Special Edition Using Microsoft Windows XP Professional (3rd Edition)

The System applet offers a wide range of functions through its multi-tabbed interface. You access the System applet through the Control Panel. When the Control Panel is in Classic view, double-click on the System icon to open the System applet. When the Control Panel is in Category view, open the Performance and Maintenance category, and then click on the System icon. Let's take a look at each tab and the options on each.

The General tab (see Figure 27.3) displays the system OS version, registration details, and basic computer info (CPU type, speed, and RAM).

Figure 27.3. The System applet (or System Properties) dialog box, General tab.

Setting the Computer Name

The Computer Name tab is the same interface as is accessed through the Network Identification command of the Network Connections applet's Advanced menu. This interface is used to change the computer name and manage domain and workgroup membership. The Network ID button launches a wizard that guides you through configuring the computer for standalone use, workgroup membership, or domain membership. The Change button opens the Computer Name Changes dialog box where the computer name and domain or workgroup membership is defined with simple radio buttons and text fields. Altering network configuration is discussed in greater detail in Chapter 17, "Using a Windows XP Network."

NOTE

Adding a system to an existing domain will require that you know the name and password of an administrator account in that domain OR that a computer account for the client has already been defined in the domain. For more information on this, see Part IV, "Networking."

Managing and Controlling Hardware

The Hardware tab has four buttons. The Device Manager button launches the Device Manager; this is also discussed in Chapter 24. The Hardware Profiles button opens the Hardware Profiles dialog box where hardware profiles are managed. This is discussed in Chapter 25. The Windows Update button brings up a dialog box asking you if and when XP should go on to the Net to look for drivers in the event that you connect new hardware to your system. The Driver Signing button opens the Driver Signing Options dialog box.

Driver Signing is a security feature that aids in preventing malicious rogue or Trojan horse drivers from being installed onto a mission-critical system. By enabling driver signing, you can configure a system to refuse all device drivers except those that are "signed" by Microsoft or other MS-approved vendors. This dialog box offers three settings: Ignore, Warn, and Block. Ignore allows the installation of any driver. Warn prompts you each time you attempt to install a non-signed driver. Block only allows signed drivers to be installed.

The default setting of Driver Signing is Warn. Keep in mind that this safety feature is designed from the Microsoft perspective. In their eyes, the only legitimate and safe drivers are those that have been approved by their labs. In many cases, drivers that Microsoft has not preapproved are perfectly safe and legitimate. However, ignore this security at your own risk. If you don't trust the vendor or fully trust the distribution method, don't install unsigned drivers.

Advanced System Properties

The Advanced tab of the System applet has five buttons. Three of these buttons are labeled Settings and are contained within sections titled Performance, User Profiles, and Startup and Recovery. The other two buttons are below these sections; they are labeled Environment Variables and Error Reporting.

The Settings button under the Performance heading opens the Performance Options dialog box. The Visual Effects tab of this dialog box is discussed in Chapter 23. The Advanced tab of this dialog box is used to set memory usage parameters and is discussed in Chapter 25.

The Data Execution Prevention (DEP) tab is new as of SP2, and is used for settings that prevent malicious applications from executing programs in protected areas of RAM. Protected areas of RAM, supposedly reserved for the operating system and other programs that are running, can potentially be invaded by malware, which then tries to load and execute itself in the legitimate memory space. This new SP2 feature prevents this from happening, if it's turned on.

There are two levels of DEP: hardware and software. To use hardware DEP, your CPU has to have "execution protection" capability. You can check to see if yours does by reading the DEP tab page. Hardware DEP works by virtue of the CPU tracking where the operating system and legitimate programs are operating in RAM and blocking other programs from trying to load and execute in those address blocks. If a detection occurs, the offending program is simply shut down.

If your CPU doesn't support DEP, XP does its best to do DEP in software, if turned on from the DEP tab. Software DEP isn't turned on by default, because some programs won't run properly with it turned on. This isn't as complete a form of protection, but it's better than nothing.

Normally, only Windows programs and services are monitored by DEP. If you want to be extra safe, choose the second option, Turn on DEP for All Programs and Services Except Those I Select.

As stated, however, the problem with software DEP is that some legit programs might not run with it turned on. When DEP shuts down a program, the first thing to do is run a virus check on your computer. Do a complete sweep. If some threat is detected, remove the offensive program. If nothing is detected, try running the offending program again. If DEP closes it again, you have three choices:

  • If available, purchase an updated, DEP-compatible version of the program.

  • Set up an exception list to run the program by clicking Add (on the DEP tab) and adding the program.

  • Don't use the program.

If you take the second course of action, it's a good idea to check frequently for an updated version of the program and, after you update it, to turn on DEP for that program again by highlighting it in the DEP tab and clicking Remove.

