on the
target computer and the Windows XP Professional installation files are copied from the shared folder
on the distribution server to the $Win_nt$.~ls folder on the target computer. Once all of the files are
copied to the target system, setup will reboot the local computer and begin installing the Windows XP
Professional operating system.

[NOTES FROM THE FIELD] - WINNT.EXE and WINNT32.EXE can be modified by using switches. I
have outlined the available switches below.

Modifying the Setup Process Using WINNT.EXE switches

Switch Function

/a Enables accessibility options.

Specifies an optional folder to be copied and saved. The folder remains after Setup
/r[:folder]
is finished.

Specifies the optional folder to be copied. The folder is deleted after Setup is
/rx[:folder]
finished.

Specifies the source location of Windows XP Professional files. This must be a full
/s[:sourcepath]
path x:\[path] or \\server\share\[path]. The default is the current folder location

Specifies a drive to contain temporary setup files and directs the Setup program to
/t[:tempdrive] install Windows XP Professional on that drive. If you do not specify a drive, Setup
attempts to locate the drive with the most available space by default.

Performs an unattended installation. (Requires the /s switch.) The answer file

/u[:script_file] provides answers to some or all of the prompts that the end user normally
responds to during Setup.

Indicates an identifier (id) that Setup uses to specify how a Uniqueness Database
File (UDF) modifies an answer file. The /udf parameter overrides values in the
/udf:id[,UDF_file] answer file, and the identifier determines which values in the UDF file are used. If
you do not specify a UDF_file, Setup prompts you to insert a disk that contains the
$UNIQUE$.UDB file.

Modifying the Setup Process Using WINNT.EXE32 switches

Switch Function

Checks your computer for upgrade compatibility for Windows XP

Professional.

 On Windows 98 or Windows Me upgrade checks, the default

/checkupgradeonly
filename is UPGRADE.TXT in the %systemroot% folder.
 For Windows NT 4 or Windows 2000 upgrades, the default
filename is NTCOMPAT.TXT in the %systemroot% folder.

/cmd:command_line Specifies a specific command that Setup is to run. This command is run
 after the computer restarts and after Setup collects the necessary
configuration information.

Copies to the hard disk the files for the Recovery Console, which is used for
/cmdcons repair and recovery as a Startup option after the Windows XP Professional
installation has been completed.

Creates an additional folder within the %systemroot% folder, which

contains the Windows XP Professional system files. You can use the
/copydir:foldername
/copydir switch to create as many additional folders within the
%systemroot% folder as you want.

Creates an additional folder within the %systemroot% folder. Setup deletes

/copysource:foldername
folders created with /copysource after installation is complete.

Creates a debug log at the specified level. By default, the debug log file is
C:\WINNT32.LOG and the default level is 2. Includes the following levels:

 0 (severe errors)
 1 (errors)
/debug[level] [:file_name]
 2 (warnings)
 3 (information)
 4 (detailed information for debugging)

Each level includes the level below it.

Prevents Dynamic Update from running. Without Dynamic Updates, Setup

runs only with the original Setup files. This option disables Dynamic Update
/dudisable
even if you use an answer file and specify Dynamic Update options in that
file.

Specifies a share on which you previously downloaded Dynamic Update

files from the Windows Update Web site. When run from your installation
share and used with /prepareinstall, it prepares the updated files for use in
/dushare: pathname
network-based client installations. When used without /prepareinstall and
run on a client, it specifies that the client installation will use the updated
files on the share specified in pathname.

Prepares an installation share for use with Dynamic Update files that you
downloaded from the Windows Update Web site. You can use this share for
/duprepare: pathname
installing Windows XP Professional for multiple clients and it can only be
used with /dushare).

Instructs Setup to copy replacement files from an alternate location.

/m:foldername Directs Setup to look in the alternate location first and, if files are present,
to use them instead of the files from the default location.

Instructs Setup to copy all installation source files to the local hard disk.
/makelocalsource Use this switch when installing from a CD-ROM to provide installation files
when the CD-ROM is not available later in the installation.

Prevents Setup from restarting the computer after completing the file-copy
/noreboot
phase.

Specifies the source location of Windows XP Professional installation files.

To simultaneously copy files from multiple paths, use a separate /s switch
/s:sourcepath for each source path. If you type multiple /s switches, the first location
specified must be available or the installation will fail. You can use a
maximum of eight /s switches.

/syspart:[drive_letter] Copies Setup startup files to a hard disk and marks the drive as active. You
 can then install the drive in another computer. When you start that
computer, Setup starts at the next phase. Using /syspart requires the
/tempdrive switch. You can use syspart on computers running Windows NT
4, Windows 2000, Windows XP Professional, or Windows 2000 Server. You
cannot use it on computers running Windows 95, Windows 98, or Windows
Me.

Places temporary files on the specified drive and installs Windows XP

/tempdrive:drive_letter
Professional on that drive.

Performs an unattended installation. The answer file provides your custom

specifications to Setup. If you don't specify an answer file, all user settings
are taken from the previous installation. You can specify the number of
/unattend [number]:
seconds between the time that Setup finishes copying the files and when it
[answer_file]
restarts with [number]. You can specify the number of seconds only on
computers running Windows 98, Windows Me, Windows NT 4, or Windows
2000 that are upgrading to a newer version of Windows XP Professional.

Indicates an identifier (id) that Setup uses to specify how a UDF modifies
an answer file. The UDF file overrides values in the answer file, and the
/udf:id[,udb_file] identifier determines which values in the UDF file are used. If you do not
specify a UDF file, Setup prompts you to insert a disk that contains the
$UNIQUE$.UDF file.

For the most part, an over the network installation of Windows XP Professional from this point forward
is almost perfectly identical to installing Windows XP Professional from a CD-ROM to a clean hard disk.
For more information, you can take a look at my article Attended Install of Windows XP
Professional.

Installing Windows XP Professional using Windows Setup Manager.

Using the Windows Setup Manager will help you automate certain Windows XP Professional
installations. In order to use the Windows Setup Manager you need to install the Windows XP
Professional Deployment Tools from the Windows XP Professional CD-ROM.

To start, you need to log on with a user account that is a member of the Administrators group and
insert the Windows XP Professional CD-ROM in the CD-ROM drive. (If you have AUTORUN enabled the
Welcome To Microsoft Windows XP screen, shown below, will appear. Click Exit to close it).
Open the Windows Explorer and create the folder where the files can be extracted to.

The E:\Setup Tools folder in our example will be used to contain the files extracted from DEPLOY.CAB
on the Windows XP Professional CD-ROM. (You can also choose to create a new folder to where you
want to extract the files when you open the CAB files. We have performed this step ahead of time in
the example)
Double-click :\Support\Tools\Deploy.CAB. The cabinet file will open in the explorer window and show
all of the files. Select them all and right click and choose EXTRACT.

The Select a Destination window will open. Select the E:\Setup Tools folder we created earlier as the
point where to extract the tools to. (Or, as I mentioned before, you could select Make New Folder at
this point as well).
When you have finished, the following files will appear in the folder.

