Notes for Windows XP Test 2

Chapter 5: Configuring and Managing the User Experience

ACPI – Advanced Configuration and Power Interface – newer version of power management.

APM – Advance Power Management – Only the Administrators group can configure APM.  If the APM tab of the power options is unavailable, then the computer uses ACPI.

Chapter 6: Printers and Fax Devices

Print Device is the physical printer

Printer is the software interface.

Printer priorities – 1 to 99.  Some users can have a driver installed that has a higher priority that other users and their printed material will come out of the printer before other users.

Chapter 7: NTFS Security

MFT – Master File Table – A Metafile containing pointers to the actual storage sties on the physical disk.

• $Secure metafile – contains security descriptors

When files are moved on the SAME NTFS volume – permissions are retained.
When files are copied on the SAME NTFS volume – inherit the properties of the new folder

When files are moved on the DIFFERENT NTFS volume –  inherit permissions of target folder
When files are copied on the DIFFERENT NTFS volume – inherit permissions of target folder

When files are moved on the NON-NTFS volume –  removes all permissions
When files are copied on the NON-NTFS volume – removes all permissions

When a file is written between volumes, it is written uncompressed and then compressed if the destination folder is compressed.

File permissions take precedence over folder permissions

Access Control Lists (ACLs)

• System Access Control Lists (SACLs) – controlled administratively
• Discretionary Access Control Lists (DACLs) –THIS IS THE ONE USUALLY MANIPULATED.  DACLs are usually called ACLs.  Lists of users or groups who have access granted at the discretion of the owner.

Built-In Security Groups –

• Users
• power-users
• administrators
•  

Special Groups –

• Creator-Owner – group made by the creator or owner
• Interactive – users who access on the system’s console
• Network – users who access over a network
• Everyone – any user
•  

Authenticated Users – users who have been authenticated

Special Permissions

• Full Control
• Traverse Folder / Execute File – (running a program or gaining access to a folder to change directories)
• List Folder / Read Data
• Read Attributes
• Read Extended Attributes
• Create Files / Write Data
• Create Folders / Append Data
• Write Attributes
• Write Extended Attributes
• Delete Subfolders and Files
• Delete
• Read Permissions
• Change Permissions
• Take Ownership

* * Chapter 8: Shared Folder Security

Shared folder permissions don’t apply to users who access a folder at a computer locally.

Shared folder permissions are the only way to secure FAT volumes.

Deny permissions take precedence over any other permissions.

 “NET SHARE” command-line for manipulating shared folders.

When accessing a folder over a network, the user must have BOTH share and NTFS permissions for each folder and file they access. 

When both NTFS and Share permissions apply, the most restrictive apply.

MAX Allowed users allowed to connect to a share folder is 10

When a file is accessed locally – NTFS permissions apply
When a file is accessed over a network – Network & Share permissions apply.

When a shared folder is copied, the copy is no longer shared.
When a shared folder is moved or renamed, it is not longer shared.

A good practice is to remove the everyone group permissions and then set specific permissions.

Universal Naming Convention (UNC)
\\machinename\C$     The root of each volume is automatically shared. And the share name is the drive letter with the dollar sign.

Admin$   The system root folder named c:\windows is shared as Admin$ by default.  Only administrators have access to this share.

Drive mapping is lost when a user logs off.  It can reconnect if “RECONNECT AT LOGIN” is selected.  Drive mapping is considered temporary.

Caching files offline
When a folder is shared, it can be enabled to “Allow caching of files in the shared folder”
Settings are 

• “Manual caching of documents” – individual files must be specified
• “Automatic caching of documents” – every file that a user opens becomes available offline.  Files that are not opened are not available offline.
• “Automatic caching of programs and documents” – used mainly for read-only data or applications.

Synchronization of files can be at logon, logoff, or both.

Chapter 9: Supporting Applications in Windows XP Professional

MSIEXEC (Installer Program)

• .msi – Windows Installer Packages.  Contains entire application being installed.  Larger applications are often broken up and controlled by a single .msi file.
• .mst – TRANSFORM – Transforms contain custom parameters and settings that add on to .msi to tailor install for specific need.  These settings override settings in the original package.
• .msp – PATCHES.  Used to install patches or updates.
• .zap – can only be published

Example of install    MSIEXEC /I c:\sample\package.msi transform.mst
This installs the “package” application with customization by transform.mst

PULL – (Publish) User pulls software by clicking on selection.

• Can only be published to a user not a machine.
• Installed on first use.
• Not self-healing
• Requires action from a user to install

PUSH – (Assign) – software sent to user 

• Self-healing (ADS detects and repairs software)
• Can be assigned to a user or to a computer
• If assigned to a user, an icon is placed on desktop or on start menu and installs on first use.
• If assigned to the computer, it installs before the next user login.

Windows Logo Program

• Compatible with Windows XP – Will work with crashing your system
• Designed for Windows XP – Will not interfere with other applications.
• Optimized for Windows XP

Causes of incompatibility

• Changes in data format
• Wrong version number

* * Chapter 13: Managing Users and Groups

XP – All users are local

2 accounts are created by default

• Administrator – cannot be deleted – CAN be renamed
• Guest (created, but disabled until made active)

Built-In User Groups

• Administrators
• Power Users
• Remote Desktop Users
• Users
• Guests
• Backup Operators

IMPLICIT groups – people cannot be placed into these groups.  They are in groups based on how a machine is used. 
(We don’t control membership to these groups, but we DO control their permissions).

• Authenticated Users – all users who pass security authentication.
• Network – includes all users across a network.
• Interactive – includes any user logged onto local system.
• Everyone – all users
• Creator / Owner

“NET USER” command-line tool for manipulating user accounts.

Account Naming Conventions
Names can be no longer than 20 characters
AVOID   “ / \ [ ] : ; | = , + * ? < >

“Complex” passwords – minimum of 6 characters; includes 3 of following: uppercase, lowercase, symbols, and numbers

“NET LOCALGROUP” – command-line to manage groups