The Settings button under the User Profiles heading opens the User Profiles dialog box. This interface is used to manage local and roaming profiles stored on the local computer. This is discussed in Chapter 28.

The Settings button under the Startup and Recovery heading opens the Startup and Recovery dialog box. This interface is used to configure multibooting actions and how system failures are handled. This is discussed in Chapter 31 and 33.

The Environment Variables button opens the Environment Variables dialog box. This interface is used to define user and system variables. These include TEMP and TMP, which point to storage locations where Windows can create temporary files. In most cases you should not edit the system variables. There are some application installations that may require this activity, but specific details should be included in that application's installation instructions.

TIP

If the storage volume where your main Windows directory resides is becoming full, you can perform three operations to improve performance and keep the risk of insufficient drive space to a minimum. First, move the paging file to a different volume on a different hard drive (see Chapter 25 for details on this). Second, define the TEMP and TMP variables to point to a \Temp folder you create on a different volume on a different hard drive. Third, through Internet Options, define a location for the temporary Internet files within the alternate \Temp folder. After rebooting, the new locations will be in use. However, you may need to delete the old files from the previous temporary file locations (typically \Documents and Settings\<username>\Local Settings\Temp and \Documents and Settings\<username>\Local Settings\Temporary Internet Files\).

The Error Reporting button opens the Error Reporting dialog box. On this interface you can define whether Windows XP automatically reports system problems to Microsoft. This information is submitted anonymously and is used to help Microsoft fine-tune the system and to create fixes and patches. It is enabled by default. You can select just to submit OS related issues or to include (all or some) program issues as well.

Controlling System Restore Settings

The System Restore tab is used to track and reverse damaging changes made to your system, and it enables you to set the defined space usage for the System Restore feature. This feature is discussed in Chapter 33. The System Restore command is also found in the Start menu under All Programs, Accessories, and System Tools.

Setting Automatic Updates

The Automatic Updates tab defines how Windows XP handles critical Windows Update downloadable modules. Windows Update is an online OS fixing and patching tool. This feature has grown more and more comprehensive over the years and as of XP SP2 incorporates more "push" technology than it did when XP was first released. This move is mostly in response to the continued onslaught of viruses and other hacking strategies that destabilize Windows machines. Windows Update can now not only push new system updates and security patches for the operating system, but also less-critical software such as device drivers and updates to Microsoft Office (if Office is installed on the target computer).

If you're wondering whether Automatic Updates is the same as Windows Update, the answer is well, sort of. Automatic Updates is actually a subset of Windows Update. Windows Update is a Web site you visit, poke about on, and interact with. From the site you can see what's available for your machine and then choose what you want to download. As the name implies, Automatic Updates handle some of that for you, eliminating the need to visit the Windows Update site manually or make decisions about what to download. Automatic Updates deliver only highest-priority updates, in hopes of keeping more Windows systems up to date and operating smoothly. If you want to download optional updates (fun stuff, or lower-priority items), you still need to visit the Windows Update Web site, even if Automatic Updates is turned on.

NOTE

The Windows Update technology is very rich. Among other things, systems administrators can use it to control updating many machines across a network using a "Windows Update Services server." Outside of a corporate setting, though, most users will simply use Microsoft's online update server via its Internet Web site.

Upon installing a post-SP2 version of XP or upon upgrading to SP2, you're prompted to confirm settings for Automatic Updates. Microsoft does its level best to push you into allowing it to keep your system up to date automatically. You'll see a dialog strongly recommending that you leave automatic updates turned on (the default). If you do so, information about your computer will be uploaded to Microsoft's Windows Update database. Then, security patches, critical updates, Office updates, drivers, and operating system service packs will all automatically be downloaded and installed to your computer. If you choose to deactivate this feature, you're going to be bugged incessantly about it, anyway, so why fight a good thing? We believe this is good thinking on Microsoft's part.

NOTE

Windows does not use your name, address, email address, or any information that can be used to identify you or contact you.

In Windows XP Home Edition, you have to be logged on as an administrator to install components or modify Automatic Updates settings. If your computer is connected to a network, network policy settings might also prevent you from completing this procedure.

Allowing Windows to download and install updates automatically keeps you up-to-date without having to remember to initiate an update check. It doesn't matter whether you use a dial-up or broadband connection. Microsoft has developed efficient means to ensure that your other downloads aren't slowed, through the use of small patch download sizes, and a new compression scheme called delta patching. Under the previous scheme, Windows Update examined your system, determined which patches you needed, and downloaded all of them, en toto. The problem is, such downloads are often quite large. The new Windows Update downloads just the files you need, or just the parts of the files you need, thereby keeping the downloads as small and fast moving as possible. The system is made additionally efficient by ensuring the system downloads and installs the most crucial updates before less-important patches. So when the next virus outbreak hits, Windows users will immediately be protected. To additionally make the most of your connect time, if you disconnect from the Internet before your updates are finished, nothing is lost. The download process will continue the next time you connect to the Internet.