We will use setupmgr.exe, the Windows System Manager, to create an unattended setup script.
Double clicking the on the executable will start the Windows Setup Manager Wizard.
Clicking Next will bring up the New Or Existing Answer File page. Since we do not have an existing
answer file, we will elect to create a new one and continue.
We are then presented with three different options on the Product to Install page. Since we are
creating an answer file for a Windows Unintended Installation (which is selected by default) we will
keep this setting and continue.
On the Platform page we will choose our platform for the answer file. (This will be Windows XP
Professional, but you are supplied with the options for Windows XP Home Edition and Windows 2002
Server, Advanced Server or Data Center when you use setupmgr.exe, the Windows System Manager,
from the Windows XP Professional CDROM).
On the User Interaction Level page, the following five options are displayed:

Provide Defaults. This setting causes default selections to appear to the end user as the operating
system installs itself on a workstation. The user can accept the default answers or change any of the
answers supplied by the script.

Fully Automated. A Fully Automated installation does not allow the user the chance to review or
change the answers supplied by the script.

Hide Pages. This setting causes default selections to be hidden. Pages for which the script supplies all
answers are hidden from the user.

Read Only. Pages for which the script supplies all answers are viewable by the user but the user
cannot change the answers.

GUI Attended. The text-mode portion of the installation is automated, but the user must supply the
answers for the GUI-mode portion of the installation.

We will choose FULLY AUTOMATED and continue.

On the Distribution Folder page you can create a distribution folder on your local computer or network
containing the required source files. You can add files to this distribution folder to further customize
your installation.

For this demonstration we will select, No This Answer File Will Be Used To Install From A CD, and then
click Next to continue.
On the License Agreement page you will need to select the checkbox to accept the terms of the
License Agreement in order to successfully continue.
The next page that comes up is the Customize the Software page. As you can see here and in the left
hand column, all of the prompts are exactly like the ones you would expect to see during an attended
install. You are answering them all here, just once, for use each time in the future.
The last entry of the General Settings section is Providing the Product Key.
During a fully automated install, you must supply a Product Key or you will receive an error message.

If you were to use Provide Defaults or GUI Attended user interaction levels, you would be allowed to
leave this page blank. Also, if you provide a bogus key on the Product Key page, the Wizard will
continue, but, the fully automated install will halt when it reaches this point, as the key is invalid.

The next page that is presented starts the Network Settings section of the answer file.
The first entry is for Computer names. Here, you can enter as many different workstation names and
you want, import them from a text file, or allow the installation program to auto generate names
based on your organization name.

[NOTES FROM THE FIELD] - If multiple computer names were specified in the computers to be
installed section, the setup wizard creates a *.UDB file. The Uniqueness Database File (UDB) provides
you the ability to specify individually specific computer parameters automatically. The UDB modifies
an answer file by overriding values in the answer file, when you run Setup with the /udf:id[,UDB_file]
switch. The file overrides values in the answer file, and the identifier (id) determines which values in
the .udb file are used.

The Administrator Password page is next and has two options, (of which only the second is available):

1) Prompt The User For An Administrative Password

2) Use The Following Administrative Password (127 Characters Maximum)

(Because we selected the User Interaction level of Fully Automated, the Prompt The User For An
Administrative Password option is grayed out).

Enter any password that you want.

There is also two other options on this page, to encrypt the Administrator's password in the answer
file and to have the Administrator log on automatically.

You can also set the number of times you want the Administrator to log on automatically when the
computer is restarted.

We will leave these blank continue from here.

The Networking Components page is where we can elect to keep the typical settings or to choose to
customize them. We will leave the default selection of Typical and select NEXT to continue.

The final page of the Network Settings section is the Workgroup or Domain page.

Here you can choose whether or not the answer file will put the newly installed system into a
workgroup or a domain. As with an attended install, if we elect to choose a domain, we need may
need to create a computer account in the domain if this hasn't already been done.

We will be using the WORKGROUP option, so we will enter a name and continue. (The WORKGROUP
"workgroup" is supplied by default, just as DOMAIN in under the Windows Server domain option)

The last a final phase of the process is the Advanced Settings section.
The first option is for the Telephony information.

Next is the Regional Setting section, which allows us to either use the default regional settings for
Windows XP Professional from the CDROM we're installing from or to choose another.

We will keep the defaults as listed above and continue.

We are also given the option to add support for other languages.

In the Browser and Shell Settings section we can elect to use the default Internet Explorer settings or
use an auto configuration script created by the Internet Explorer Administration Kit.
We could also set Proxy, Home page and other Browser settings at this time as well. We will keep the
defaults and continue.

[NOTES FROM THE FIELD] - The version of Internet Explorer that is deployed with Windows XP
Professional is 6. At the time of this writing, there is one security hotfix that should be installed on
systems that use Internet Explorer and that is Q313675.exe.

The next option of the Advanced Settings section is the Installation Folder window.

Here you can elect to install Windows XP Professional to one of three options as listed, only the third
being a variable of your choice.

[NOTES FROM THE FIELD] - While I cannot find the specific Q article at this time, here is the
Windows 2000 Professional article that outlines my next point. Other than the above method of using
the answer file, there is no way on a clean installation of Windows XP Professional to choose the
installation folder. The folder for Windows XP Professional will always default to \Windows. (DRIVE
LETTER being the only variable that you can set without the answer file.) Windows 2000 Professional
installed to the WINNT directory by default.

The next section allows you to automatically setup networked printers on the target systems if you
wish.
You can also configure run once commands to run the first time a user logs on.

The last step in the Advanced Settings section is the Additional Commands option. It allows you to add
any commands you wish to run at the end of the unattended installation before Setup restarts the
system and runs Windows XP Professional for the first time.
The Windows Setup Manager then will create the answer file with the settings you have provided with
all of your previous entries to a place on the local system as a text file. (The default location is the
folder where the Setup Tools were extracted to.)
The unattend.bat file that was created from our input here is below.

@rem SetupMgrTag
@echo off

rem
rem This is a SAMPLE batch script generated by the Setup Manager Wizard.
rem If this script is moved from the location where it was generated, it may have to be modified.
rem

set AnswerFile=.\unattend.txt
set SetupFiles=J:\i386

J:\i386\winnt32 /s:%SetupFiles% /unattend:%AnswerFile%

[NOTES FROM THE FIELD] - The path of J:\i386\winnt32 /s:%SetupFiles% /unattend:%AnswerFile

% is the default path to my CDROM drive on my system.

The unattend.txt file that was created from our input here is below.

;SetupMgrTag
[Data]
AutoPartition=1
MsDosInitiated="0"
UnattendedInstall="Yes"
[Unattended]
UnattendMode=FullUnattended
OemSkipEula=Yes
OemPreinstall=No
TargetPath=XPPRO

[GuiUnattended]
AdminPassword="RedSox:Rule"
EncryptedAdminPassword=NO
OEMSkipRegional=1
TimeZone=35
OemSkipWelcome=1

[UserData]
ProductID=XXXXX-XXXXX-XXXXX-XXXXX-XXXXX
FullName="Jason Zandri"
OrgName="Gunderville"
ComputerName=*

[Identification]
JoinWorkgroup=DRINKOFTEN

[Networking]
InstallDefaultComponents=Yes

[NOTES FROM THE FIELD] - Because we didn't choose the option to encrypt the Administrator
password earlier on the Administrator Password page of the Network settings section, anyone that has
access to read the unattend.txt can see what the default administrator password for an installation is.
This can be a serious issue in large environments where the passwords are not reset on a regular
basis.

If encryption were selected the entry in the [GuiUnattended] section would look like this.

[GuiUnattended]
AdminPassword=
f8a2b8ccdf88c616332ed3251640d370c1d991ef0f617f3e7879bc923d175c5a
EncryptedAdminPassword=Yes

Well, that's a wrap for this week.

RIS Installations of Windows XP Professional

In order to install Windows XP Professional using the Remote Installation Service, you must
install the RIS on a Windows 2000 server (either Server, Advanced Server or Datacenter) using
the Remote Installation Services Setup Wizard. The server can be a member server or a domain
controller, it doesn't make a difference, however, what must be present on the network in order to use
RIS are the following services:

RIS relies on the DNS service for locating both the directory service and client
DNS
computer accounts.
DHCP The DHCP service is required so that client computers that can receive an IP address.

Active
RIS relies on the Active Directory service in for locating the RIS servers.
Directory

The shared volume where the RIS data is installed cannot be on the same drive that is running
Windows 2000 Server. The volume must be large enough to hold the RIS software and the various
Windows XP Professional images that are installed and that volume must be formatted with the
NTFS 5 file system.

You begin the RIS server setup by logging on to the server with an account that has administrative
permissions, and go to the Control Panel and select Add/Remove Programs. From here you will need
to choose Add/Remove Windows Components and make sure that you have either the Windows I386
directory available for the installation or the Windows 2000 Server CDROM.

In the Add/Remove Windows Components window, select Remote Installation Services.

From this point, the remainder of the installation is automatic. (If the I386 source files cannot be
found the system will prompt you to locate them.)

When the installation is completed, you'll need to restart your server to configure your RIS services.

You need to go back into the Control Panel and choose Add/Remove Windows Components again in
order to start the configuration. (You can also type RIsetup from the run line or a command prompt as
well.)
Click on Configure to begin. This will launch the Welcome to the Remote Installation Services Setup
Wizard, as shown below. (The window below is the first thing you will see if you choose to type
RIsetup from the run line or a command prompt.)

Once you continue you will be prompted with the default Remote Installation folder location of
D:\RemoteIstall. You can elect to keep the default path or browse to a new location.
The volume you opt to use must be large enough to hold the RIS software and the various Windows
XP Professional images that will be installed and the volume must be formatted with the NTFS 5 file
system.

By default, Remote Installation Services servers do not respond to requests for service from client
computers. There are two settings available to use on the server.

If you select the Respond to clients requesting service option, Remote Installation Services is enabled
and will respond to client computers requesting service.

Additionally, if you select the Do not respond to unknown client computers option, Remote Installation
Services will respond only to known (prestaged) client computers.

You will also need to provide a name for the Windows installation image folder, as well as a friendly
description for each image you install on the RIS server.
The last step the wizard performs is actually a series of events, as outlined in the image above.  Once
the final step is completed, the setup wizard starts the required services for RIS to run. The server is
complete at this point and will service client requests for CD-based installs.

Additional details of RIS configuration and administration from this point forward actually goes
beyond the scope of what is required for installing Windows XP Professional CD-based installs via RIS.
For additional information on RIS for Windows XP Professional, you can visit the Microsoft
Website

Client computers that support remote installation must either meet the Net PC specification (which is,
effectively, a system which can perform a network boot) or have a network adapter card with a PXE
boot ROM and BIOS support for starting from the PXE boot ROM.

Some client computers that have certain supported PCI network adapter cards can use the remote
installation boot disk as well.

This support is somewhat limited and can only be used with certain motherboards, as the BIOS
settings for booting the system from the network needs to be configurable.

The RIS service provides the Windows 2000 Remote Boot Disk Generator if your system does support
starting from the PXE boot ROM. You can create a Remote Boot Disk by typing <DRIVE LETTER>
RemoteInst\Admin\i386\rbfg in the RUN box or at a command prompt. (The drive letter is the drive
where you installed the RIS services and will vary from server to server).

The boot disk simulates the PXE boot process on your system when your network card does not have
the required PXE boot ROM for a RIS installation. (Again, only a small number of PCI network cards
currently support using the Remote Boot Disk. This includes mainly 3COM and a small cross section of
other major vendors.)
The user account used to perform a RIS installation must be assigned the user right of Log On as a
Batch Job. The users must also be assigned permission to create computer accounts in the domain
they are joining if this has not been done ahead of time. There are other factors as well, such as
prestaging a client. For the purposes of this overview, we will go through a "plain vanilla" RIS
installation from a boot floppy.

When the client system starts from the boot floppy you would press F12 when prompted to boot from
the network.

The Client Installation Wizard will start and you will need to supply a valid user name and password
for the domain you're joining as well as the DNS name of the domain. Once this is done you can press
Enter to continue.

You are then given the option of performing an Automatic Setup, Custom Setup, or to Restart a
Previous Setup Attempt, or use the Maintenance and Troubleshooting Tools installed on the RIS
server. You would choose one of the options and then press Enter.

The next screen will show a number of RIS images (including the default CD-based image) that you
can use. (The number will depend on what has been placed on the server by the administrator and
whether or not you have the proper access permission to read them.) Choose an image and then
press Enter.

You will be presented with one last opportunity to verify that the settings are correct. Once you're sure
that they are, you would press Enter to begin the RIS installation. When it is complete, Windows XP
Professional will be deployed to the client system and available for use upon restart.

Well, that's a wrap for this week.

Best of luck in your studies and please feel free to contact me with any questions on my column and
remember,

If you allow a bad guy to upload programs to your Web site, it's not your Web site anymore
 Troubleshooting the Windows XP Professional Setup
This article covers Troubleshooting the Windows XP Professional Setup.

Troubleshooting the Windows XP Professional Setup

Usually when you are going about your Windows XP Professional installation, you will not run into
any issues, particularly if you are sure that the installed system hardware meets the minimum
Windows XP Professional hardware requirements by verifying all of the hardware is on the Hardware
Compatibility List (HCL) at the Microsoft website.

Windows XP Professional supports only the devices listed in the HCL. If your hardware isn't listed,
contact the hardware manufacturer and request a Windows XP Professional driver or replace the
hardware to avoid potential issues.