Microsoft states that security updates will be published every month, unless there is more radical threat, in which case it will release an update as soon as possible.

Of course, it's possible that an update could damage your system. Microsoft can't control all the variables that might appear on John Q. Public's system, and updates, although they often fix bugs, can introduce new ones.

If this should happen, you can always roll back a system to its state before the update (see "Using Rollback to Uninstall a Windows Update," later in this chapter), or use the System Restore feature (see Chapter 30), so using automatic updates is not necessarily a poor choice.

As you see from the dialog box in Figure 27.4, there are three levels of manual updating. The default settings are as you see in the figure. That is, every day at 3 a.m., updates will be automatically downloaded and installed. This is the recommended setting. If the computer isn't on at that time, downloads will occur when you first turn on your computer and connect to the Net. You can choose a specific day of the week, and a different time, should you like.

Figure 27.4. The Windows Automatic Update applet.

NOTE

If you need to accept an End User License Agreement (EULA) before an update can be installed, you'll be prompted to do so. It's possible that some updates will require a reboot, too. If the download happens at the predetermined time (for example, 3 a.m.), and a reboot is needed, the computer will reboot at that hour. This could be a problem if you need to have the computer available as full-time server or you're using a remote control program from afar, because after booting, the computer might require user login for a given remote app to be functional.

If you want to choose when to install updates (because you can't reboot or be distracted for whatever reason), choose the second option. Downloads happen in the background, but you won't know about it. You'll see a balloon pop up from the system tray indicating that there are updates ready to install. Just click on the balloon and you'll be told what to do.

Some users prefer to at least know whether an update is being performed, so they choose Notify Me But Don't Automatically Download or Install Updates. This way they can more likely correlate some strange new system behavior with an update that just took place.

When would you use the third option, to turn off updates altogether? In general, I'd rule that out as an intelligent option, with two exceptions:

  • If you have a computer that is almost always off the Net or a LAN and is "mission critical" (has to be up and running), and rarely if ever has new software (including email) added to it, this is a potential candidate. Once I get such a dedicated system running, I haven't much interest in tempting fate with software or system upgrades.

  • If you're running and maintaining PCs in a corporate setting. These PCs are connected to the Net and probably on a corporate network. You want to rigorously test updates before you install them across the corporation's PCs, because Microsoft patches and updates can sometimes break your applications' features in subtle ways.

To use the Windows Update site manually

1.

Click Start, Help and Support Center.

2.

Then choose Keep Your Computer Up to Date with Windows Update.

3.

A Web page will appear. Click Scan for updates.

4.

A list of possible updates for your computer appears. Sift through the list and click Add to select the update of your choice and add it to the collection of updates you want to install. You can also read a full description of each item by clicking the Read More link.

5.

When you have selected all the updates you want, click Review and Install Updates, and then click Install Now.

You can hide an update if you want to get it off the screen. Click Hide Update. If you want to see hidden updates again, click Restore Hidden Updates. Sometimes hiding a critical update doesn't really stick. You'll be reminded about such an update later, and prompted to install it.

NOTE

Note that some updates are exclusivethat is, you must install them separately, and sometimes even reboot afterward. Then you can go back to the Windows Update site again and install other updates.

Using the Remote Tab

The Remote tab controls whether Remote Assistance and Remote Desktop are enabled. Remote Assistance allows you to grant dual control over your desktop with another computer over a network or the Internet. When enabled, the other client can see your desktop, conduct a real-time chat with you, and even use their mouse and keyboard to make changes and operate your system. Remote Assistance was designed to allow a system administrator, tech support specialist, instructor, or even a knowledgeable computer buddy to aid end-users with tasks without having to leave their workspace.

Remote Desktop allows you to access your current desktop or logon environment from a remote system. This allows an employee to access their work system from their home computer and have full access to their files and applications.

Both of these features are discussed in the following sections.

Remote Assistance

Remote Assistance works through the exchange of time-sensitive invitation scripts via e-mail. To initiate an invitation

1.

Click the Start menu, All Programs, and then Remote Assistance.

TIP

You also can access this page through Help and Support by clicking on the Invite a Friend to Connect to Your Computer with Remote Assistance link under Ask for Assistance.

2.

The Remote Assistance help page opens (see Figure 27.5).

Figure 27.5. The Remote Assistance page of the Help and Support Center.

3.

Click Invite someone to help you. The invite page opens (see Figure 27.6).

Figure 27.6. The invite page for Remote Assistance.