Support means that while the operating system may load and run on unsupported hardware and
software, any issues that come up with the system will not be covered (i.e. supported) by Microsoft
Technical Support if you should need to engage them.

If this has been done beforehand and issues do arise, there are a couple of "textbook" events that can
be looked at first that will cover some of the more common problems you might encounter during
installation and these will generally be what is at issue most of the time.

Common installation problems and Troubleshooting Tips

Media errors - When you are installing Windows XP Professional from a CD-ROM and run into
problems, the quickest way to try to resolve the issue is to use a different CD-ROM. Even if the CD-
ROM you are using has worked a dozen times before, the drive it is in at the time of the error may
have trouble reading it or the disk itself may have been newly damaged by a fall or some other issue.
You can attempt to clean a finger print laced CD-ROM as a troubleshoot point as well. If you should
need to request a replacement CD-ROM, you can contact Microsoft or your point of purchase.

You can also try using a different computer and CD-ROM drive. If you can read the CD-ROM on a
different computer, you can perform an over-the-network installation if that option is available to you.

If one of your Setup disks is not working, download a different set of Setup disks. (The ability to
directly create setup floppies has been dropped from Windows XP. Setup boot disks are available only
by download from Microsoft. The Setup boot disks are available so that you can run Setup on
computers that do not support a bootable CD-ROM. There are six Windows XP Setup boot floppy disks.
These disks contain the files and drivers that are required to access the CD-ROM drive through generic
PCI drivers and begin the Setup process.

You may also find that the Windows XP Professional setup program is unable to copy files from the
CD-ROM. In this event, it may be possible to either replace the drive with a supported drive (as this is
usually the issue) or you can attempt your installation via a different method such as installing over
the network (as mentioned above) or by copying the files to the local drive first, outside of the
installation program, as sometimes the copy failure only crops up after the Windows XP Professional
setup program is running.

Insufficient disk space errors - The current minimum hardware requirements for Windows XP
Professional at the time of this writing is as follows:

 300MHZ or higher processor clock speed recommended (233 MHz minimum required, can be
single or dual processor system) Intel Pentium/Celeron family, or AMD K6/Athlon/Duron
family, or compatible processor recommended
 128MB of RAM or higher recommended (64MB minimum supported; may limit performance
and some features)
 1.5GB of available hard disk space
 Super VGA (800 × 600) or higher-resolution video adapter and monitor
 CD-ROM or DVD drive
 Keyboard and Microsoft Mouse or compatible pointing device
If you do not have 1.5GB of available hard disk space on a single partition, you will not be able to
complete the installation in most cases.

You can use the setup program to create additional partitions that are large enough for the installation
if there is enough space on the drive or you can elect to delete existing data on the current partition to
make enough room for the installation.

Troubleshooting using Setup Logs

Windows XP Professional generates a number of log files during the setup routine that contain
information that was logged during installation that will assist you when you are attempting to resolve
problems that may have occurred during the setup.

[NOTES FROM THE FIELD] - For the purpose of the Windows XP Exam you need not remember the
exact contents of these files, they are supplied here so that you can get an overview of what would be
in them commonly.

Error codes are often cryptic, whether in a log file or the system event viewer but taking the time to
understand what error has occurred and why, will help you better understand and troubleshoot the
system.

The list below outlines the purpose of each file, and also a portion of the file contents for you to
examine.

Action Log (SETUPACT.LOG) - The action log records the actions that the Setup program performs
in chronological order and is saved as SETUPACT.LOG. Click here for the sample log.

The setup log that I have available from my system is 165KB in size and too large to post here in its
entirety, but I have cut a few sections out so that you can see what some of the entries look like.

(The SETUPACT.LOG can be found in the \Windows directory in a default Windows XP Professional
installation)

As I mentioned before, the log file is much larger and has a lot more to it, but this cross section gives
you an idea of what is there.

Error Log (SETUPERR.LOG) - The error log shows any errors that occurred during setup and their
severity level. If errors do occur, the log viewer displays the error log at the end of setup.

(The SETUPERR.LOG can be found in the <DRIVE LETTER>\Windows directory in a default Windows
XP Professional installation)

The log will be created even if no errors occur. (I do not have anything available to show you from the
error log as mine is empty. Sorry.)

Setup also creates a number of additional logs during setup.

<DRIVE LETTER>\Windows\comsetup.log - Outlines installation for Optional Component

Manager and COM+ components. A subsection of mine is here.

<DRIVE LETTER>\Windows\setupapi.log - Receives an entry each time a line from an .inf file is
implemented. If an error occurs, this log describes the failure. A subsection of mine is here. (The full
size was 245KB)

<DRIVE LETTER>\Windows\debug\NetSetup.log - Logs activity when computers join domains

or workgroups. (This entire log was only 7KB, so I copied all of it). Click here for the sample log.

<DRIVE LETTER>\Windows\repair\setup.log - Provides information that is used by the Recovery

Console. A subsection of mine is below. (The full size was 204KB)
[Paths]
TargetDirectory = "\WINDOWS"
TargetDevice = "\Device\Harddisk0\Partition3"
SystemPartitionDirectory = "\"
SystemPartition = "\Device\Harddisk0\Partition1"
[Signature]
Version = "WinNt5.1"
[Files.SystemPartition]
NTDETECT.COM = "NTDETECT.COM","b28f"
ntldr = "ntldr","3a7b2"
[Files.WinNt]
\WINDOWS\system32\drivers\kbdclass.sys = "kbdclass.sys","e756"
\WINDOWS\system32\drivers\mouclass.sys = "mouclass.sys","8cd9"
\WINDOWS\system32\drivers\usbuhci.sys = "usbuhci.sys","11ded"
\WINDOWS\system32\drivers\usbport.sys = "usbport.sys","22ffd"
\WINDOWS\system32\drivers\usbd.sys = "usbd.sys","40af"
\WINDOWS\system32\drivers\hidparse.sys = "hidparse.sys","acd7"
\WINDOWS\system32\drivers\hidclass.sys = "hidclass.sys","88de"
\WINDOWS\system32\drivers\usbhub.sys = "usbhub.sys","ee45"
\WINDOWS\system32\drivers\intelide.sys = "intelide.sys","dec0"
\WINDOWS\system32\drivers\pci.sys = "pci.sys","1a257"
\WINDOWS\system32\drivers\oprghdlr.sys = "oprghdlr.sys","b001"

(The whole remainder of the file looked as it does above, detailing drivers and path information for the
whole system).

Well, that's a wrap for this week.

"Weak passwords trump strong security."

 70-290

About This Exam:

The Microsoft Certified Systems Administrator (MCSA) on Windows Server 2003 credential
is intended for IT professionals who work in the typically complex computing environment
of medium to large companies. An MCSA candidate should have 6 to 12 months of
experience administering client and network operating systems.

Windows Server 2003 Standard Edition RC2 Installation

The idea behind this article is to give an overview of the Windows Server 2003 Standard Edition
installation procedure as it is currently laid out under the current build, which is RC2
3718.main.021114-1947. This will eventually lead to the final (GOLD) release to market (RTM) copy of
the operating system which is currently scheduled for worldwide launch in April of 2003.

The information contained within this article is based solely on my experience with the RC2 product,
and the information given, such as minimum system requirements and installation procedures, are
current at the time of writing, (February 4, 2003). As with all products in development, all of the
following is subject to change.

Please assume that when I mention "Windows Server 2003 Standard Edition" within this article, I
am speaking specifically of "Windows Server 2003 Standard Edition RC2 3718.main.021114-1947"
unless otherwise mentioned.

One of the things you may notice is that the name I am using throughout the article is different than
what will show up in many of the screen shots. This is because the name of Windows .NET Server
2003 has been changed recently to Windows Server 2003. You can read up a little more on this on the
Microsoft Windows Server 2003 website.

Windows Server 2003 Family Version Overview

 Windows Server 2003 Web Server Edition is designed specifically for low end and entry level
Web hosting environments, providing a specific platform for deploying Web services and
applications.
 Windows Server 2003 Standard Edition is designed with the day to day needs of the average
business in mind and is the progressive replacement for the Windows NT4 Server / Windows
2000 Server line of server operating systems.
 Windows Server 2003 Enterprise Edition is designed specifically for the needs of larger
customers, as their needs surpass the functional levels of Windows Server 2003 Standard
Edition. Windows Server 2003 Enterprise Edition is the progressive replacement for the
Windows NT4 Server Enterprise Edition / Windows 2000 Advanced Server line of server
operating systems.
 Windows Server 2003 Datacenter Edition is designed specifically for high-end hardware
deployments for use on business-critical and mission-critical applications where the highest
levels of scalability and availability are required. Windows Server 2003 Datacenter Edition is
the progressive replacement for the Windows 2000 Datacenter Server line of operating
systems.

Hardware Requirements for Windows Server 2003 Standard Edition.

The minimum system requirements for Windows Server 2003 Standard Edition is as follows;

The minimum supported processor speed is 133 MHz.

The minimum recommended processor speed is 550 MHz
Windows Server 2003 Standard Edition supports a maximum of four CPUs per server.
The minimum amount of RAM supported is 128MB
The minimum amount of RAM recommended is 256MB

The maximum amount of RAM supported by Windows Server 2003 Standard Edition is 4GB.
The minimum amount of space required for installation is approximately 1.5GB. Additional space may
be required under the following circumstances;

 When a FAT16 partition is in use, it requires 100 MB to 200 MB more free disk space than other
supported file systems because of cluster sizes. NTFS is the recommended file system for any Server
deployment.

 If you are installing Windows Server 2003 Standard Edition from a network share, you will need
approximately 100 MB to 200 MB more space than if you ran the Setup from the CD-ROM because
setup needs to use that space for TEMP files that are associated with the installation. Also, the drive
will need to have a formatted partition before the installation process starts so those files can be
initially copied. If the partition does not exist beforehand, the over the network installation will fail.

 The amount of disk space required for the swapfile will affect the size of the initial partition as it is
directionally proportional to the amount of physical memory installed in the system. Larger amounts of
RAM installed require a larger swapfile and thus, the minimum hard drive free space requirements
would need to increase.

VGA or higher-resolution monitor is required and an SVGA 800x600 or higher is recommended.

Keyboard and mouse (or other pointing device) are also on the minimum requirements list.

The optional hardware list includes items such as CD-ROMs or DVD drives, which are only required if a
local installation is to be performed or it is otherwise deemed necessary. The optional hardware list
also includes a listing for network adapters and related cables from the Hardware Compatibility List.
(Personally, I don't see how you can have a server product and list a network connectivity peripheral
as an optional requirement, but that is what is printed.)

Here is the table of all of the different requirement levels of the Windows Server 2003 family as
provided from Microsoft on their website. There is also an additional table on the site comparing
the major features for each version.

Windows Server 2003 System Requirements at RC2

Requirement Standard Edition Enterprise Edition Datacenter Edition Web Edition

Minimum CPU 133 MHz  133 MHz  400 MHz for 133 MHz
Speed for x86- x86-based
based computers
computers  733 MHz for
 733 MHz Itanium-
for based
Itanium- computers
based
computers

Recommended 550 MHz 733 MHz 733 MHz 550 MHz

CPU Speed

Minimum RAM 128 MB 128 MB 512 MB 128 MB

Recommended 256 MB 256 MB 1 GB 256 MB

Minimum RAM

Maximum RAM 4 GB  32 GB for  64 GB for 2 GB

x86-based x86-based
computers computers
 64 GB for  512 GB for
Itanium- Itanium-
based based
computers computers

Multi-Processor Up to 4 Up to 8  Minimum 8 Up to 2
Support required
 Maximum 64

Disk Space for 1.5 GB  1.5 GB for  1.5 GB for 1.5 GB

Setup x86-based x86-based
computers computers
 2.0 GB for  2.0 GB for
Itanium- Itanium-
based based
computers computers

You can view the current Hardware Compatibility List (HCL) at the Microsoft Web site at or you
can FTP the text files for the desired Operating System. (On the site there is a section that reads
"Windows Server 2003 (coming soon)")

There are a number of Technical Overviews that can be found on the Microsoft website as well.

If you elect to upgrade your current Server Operating system you need to be aware that the Setup
program will automatically install Windows Server 2003 Standard Edition into the same folder as the
currently installed operating system, regardless of it's naming convention.

You can perform direct upgrades to Windows Server 2003 Standard Edition from the following versions
of Windows:
  Windows NT Server 4.0 with Service Pack 5 or later
 Windows NT Server 4.0, Terminal Server Edition, with Service Pack 5 or later.
 Windows 2000 Server.

Remote Storage is not included on Windows Server 2003 Standard Edition. If you are using Windows
2000 Server with Remote Storage, you will not be able to upgrade the system to Windows Server
2003 Standard Edition. You have the option to either upgrade to Windows Server 2003 Enterprise
Edition, as Remote Storage is included, remove Remote Storage through Add/Remove Programs in
Control Panel and then upgrade to Windows Server 2003 Standard Edition or install Windows Server
2003 Standard Edition as a new installation (which will effectively negate any remote storage attached
to the system.)

You cannot upgrade from Windows 9x, ME, Windows NT Workstation, Windows 2000 Professional and
Windows XP Home or Professional directly to any of the Windows Server 2003 versions. (Clean
installations from within those existing operating systems to other partitions or over the existing
partition is allowed.) Also, if you have Windows NT 4.0 Server Enterprise Edition running Service Pack
5 or later, you can upgrade directly to Windows Server 2003 Enterprise Edition, but not to Windows
Server 2003 Standard Edition. A clean installation to Windows Server 2003 Standard Edition is
available. (See items below.) If you have a version of Windows NT earlier than 4.0, such as Windows
NT Server 3.x you cannot upgrade directly to any product in the Windows Server 2003 family. You can
first upgrade to Windows NT 4.0 and apply Service Pack 5 and then perform a direct upgrade if
desired. (This is not recommended, however.)