NOTE

Remote Assistance requires a compatible OS on the remote system (currently only Windows XP is compatible), with either Windows Messenger Service or a MAPI-compliant email utility (such as Microsoft Outlook or Outlook Express). Remote Assistance also requires that both systems have Internet access.

4.

If you have MSN Messenger installed and a contact list defined, you can select an invitee from Messenger. Or, you can provide an email address to send an invitation. Since Outlook Express (OE) is installed by default and MSN Messenger is not, we'll use OE.

Type in an email address to send a Remote Assistance initiation, and then click Invite this person. The email invitation page opens.

NOTE

The invitation can also be saved as a file. When saved as a file or included as an email attachment, the invitation is a 900KB file named rcBuddy.MsRcIncident.

5.

Provide a From name and a message to include in the email invitation. Then click Continue.

6.

Define the invitations expiration period in minutes, hours, or days.

7.

Select whether to require a password to connect, and then provide the password. Click Send invitation.

8.

A warning prompt appears, stating that another application is attempting to send an email message on your behalf, click Send.

When the invitation appears in the invitee's inbox, they only need to execute the attachment.

CAUTION

Microsoft warns to only execute attachments from people you trust or from whom you are expecting an attachment. It is very easy to create a malicious utility masquerading as a valid Remote Assistance invitation.

When it's executed, you'll be prompted for a password (if required) and whether you want to initiate a Remote Assistance connection. Once you click Yes, the connection attempt commences. If a connection is started, the invitor is prompted whether to allow the connection to continue. After clicking Yes, the Remote Assistance floating tool window appears on the original system (Figure 27.7) and the Remote Assistance remote desktop utility (Figure 27.8) appears on the invited system.

Figure 27.7. The Remote Assistance floating tool window as it appears on the original or host system.

Figure 27.8. The Remote Assistance remote desktop utility as it appears on the invited or remote system. Notice that the host's desktop can be seen in the background of the invitee's screen.

From either system, you can send chat text, stop the session, transmit a file, initiate voice chat, or disconnect the session. From the remote system, you can request full control of the original desktop and control it with the remote system's mouse and keyboard. This is a great tool for walking someone through a complex task or training them on software usage.

Remote Assistance should only be used when both systems are connected by a fairly high-bandwidth link, such as over a 10+MB LAN or via ISDN, DSL, or Cable modem Internet link. It will work over slow modem connections, but you are more likely to experience significant performance delays and disconnects. The faster the connection, the more responsive the remote assistance will be and the higher resolution the remote visuals. Unless blocked by a firewall, proxy, or other security screen between the two systems, Remote Assistance can link two systems on a LAN or over the Internet.

Remote Desktop

Remote Desktop is basically a remote control feature built right into Windows XP. It enables a remote system to connect to the session as a host client. The host client is the system where user sessions are paused (such as via Fast Switching) for remote connection. Remote systems establish connections via an IIS subcomponentRemote Desktop Web Connectionwhich must be installed on the IIS server in the same network as the host client.

An additional benefit of Remote Desktop is that, when your host system is configured, you can use either Remote Desktop or a valid Terminal Services client on a remote system to connect to your host.

Configuring a network to support Remote Desktop is a bit of a challenge. Consult the Windows XP Resource Kit for exhaustive details on the installation and configuration of this amazing feature.

Fortunately, the use of Remote Desktop is quite simple. However, there is one caveat: You must plan ahead for Remote Desktop to work. You must leave an active logon session running to which Remote Desktop will connect from your remote system. It is not possible to connect into a system with Remote Desktop without an active session. To set up Remote Desktop, follow these easy steps:

1.

Log on to the host system.

2.

Use the Start, Log Off command, and then click Switch User (remember, switching users is not the same as logging off).

3.

Log on to the remote system.

4.

Launch Internet Explorer.

5.

Open the URL http://<servername>/tsweb/ where <servername> is the name or IP address of the IIS server on the network.

6.

You might be prompted to provide logon credentials for the domain or IIS server system. In most cases, you must provide them in the form <domainname>\<username> or <systemname>\<username>.

7.

After logon, you are presented with the Remote Desktop Web Connection screen where you must provide the computer name or IP address of the host client and what sized screen to open (options include 640x480, 800x600, 1024x768, and Full Screen). Click Connect.

When connected, you'll have complete control over the host client session from the remote system. Once properly configured, this could be an extremely versatile tool for telecommuters.

Remote Assistance and Remote Desktop offer useful features that are new to the Microsoft Windows product. However, they are poor imitations of full-featured third-party products such as PCAnywhere, Carbon Copy, and Timbuktu. If you are on a tight budget, these new Windows XP features might be of some use. However, if you need true versatility, security, and a broader range of control over remote control types of access, grab a true remote control product.

Категории