As I mentioned above, you cannot "downgrade" (so to speak) from Windows 2000 Advanced Server to
Windows Server 2003 Standard Edition as part of an upgrade installation to Windows Server 2003.

You do have the option of performing a New Installation in this situation.

You can to confirm that your hardware is compatible with Windows Server 2003 by running a pre-
installation compatibility check from the Setup CD.

Typing <CDROM DRIVE>\i386\winnt32 /checkupgradeonly either from a command line or the RUN
box will launch the Setup Wizard to perform only a system check of the current hardware from within
an existing operating system. You can also perform this from the context menu that appears after
AUTORUN starts.
The results screen will appear with any pertinent information after a few moments.

Regardless of whether you intentionally run the pre-installation compatibility check step ahead of time
or not, the Setup Wizard checks hardware and software compatibility at the beginning of a "standard"
installation or upgrade and displays a report if there are any known incompatibilities.

As you can see, an error is generated as I am not allowed to upgrade from Windows 2000 Professional
to Windows Server 2003. (Again, it reads "Windows .NET Server 2003" and not "Windows Server
2003" as it should at once it is released to market (RTM))
This does not prevent you from installing Windows Server 2003 as a clean installation in this particular
instance.

Clean Install of Windows Server 2003 (RC2)

After performing the standard BIOS configurations to allow booting from the CD-ROM you can load the
bootable disk and begin the installation.

The first screen you'll see will be the black “Setup is inspecting your computers hardware
configuration.” (If there is an active partition on any of the installed hard drives in the system, you will
see a "Press any key to boot from the CD" message before you reach this screen. If you do not hit a
key before the timeout, the CD-ROM will be bypassed in favor of your local active partition.)

From here, Setup continues to the Windows Server 2003 Setup screen where all of the drivers are
loaded.

After the drivers load, the Windows Setup screen appears and Setup copies the required temporary
files to the local hard drive after you acknowledge the location of the setup files.

After the file copy is complete, the Setup Program will append any existing boot.ini file (or write a new
one) and will reboot and continue the installation from the locally copied temporary files.

After the system restarts and continues past the splash screen, you'll arrive at the Windows .NET
Standard Server Setup screen where you will select ENTER to continue with the a normal installation.
(This is also where you would be able to repair a failed installation using the Recovery Console.)

After you enter past that screen you will come to the license agreement screen where you would agree
to the license by hitting F8. (The 360 day license that you see noted here is due to the fact that RC2 is
designed with this built in limitation. The GOLD product would not have this limitation.)

You will then arrive at the partition selection screen. The hardware layout of your system and whether
or not you have any existing partitions installed will affect what this next screen displays.
You will need just a little more than 1 GB of free space on a hard drive to install the operating system
and about 300 to 400 MB more available afterwards for the swapfile. This is why the Disk Space for
Setup is pegged at 1.5 GB. After selecting the partition and hitting ENTER, you arrive at the file
system selection screen as shown below. Here you can choose to format the partition as FAT32 or
NTFS. (NTFS is always recommended and is the default setting. If you choose FAT32 you can always
perform CONVERT after the operating system is installed.)

You will need to pick a previously partitioned space of the hard drive that has enough free space, use
an existing section of unpartitioned space that has enough room for the total installation or you will
need to delete existing partitions and then choose that space to create a new partition. Once you have
made one of these choices you would then pick a file system to use and Setup will format it.
Setup continues from here by copying files to the default installation folder <DRIVE
LETTER>\Windows. As with Windows XP Professional, you can only select the installation path drive
letter and not the name of the systemroot folder during a standard installation. (If you use an
unattended setup file you can then include a path designation other than WINDOWS. Also, if you
started an upgrade from within an existing operating system and choose New Installation, you would
be able to go to the Setup options page and select the Advanced button and edit the installation path
of the system files.)
When this section of the installation is finished the system will reboot.Once the system comes up
again the GUI will engage and display the current status of the final phases of setup.
During this attended installation, the Setup program will pause for needed user input, such as the
Regional and Language Option page as shown below.
After making any changes or accepting the defaults, Setup will continue to the Personalize your
Software screen, where you would enter your personal information as you would like it to be shown on
subsequent software installs. (This is the information that populates automatically in the name and
organization fields of all the software installed on the system from this point forward.)

After this point you are directed to choose a licensing mode. All of the Windows Server 2003 brands
support either the Per Server option where each connection to the server must have its own license or
Per Device or Per User licensing option where each person or device must have a client access license.

When you choose Per Device or Per User licensing, each device or user that needs to access a server
running Windows Server 2003 requires a separate Client Access License (CAL). With client side
licensing, clients can connect to any number of servers running products in the Windows Server 2003
family or downlevel Windows Operating systems. Client side licensing is the most commonly used
licensingmethod for companies with many servers.

Per Server licensing means that each concurrent connection to the server requires a separate CAL.
This means that the server can support a fixed number of connections at any one time. Whether or
not the clients have a license or not doesn't come into play. The server will only be allow to "serve"
the number of concurrent connections to it allowed under its Per Server licensing configuration. (Think
of this along the lines of, "It doesn't matter how many people in the lobby want to pay to see the
movie, there are only so many seats.")

Per Server licensing mode is often preferred by small companies with only one or two servers.

You can perform a one time change from Per Server mode to Per Seat mode at any given time after
installation but this is a one shot, one way only operation for the most part. Once performed, there is
no way of practically reversing it, short of re-installing the Operating System or paying a transfer fee
of some sort. (I keep seeing that as a reference, paying to perform the function of converting from Per
Seat back to Per Server, but I haven't read much about what's involved and documentation on it
seems non-existent.)

After you have made your licensing choice and continued, the next window that will prompt you for
information will be the Computer Name and Administrator Password screen where you will choose the
name of the system. (Setup will autogenerate a name and you can use it if you wish.)

Computer names should be 15 characters or less and they can contain letters (A through Z), numbers
(0 through 9), and hyphens (-), but no spaces or periods (.). While the names can contain numbers,
they cannot consist entirely of numbers.

The maximum allowable length for a computer name is 63 characters. While names longer than 15
characters are permitted, computers running operating systems earlier than Windows 2000 will
recognize systems only by the first 15 characters of the name only and this may cause certain
network naming and resolution issues.

This same screen is where you will need to enter the password to be used with the default
Administrator account.

For security reasons you should supply a password for the Administrator account. If you are allowed to
leave the Administrator password blank and continue, this would tell the system that there is no
password for this account and this is very insecure to have in any environment.

Passwords can have up to 127 characters, but this is impractical and cumbersome to remember. It is
recommended that passwords have at least 7 characters, and they should contain a mixture of
uppercase and lowercase letters, numbers, and other allowed special characters such as *  ? : ; @ or
$ to name a few.

After entering the password and verifying it, you would select NEXT to continue and arrive to the
screen where you can set the date, time, and time zone settings. This is also where you would specify
whether the system should automatically adjust for daylight saving time or not.

The next screen is the Specifying Networking Settings where you can allow the Typical Settings to be
applied. You can also elect to Customize the settings now as well. (You are always free to customize
the network settings after the operating system is loaded and under normal operation.)

There are a few changes to the Network Protocol additional settings options in the Windows Server
2003 family, most noticeable is the addition of the Reliable Multicast Protocol as well as support for
Microsoft TCP/IP version 6.

The next step of the installation process after Specifying Networking Settings is the Specifying the
Workgroup or Domain Name screen where you would choose to either have your Windows Server
2003 build as a stand alone server in a workgroup or a member server in a domain.

If you are going to add the server to an existing domain you would need to supply the necessary
credentials at this time if an account for the server hadn't already been created.

If you choose to add the server to a workgroup you need only to supply the name of the workgroup.

This is the final interactive step. The Setup program will continue for a few more minutes on its own.
Once it has completed, the setup program will reboot the server and upon restart it will await user
input at the logon screen.

The Configure Your Server Wizard appears on the screen the first time you log on locally to the server
with the administrator account.

You can enable the Configure Your Server Wizard to finish installing optional components that you
chose during setup or add additional components as well. There are options to configure domain
controllers or member servers, file servers, print servers, Web and media servers, application servers,
and networking and communications servers, all through this wizard.

Product Activation

The Windows Server 2003 line of server operating systems is like any other current Microsoft product
when it comes to product activation.

All current versions of Microsoft Office and Microsoft desktop and server operating systems require
that you activate the product either via the internet or through a telephone call to Microsoft in order to
fully utilize them.

If you do not activate the software it will shut down in 30 days and either run in limited operating
mode, as in the case of Office XP, or not at all, as in the case of Windows XP and the Windows Server
2003. (Windows Server 2003 (RC2) has a 14 day activation window. This is a common timeline for
BETA and RC products. This RC2 software will also expire in 360 days, regardless of my activation
status. Again, this is a common timeline for these products.)

Once you open the product activation program the first screen you will see is as follows;

You can see that you have the option to activate over the internet or over the phone. After you make
your selection and continue, you are presented with the Microsoft REGISTRATION screen. This is NOT
a mandatory function and it can be skipped by simply selecting NO and then clicking on NEXT to
complete the product activation from the previous screen.
Once this is complete you will arrive at the THANK YOU screen and you can close it. Your product will
be fully activated for your use on that specific system.

Well, that wraps up my Introduction to Windows Server 2003 Standard Edition RC2 (3718) article. I
hope you found it informative.

If you have any questions, comments or even constructive criticism, please feel free to drop me a
note.

I want to write solid technical articles that appeal to a large range of readers and skill levels and I can
only be sure of that through your feedback.

Until the next time, remember,

“Security isn't about risk avoidance, it's about risk management.”

Windows 2003 Service Pack 1

Microsoft has recently released Service Pack 1 for Windows Server 2003 . The release documents
for the Service Pack are almost 300 pages long! The purpose of these next few articles is to list the
main new features and changes the service pack will make to your server, Active Directory, and server
applications. Hopefully, these articles will summarise what you need to know about the latest service
pack in plain English, for a much more detailed description of each, please refer to the Microsoft
documentation.

Security Configuration Wizard

The Security Configuration Wizard (SCW) is a new feature with Windows 2003 SP1, and probably
the single largest addition to the OS in the Service Pack. The main function of the SCW is to reduce
the attack surface of the server. It guides the creation of security policies and setting up minimum
functionality depending on the server role. After installing SP1, the SCW needs to be installed via the
Windows Components window of Add or Remove Programs control panel. The SCW will then appear in
the Administrative Tools folder. The SCW will allow you to either;

 Create a new Security policy

 Edit an existing Security policy
 Apply an existing Security policy
 Rollback the last applied Security policy

When creating a new security policy, the SCW has almost 200 different server roles, which can be
added to the policy to define the minimum services, ports and other functional requirements while
providing maximum security. Roles, features, options, services and ports can be selected and de-
selected as required as can outbound authentication methods, registry settings and audit policies. The
final policy is saved to an XML file which can then be used and modified across servers and server
roles running the SCW.

It would be impossible to cover all the ins and outs of such a huge new tool in one article. For the full
documentation of the Security Configuration Wizard, please go here.

Access Based Enumeration

To enable this feature you will need to download and install an additional component in the form of a
msi (abeu.msi) file from the Microsoft Download site. When it is installed, a new tab will appear on
shared folders named “Access Based Enumeration”.

When enabled, this will change the view users will have of files and folders when accessing shares
held on the Windows 2003 server. Only files and folders the users have permissions to access will be
displayed, and nothing else. Prior to enabling this change, users could see all files and folders,
regardless of permissions, but would not be able to open denied folders or files.

Add or Remove Programs Filter

A new tick box has been added to the Add or Remove Programs control panel, called Show Updates.
With SP1, only installed programs will displayed until this check box is ticked. It will then display both
programs and updates together. This feature can be used by any software vendor, not just Microsoft
updates.

DCOM Security Enhancements

The Default COM Security tab in the Component Services control panel \My Computer properties has
been renamed to COM Security and extra functionality added. It now has an extra button, “Edit Limits”
for both Access and Launch Permissions. This extra functionality provides a further computerwide
access check in addition to the current access control checks. The reason this was introduced was due
to previous weak settings allowing unauthenticated access to some processes, that administrators
could not force stronger security settings on.

A new group has also been created called “Distributed COM Users” to speed up the process of adding
users to DCOM computer restriction settings.
RPC Service Changes

Pre-SP1 the RPCSS provided the key service for both RPC Endpoint Mapper and also for the DCOM
Infrastructure. The service ran under the permissions of the Local System account. SP1 has split this
into two services, the original RPC service (for the RPC Endpoint Mapper) and a new service called
DCOM Process Launcher, which is not network facing. The RPC service did not need the Local Security
permissions so it now runs under the NT Authority\Network Service account, while the new DCOM
Process Launcher service runs with the Local System account. This was introduced to reduce attack
surface of Windows, and to tighten security permissions on network facing services.

Device\Physical Memory Change

The Device\Physical Memory object is used by applications to access physical memory. This would be
used by applications attempting to read BIOS data. Pre-SP1 this was controlled by an Access Control
List. Service Pack 1 changes this and now denies all access at User Mode level regardless of user
context or application.

Windows 2003 NTFS and Share Permissions

The concept of permissions in a Microsoft environment is one of the more confusing subjects that
certification candidates face, but a very necessary topic to know as many of Microsoft's certification
exams test on this. This guide aims to help you understand the different the various types of
permissions and how to use them in a Windows 2003 environment.

NTFS file permissions are used to control the access that a user, group, or application has to folders
and files. They are referred to as NTFS permissions because a drive must be formatted with NTFS in
order to utilize these permissions.

NTFS File Permissions:

NTFS file permissions are used to control the access that a user, group, or application has to files. This
first table displays the available permissions for files.

Read, write, modify, execute, change attributes, permissions, and take ownership of the
Full Control
file.

Modify Read, write, modify, execute, and change the file's attributes.

Display the file's data, attributes, owner, and permissions, and run the file (if it's a
Read &
program or has a program associated with it for which you have the necessary
Execute
permissions).

Read Display the file's data, attributes, owner, and permissions.

Write Write to the file, append to the file, and read or change its attributes.

Windows 2000 & 2003 have the option of denying a user or users a particular permission. For
example, if you wanted to make sure that Bob is unable to read any file, then simply deny him read
permissions. Permissions are cumulative, except for Deny, which overrides everything. By cumulative,
we mean that a user's effective permissions are the result of combining the user's assigned
permissions and the permissions assigned to any groups that the user is a member of. For example, if
Bob is assigned Read access to a file, and the "sales" group that Bob is a member of has Write
permissions assigned, Bob's effective permissions is are Read and Write for that file.

NTFS Folder Permissions:

NTFS Folder permissions determine the access that is granted to a folder and the files and subfolders
within that folder. These permissions can be assigned to a user or group. The following table displays
the different permissions for folders.

Read, write, modify, and execute files in the folder, change attributes, permissions, and
Full Control
take ownership of the folder or files within.

Read, write, modify, and execute files in the folder, and change attributes of the folder
Modify
or files within.

Display the folder's contents and display the data, attributes, owner, and permissions for
Read &
files within the folder, and run files within the folder (if they're programs or have a
Execute
program associated with them for which you have the necessary permissions).

Display the folder's contents and display the data, attributes, owner, and permissions for
List Folder
files within the folder, and run files within the folder (if they're programs or have a
Contents
program associated with them for which you have the necessary permissions).

Read Display the file's data, attributes, owner, and permissions.

Write Write to the file, append to the file, and read or change its attributes.

The Read & Execute and List Folder Contents folder permissions appear to be exactly the same,
however, they are inherited differently, thus are different permissions. Files can inherit the Read &
Execute permissions but can't inherit the List Folder Contents permission. Folders can inherit both.

File permissions override folder permissions. For example, let's say that Bob has read access to a file
called file.txt which is located in a folder that he has no access to. In this case, the file will be invisible
to the Bob and since he cannot list the folder contents, he would have to access the file using the UNC
path or the logical file path.

Copying, Moving, and Inheritance:

The next table shows what happens to files when they are copied or moved within or across NTFS
partitions.

Moving within a Does not create a new file - simply updates location in directory. File keeps its
partition original permissions.

Moving across a Creates a new file and deletes the old one. Inherits the target folders
partition permissions.

Copying within a
Creates a new file which inherits permissions of target folder.
partition

Files moved from an NTFS partition to a FAT partition do not retain their attributes or security
descriptors, but will retain their long filenames.

Special Access File Permissions:

Windows 2000 & 2003 also support special access permissions which are made by combining other
permissions. The following tables will show special access permissions and the recipes to make them.

File Special Permissions Full Control Modify Read & Execute Read Write

Traverse Folder/Execute File X X X    

List Folder/Read Data X X X X  

Read Attributes X X X X  

Read Extended Attributes X X X X  

Create Files/Write Data X X     X

Create Folders/Append Data X X     X

Write Attributes X X     X

Write Extended Attributes X X     X

Delete Subfolders and Files X        

Delete X X      

Read Permissions X X X X X

Change Permissions X        

Take Ownership X        

Synchronize X X X X X

Special Access Folder Permissions:

Below are the special access permissions for folders.

List Folder
Folder Special Permissions Full Control Modify Read & Execute Read
Contents

Traverse Folder/Execute File X X X X  

List Folder/Read Data X X X X X

Read Attributes X X X X X

Read Extended Attributes X X X X X

Create Files/Write Data X X      

Create Folders/Append Data x x      

Write Attributes X X      

Write Extended Attributes X X      

Delete Subfolders And Files X        

Delete X X      

Read Permissions X X X X X

Change Permissions X        

Take Ownership X        

Synchronize X X X X X

Remember that file permissions override the permissions of its parent folder. Anytime a new file is
created, the file will inherit permissions from the target folder.

Share Permissions:
Shares are administered through the MMC, My Computer or through Explorer and permissions can be
set on a share in the "Share Permissions" tab. Share level permissions only apply when a file or folder
is being accessed via the network and do not apply to a user logged into the machine locally. The
following are the different share-level permissions:

Read View files and subdirectories. Execute applications. No changes can be made.

Change Includes read permissions and the ability to add, delete or change files or subdirectories

Full Control Can perform any and all functions on all files and folders within the share.

The Deny permission can also be applied to shares. The Deny permission overrides all others. When
folders on FAT and FAT32 volumes are shared, only the share level permissions apply as these
systems do not support file and directory (NTFS) permissions. When folders on NTFS volumes are
shared, the effective permission of the user will be the most restrictive of the NTFS and share
permissions. This means that if Bob is trying to access a file called mystuff located on myshare and he
has share permissions of read and file permissions of full control, his effective permissions would be
read. Conversely, if his share permissions are full control and his file permissions are read, he will still
only have read permissions to mystuff.

Effective Permissions Tool in Windows 2003:

Determining effective permissions can get confusing, especially on enterprise networks. In Windows
2003, Microsoft included a new feature that helps sort this mess out. If you go to the Advanced
properties of the Security tab for NTFS resources, there is a tab titled "Effective Permissions" which
allows you to calculate the permissions that apply to users or groups. This tool does not take share
permissions into account.

Best Practices:
The way companies manage their permissions will vary based on their needs. In any event, a lot of
planning should be done before implementing permissions systems in order to avoid a lot of
headaches later. Below are some best practices for using permissions.

When setting permissions, you want to minimize the amount of administration required. Imagine if
you had to manage the permissions on every file on your network for every user. It would be an
administrative nightmare. For this reason, unless absolutely necessary, assign permissions to groups
and place users in the relevant group. The same should be done for share permissions as well.

Avoid using Deny permissions except in the following types of cases:

 Use Deny permissions to exclude a subset of a group which has Allowed permissions.
 Use Deny to exclude one special permission when you have already granted full control to a
user or group.

You definitely should not ever use Deny permissions for the everyone group because that includes
administrators.

When possible, use security templates.

Keep in mind that priveledges (rights) can sometimes override permissions.

Note: While the permissions systems in Windows 2000 and 2003 are nearly identical, there are a few
differences. One of the biggest permissions differences between Windows 2000 and 2003 was the
default security settings. Windows 2000 shipped with full control for the everyone group (NTFS and
share permissions), guest account was enabled, etc. Windows 2003 was locked down better in its
default state. For more information on this, read Changes to Default Settings Make Windows
Server 2003 More Secure (Part 1).